Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qonwVQmV4OdQ88EsM2WKh8HCek0.roa
File:                     qonwVQmV4OdQ88EsM2WKh8HCek0.roa (raw, json)
Hash identifier:          RhP3giSY32+QF3e87v1/iJcrFfAw+kkFlhM+K/QX2XM=
Subject key identifier:   AA:89:F0:55:09:95:E0:E7:50:F3:C1:2C:33:65:8A:87:C1:C2:7A:4D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187470C81E29FD598797E33A95764B4F33F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qonwVQmV4OdQ88EsM2WKh8HCek0.roa
Signing time:             Mon 03 Apr 2023 12:16:54 +0000
ROA not before:           Mon 03 Apr 2023 12:16:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:47:0c:81:e2:9f:d5:98:79:7e:33:a9:57:64:b4:f3:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  3 12:16:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aa89f0550995e0e750f3c12c33658a87c1c27a4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:56:64:78:58:ff:62:79:68:76:9d:7a:8c:12:
                    0f:56:4d:d2:bd:2e:b6:c8:a5:f1:e9:20:97:cd:a4:
                    dc:73:43:52:c4:d9:1b:ac:71:d4:d9:9c:c4:91:d7:
                    55:c7:13:38:50:91:97:b3:e7:a9:fd:6d:08:e6:d1:
                    35:45:cb:2a:8f:30:0e:c9:51:3d:e4:b7:7e:e6:d2:
                    1c:e7:87:d7:09:89:98:70:ea:9b:4a:7a:f2:5a:7f:
                    8d:69:62:ad:c9:94:53:97:64:02:ba:24:cd:e1:5c:
                    b2:50:5d:0a:0a:89:cd:fa:9e:5c:b9:0b:59:06:95:
                    e5:d9:d5:43:04:31:b3:f5:55:81:2c:30:cd:5e:8e:
                    13:cb:2a:c3:18:a9:ca:6e:81:db:d3:92:55:0a:40:
                    9f:77:48:dd:28:b8:c8:55:79:33:67:9f:19:89:bf:
                    41:36:2f:04:07:02:92:91:6a:e3:76:16:1a:08:7c:
                    66:a2:5c:28:73:25:61:dd:12:2d:55:e8:84:3a:21:
                    b1:26:9f:6b:13:f3:b6:c6:73:81:f4:0b:aa:32:bc:
                    c0:41:fa:cf:8e:38:7d:4a:0f:62:3b:c3:eb:6f:13:
                    79:0f:b3:0f:12:ba:f3:91:d4:1d:35:2f:69:28:41:
                    2d:6c:55:a7:a2:dd:3b:91:7f:a6:d1:8d:0d:8d:5c:
                    d6:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:89:F0:55:09:95:E0:E7:50:F3:C1:2C:33:65:8A:87:C1:C2:7A:4D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qonwVQmV4OdQ88EsM2WKh8HCek0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:12:9d:a3:7f:31:03:48:3c:98:f3:fe:2d:e8:50:bf:79:d0:
         75:6d:60:d8:01:26:6b:2c:bf:d2:96:52:a0:73:2f:25:20:04:
         7b:79:34:78:4b:3d:70:5d:1f:29:19:72:95:5e:a8:97:92:7d:
         35:ab:53:a1:3d:2a:ef:a6:43:99:c0:26:8b:b7:68:f2:43:7c:
         64:6c:0a:51:27:d4:1c:b0:6e:84:2c:72:da:b8:a2:5c:0f:a9:
         a4:33:5f:ed:93:11:67:28:33:d1:83:5f:47:93:16:6a:13:46:
         b5:f1:03:7a:ca:ba:c7:41:94:61:a9:c7:e8:c3:eb:55:78:20:
         4d:2f:aa:2a:75:e9:46:09:9f:f8:f2:51:74:24:14:c4:84:46:
         ee:fc:7e:a3:cb:78:b2:0f:1f:c7:f7:62:8f:87:e6:ae:5e:fc:
         38:e4:78:88:4e:34:1d:a7:a9:e2:a1:2a:76:cc:6b:db:7c:90:
         48:01:c1:40:13:62:95:28:08:37:e1:c7:a9:29:82:97:26:8c:
         74:da:c2:08:ea:7a:18:88:80:bd:da:f4:a8:37:2b:ab:11:cf:
         e1:53:14:c3:2b:f1:55:56:30:a6:5d:62:f2:71:de:fb:c4:2a:
         ec:9a:b4:ca:9d:dc:13:85:e7:9f:cf:21:48:35:f2:ea:f5:49:
         15:5d:22:a0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdHDIHin9WYeX4zqVdktPM/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAzMTIxNjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTg5ZjA1NTA5OTVlMGU3NTBmM2MxMmMzMzY1OGE4N2MxYzI3YTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxlZkeFj/Ynlodp16jBIPVk3SvS62
yKXx6SCXzaTcc0NSxNkbrHHU2ZzEkddVxxM4UJGXs+ep/W0I5tE1RcsqjzAOyVE9
5Ld+5tIc54fXCYmYcOqbSnryWn+NaWKtyZRTl2QCuiTN4VyyUF0KConN+p5cuQtZ
BpXl2dVDBDGz9VWBLDDNXo4TyyrDGKnKboHb05JVCkCfd0jdKLjIVXkzZ58Zib9B
Ni8EBwKSkWrjdhYaCHxmolwocyVh3RItVeiEOiGxJp9rE/O2xnOB9AuqMrzAQfrP
jjh9Sg9iO8PrbxN5D7MPErrzkdQdNS9pKEEtbFWnot07kX+m0Y0NjVzWHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKqJ8FUJleDnUPPBLDNliofBwnpNMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcW9ud1ZRbVY0T2RRODhFc00yV0toOEhDZWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKwSnaN/MQNIPJjz/i3o
UL950HVtYNgBJmssv9KWUqBzLyUgBHt5NHhLPXBdHykZcpVeqJeSfTWrU6E9Ku+m
Q5nAJou3aPJDfGRsClEn1BywboQsctq4olwPqaQzX+2TEWcoM9GDX0eTFmoTRrXx
A3rKusdBlGGpx+jD61V4IE0vqip16UYJn/jyUXQkFMSERu78fqPLeLIPH8f3Yo+H
5q5e/DjkeIhONB2nqeKhKnbMa9t8kEgBwUATYpUoCDfhx6kpgpcmjHTawgjqehiI
gL3a9Kg3K6sRz+FTFMMr8VVWMKZdYvJx3vvEKuyatMqd3BOF55/PIUg18ur1SRVd
IqA=
-----END CERTIFICATE-----