Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qV2LCxY9zbUp2DE0XfXxz37KsIw.roa
File:                     qV2LCxY9zbUp2DE0XfXxz37KsIw.roa (raw, json)
Hash identifier:          MB62VDFF4v6UGqkDkUDVfqrLUnE5tWDVYDYBLiAf/Q8=
Subject key identifier:   A9:5D:8B:0B:16:3D:CD:B5:29:D8:31:34:5D:F5:F1:CF:7E:CA:B0:8C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F166E5D13C0DD17A07C7755882868251
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qV2LCxY9zbUp2DE0XfXxz37KsIw.roa
Signing time:             Sat 06 May 2023 14:11:05 +0000
ROA not before:           Sat 06 May 2023 14:11:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f1:66:e5:d1:3c:0d:d1:7a:07:c7:75:58:82:86:82:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  6 14:11:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a95d8b0b163dcdb529d831345df5f1cf7ecab08c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6d:6e:e1:cf:c4:a1:79:34:32:48:68:cd:2d:
                    97:73:36:31:2c:e8:fd:df:b9:c3:54:6b:a3:bc:d1:
                    2b:7e:f6:c4:fc:51:bb:cb:fd:cb:fe:9e:f5:41:5e:
                    09:2a:b5:57:9e:11:a6:4d:5e:75:8a:08:cb:32:41:
                    44:5b:cd:f5:2a:a3:ab:03:b1:b7:99:37:89:ce:dd:
                    1e:b4:b4:15:07:e9:d5:25:77:d4:a0:5a:15:8a:8e:
                    16:af:b8:43:d4:f9:74:00:5c:a2:78:2c:7c:e1:3c:
                    dc:5b:b5:7a:82:00:50:07:87:bb:0e:6b:b7:55:a8:
                    6d:3d:a6:21:05:70:5e:5d:d2:f3:52:7d:a0:d2:31:
                    d2:8a:56:e1:32:d3:0a:dc:b8:b9:5c:99:8c:ad:9d:
                    3a:06:7f:c3:a8:e3:3e:8d:9e:e9:a5:35:a0:cf:93:
                    ed:00:d6:53:56:c5:b1:36:2a:89:fe:5d:f1:e7:95:
                    e8:d7:bd:9e:3b:88:f1:99:3e:41:72:e4:f6:df:5b:
                    64:5b:6a:52:36:23:d5:fc:a6:79:55:28:8a:af:3c:
                    5e:5a:6d:87:fe:41:46:1f:45:86:54:04:cb:2e:c9:
                    95:89:d0:0f:48:f1:a3:61:e8:b1:18:4c:9a:b0:22:
                    67:7a:60:ac:00:dd:d9:87:91:6a:11:2c:3f:b5:27:
                    6f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:5D:8B:0B:16:3D:CD:B5:29:D8:31:34:5D:F5:F1:CF:7E:CA:B0:8C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qV2LCxY9zbUp2DE0XfXxz37KsIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:44:3b:8f:50:35:05:a4:15:ae:44:bb:bb:bf:c8:b1:af:e8:
         c6:78:24:5a:2b:89:40:b3:c0:12:96:f5:fa:98:7c:ee:f5:7b:
         08:a0:6c:97:c5:47:c5:6b:c3:cf:71:4a:81:35:cd:f8:9b:51:
         7a:f5:92:c9:cd:be:2c:30:2d:ea:ef:ac:be:23:4d:54:c8:ca:
         54:34:1c:c3:81:a4:f2:0e:ad:3e:4f:48:ff:2b:c4:e3:d5:0b:
         f3:5b:76:06:4b:6c:ff:c4:ca:63:3e:c4:57:28:dc:6a:dd:c0:
         f1:ac:57:58:8a:91:06:68:65:42:cb:26:64:11:9f:21:5a:f0:
         50:fe:b0:25:0b:d5:91:e6:71:99:fb:64:1f:53:cf:e4:8c:85:
         fd:5b:82:93:58:11:3e:e3:b4:a8:9e:ec:8b:0c:19:f0:3c:26:
         e9:32:ec:fc:32:28:0b:9b:b1:4e:6a:7f:b8:e7:3d:94:04:43:
         07:8b:a0:bb:ad:9f:44:2a:32:f6:80:7c:c9:28:ea:1e:b6:e1:
         3c:9a:c6:0f:be:cb:0a:12:80:ea:8b:63:57:58:3d:60:36:de:
         8d:36:4f:84:7c:b3:0f:dc:34:6f:24:2f:6e:7b:fc:4c:73:08:
         2e:a5:5a:9c:2b:c5:0e:44:8d:77:3e:e7:57:9b:ab:7b:12:58:
         93:bc:06:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfxZuXRPA3RegfHdViChoJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA2MTQxMTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTVkOGIwYjE2M2RjZGI1MjlkODMxMzQ1ZGY1ZjFjZjdlY2FiMDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm1u4c/EoXk0MkhozS2XczYxLOj9
37nDVGujvNErfvbE/FG7y/3L/p71QV4JKrVXnhGmTV51igjLMkFEW831KqOrA7G3
mTeJzt0etLQVB+nVJXfUoFoVio4Wr7hD1Pl0AFyieCx84TzcW7V6ggBQB4e7Dmu3
VahtPaYhBXBeXdLzUn2g0jHSilbhMtMK3Li5XJmMrZ06Bn/DqOM+jZ7ppTWgz5Pt
ANZTVsWxNiqJ/l3x55Xo172eO4jxmT5BcuT231tkW2pSNiPV/KZ5VSiKrzxeWm2H
/kFGH0WGVATLLsmVidAPSPGjYeixGEyasCJnemCsAN3Zh5FqESw/tSdvzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKldiwsWPc21KdgxNF318c9+yrCMMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcVYyTEN4WTl6YlVwMkRFMFhmWHh6MzdLc0l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAINEO49QNQWkFa5Eu7u/
yLGv6MZ4JForiUCzwBKW9fqYfO71ewigbJfFR8Vrw89xSoE1zfibUXr1ksnNviww
LervrL4jTVTIylQ0HMOBpPIOrT5PSP8rxOPVC/NbdgZLbP/EymM+xFco3GrdwPGs
V1iKkQZoZULLJmQRnyFa8FD+sCUL1ZHmcZn7ZB9Tz+SMhf1bgpNYET7jtKie7IsM
GfA8Juky7PwyKAubsU5qf7jnPZQEQweLoLutn0QqMvaAfMko6h624Tyaxg++ywoS
gOqLY1dYPWA23o02T4R8sw/cNG8kL257/ExzCC6lWpwrxQ5EjXc+51ebq3sSWJO8
BvY=
-----END CERTIFICATE-----