Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qdahacdYk1ufzT4qDW9LbgGpTr4.roa
File:                     qdahacdYk1ufzT4qDW9LbgGpTr4.roa (raw, json)
Hash identifier:          qtQkiqsM2jinx9/fYfz7GiWgBsk+tOxiDcRQAtaL3JA=
Subject key identifier:   A9:D6:A1:69:C7:58:93:5B:9F:CD:3E:2A:0D:6F:4B:6E:01:A9:4E:BE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F46273AEB352CF94B400216E78E84EBD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qdahacdYk1ufzT4qDW9LbgGpTr4.roa
Signing time:             Sun 07 May 2023 04:05:05 +0000
ROA not before:           Sun 07 May 2023 04:05:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:187:f462:4a/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f4:62:73:ae:b3:52:cf:94:b4:00:21:6e:78:e8:4e:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  7 04:05:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a9d6a169c758935b9fcd3e2a0d6f4b6e01a94ebe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:92:5e:85:49:87:b7:34:77:8c:e9:cb:85:da:
                    7e:4c:0a:13:55:d7:2d:7d:17:83:1f:15:e8:f5:5e:
                    7f:98:32:ac:7e:bc:7c:ce:2b:8a:9b:5a:7e:c2:22:
                    8f:78:ef:8a:19:1b:43:c6:da:84:93:74:af:3f:69:
                    6b:26:8f:05:32:02:c3:3c:a7:11:99:58:49:65:01:
                    85:6f:35:4a:03:32:51:d5:7b:09:cd:75:c8:8d:5f:
                    8d:1a:9f:99:30:86:6f:db:1b:5b:cd:68:ec:b7:21:
                    45:b2:e5:cb:d6:47:02:a3:8c:d3:e9:9b:a8:e9:80:
                    f5:bd:c2:60:5e:05:db:cc:8a:c0:a3:3a:01:ce:8f:
                    93:55:e2:53:f9:b7:99:49:b7:2c:d5:59:4a:cf:d2:
                    f1:c8:c9:07:77:0d:9f:ba:ad:a4:1d:b7:be:cc:ca:
                    41:d8:d3:c0:07:92:40:d7:4f:38:ea:ce:c1:47:e6:
                    f3:28:42:6c:0f:6f:58:fd:f1:d1:00:33:a4:5b:01:
                    ac:bc:aa:4a:03:34:ba:59:11:f5:25:41:34:51:99:
                    cc:e2:6f:a0:47:c2:3a:56:a9:86:cb:92:d0:c3:e2:
                    e9:d2:74:f8:08:c9:d7:14:23:21:e2:06:ff:0b:80:
                    b3:85:92:8e:92:bd:97:fd:bf:93:bb:48:79:c3:e9:
                    77:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:D6:A1:69:C7:58:93:5B:9F:CD:3E:2A:0D:6F:4B:6E:01:A9:4E:BE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qdahacdYk1ufzT4qDW9LbgGpTr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:b1:88:39:40:ba:c9:d5:0c:6f:46:81:cc:45:0b:a8:98:df:
         b8:a1:a3:e8:23:ee:cd:69:d7:09:cd:18:c8:5b:8d:6d:09:d8:
         46:e1:99:e1:77:a4:79:c6:7a:57:64:ed:93:f5:97:dc:33:48:
         31:0b:e7:0a:a6:e9:d7:e1:d6:d4:67:1a:f6:8f:18:e8:8a:97:
         0e:37:fe:9b:f5:5c:4d:f0:77:be:e5:73:24:4b:17:15:20:6d:
         5d:8f:c4:ac:23:42:be:5b:87:5f:00:99:c6:32:0b:77:50:16:
         f2:83:4c:c2:33:8a:68:79:d7:97:ba:a0:b8:ba:6c:ee:55:bf:
         e8:f7:cd:20:74:a4:c9:db:bf:42:54:c6:cc:6d:ef:a4:ac:a1:
         a8:a2:20:33:bd:bd:fc:ea:16:9c:62:0d:44:c1:fc:cc:28:2b:
         78:85:f5:93:7b:6c:e8:63:e7:91:f4:7d:03:8c:a9:73:7b:d8:
         77:3f:62:58:ee:3c:1f:6e:aa:cb:a9:1f:5a:21:6e:20:b8:f9:
         94:d7:5f:ed:ee:69:8a:f7:ac:bb:8a:24:4c:8e:6d:56:9e:fc:
         1e:bb:17:52:b7:0f:60:40:90:b3:3a:fe:26:1f:da:73:04:4e:
         2e:95:10:08:6d:a7:fc:2d:67:38:33:56:9c:73:a5:04:13:da:
         9c:0e:6a:58
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf0YnOus1LPlLQAIW546E69MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA3MDQwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWQ2YTE2OWM3NTg5MzViOWZjZDNlMmEwZDZmNGI2ZTAxYTk0ZWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZJehUmHtzR3jOnLhdp+TAoTVdct
fReDHxXo9V5/mDKsfrx8ziuKm1p+wiKPeO+KGRtDxtqEk3SvP2lrJo8FMgLDPKcR
mVhJZQGFbzVKAzJR1XsJzXXIjV+NGp+ZMIZv2xtbzWjstyFFsuXL1kcCo4zT6Zuo
6YD1vcJgXgXbzIrAozoBzo+TVeJT+beZSbcs1VlKz9LxyMkHdw2fuq2kHbe+zMpB
2NPAB5JA10846s7BR+bzKEJsD29Y/fHRADOkWwGsvKpKAzS6WRH1JUE0UZnM4m+g
R8I6VqmGy5LQw+Lp0nT4CMnXFCMh4gb/C4CzhZKOkr2X/b+Tu0h5w+l3JQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKnWoWnHWJNbn80+Kg1vS24BqU6+MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcWRhaGFjZFlrMXVmelQ0cURXOUxiZ0dwVHI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABqxiDlAusnVDG9GgcxF
C6iY37iho+gj7s1p1wnNGMhbjW0J2EbhmeF3pHnGeldk7ZP1l9wzSDEL5wqm6dfh
1tRnGvaPGOiKlw43/pv1XE3wd77lcyRLFxUgbV2PxKwjQr5bh18AmcYyC3dQFvKD
TMIzimh515e6oLi6bO5Vv+j3zSB0pMnbv0JUxsxt76SsoaiiIDO9vfzqFpxiDUTB
/MwoK3iF9ZN7bOhj55H0fQOMqXN72Hc/YljuPB9uqsupH1ohbiC4+ZTXX+3uaYr3
rLuKJEyObVae/B67F1K3D2BAkLM6/iYf2nMETi6VEAhtp/wtZzgzVpxzpQQT2pwO
alg=
-----END CERTIFICATE-----