Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MR1QLOcIB2HAU8PfwoQb2LDrQmA.roa
File:                     MR1QLOcIB2HAU8PfwoQb2LDrQmA.roa (raw, json)
Hash identifier:          lQzp7J3gbhUvJ79vx6KgTqluBdIOKj+TZawXjvomQLw=
Subject key identifier:   31:1D:50:2C:E7:08:07:61:C0:53:C3:DF:C2:84:1B:D8:B0:EB:42:60
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01871540955C6E4D87C54C5AD622BA48A8C8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MR1QLOcIB2HAU8PfwoQb2LDrQmA.roa
Signing time:             Fri 24 Mar 2023 20:12:46 +0000
ROA not before:           Fri 24 Mar 2023 20:12:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:15:40:95:5c:6e:4d:87:c5:4c:5a:d6:22:ba:48:a8:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 24 20:12:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=311d502ce7080761c053c3dfc2841bd8b0eb4260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:bd:1a:a8:a1:1b:90:77:b0:fd:5f:2f:71:25:
                    e7:00:a5:9e:e6:fc:05:d7:16:72:31:f1:ab:e8:e2:
                    73:21:3a:14:e6:c6:38:9b:60:46:9c:af:72:46:0f:
                    c0:e0:fe:a9:0e:ad:3b:64:9c:ab:af:50:fc:57:dd:
                    2b:5f:50:9f:ef:40:be:37:89:52:d0:87:cc:91:a0:
                    d0:0e:83:eb:17:7f:4b:75:6e:ad:6d:16:d3:2d:8f:
                    04:38:d6:35:22:79:6e:e5:c3:84:9e:13:cd:cc:87:
                    48:a4:14:46:03:42:60:ad:62:c4:f7:a0:77:9d:93:
                    88:66:50:c8:dc:04:1b:f4:0c:80:21:85:7e:57:e5:
                    7f:4a:70:d3:85:d7:d8:19:93:2a:24:94:cd:4d:a7:
                    82:9e:fb:b1:80:a2:8e:34:8b:6e:9f:33:7f:a2:07:
                    54:82:86:7f:43:e6:43:58:33:ae:2d:58:89:d8:02:
                    8d:52:5f:da:de:89:06:c5:a1:98:7b:3b:4e:f5:fb:
                    ae:fd:29:3f:e2:ab:1c:81:32:72:f7:a2:d6:8a:46:
                    ef:d6:43:11:f8:c0:d6:cb:2c:83:ea:1f:4f:27:cc:
                    b1:1c:8e:df:e4:ff:83:dd:33:1f:22:0a:bf:f8:58:
                    2d:7e:48:64:55:f4:d9:8a:e8:d3:3b:06:08:b3:e7:
                    89:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:1D:50:2C:E7:08:07:61:C0:53:C3:DF:C2:84:1B:D8:B0:EB:42:60
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MR1QLOcIB2HAU8PfwoQb2LDrQmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:d5:91:3f:f5:30:09:f3:75:3d:40:6f:00:07:d6:8e:55:a0:
         a9:a3:16:c7:b8:e7:57:0b:54:48:44:c3:e3:3c:54:8e:54:f9:
         2e:6f:31:7f:fa:0f:be:e5:93:c5:19:a3:9b:a3:aa:94:46:ab:
         bf:f9:08:39:f6:34:25:9d:f7:a3:56:65:47:f9:58:5b:16:ab:
         45:ae:50:ab:3c:41:4f:87:f5:5c:89:5b:e4:35:a3:e5:83:5d:
         15:ce:f1:1c:46:cb:dd:bf:f9:5c:8c:df:9f:4e:57:37:cf:db:
         35:04:a9:29:b8:23:e8:90:b0:15:8b:c4:c9:e1:81:7d:5a:a7:
         5d:1c:6c:c8:94:1d:6e:09:ee:58:de:ec:85:07:4c:1d:b3:e5:
         cc:72:de:9f:99:3d:6b:5e:2f:21:f6:fb:db:02:ae:33:56:cf:
         93:50:0e:6b:f9:67:ef:32:36:f5:ba:08:32:bc:1c:25:f1:0c:
         b2:dc:ef:8f:53:fe:69:c3:0d:8e:17:ea:ad:50:28:f3:d8:09:
         d2:2d:49:50:12:f5:54:f0:c1:28:33:04:26:2e:56:55:f2:fb:
         78:0f:bf:15:61:e3:ec:62:27:d4:3a:db:d2:00:cb:0c:ae:5a:
         32:c6:e0:38:b7:de:a9:0d:c8:7e:8a:2f:dc:7a:4f:1b:4b:e9:
         75:0e:a7:2c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcVQJVcbk2HxUxa1iK6SKjIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI0MjAxMjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTFkNTAyY2U3MDgwNzYxYzA1M2MzZGZjMjg0MWJkOGIwZWI0MjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmL0aqKEbkHew/V8vcSXnAKWe5vwF
1xZyMfGr6OJzIToU5sY4m2BGnK9yRg/A4P6pDq07ZJyrr1D8V90rX1Cf70C+N4lS
0IfMkaDQDoPrF39LdW6tbRbTLY8EONY1Inlu5cOEnhPNzIdIpBRGA0JgrWLE96B3
nZOIZlDI3AQb9AyAIYV+V+V/SnDThdfYGZMqJJTNTaeCnvuxgKKONItunzN/ogdU
goZ/Q+ZDWDOuLViJ2AKNUl/a3okGxaGYeztO9fuu/Sk/4qscgTJy96LWikbv1kMR
+MDWyyyD6h9PJ8yxHI7f5P+D3TMfIgq/+FgtfkhkVfTZiujTOwYIs+eJ7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDEdUCznCAdhwFPD38KEG9iw60JgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTVIxUUxPY0lCMkhBVThQZndvUWIyTERyUW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIHVkT/1MAnzdT1AbwAH
1o5VoKmjFse451cLVEhEw+M8VI5U+S5vMX/6D77lk8UZo5ujqpRGq7/5CDn2NCWd
96NWZUf5WFsWq0WuUKs8QU+H9VyJW+Q1o+WDXRXO8RxGy92/+VyM359OVzfP2zUE
qSm4I+iQsBWLxMnhgX1ap10cbMiUHW4J7lje7IUHTB2z5cxy3p+ZPWteLyH2+9sC
rjNWz5NQDmv5Z+8yNvW6CDK8HCXxDLLc749T/mnDDY4X6q1QKPPYCdItSVAS9VTw
wSgzBCYuVlXy+3gPvxVh4+xiJ9Q629IAywyuWjLG4Di33qkNyH6KL9x6TxtL6XUO
pyw=
-----END CERTIFICATE-----