Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qKWS9mDaZmXJ1ioyM8xQCnksXDI.roa
File:                     qKWS9mDaZmXJ1ioyM8xQCnksXDI.roa (raw, json)
Hash identifier:          SQzsBmqrVTdxHhoHWuRFqy6A1dV04R5qHOGoRqP/Cao=
Subject key identifier:   A8:A5:92:F6:60:DA:66:65:C9:D6:2A:32:33:CC:50:0A:79:2C:5C:32
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018986193A3EEE5FFD35EE2E0D1BC3B8FD71
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qKWS9mDaZmXJ1ioyM8xQCnksXDI.roa
Signing time:             Mon 24 Jul 2023 04:12:27 +0000
ROA not before:           Mon 24 Jul 2023 04:12:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:86:19:3a:3e:ee:5f:fd:35:ee:2e:0d:1b:c3:b8:fd:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 24 04:12:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8a592f660da6665c9d62a3233cc500a792c5c32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ec:65:22:21:a2:5b:01:f0:13:2c:18:c5:25:
                    8c:b5:10:4d:f7:07:b8:8e:cc:23:46:60:3a:47:24:
                    60:f2:3a:4e:ca:df:15:f1:9f:ca:5b:94:1e:82:e7:
                    9a:0a:20:71:3e:fb:5b:2d:67:3e:ea:17:bd:36:77:
                    58:68:6f:be:1e:bb:1f:ca:df:21:f8:b8:16:0f:2e:
                    b1:62:6b:b9:04:9c:49:ca:2b:6f:14:6e:74:37:0b:
                    8b:15:f1:4b:e5:64:2c:b3:cb:25:ec:e6:4f:4e:03:
                    c6:67:8d:df:77:1b:0d:6a:96:5d:e1:21:d6:5c:25:
                    99:3c:7a:29:bd:78:ba:52:e6:60:e8:6a:49:0b:5f:
                    ad:7e:d2:52:e4:eb:1f:fd:d2:22:6c:8a:27:fa:dd:
                    fa:59:29:f3:a3:9f:13:1a:67:50:fb:29:60:ba:ba:
                    45:3c:49:07:d5:94:74:fd:93:52:a5:26:e5:54:5a:
                    b5:14:c8:15:a4:54:6f:83:31:b5:0e:84:39:9e:b7:
                    fe:3b:55:f6:f8:d7:88:21:81:0a:54:81:c4:17:5b:
                    2e:78:1e:ae:16:fb:5b:5e:df:40:3a:24:04:4b:09:
                    6b:86:9e:51:c3:a5:35:10:54:60:ff:1c:02:44:2e:
                    7b:91:73:a9:94:3a:c0:0c:2b:17:6b:2c:f5:b6:5a:
                    11:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A5:92:F6:60:DA:66:65:C9:D6:2A:32:33:CC:50:0A:79:2C:5C:32
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qKWS9mDaZmXJ1ioyM8xQCnksXDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:26:ee:02:5d:6a:21:53:10:c4:eb:79:ac:d1:58:31:0d:3b:
         b3:d3:0a:dd:67:9d:28:bb:38:94:fd:7b:ce:cb:13:3f:74:82:
         08:26:94:f5:b4:4f:ad:1a:ed:d2:aa:b4:c7:75:ac:89:b6:14:
         6c:7c:c0:18:1e:a1:c5:a0:b0:e7:b7:f8:42:92:20:ea:dd:70:
         70:2a:fd:6f:9c:aa:0a:ac:60:bf:4b:d4:ec:96:10:a6:ba:75:
         c5:60:78:b9:b4:7f:55:33:47:c0:43:c3:0e:d3:81:b7:ca:74:
         de:20:ef:4a:f0:42:2a:70:5e:29:1c:16:0f:3f:18:0e:4a:f9:
         f8:86:45:93:81:3d:b5:79:92:c4:b9:39:ae:4a:a1:53:56:e3:
         03:1b:0a:ec:af:78:ed:a8:b0:2d:31:90:b9:a8:0a:d0:ee:fe:
         20:bf:b0:f4:3b:69:d9:a4:66:c4:13:57:f1:23:71:df:a2:f7:
         46:79:0d:a2:d0:fa:7a:22:ba:4a:62:cd:87:83:d2:eb:5b:42:
         57:5b:8c:88:61:00:52:a9:3d:68:81:f0:81:12:02:74:1c:ed:
         d9:48:0c:cd:f9:e1:14:20:96:bb:cd:91:83:21:6e:51:3f:77:
         a6:36:7e:1c:41:82:7a:1b:12:b4:3b:36:83:58:07:54:e7:c0:
         0d:6f:bd:77
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmGGTo+7l/9Ne4uDRvDuP1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzI0MDQxMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGE1OTJmNjYwZGE2NjY1YzlkNjJhMzIzM2NjNTAwYTc5MmM1YzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuxlIiGiWwHwEywYxSWMtRBN9we4
jswjRmA6RyRg8jpOyt8V8Z/KW5QegueaCiBxPvtbLWc+6he9NndYaG++Hrsfyt8h
+LgWDy6xYmu5BJxJyitvFG50NwuLFfFL5WQss8sl7OZPTgPGZ43fdxsNapZd4SHW
XCWZPHopvXi6UuZg6GpJC1+tftJS5Osf/dIibIon+t36WSnzo58TGmdQ+ylgurpF
PEkH1ZR0/ZNSpSblVFq1FMgVpFRvgzG1DoQ5nrf+O1X2+NeIIYEKVIHEF1sueB6u
FvtbXt9AOiQESwlrhp5Rw6U1EFRg/xwCRC57kXOplDrADCsXayz1tloRWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKilkvZg2mZlydYqMjPMUAp5LFwyMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcUtXUzltRGFabVhKMWlveU04eFFDbmtzWERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIIm7gJdaiFTEMTreazR
WDENO7PTCt1nnSi7OJT9e87LEz90gggmlPW0T60a7dKqtMd1rIm2FGx8wBgeocWg
sOe3+EKSIOrdcHAq/W+cqgqsYL9L1OyWEKa6dcVgeLm0f1UzR8BDww7TgbfKdN4g
70rwQipwXikcFg8/GA5K+fiGRZOBPbV5ksS5Oa5KoVNW4wMbCuyveO2osC0xkLmo
CtDu/iC/sPQ7admkZsQTV/Ejcd+i90Z5DaLQ+noiukpizYeD0utbQldbjIhhAFKp
PWiB8IESAnQc7dlIDM354RQglrvNkYMhblE/d6Y2fhxBgnobErQ7NoNYB1TnwA1v
vXc=
-----END CERTIFICATE-----