Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iqAvswcxlclMHbLRoB71Nfs2sfE.roa
File:                     iqAvswcxlclMHbLRoB71Nfs2sfE.roa (raw, json)
Hash identifier:          wgbmrB5VYZpZw08UhDCHLdpp3qiGjzom0Ue7oQstUXw=
Subject key identifier:   8A:A0:2F:B3:07:31:95:C9:4C:1D:B2:D1:A0:1E:F5:35:FB:36:B1:F1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018982E13DA2BD20C3A91B810C5D9220F78B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iqAvswcxlclMHbLRoB71Nfs2sfE.roa
Signing time:             Sun 23 Jul 2023 13:12:26 +0000
ROA not before:           Sun 23 Jul 2023 13:12:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:82:e1:3d:a2:bd:20:c3:a9:1b:81:0c:5d:92:20:f7:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 23 13:12:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8aa02fb3073195c94c1db2d1a01ef535fb36b1f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d2:aa:c0:10:ce:1a:41:78:88:30:fb:2a:c0:
                    23:e6:ed:1e:71:3a:7f:61:e3:1c:22:06:9a:50:b2:
                    3c:24:17:e9:d7:3b:80:de:6e:8f:ea:55:48:04:ef:
                    b1:c4:bd:b4:84:6f:fd:00:4d:2a:e7:0f:e4:be:54:
                    d0:7e:66:dc:43:52:e0:04:13:2c:34:6a:f8:1e:34:
                    a5:92:06:79:41:fb:c6:0b:fe:e0:c7:4e:64:b6:51:
                    04:f6:b9:78:94:29:ed:f3:48:22:41:d1:7d:34:a5:
                    d4:41:49:e4:2f:8f:5e:6b:38:55:76:9a:08:d9:f8:
                    25:6f:ea:cf:cc:9f:d4:eb:5c:4b:6f:92:27:f1:4e:
                    29:5d:fe:7d:28:cd:e0:22:f3:9c:e1:bc:30:c6:03:
                    73:1a:54:db:36:a6:29:64:13:9b:e3:95:a8:81:e7:
                    bf:d1:f9:5c:9a:dd:80:4e:ca:79:58:5e:bb:21:5c:
                    5a:a5:17:ec:5c:80:4f:54:a3:75:64:f6:6f:8e:4b:
                    a3:58:e5:e8:dc:88:b0:89:46:74:92:be:b1:0c:1d:
                    3d:a8:3d:a3:0d:06:a1:ec:3a:aa:67:ee:03:a5:34:
                    c5:b5:6e:b5:7c:e3:c9:d6:58:03:da:f4:4c:b7:e3:
                    8e:4b:cf:81:7a:60:96:cc:78:76:78:5f:a9:ab:9c:
                    ad:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:A0:2F:B3:07:31:95:C9:4C:1D:B2:D1:A0:1E:F5:35:FB:36:B1:F1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/iqAvswcxlclMHbLRoB71Nfs2sfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:29:ae:44:97:88:fd:a5:2c:44:9b:9f:61:43:e1:c5:98:93:
         e6:bb:3c:4f:5d:9a:9e:dd:fc:8a:2d:c5:bd:86:d4:9c:05:32:
         bd:4c:36:4b:a2:fa:fe:ac:c0:04:e8:64:42:49:82:1e:f9:4c:
         35:50:63:b1:8e:e7:cb:12:3a:90:e7:7a:ec:af:f1:7c:a4:a9:
         a2:62:e5:09:12:ac:de:a8:8d:04:84:52:fa:67:5d:7f:7b:24:
         c4:05:6a:65:db:0b:5c:62:f2:ff:4e:88:11:87:74:2c:d1:64:
         b0:bc:a4:8f:1c:6d:20:fd:7b:de:3a:f4:a2:71:a4:6a:2f:a5:
         62:8c:1d:33:5d:28:31:a9:20:49:09:6c:04:fd:71:02:51:a4:
         c3:0a:16:a8:5a:37:a4:ee:6f:8b:cf:13:46:f6:3d:bc:6a:17:
         06:e8:b8:88:9a:b1:0d:2e:03:5e:2f:d3:c1:a1:e9:8a:9c:d8:
         a4:bd:64:dd:f8:ef:21:dd:12:53:5e:5b:dd:86:5d:f2:a3:7b:
         9c:c2:db:69:66:9a:6a:65:c6:e8:b8:0a:27:37:4c:fb:9f:d9:
         ea:37:59:1b:f2:ba:fa:e8:f6:45:1a:ff:25:eb:5b:16:6c:08:
         63:fe:01:72:62:57:ac:4e:05:68:40:ce:6b:f9:fe:1e:1a:4c:
         9e:af:53:5d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYmC4T2ivSDDqRuBDF2SIPeLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIzMTMxMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWEwMmZiMzA3MzE5NWM5NGMxZGIyZDFhMDFlZjUzNWZiMzZiMWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptKqwBDOGkF4iDD7KsAj5u0ecTp/
YeMcIgaaULI8JBfp1zuA3m6P6lVIBO+xxL20hG/9AE0q5w/kvlTQfmbcQ1LgBBMs
NGr4HjSlkgZ5QfvGC/7gx05ktlEE9rl4lCnt80giQdF9NKXUQUnkL49eazhVdpoI
2fglb+rPzJ/U61xLb5In8U4pXf59KM3gIvOc4bwwxgNzGlTbNqYpZBOb45Wogee/
0flcmt2ATsp5WF67IVxapRfsXIBPVKN1ZPZvjkujWOXo3IiwiUZ0kr6xDB09qD2j
DQah7DqqZ+4DpTTFtW61fOPJ1lgD2vRMt+OOS8+BemCWzHh2eF+pq5ytaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIqgL7MHMZXJTB2y0aAe9TX7NrHxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaXFBdnN3Y3hsY2xNSGJMUm9CNzFOZnMyc2ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAD8prkSXiP2lLESbn2FD
4cWYk+a7PE9dmp7d/Iotxb2G1JwFMr1MNkui+v6swAToZEJJgh75TDVQY7GO58sS
OpDneuyv8XykqaJi5QkSrN6ojQSEUvpnXX97JMQFamXbC1xi8v9OiBGHdCzRZLC8
pI8cbSD9e9469KJxpGovpWKMHTNdKDGpIEkJbAT9cQJRpMMKFqhaN6Tub4vPE0b2
PbxqFwbouIiasQ0uA14v08Gh6Yqc2KS9ZN347yHdElNeW92GXfKje5zC22lmmmpl
xui4Cic3TPuf2eo3WRvyuvro9kUa/yXrWxZsCGP+AXJiV6xOBWhAzmv5/h4aTJ6v
U10=
-----END CERTIFICATE-----