Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q-MK84YPC2xScMSi1NjwPHs9_Ks.roa
File:                     Q-MK84YPC2xScMSi1NjwPHs9_Ks.roa (raw, json)
Hash identifier:          KrFe+ybY9soYTLGpqRxRTbJyzGQGqQkcEaLLwXfZNPo=
Subject key identifier:   43:E3:0A:F3:86:0F:0B:6C:52:70:C4:A2:D4:D8:F0:3C:7B:3D:FC:AB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018952D3AD289ACB8EA4FA03B46B728953F2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q-MK84YPC2xScMSi1NjwPHs9_Ks.roa
Signing time:             Fri 14 Jul 2023 05:15:51 +0000
ROA not before:           Fri 14 Jul 2023 05:15:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:52:d3:ad:28:9a:cb:8e:a4:fa:03:b4:6b:72:89:53:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 14 05:15:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=43e30af3860f0b6c5270c4a2d4d8f03c7b3dfcab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4f:ad:e4:2b:c5:34:5b:08:90:c9:f7:a3:75:
                    60:02:16:72:32:77:e1:70:b6:e0:92:4d:01:f7:5d:
                    40:0b:b8:2d:83:f8:24:d4:fa:c2:81:47:65:06:2d:
                    0d:e8:73:4e:a4:fc:46:e2:6e:b1:70:e1:31:17:65:
                    99:a3:fc:78:02:d8:61:f3:5b:6d:4d:58:2a:3b:79:
                    ca:68:b2:aa:07:89:ca:9c:b3:a4:c4:d7:ba:9c:be:
                    54:11:ba:04:e8:09:84:f8:44:e8:f2:5c:10:c0:b7:
                    44:01:86:c5:5a:bb:9c:65:d4:8c:d8:e8:47:6f:35:
                    b7:94:3b:26:3e:80:98:5e:5a:7e:85:da:16:e2:ec:
                    00:fa:5c:b7:4f:2a:c9:4c:f9:92:29:3b:db:c5:25:
                    37:01:4f:23:2c:59:80:5b:23:8e:d2:bf:7e:33:14:
                    25:8e:41:25:0d:1b:42:f0:30:af:3e:e1:71:6a:86:
                    46:9b:48:59:c3:95:05:22:7d:48:d1:d8:bf:8b:5c:
                    5f:99:17:bd:68:6d:09:78:b2:b9:09:94:95:c9:2e:
                    5a:fa:e5:13:68:4b:33:7f:ba:c5:74:d4:ba:b1:20:
                    b8:81:6f:18:bd:8d:4a:5d:15:3e:c5:02:cd:3a:c3:
                    4f:cf:e7:f2:24:a9:84:a1:9e:f8:5c:ba:fa:6d:09:
                    f3:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E3:0A:F3:86:0F:0B:6C:52:70:C4:A2:D4:D8:F0:3C:7B:3D:FC:AB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q-MK84YPC2xScMSi1NjwPHs9_Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:93:fd:47:51:c9:ab:32:dd:3b:87:09:50:81:37:89:11:98:
         72:77:b3:7b:44:6a:5a:9e:b4:c7:81:1b:8c:ab:9b:55:ba:36:
         b4:65:5e:32:0a:19:0e:fc:47:d4:ff:e4:65:1c:db:c7:32:c2:
         56:3c:f8:42:16:da:0b:ea:1b:ec:be:e8:f6:6c:24:73:bb:40:
         e8:17:14:82:6d:5f:b3:95:49:a1:f4:61:78:90:1b:52:aa:5a:
         c3:cb:55:1b:d2:ee:01:82:d9:2f:70:e4:14:d6:f7:0e:a3:c7:
         4a:8c:a7:80:82:3c:42:21:66:93:27:ec:07:94:ac:f8:fe:40:
         83:07:64:19:2c:b6:f3:4d:a5:1e:8f:1b:37:eb:dd:61:3a:89:
         58:f5:dc:c9:dd:92:62:42:c3:d3:b4:bc:a9:d7:81:f4:bb:b4:
         1c:7f:3b:e9:1b:8a:f8:c8:54:2c:5b:4e:90:0d:07:54:74:4a:
         b8:13:63:a5:82:f6:b0:14:47:46:74:2c:80:72:02:1c:d2:53:
         37:48:31:b1:61:41:74:15:19:d6:3e:2a:f7:7d:2e:7e:4c:03:
         02:67:3a:32:ff:e2:f2:23:cf:2a:be:aa:82:65:8f:e7:e3:e2:
         76:99:2b:e1:fb:82:1e:c7:b0:a5:3d:bf:9d:33:03:bc:9e:83:
         e5:a3:1f:81
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlS060omsuOpPoDtGtyiVPyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE0MDUxNTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2UzMGFmMzg2MGYwYjZjNTI3MGM0YTJkNGQ4ZjAzYzdiM2RmY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAik+t5CvFNFsIkMn3o3VgAhZyMnfh
cLbgkk0B911AC7gtg/gk1PrCgUdlBi0N6HNOpPxG4m6xcOExF2WZo/x4Athh81tt
TVgqO3nKaLKqB4nKnLOkxNe6nL5UEboE6AmE+ETo8lwQwLdEAYbFWrucZdSM2OhH
bzW3lDsmPoCYXlp+hdoW4uwA+ly3TyrJTPmSKTvbxSU3AU8jLFmAWyOO0r9+MxQl
jkElDRtC8DCvPuFxaoZGm0hZw5UFIn1I0di/i1xfmRe9aG0JeLK5CZSVyS5a+uUT
aEszf7rFdNS6sSC4gW8YvY1KXRU+xQLNOsNPz+fyJKmEoZ74XLr6bQnz3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEPjCvOGDwtsUnDEotTY8Dx7PfyrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUS1NSzg0WVBDMnhTY01TaTFOandQSHM5X0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGuT/UdRyasy3TuHCVCB
N4kRmHJ3s3tEalqetMeBG4yrm1W6NrRlXjIKGQ78R9T/5GUc28cywlY8+EIW2gvq
G+y+6PZsJHO7QOgXFIJtX7OVSaH0YXiQG1KqWsPLVRvS7gGC2S9w5BTW9w6jx0qM
p4CCPEIhZpMn7AeUrPj+QIMHZBkstvNNpR6PGzfr3WE6iVj13MndkmJCw9O0vKnX
gfS7tBx/O+kbivjIVCxbTpANB1R0SrgTY6WC9rAUR0Z0LIByAhzSUzdIMbFhQXQV
GdY+Kvd9Ln5MAwJnOjL/4vIjzyq+qoJlj+fj4naZK+H7gh7HsKU9v50zA7yeg+Wj
H4E=
-----END CERTIFICATE-----