Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KZZQud2txdNlE-nFfAccPDss1CU.roa
File:                     KZZQud2txdNlE-nFfAccPDss1CU.roa (raw, json)
Hash identifier:          uzuIdEm8GaE5b35Kv1MGgkmI9SPZME1OIM2AbZckTXA=
Subject key identifier:   29:96:50:B9:DD:AD:C5:D3:65:13:E9:C5:7C:07:1C:3C:3B:2C:D4:25
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888C53A75995754F510AD82A3B9F73D965
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KZZQud2txdNlE-nFfAccPDss1CU.roa
Signing time:             Mon 05 Jun 2023 16:11:12 +0000
ROA not before:           Mon 05 Jun 2023 16:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8c:53:a7:59:95:75:4f:51:0a:d8:2a:3b:9f:73:d9:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  5 16:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=299650b9ddadc5d36513e9c57c071c3c3b2cd425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:64:0f:3e:3e:b0:c3:00:5f:9e:29:c1:d0:98:
                    f8:d8:4d:16:86:b7:48:b7:cb:67:c0:de:d9:07:d8:
                    82:cb:20:65:ae:b6:76:7e:7d:2a:63:12:1d:72:a5:
                    0a:3b:be:46:e7:f9:70:cd:36:6c:93:92:eb:c9:b5:
                    e1:c2:5e:72:2e:36:a4:c2:f3:81:65:f5:24:74:46:
                    67:56:54:37:25:9b:0f:9e:a0:22:5f:7d:0f:3d:ff:
                    50:6e:68:f7:bb:17:fd:c8:0d:48:50:7f:7d:04:f6:
                    f2:73:5d:38:3e:31:22:91:47:26:3c:de:09:d2:88:
                    b6:a8:40:4a:1f:67:bb:60:84:7c:cc:9c:94:b7:83:
                    f1:2b:5a:61:2d:c9:10:6d:ee:f1:09:ef:93:48:9b:
                    cd:a2:79:0a:45:50:aa:ce:f0:5a:db:6d:a0:5d:47:
                    c6:60:5b:59:db:36:df:22:92:98:4c:03:6b:34:36:
                    f5:27:68:6a:7b:68:d9:bc:ec:d9:c7:e7:57:90:b9:
                    aa:e9:9c:d6:86:fe:e9:19:0b:41:74:4a:b3:d0:f2:
                    e5:fe:da:21:c7:88:7c:4c:01:d4:86:86:f9:af:68:
                    d7:82:4b:65:fd:ca:da:64:4f:c4:59:f2:31:2c:5b:
                    28:44:bc:65:03:27:b5:bd:8a:dd:04:cb:38:47:5c:
                    51:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:96:50:B9:DD:AD:C5:D3:65:13:E9:C5:7C:07:1C:3C:3B:2C:D4:25
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KZZQud2txdNlE-nFfAccPDss1CU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:39:29:97:29:16:65:8d:aa:70:0e:3d:a2:d2:a1:d3:8a:91:
         8c:6d:75:6f:c5:43:ba:75:94:2b:1c:2e:61:2e:25:eb:cd:25:
         4e:5b:b5:bf:24:b0:06:02:94:98:6c:29:87:44:00:fd:d8:02:
         83:66:0b:4c:84:f0:ba:47:76:a0:a6:e8:01:81:9b:20:58:1a:
         ff:f5:74:6d:92:6a:ec:50:25:8e:79:43:da:82:70:14:2e:40:
         f2:a0:3d:4c:61:d4:ce:9c:da:7d:01:f4:dc:a0:97:95:12:10:
         b4:81:47:e6:f7:0b:a3:08:c0:7d:be:4b:0c:0b:2f:93:34:2f:
         b9:bc:bd:92:6a:76:6c:f6:a5:7a:ef:3a:ae:31:25:c4:13:31:
         81:58:c1:25:c3:7b:01:82:78:5b:0b:69:a1:86:30:ce:95:c7:
         65:02:2c:0d:91:0e:d6:f6:e5:8a:2a:43:06:99:7c:4b:a9:ca:
         35:99:43:d1:7c:ca:a0:58:5d:ea:2e:e6:63:69:64:5f:3a:c6:
         ed:17:aa:71:d8:c4:81:cc:32:b7:88:2a:fa:99:50:f3:5e:47:
         ef:61:ed:5c:77:07:5f:e4:ea:22:92:48:ba:93:ec:76:a1:ca:
         23:07:48:cb:ec:2c:56:1c:ac:7e:d4:a5:92:29:81:73:1b:4f:
         b8:56:f8:cb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiMU6dZlXVPUQrYKjufc9llMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA1MTYxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTk2NTBiOWRkYWRjNWQzNjUxM2U5YzU3YzA3MWMzYzNiMmNkNDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGQPPj6wwwBfninB0Jj42E0WhrdI
t8tnwN7ZB9iCyyBlrrZ2fn0qYxIdcqUKO75G5/lwzTZsk5LrybXhwl5yLjakwvOB
ZfUkdEZnVlQ3JZsPnqAiX30PPf9Qbmj3uxf9yA1IUH99BPbyc104PjEikUcmPN4J
0oi2qEBKH2e7YIR8zJyUt4PxK1phLckQbe7xCe+TSJvNonkKRVCqzvBa222gXUfG
YFtZ2zbfIpKYTANrNDb1J2hqe2jZvOzZx+dXkLmq6ZzWhv7pGQtBdEqz0PLl/toh
x4h8TAHUhob5r2jXgktl/craZE/EWfIxLFsoRLxlAye1vYrdBMs4R1xRuQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCmWULndrcXTZRPpxXwHHDw7LNQlMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS1paUXVkMnR4ZE5sRS1uRmZBY2NQRHNzMUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH05KZcpFmWNqnAOPaLS
odOKkYxtdW/FQ7p1lCscLmEuJevNJU5btb8ksAYClJhsKYdEAP3YAoNmC0yE8LpH
dqCm6AGBmyBYGv/1dG2SauxQJY55Q9qCcBQuQPKgPUxh1M6c2n0B9Nygl5USELSB
R+b3C6MIwH2+SwwLL5M0L7m8vZJqdmz2pXrvOq4xJcQTMYFYwSXDewGCeFsLaaGG
MM6Vx2UCLA2RDtb25YoqQwaZfEupyjWZQ9F8yqBYXeou5mNpZF86xu0XqnHYxIHM
MreIKvqZUPNeR+9h7Vx3B1/k6iKSSLqT7HahyiMHSMvsLFYcrH7UpZIpgXMbT7hW
+Ms=
-----END CERTIFICATE-----