Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q1X64DpbycsxOFYeTVBHW2bI9rE.roa
File:                     Q1X64DpbycsxOFYeTVBHW2bI9rE.roa (raw, json)
Hash identifier:          5t4AQmxHrhov3YfeA68Cf7DkiDuA9Mm79pBQQx592WE=
Subject key identifier:   43:55:FA:E0:3A:5B:C9:CB:31:38:56:1E:4D:50:47:5B:66:C8:F6:B1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018763C6C24309E75B0B72F2973252DFFE3D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q1X64DpbycsxOFYeTVBHW2bI9rE.roa
Signing time:             Sun 09 Apr 2023 02:09:42 +0000
ROA not before:           Sun 09 Apr 2023 02:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:63:c6:c2:43:09:e7:5b:0b:72:f2:97:32:52:df:fe:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  9 02:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4355fae03a5bc9cb3138561e4d50475b66c8f6b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ec:4b:71:4a:9b:85:d1:26:29:9c:fc:c7:06:
                    02:ff:bc:bb:12:03:bf:f0:47:e5:ca:20:31:33:30:
                    bb:12:91:3e:3c:db:6c:e1:c9:aa:d6:66:0c:bb:5a:
                    17:e1:0a:fa:70:0e:53:2b:7d:e5:d0:2f:ea:7a:ab:
                    4d:46:71:f0:7a:37:30:71:51:41:fd:9f:47:b2:92:
                    c4:4a:a7:da:b3:a3:1a:84:aa:eb:ee:1e:4f:6c:b2:
                    e5:99:9f:3e:6f:73:87:b3:1e:73:60:65:bf:48:67:
                    54:1f:60:e0:8f:18:c1:54:0f:9e:c2:65:f4:fc:b9:
                    db:96:87:b4:1c:6c:d8:33:c2:7c:e9:4a:d1:92:aa:
                    66:a6:0a:0e:15:9e:22:76:e2:f7:54:87:bd:10:5d:
                    3c:45:88:9c:f7:df:93:37:33:ab:46:9e:38:65:cb:
                    3d:8d:80:f6:6e:af:98:e2:19:a0:b3:e3:d1:30:b6:
                    43:a8:fe:85:8f:28:85:03:b7:de:16:45:f5:e5:32:
                    cb:6b:3a:28:c2:5d:97:f3:32:33:69:63:5c:a9:24:
                    52:55:f1:6b:a0:12:97:18:71:9c:4a:36:0d:f2:9a:
                    36:01:8b:97:f0:c6:56:ab:72:be:31:d7:3d:1d:01:
                    f4:bd:b5:b1:de:16:19:b8:f2:73:cf:2f:12:d6:c4:
                    8d:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:55:FA:E0:3A:5B:C9:CB:31:38:56:1E:4D:50:47:5B:66:C8:F6:B1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Q1X64DpbycsxOFYeTVBHW2bI9rE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:93:53:46:d0:e1:fe:30:2c:f7:75:82:20:68:5a:db:cd:3a:
         e1:35:10:37:38:3f:8a:cf:74:b2:6d:55:ba:3b:fc:68:42:19:
         90:2c:69:c6:38:78:f2:af:a0:ce:53:48:55:e5:e4:23:f1:7d:
         cd:4b:94:44:ce:27:04:de:f9:98:58:e4:50:5c:82:23:74:97:
         13:02:65:0a:f3:84:26:dc:e1:35:78:3e:25:bc:14:3b:50:83:
         51:7b:84:72:43:cd:29:95:f2:93:5c:e8:d9:f3:83:cd:81:9e:
         2c:b1:90:dd:40:eb:d3:46:bb:41:db:8c:e2:de:fa:ce:ea:24:
         8d:26:9a:a1:86:1e:c2:00:bf:cc:88:d9:13:75:ad:07:e7:10:
         73:85:05:38:10:61:8c:73:df:61:6d:40:69:99:65:e2:cb:08:
         fe:6e:67:26:38:93:6b:05:09:9a:d7:d2:40:1d:a3:2b:c8:5f:
         f4:70:ca:a0:c1:bd:0d:64:e4:eb:ae:b7:00:20:53:18:b7:5c:
         66:0c:f2:87:e6:f0:03:4c:a9:6a:5c:00:80:79:a6:8c:16:25:
         c2:af:62:3b:48:a7:1f:5a:2d:2f:0a:75:bd:16:3a:03:8a:d0:
         d5:2c:91:b9:5d:de:ba:54:9e:32:56:fd:cc:60:01:b4:64:0f:
         f9:21:1e:8d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdjxsJDCedbC3LylzJS3/49MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA5MDIwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzU1ZmFlMDNhNWJjOWNiMzEzODU2MWU0ZDUwNDc1YjY2YzhmNmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApexLcUqbhdEmKZz8xwYC/7y7EgO/
8EflyiAxMzC7EpE+PNts4cmq1mYMu1oX4Qr6cA5TK33l0C/qeqtNRnHwejcwcVFB
/Z9HspLESqfas6MahKrr7h5PbLLlmZ8+b3OHsx5zYGW/SGdUH2DgjxjBVA+ewmX0
/Lnbloe0HGzYM8J86UrRkqpmpgoOFZ4iduL3VIe9EF08RYic99+TNzOrRp44Zcs9
jYD2bq+Y4hmgs+PRMLZDqP6FjyiFA7feFkX15TLLazoowl2X8zIzaWNcqSRSVfFr
oBKXGHGcSjYN8po2AYuX8MZWq3K+Mdc9HQH0vbWx3hYZuPJzzy8S1sSNpQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFENV+uA6W8nLMThWHk1QR1tmyPaxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUTFYNjREcGJ5Y3N4T0ZZZVRWQkhXMmJJOXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAByTU0bQ4f4wLPd1giBo
WtvNOuE1EDc4P4rPdLJtVbo7/GhCGZAsacY4ePKvoM5TSFXl5CPxfc1LlETOJwTe
+ZhY5FBcgiN0lxMCZQrzhCbc4TV4PiW8FDtQg1F7hHJDzSmV8pNc6Nnzg82Bniyx
kN1A69NGu0HbjOLe+s7qJI0mmqGGHsIAv8yI2RN1rQfnEHOFBTgQYYxz32FtQGmZ
ZeLLCP5uZyY4k2sFCZrX0kAdoyvIX/RwyqDBvQ1k5OuutwAgUxi3XGYM8ofm8ANM
qWpcAIB5powWJcKvYjtIpx9aLS8Kdb0WOgOK0NUskbld3rpUnjJW/cxgAbRkD/kh
Ho0=
-----END CERTIFICATE-----