Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QFualrEXShi_bNoLRmc2CDCmpNA.roa
File:                     QFualrEXShi_bNoLRmc2CDCmpNA.roa (raw, json)
Hash identifier:          Lazwu5v6MFArfqOotRIzSh1BYaaARVqbrwDJv/JzOKw=
Subject key identifier:   40:5B:9A:96:B1:17:4A:18:BF:6C:DA:0B:46:67:36:08:30:A6:A4:D0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188BDADCB26662786F2D1812C5EAB20ACCF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QFualrEXShi_bNoLRmc2CDCmpNA.roa
Signing time:             Thu 15 Jun 2023 06:11:03 +0000
ROA not before:           Thu 15 Jun 2023 06:11:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:bd:ad:cb:26:66:27:86:f2:d1:81:2c:5e:ab:20:ac:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 15 06:11:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=405b9a96b1174a18bf6cda0b4667360830a6a4d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fd:f8:93:bc:a9:14:00:ec:7b:3a:47:e2:38:
                    e8:59:39:c4:b5:31:d8:fb:b3:6a:56:08:7a:67:b3:
                    cf:d3:19:b1:a9:2a:d4:e0:5b:9d:e3:96:6e:8b:66:
                    06:57:08:00:0d:ec:2b:b0:d2:e7:a8:f9:ec:ef:8c:
                    6c:c7:b6:7b:a6:e8:9d:cb:5f:f5:b5:79:12:40:a8:
                    50:de:76:86:cf:54:64:65:f3:89:c2:34:69:23:71:
                    73:70:33:69:a1:98:f9:9b:37:85:ad:7e:e8:19:78:
                    38:f8:0b:3e:f2:4e:c9:9d:6c:7e:6d:72:b0:0c:2e:
                    7b:cf:e2:92:51:68:8e:84:af:72:0f:90:80:e1:f4:
                    54:ca:4b:a9:00:21:60:e5:91:0e:63:52:0a:6b:fb:
                    2c:d1:88:39:13:d6:f6:85:82:a4:26:8d:66:ce:8d:
                    db:c1:fb:74:26:a7:6e:7d:9d:71:b5:be:50:ab:66:
                    13:24:8a:53:24:b6:88:ba:ee:ca:93:89:c9:f9:3d:
                    fe:ed:d2:af:4d:53:25:a1:a2:77:47:32:f2:3e:91:
                    92:72:f0:61:f5:65:fd:12:36:5f:05:fd:66:4c:18:
                    09:30:1b:ce:e4:d0:5d:f9:b9:cd:f2:74:9d:8c:94:
                    00:99:f4:5f:cb:67:79:e3:95:81:87:f9:a7:6f:e6:
                    0e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:5B:9A:96:B1:17:4A:18:BF:6C:DA:0B:46:67:36:08:30:A6:A4:D0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QFualrEXShi_bNoLRmc2CDCmpNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:20:ef:a9:e8:01:0d:f9:64:13:71:62:3d:16:4f:49:6e:1c:
         3e:58:b9:52:1c:27:49:75:61:3e:0e:df:1a:81:0b:72:42:d7:
         6f:de:75:28:19:5a:b1:14:f6:f2:98:6c:8d:80:5d:fa:4a:19:
         4f:84:48:e3:ea:36:d5:b0:f2:f7:b6:de:87:9b:cc:b0:60:a9:
         06:45:f9:2e:84:69:0d:61:d1:d7:70:19:2e:02:55:74:ba:9a:
         3e:55:eb:b7:77:52:45:65:4c:9e:60:c9:3c:73:bc:d5:e8:26:
         d0:25:c4:e3:91:f0:6e:d6:81:fc:4b:82:eb:cf:25:03:c4:d0:
         6d:02:47:3d:c2:4f:55:8a:94:e3:8e:3d:d4:65:fc:dc:ff:09:
         dc:bf:13:8f:e5:48:1c:30:68:c4:7f:81:4f:06:b3:7f:a0:51:
         3b:a5:35:5c:78:0d:53:0d:67:ea:03:c9:67:08:71:7a:9c:b8:
         d3:f0:51:eb:63:7c:7b:fa:fe:b3:4f:72:c2:46:1a:a7:80:0e:
         79:0c:ed:f6:9f:7e:49:25:18:51:20:ef:5a:39:0a:36:1a:3b:
         42:93:ae:08:1a:81:1b:65:ab:89:ea:b2:5d:ba:b7:8b:e8:43:
         11:07:77:c6:1e:d7:34:6e:d0:e8:39:a1:63:2a:eb:6c:22:74:
         d3:84:62:e8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi9rcsmZieG8tGBLF6rIKzPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE1MDYxMTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDViOWE5NmIxMTc0YTE4YmY2Y2RhMGI0NjY3MzYwODMwYTZhNGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP34k7ypFADsezpH4jjoWTnEtTHY
+7NqVgh6Z7PP0xmxqSrU4Fud45Zui2YGVwgADewrsNLnqPns74xsx7Z7puidy1/1
tXkSQKhQ3naGz1RkZfOJwjRpI3FzcDNpoZj5mzeFrX7oGXg4+As+8k7JnWx+bXKw
DC57z+KSUWiOhK9yD5CA4fRUykupACFg5ZEOY1IKa/ss0Yg5E9b2hYKkJo1mzo3b
wft0JqdufZ1xtb5Qq2YTJIpTJLaIuu7Kk4nJ+T3+7dKvTVMloaJ3RzLyPpGScvBh
9WX9EjZfBf1mTBgJMBvO5NBd+bnN8nSdjJQAmfRfy2d545WBh/mnb+YOWQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEBbmpaxF0oYv2zaC0ZnNggwpqTQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUUZ1YWxyRVhTaGlfYk5vTFJtYzJDRENtcE5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAog76noAQ35ZBNxYj0W
T0luHD5YuVIcJ0l1YT4O3xqBC3JC12/edSgZWrEU9vKYbI2AXfpKGU+ESOPqNtWw
8ve23oebzLBgqQZF+S6EaQ1h0ddwGS4CVXS6mj5V67d3UkVlTJ5gyTxzvNXoJtAl
xOOR8G7WgfxLguvPJQPE0G0CRz3CT1WKlOOOPdRl/Nz/Cdy/E4/lSBwwaMR/gU8G
s3+gUTulNVx4DVMNZ+oDyWcIcXqcuNPwUetjfHv6/rNPcsJGGqeADnkM7faffkkl
GFEg71o5CjYaO0KTrggagRtlq4nqsl26t4voQxEHd8Ye1zRu0Og5oWMq62widNOE
Yug=
-----END CERTIFICATE-----