Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SqEQBbynQDdwZDGP_EWlfa9j6oQ.roa
File:                     SqEQBbynQDdwZDGP_EWlfa9j6oQ.roa (raw, json)
Hash identifier:          uuJE6nDnSjKXiQmgwlkzfhxmyab6CmwQ6eD7GAvhfYY=
Subject key identifier:   4A:A1:10:05:BC:A7:40:37:70:64:31:8F:FC:45:A5:7D:AF:63:EA:84
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888A9C31A10C40BF55F02A37CFCA08BBE2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SqEQBbynQDdwZDGP_EWlfa9j6oQ.roa
Signing time:             Mon 05 Jun 2023 08:11:11 +0000
ROA not before:           Mon 05 Jun 2023 08:11:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8a:9c:31:a1:0c:40:bf:55:f0:2a:37:cf:ca:08:bb:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  5 08:11:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4aa11005bca740377064318ffc45a57daf63ea84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:92:cd:66:db:98:8d:ee:61:61:d3:63:eb:62:
                    29:d7:3a:c9:e5:28:96:10:8e:6d:cc:f8:0e:78:8f:
                    6b:fc:6b:48:ad:20:3f:6a:fd:34:dc:99:9a:62:e0:
                    d6:3c:8a:26:4d:e5:50:2e:59:3a:9a:66:42:fb:77:
                    29:08:5d:17:c1:d1:6f:94:e2:10:e7:86:c8:e9:d6:
                    76:d4:c8:e4:ba:de:5a:1a:6a:b5:e7:1f:e9:c0:09:
                    d3:30:98:45:cc:b5:24:d9:d1:b8:ab:a3:c7:5b:cb:
                    01:6e:44:fe:bd:89:1b:76:27:17:52:e0:ef:57:3b:
                    f2:07:ca:72:eb:8e:5d:04:c7:d8:31:0e:98:51:74:
                    29:da:67:dc:a3:64:4e:1b:d1:2d:f2:24:b8:2b:69:
                    41:d6:98:04:31:5e:b8:19:46:89:29:9d:7e:d2:ff:
                    98:a5:46:be:21:cd:fd:9c:47:40:ad:c3:a6:ff:cc:
                    1f:3b:e6:83:6e:4e:e7:c8:5b:ed:2f:7a:70:ac:d8:
                    a8:a2:fc:b5:4d:20:72:8d:06:31:e5:d4:b7:ba:7d:
                    bf:fa:00:5c:74:5a:27:a3:a8:88:f3:f9:31:4f:ce:
                    69:6d:dc:00:e9:0d:9c:8c:11:81:61:4d:b9:f1:ce:
                    41:10:04:47:83:fb:a1:4e:fa:f7:4b:71:67:ee:44:
                    63:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:A1:10:05:BC:A7:40:37:70:64:31:8F:FC:45:A5:7D:AF:63:EA:84
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SqEQBbynQDdwZDGP_EWlfa9j6oQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:0b:53:fc:4a:67:94:f8:05:ea:1a:4b:c4:b4:04:5a:ae:fb:
         88:45:bf:6c:fa:4f:ff:98:4f:17:7d:f5:45:4b:6a:b1:8a:06:
         f7:8e:a2:ae:39:70:6f:2b:d4:a2:a2:8b:91:9c:7b:12:6b:e9:
         cc:85:a6:95:57:06:de:c6:7e:60:17:10:45:23:a6:33:c7:03:
         82:8c:ed:3e:f6:b8:91:5e:47:db:8c:44:86:50:61:6e:b0:23:
         7f:0d:0a:50:31:cc:02:8d:97:56:d6:04:29:2a:43:fb:ad:16:
         04:8b:2d:19:89:86:4b:8e:42:f9:52:ce:2e:5e:f4:28:01:75:
         31:1a:e9:43:15:a5:00:87:da:04:8a:e9:a6:4a:dc:aa:23:97:
         8c:58:53:ac:49:e0:0d:5a:ef:2f:3e:c0:e6:d1:a5:2c:a0:2e:
         a2:d6:c1:f5:9f:e2:38:72:1a:10:21:e0:41:91:ee:9f:40:1d:
         0d:ad:92:5e:36:37:c4:3d:41:01:c2:cb:76:a0:d1:62:3f:10:
         62:99:f2:68:1d:43:ff:ec:aa:11:15:68:e5:14:92:d2:b8:f2:
         5a:ee:69:1d:cb:b7:35:48:4c:f4:ba:df:8d:0f:74:96:4a:8e:
         60:96:51:f6:de:6f:75:ce:88:4e:43:b8:de:7f:1a:af:1d:02:
         1a:40:0a:8e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiKnDGhDEC/VfAqN8/KCLviMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA1MDgxMTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWExMTAwNWJjYTc0MDM3NzA2NDMxOGZmYzQ1YTU3ZGFmNjNlYTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupLNZtuYje5hYdNj62Ip1zrJ5SiW
EI5tzPgOeI9r/GtIrSA/av003JmaYuDWPIomTeVQLlk6mmZC+3cpCF0XwdFvlOIQ
54bI6dZ21Mjkut5aGmq15x/pwAnTMJhFzLUk2dG4q6PHW8sBbkT+vYkbdicXUuDv
VzvyB8py645dBMfYMQ6YUXQp2mfco2ROG9Et8iS4K2lB1pgEMV64GUaJKZ1+0v+Y
pUa+Ic39nEdArcOm/8wfO+aDbk7nyFvtL3pwrNioovy1TSByjQYx5dS3un2/+gBc
dFono6iI8/kxT85pbdwA6Q2cjBGBYU258c5BEARHg/uhTvr3S3Fn7kRjQwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEqhEAW8p0A3cGQxj/xFpX2vY+qEMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU3FFUUJieW5RRGR3WkRHUF9FV2xmYTlqNm9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADMLU/xKZ5T4BeoaS8S0
BFqu+4hFv2z6T/+YTxd99UVLarGKBveOoq45cG8r1KKii5GcexJr6cyFppVXBt7G
fmAXEEUjpjPHA4KM7T72uJFeR9uMRIZQYW6wI38NClAxzAKNl1bWBCkqQ/utFgSL
LRmJhkuOQvlSzi5e9CgBdTEa6UMVpQCH2gSK6aZK3Kojl4xYU6xJ4A1a7y8+wObR
pSygLqLWwfWf4jhyGhAh4EGR7p9AHQ2tkl42N8Q9QQHCy3ag0WI/EGKZ8mgdQ//s
qhEVaOUUktK48lruaR3LtzVITPS6340PdJZKjmCWUfbeb3XOiE5DuN5/Gq8dAhpA
Co4=
-----END CERTIFICATE-----