Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qoRBLtD9N7zRBVyvv6CiZY5rFzo.roa
File:                     qoRBLtD9N7zRBVyvv6CiZY5rFzo.roa (raw, json)
Hash identifier:          qR+9WNtb7zWK8hqeaSLUBMLnuTfFyGdBrCbD6XDQQao=
Subject key identifier:   AA:84:41:2E:D0:FD:37:BC:D1:05:5C:AF:BF:A0:A2:65:8E:6B:17:3A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01871C8D2DC6199CF63126D340D3284A33DF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qoRBLtD9N7zRBVyvv6CiZY5rFzo.roa
Signing time:             Sun 26 Mar 2023 06:13:46 +0000
ROA not before:           Sun 26 Mar 2023 06:13:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:1c:8d:2d:c6:19:9c:f6:31:26:d3:40:d3:28:4a:33:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 26 06:13:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aa84412ed0fd37bcd1055cafbfa0a2658e6b173a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c7:8e:de:6d:99:9a:60:47:d3:60:61:34:a9:
                    8b:23:76:bd:92:6e:fb:cb:2f:a7:1e:73:b3:c0:67:
                    61:25:3c:6c:41:89:24:a5:bd:82:7f:77:66:55:24:
                    37:0f:c9:1e:bb:1f:6c:38:eb:98:20:9d:db:43:f3:
                    5e:8a:9b:d8:51:5c:ec:5e:06:f4:fb:ad:56:0e:a0:
                    3b:12:d8:48:58:9c:15:f9:1f:fb:68:6a:eb:4c:53:
                    24:5f:1a:72:65:5f:bb:0e:af:8f:13:d1:c0:b9:93:
                    d5:fd:92:e4:36:4a:3e:58:7b:12:2f:bb:38:88:25:
                    33:be:26:22:aa:73:cc:66:67:10:fa:b8:ec:96:41:
                    a2:8c:f6:54:64:fe:47:33:ec:c9:d7:e5:cc:f2:22:
                    0e:8a:6b:9b:05:0c:58:5c:ae:9a:30:e4:32:08:7a:
                    e4:37:c2:f4:44:cb:23:e1:85:6d:46:2b:6a:b1:d6:
                    32:48:60:d0:d1:bf:15:b2:37:a6:7a:a6:ed:6d:f1:
                    0b:2e:d6:48:d2:0c:d5:4f:a3:14:3b:6c:cd:02:64:
                    1d:78:c4:bd:c2:3e:59:25:b0:9a:c4:36:30:7e:d3:
                    8f:17:01:0a:8e:26:70:f3:8f:3f:dc:d5:6a:fe:09:
                    c4:d6:94:c0:6d:e6:c5:6e:20:b2:30:3f:06:8d:e4:
                    50:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:84:41:2E:D0:FD:37:BC:D1:05:5C:AF:BF:A0:A2:65:8E:6B:17:3A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qoRBLtD9N7zRBVyvv6CiZY5rFzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:4a:04:0c:2f:61:50:0c:20:7b:61:a8:28:ae:ee:36:f3:5c:
         2b:be:42:b1:f3:e2:aa:1e:d8:81:ec:f9:cd:4a:88:6a:7f:1c:
         37:4d:7f:e2:b3:af:18:0e:ba:25:68:32:f8:25:d1:30:b2:f2:
         ce:13:2d:bc:90:d6:77:1f:8a:68:17:ec:b2:be:a9:ce:0c:eb:
         ea:09:49:93:56:03:85:eb:70:8f:c2:bf:25:b0:94:c4:e7:a3:
         b5:b6:2b:19:fc:c6:d3:ab:da:b2:08:9a:26:69:38:1f:df:6b:
         ca:27:d8:23:bc:dc:4e:00:7d:a9:49:ee:9c:c5:b7:f9:e2:4f:
         11:b2:99:f7:c3:a2:7a:e5:d0:eb:3a:1a:f2:5f:56:33:3c:88:
         6f:8b:15:b1:5e:11:66:2f:b0:ca:b1:7c:8c:87:3d:cc:b7:9d:
         32:b3:35:ff:ca:b9:44:9a:02:8f:40:6a:21:bb:0d:5e:07:ad:
         03:fa:7b:11:51:ef:a3:25:70:c8:52:88:15:c5:09:94:4c:99:
         59:de:4d:84:78:39:40:49:b6:a6:d2:e9:a4:c3:63:9d:2f:af:
         16:69:db:fa:c1:9d:0a:1a:60:15:69:bb:2e:87:a4:3e:d0:14:
         92:66:8d:a4:6b:4d:44:38:54:d0:4c:66:59:00:ce:bb:48:6f:
         bf:ac:ee:82
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYccjS3GGZz2MSbTQNMoSjPfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI2MDYxMzQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTg0NDEyZWQwZmQzN2JjZDEwNTVjYWZiZmEwYTI2NThlNmIxNzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArseO3m2ZmmBH02BhNKmLI3a9km77
yy+nHnOzwGdhJTxsQYkkpb2Cf3dmVSQ3D8keux9sOOuYIJ3bQ/NeipvYUVzsXgb0
+61WDqA7EthIWJwV+R/7aGrrTFMkXxpyZV+7Dq+PE9HAuZPV/ZLkNko+WHsSL7s4
iCUzviYiqnPMZmcQ+rjslkGijPZUZP5HM+zJ1+XM8iIOimubBQxYXK6aMOQyCHrk
N8L0RMsj4YVtRitqsdYySGDQ0b8VsjemeqbtbfELLtZI0gzVT6MUO2zNAmQdeMS9
wj5ZJbCaxDYwftOPFwEKjiZw848/3NVq/gnE1pTAbebFbiCyMD8GjeRQswIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKqEQS7Q/Te80QVcr7+gomWOaxc6MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcW9SQkx0RDlON3pSQlZ5dnY2Q2laWTVyRnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK5KBAwvYVAMIHthqCiu
7jbzXCu+QrHz4qoe2IHs+c1KiGp/HDdNf+KzrxgOuiVoMvgl0TCy8s4TLbyQ1ncf
imgX7LK+qc4M6+oJSZNWA4XrcI/CvyWwlMTno7W2Kxn8xtOr2rIImiZpOB/fa8on
2CO83E4AfalJ7pzFt/niTxGymffDonrl0Os6GvJfVjM8iG+LFbFeEWYvsMqxfIyH
Pcy3nTKzNf/KuUSaAo9AaiG7DV4HrQP6exFR76MlcMhSiBXFCZRMmVneTYR4OUBJ
tqbS6aTDY50vrxZp2/rBnQoaYBVpuy6HpD7QFJJmjaRrTUQ4VNBMZlkAzrtIb7+s
7oI=
-----END CERTIFICATE-----