Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EEaqmOuMX2H5SDmowVrE3UmqcFk.roa
File:                     EEaqmOuMX2H5SDmowVrE3UmqcFk.roa (raw, json)
Hash identifier:          fCgd8fLVziiOnaUEpxU6LPh0PZwC3gkbHH0MGUMBhcc=
Subject key identifier:   10:46:AA:98:EB:8C:5F:61:F9:48:39:A8:C1:5A:C4:DD:49:AA:70:59
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188435D4044A8124B18FE8196ED17CD9324
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EEaqmOuMX2H5SDmowVrE3UmqcFk.roa
Signing time:             Mon 22 May 2023 12:09:24 +0000
ROA not before:           Mon 22 May 2023 12:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:43:5d:40:44:a8:12:4b:18:fe:81:96:ed:17:cd:93:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 22 12:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1046aa98eb8c5f61f94839a8c15ac4dd49aa7059
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:4b:47:f9:31:26:9b:9e:8a:a7:79:8e:04:4e:
                    79:de:cc:37:ce:17:8e:8d:41:07:72:11:a1:98:64:
                    f0:8b:7e:c2:f5:31:be:76:84:0a:88:f4:64:d9:a4:
                    cd:41:9c:fd:b6:84:2c:92:ac:b1:7b:86:50:3f:89:
                    26:e8:18:35:1c:f0:30:e1:55:e4:2c:f2:d1:4a:fc:
                    2d:3d:29:f2:d6:68:74:72:68:fc:39:a9:a0:2e:b3:
                    6d:fc:dc:b1:73:22:7c:a2:42:ba:b9:55:6e:0a:41:
                    2a:d1:6b:50:3f:bd:02:8a:a6:5f:8a:1f:b1:e4:c1:
                    65:3c:0e:1b:8b:09:d0:3d:3b:9a:15:31:96:01:ec:
                    ac:dd:4e:fe:4e:7e:ae:e5:b8:d7:9b:5f:68:7d:be:
                    27:a8:ac:59:6b:bc:2c:60:26:5d:0e:f3:c9:71:50:
                    da:9b:c0:e1:de:fd:14:2e:aa:6d:cd:3d:42:97:69:
                    2f:df:be:21:07:30:0f:44:92:43:aa:44:a6:10:87:
                    6c:b9:9d:12:aa:b1:f3:7b:f9:f5:ad:a0:20:96:a8:
                    1c:f4:e8:54:d5:f4:37:a2:7e:26:ef:11:e2:38:0c:
                    db:64:12:ac:22:13:2c:27:bc:dc:85:b2:81:16:41:
                    90:bb:b8:01:cf:72:de:84:01:79:46:28:59:5a:04:
                    d0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:46:AA:98:EB:8C:5F:61:F9:48:39:A8:C1:5A:C4:DD:49:AA:70:59
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/EEaqmOuMX2H5SDmowVrE3UmqcFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:4c:e6:28:85:ff:ed:0f:d9:1e:ab:1d:7a:4e:1f:d1:39:bd:
         83:4d:3d:b0:69:47:42:36:00:b3:1b:43:55:d5:3b:43:95:66:
         14:dd:46:2a:c2:8e:74:f5:95:07:f3:11:17:47:44:db:c3:50:
         df:72:43:d5:5e:f4:9e:23:9c:99:8f:17:c7:22:68:71:75:24:
         54:06:92:1d:50:42:58:5c:1c:e6:6e:a1:7a:ba:da:b2:15:e5:
         e3:a7:49:e5:18:c0:ca:64:4f:04:4d:fe:c3:d1:f7:9a:71:45:
         d8:98:5d:01:81:f7:f7:ac:03:71:ef:3f:e8:d5:d7:a7:6e:2f:
         33:c7:dc:27:b2:b9:99:16:9d:bc:a3:7e:0d:0a:eb:94:ef:2b:
         c1:b7:c6:de:be:33:76:ab:54:cd:bd:01:ab:e9:50:b4:38:75:
         38:88:6c:0a:ed:71:ce:89:11:ad:09:ab:23:c0:87:bc:79:03:
         a0:29:fe:9c:ac:9c:00:05:7a:54:d6:b1:a8:86:fb:2f:64:fb:
         b8:a0:8b:d9:86:53:11:75:7c:38:3d:5a:91:50:38:1c:7c:6e:
         8a:ac:29:51:a8:51:53:b0:25:59:91:25:22:cc:e8:87:53:fa:
         67:48:d5:7f:ae:68:10:98:fb:bd:ca:a3:69:2d:c0:a7:0a:c5:
         42:a3:d4:60
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhDXUBEqBJLGP6Blu0XzZMkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIyMTIwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDQ2YWE5OGViOGM1ZjYxZjk0ODM5YThjMTVhYzRkZDQ5YWE3MDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgktH+TEmm56Kp3mOBE553sw3zheO
jUEHchGhmGTwi37C9TG+doQKiPRk2aTNQZz9toQskqyxe4ZQP4km6Bg1HPAw4VXk
LPLRSvwtPSny1mh0cmj8OamgLrNt/NyxcyJ8okK6uVVuCkEq0WtQP70CiqZfih+x
5MFlPA4biwnQPTuaFTGWAeys3U7+Tn6u5bjXm19ofb4nqKxZa7wsYCZdDvPJcVDa
m8Dh3v0ULqptzT1Cl2kv374hBzAPRJJDqkSmEIdsuZ0SqrHze/n1raAglqgc9OhU
1fQ3on4m7xHiOAzbZBKsIhMsJ7zchbKBFkGQu7gBz3LehAF5RihZWgTQVQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBBGqpjrjF9h+Ug5qMFaxN1JqnBZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRUVhcW1PdU1YMkg1U0Rtb3dWckUzVW1xY0ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE1M5iiF/+0P2R6rHXpO
H9E5vYNNPbBpR0I2ALMbQ1XVO0OVZhTdRirCjnT1lQfzERdHRNvDUN9yQ9Ve9J4j
nJmPF8ciaHF1JFQGkh1QQlhcHOZuoXq62rIV5eOnSeUYwMpkTwRN/sPR95pxRdiY
XQGB9/esA3HvP+jV16duLzPH3CeyuZkWnbyjfg0K65TvK8G3xt6+M3arVM29Aavp
ULQ4dTiIbArtcc6JEa0JqyPAh7x5A6Ap/pysnAAFelTWsaiG+y9k+7igi9mGUxF1
fDg9WpFQOBx8boqsKVGoUVOwJVmRJSLM6IdT+mdI1X+uaBCY+73Ko2ktwKcKxUKj
1GA=
-----END CERTIFICATE-----