Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qA01Bwftf6s2BtakC2PNgSps_YM.roa
File:                     qA01Bwftf6s2BtakC2PNgSps_YM.roa (raw, json)
Hash identifier:          x3bi4VTInoxOYP9j+0RuzhfKdzOzWzuWYMCtzqUbrWE=
Subject key identifier:   A8:0D:35:07:07:ED:7F:AB:36:06:D6:A4:0B:63:CD:81:2A:6C:FD:83
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895977D2A7315CA2B96D857607285EAB57
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qA01Bwftf6s2BtakC2PNgSps_YM.roa
Signing time:             Sat 15 Jul 2023 12:12:52 +0000
ROA not before:           Sat 15 Jul 2023 12:12:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:59:77:d2:a7:31:5c:a2:b9:6d:85:76:07:28:5e:ab:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 15 12:12:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a80d350707ed7fab3606d6a40b63cd812a6cfd83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:fa:dc:ec:06:99:98:11:c8:dc:fc:6e:1e:bc:
                    44:f7:dc:93:20:85:ad:5e:33:a3:fc:28:0a:2e:82:
                    eb:df:4c:9a:73:71:8c:17:60:da:08:43:4d:38:58:
                    6b:7a:82:eb:cb:e5:d2:cc:8b:dd:56:bf:3e:2f:69:
                    35:df:f2:b5:c5:57:36:7a:28:bc:8e:c1:58:63:3e:
                    5f:b3:5e:d2:d9:52:8f:2e:aa:92:b6:4d:fe:ef:8f:
                    11:f9:98:43:92:3d:60:a6:f8:f4:00:f9:38:29:10:
                    a6:47:52:e9:3b:0f:32:34:f3:0e:c3:d9:1a:6e:05:
                    d0:b5:c0:cf:8d:2a:47:9d:eb:27:43:e7:b4:04:97:
                    b9:f6:c5:f8:c3:2c:e6:80:92:f6:46:e5:5f:09:74:
                    66:52:dd:be:f2:11:fc:fc:d3:c6:f3:83:40:9a:06:
                    96:0a:ec:95:3d:ea:33:15:93:b6:e5:b3:c2:f7:4f:
                    6e:32:15:bd:e8:96:60:af:13:5f:d5:e4:61:fb:18:
                    40:21:77:b9:1a:88:72:e0:c5:bd:c0:ca:4f:8d:7d:
                    bf:3f:f2:0c:c4:0d:1f:5d:71:f0:a5:2c:97:be:49:
                    cc:70:8a:ce:dc:ea:4e:a1:20:d5:f8:76:ab:f2:bf:
                    dd:40:91:0d:4f:6f:c7:fc:c7:61:05:45:e6:36:a2:
                    b5:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:0D:35:07:07:ED:7F:AB:36:06:D6:A4:0B:63:CD:81:2A:6C:FD:83
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qA01Bwftf6s2BtakC2PNgSps_YM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:7d:d9:07:68:03:9a:13:4e:59:c7:b7:02:69:d7:37:9a:69:
         df:4d:52:42:a6:50:6d:d1:5c:e6:c4:c7:52:21:82:3e:33:62:
         81:51:28:41:5e:89:82:da:23:9c:a9:3d:c8:12:8a:42:c8:fd:
         8f:3d:b3:35:16:56:d8:a1:a7:38:0d:40:af:43:db:43:23:33:
         3a:55:29:96:1d:b5:25:75:5f:30:19:97:de:f2:14:17:7d:b8:
         3a:87:3a:e8:72:4c:f2:d2:30:5d:cf:ef:c4:1e:58:a3:dd:59:
         21:08:fd:bb:23:6b:10:6b:c4:cc:9c:98:ce:97:fb:be:f0:67:
         ff:93:91:ab:a7:3c:f2:15:77:c8:c8:9f:e9:f1:37:89:11:53:
         29:4c:e3:63:69:91:70:f0:e1:3f:38:5e:c8:44:cd:fb:fa:d3:
         95:c3:57:d5:0a:70:ac:a3:57:2e:9d:69:eb:52:0c:e9:ef:3c:
         1e:aa:dd:e6:6f:64:b2:a1:ef:fb:01:02:6c:dd:a2:e9:55:c5:
         78:22:ed:f3:26:38:9e:f1:8a:56:2f:a7:02:ce:23:e4:16:e3:
         de:1e:21:44:3e:cf:51:2c:97:60:d0:0d:04:c5:1f:18:df:0b:
         00:1e:1c:d6:14:46:7d:8e:55:a7:ed:b5:38:49:1e:ae:cf:ef:
         69:db:f6:51
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlZd9KnMVyiuW2FdgcoXqtXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE1MTIxMjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODBkMzUwNzA3ZWQ3ZmFiMzYwNmQ2YTQwYjYzY2Q4MTJhNmNmZDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvrc7AaZmBHI3PxuHrxE99yTIIWt
XjOj/CgKLoLr30yac3GMF2DaCENNOFhreoLry+XSzIvdVr8+L2k13/K1xVc2eii8
jsFYYz5fs17S2VKPLqqStk3+748R+ZhDkj1gpvj0APk4KRCmR1LpOw8yNPMOw9ka
bgXQtcDPjSpHnesnQ+e0BJe59sX4wyzmgJL2RuVfCXRmUt2+8hH8/NPG84NAmgaW
CuyVPeozFZO25bPC909uMhW96JZgrxNf1eRh+xhAIXe5Gohy4MW9wMpPjX2/P/IM
xA0fXXHwpSyXvknMcIrO3OpOoSDV+Har8r/dQJENT2/H/MdhBUXmNqK1GQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKgNNQcH7X+rNgbWpAtjzYEqbP2DMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcUEwMUJ3ZnRmNnMyQnRha0MyUE5nU3BzX1lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGZ92QdoA5oTTlnHtwJp
1zeaad9NUkKmUG3RXObEx1Ihgj4zYoFRKEFeiYLaI5ypPcgSikLI/Y89szUWVtih
pzgNQK9D20MjMzpVKZYdtSV1XzAZl97yFBd9uDqHOuhyTPLSMF3P78QeWKPdWSEI
/bsjaxBrxMycmM6X+77wZ/+TkaunPPIVd8jIn+nxN4kRUylM42NpkXDw4T84XshE
zfv605XDV9UKcKyjVy6daetSDOnvPB6q3eZvZLKh7/sBAmzdoulVxXgi7fMmOJ7x
ilYvpwLOI+QW494eIUQ+z1Esl2DQDQTFHxjfCwAeHNYURn2OVafttThJHq7P72nb
9lE=
-----END CERTIFICATE-----