Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qCrPqxx-D0VcI2zj8zhBejOWKEg.roa
File:                     qCrPqxx-D0VcI2zj8zhBejOWKEg.roa (raw, json)
Hash identifier:          vVs3Ct9n7ihLgS0smy53LgnxDFOm9bzY3RGsBhJueWU=
Subject key identifier:   A8:2A:CF:AB:1C:7E:0F:45:5C:23:6C:E3:F3:38:41:7A:33:96:28:48
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187281B168926427844A3F6E11E42DB3F97
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qCrPqxx-D0VcI2zj8zhBejOWKEg.roa
Signing time:             Tue 28 Mar 2023 12:04:36 +0000
ROA not before:           Tue 28 Mar 2023 12:04:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:281a:c8a6/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:28:1b:16:89:26:42:78:44:a3:f6:e1:1e:42:db:3f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 28 12:04:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a82acfab1c7e0f455c236ce3f338417a33962848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7c:98:f6:7d:7d:6a:2b:47:4c:3b:9d:4b:80:
                    85:7e:82:87:0b:00:f9:a0:eb:ac:7d:ca:9d:5d:e7:
                    23:f9:ef:cc:0d:8d:e2:2b:f9:f2:5d:01:05:ac:d4:
                    41:d8:ee:8b:65:ec:cb:56:f6:9b:48:20:96:36:00:
                    7f:37:8b:7f:09:53:0b:1d:7e:97:f4:ff:d0:ae:95:
                    72:e9:17:64:12:66:e7:ba:7d:e5:f2:73:c7:e0:2d:
                    7b:03:9b:89:bc:75:e5:b1:09:1b:2b:00:5f:34:2f:
                    a9:1e:3c:13:bf:e6:ae:d8:f0:92:40:ff:03:3e:55:
                    ba:eb:f3:84:b8:3d:02:b6:6b:ef:bb:ea:85:4d:17:
                    1a:86:aa:f8:9e:03:bc:4b:6c:6e:b3:38:e5:86:b7:
                    0a:da:f2:7c:4f:89:2f:27:1c:6a:90:2c:6c:29:2f:
                    73:4c:64:c6:fe:0a:c9:5b:97:0c:de:1a:cc:40:5b:
                    b3:e2:49:3f:4b:df:af:50:b7:76:25:0b:29:ae:3a:
                    01:c8:05:b1:fc:2b:c3:0d:81:81:1c:db:ed:5f:da:
                    1e:73:49:28:74:5f:f3:1a:18:b9:cd:89:59:c3:dc:
                    e8:9c:58:81:de:a7:11:04:6b:1a:dc:d5:db:0e:51:
                    a6:f2:32:2b:63:9c:90:16:c6:a0:ad:f0:78:cc:fb:
                    04:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:2A:CF:AB:1C:7E:0F:45:5C:23:6C:E3:F3:38:41:7A:33:96:28:48
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qCrPqxx-D0VcI2zj8zhBejOWKEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:92:61:1b:b1:ca:5d:1e:5c:bb:9e:24:93:9c:9f:a4:7f:1f:
         a0:4f:4f:06:0c:3e:76:a2:9d:2a:9d:15:e8:46:03:5b:38:11:
         00:31:86:85:48:39:0c:d2:9d:13:42:fd:5a:30:b5:9f:c1:81:
         00:29:4c:63:c7:a7:6c:1f:dc:a3:56:d8:15:3f:00:c5:04:50:
         ec:1a:44:17:42:08:fa:ff:1c:5e:6b:45:1b:2c:b7:8f:7d:6a:
         1d:44:dd:c1:e7:9a:1e:cc:27:1e:cd:02:ff:a7:85:db:c9:a7:
         dd:f0:88:39:4f:55:a9:d1:a1:6e:66:0d:a8:44:fb:ce:77:f6:
         be:08:6a:39:17:08:c5:b6:69:c0:94:df:7f:7c:f0:95:aa:46:
         c2:0c:ea:29:ff:05:90:36:03:41:18:44:1b:d9:90:ae:f5:51:
         f5:2c:56:12:91:8d:fe:d9:67:66:69:4f:a6:5d:03:f3:df:cb:
         a3:7e:4c:8a:4c:ec:00:b4:65:46:d6:27:71:c4:45:82:4b:b5:
         0a:70:92:6a:e3:e6:53:1d:ae:b8:bd:0c:5e:3c:85:2f:c5:1d:
         4f:a3:5e:92:31:9d:30:36:42:a3:8a:1f:c2:bc:81:30:39:4f:
         4f:52:fb:a8:67:a5:b2:44:67:3a:c0:2f:c0:94:d7:bf:1e:8e:
         a2:64:b3:1c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcoGxaJJkJ4RKP24R5C2z+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI4MTIwNDM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODJhY2ZhYjFjN2UwZjQ1NWMyMzZjZTNmMzM4NDE3YTMzOTYyODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3yY9n19aitHTDudS4CFfoKHCwD5
oOusfcqdXecj+e/MDY3iK/nyXQEFrNRB2O6LZezLVvabSCCWNgB/N4t/CVMLHX6X
9P/QrpVy6RdkEmbnun3l8nPH4C17A5uJvHXlsQkbKwBfNC+pHjwTv+au2PCSQP8D
PlW66/OEuD0Ctmvvu+qFTRcahqr4ngO8S2xuszjlhrcK2vJ8T4kvJxxqkCxsKS9z
TGTG/grJW5cM3hrMQFuz4kk/S9+vULd2JQsprjoByAWx/CvDDYGBHNvtX9oec0ko
dF/zGhi5zYlZw9zonFiB3qcRBGsa3NXbDlGm8jIrY5yQFsagrfB4zPsEiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKgqz6scfg9FXCNs4/M4QXozlihIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcUNyUHF4eC1EMFZjSTJ6ajh6aEJlak9XS0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ2SYRuxyl0eXLueJJOc
n6R/H6BPTwYMPnainSqdFehGA1s4EQAxhoVIOQzSnRNC/VowtZ/BgQApTGPHp2wf
3KNW2BU/AMUEUOwaRBdCCPr/HF5rRRsst499ah1E3cHnmh7MJx7NAv+nhdvJp93w
iDlPVanRoW5mDahE+8539r4IajkXCMW2acCU33988JWqRsIM6in/BZA2A0EYRBvZ
kK71UfUsVhKRjf7ZZ2ZpT6ZdA/Pfy6N+TIpM7AC0ZUbWJ3HERYJLtQpwkmrj5lMd
rri9DF48hS/FHU+jXpIxnTA2QqOKH8K8gTA5T09S+6hnpbJEZzrAL8CU178ejqJk
sxw=
-----END CERTIFICATE-----