Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qzWCMCktOY44DPHg32ZtSpbSglw.roa
File:                     qzWCMCktOY44DPHg32ZtSpbSglw.roa (raw, json)
Hash identifier:          7W0uZOa+26gMw/hBo/ocQnOVf9mk1AfJtDxpUj+NMgA=
Subject key identifier:   AB:35:82:30:29:2D:39:8E:38:0C:F1:E0:DF:66:6D:4A:96:D2:82:5C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187EABF8331521AC6DDA1B0AE6AA8D2F442
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qzWCMCktOY44DPHg32ZtSpbSglw.roa
Signing time:             Fri 05 May 2023 07:10:32 +0000
ROA not before:           Fri 05 May 2023 07:10:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ea:bf:83:31:52:1a:c6:dd:a1:b0:ae:6a:a8:d2:f4:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  5 07:10:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ab358230292d398e380cf1e0df666d4a96d2825c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:0e:ad:01:6a:03:5f:17:1c:4d:d1:d8:f9:b4:
                    4d:9a:8c:99:52:a0:a9:5d:61:71:df:a4:09:69:fb:
                    05:25:89:a6:01:bd:d0:5d:9f:86:63:34:ea:a5:67:
                    63:78:74:df:0a:39:1c:5a:b9:d7:61:08:54:ee:2f:
                    b4:8c:88:ff:bc:7e:48:b3:16:3b:d8:13:82:be:2d:
                    ef:44:5e:8d:38:fd:37:00:0f:72:78:5d:87:f2:2c:
                    ed:1f:37:4e:41:ad:6d:5f:76:46:95:84:73:2d:57:
                    05:41:b6:bb:95:94:25:09:cf:13:7e:0c:80:67:6e:
                    c5:86:91:84:d7:58:41:cf:40:f9:28:89:19:6c:76:
                    ec:64:38:5b:17:84:0e:aa:a2:8c:f9:c5:89:05:14:
                    23:3d:c1:27:24:90:50:9f:e3:8e:dd:dc:5b:18:00:
                    bf:dc:a4:e4:7a:91:76:ec:d7:3a:a0:71:c1:5f:19:
                    7f:0d:38:e9:25:7c:93:74:9d:95:78:6e:1c:40:59:
                    03:d5:c5:a9:e1:5a:55:1c:d7:9d:97:ee:13:ac:76:
                    1a:23:08:51:d5:38:38:ae:75:47:85:e5:a2:ac:93:
                    86:c3:3a:22:6b:56:03:fc:78:e3:60:f3:cd:eb:4f:
                    5f:ef:4f:6c:02:16:f3:fe:05:e3:ad:51:61:f9:eb:
                    01:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:35:82:30:29:2D:39:8E:38:0C:F1:E0:DF:66:6D:4A:96:D2:82:5C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qzWCMCktOY44DPHg32ZtSpbSglw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:c6:b1:c1:f3:9a:dd:91:5a:4d:b2:58:b7:42:e4:5c:d4:23:
         cc:eb:6d:a6:07:87:3f:42:31:e0:81:9a:1b:dd:e7:46:35:26:
         f2:3c:d4:77:8a:e0:45:65:b5:53:e6:76:aa:f1:2d:a1:4e:46:
         81:15:7f:4c:39:a1:d6:41:63:2e:41:4d:74:1f:17:56:39:ca:
         5d:00:1e:c4:a1:7e:57:33:22:88:31:9f:80:6a:bf:eb:32:a1:
         b4:06:20:ae:01:f1:2e:1c:ad:fd:a7:6f:df:60:d8:33:36:0e:
         a4:37:0c:e2:d9:7f:73:86:e5:12:6b:97:c9:7d:91:a8:d0:60:
         6b:c1:b5:ed:d6:ca:12:dd:97:e3:a4:77:25:ab:fe:a7:3a:37:
         f2:f4:7a:b4:44:ec:11:47:83:4a:3e:05:e0:a2:dc:e1:69:8c:
         c2:df:7e:45:63:dc:b1:6c:20:75:3f:11:6b:5d:2c:f7:0f:d9:
         36:a1:68:55:62:9c:6c:88:03:f5:98:a6:e2:09:26:aa:f0:80:
         20:9a:8c:e7:87:f9:72:b9:c1:04:d4:98:dd:1a:4c:89:21:12:
         d3:86:0e:8a:cf:56:6f:94:b4:e5:96:13:9b:29:03:f7:9b:fc:
         0c:d2:9e:0c:79:d8:4f:ff:f8:f2:5b:db:66:7a:19:18:40:d6:
         e0:b3:69:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfqv4MxUhrG3aGwrmqo0vRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA1MDcxMDMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjM1ODIzMDI5MmQzOThlMzgwY2YxZTBkZjY2NmQ0YTk2ZDI4MjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQ6tAWoDXxccTdHY+bRNmoyZUqCp
XWFx36QJafsFJYmmAb3QXZ+GYzTqpWdjeHTfCjkcWrnXYQhU7i+0jIj/vH5IsxY7
2BOCvi3vRF6NOP03AA9yeF2H8iztHzdOQa1tX3ZGlYRzLVcFQba7lZQlCc8TfgyA
Z27FhpGE11hBz0D5KIkZbHbsZDhbF4QOqqKM+cWJBRQjPcEnJJBQn+OO3dxbGAC/
3KTkepF27Nc6oHHBXxl/DTjpJXyTdJ2VeG4cQFkD1cWp4VpVHNedl+4TrHYaIwhR
1Tg4rnVHheWirJOGwzoia1YD/HjjYPPN609f709sAhbz/gXjrVFh+esBOwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKs1gjApLTmOOAzx4N9mbUqW0oJcMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcXpXQ01Da3RPWTQ0RFBIZzMyWnRTcGJTZ2x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALDGscHzmt2RWk2yWLdC
5FzUI8zrbaYHhz9CMeCBmhvd50Y1JvI81HeK4EVltVPmdqrxLaFORoEVf0w5odZB
Yy5BTXQfF1Y5yl0AHsShflczIogxn4Bqv+syobQGIK4B8S4crf2nb99g2DM2DqQ3
DOLZf3OG5RJrl8l9kajQYGvBte3WyhLdl+OkdyWr/qc6N/L0erRE7BFHg0o+BeCi
3OFpjMLffkVj3LFsIHU/EWtdLPcP2TahaFVinGyIA/WYpuIJJqrwgCCajOeH+XK5
wQTUmN0aTIkhEtOGDorPVm+UtOWWE5spA/eb/AzSngx52E//+PJb22Z6GRhA1uCz
acM=
-----END CERTIFICATE-----