Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QN99EOCwfSFabU5yxfKZzgOfz8M.roa
File:                     QN99EOCwfSFabU5yxfKZzgOfz8M.roa (raw, json)
Hash identifier:          EMBLzy6Yh/HX5I8Wb0F0+iJgCUCqFBAG1UxS/3pnHVc=
Subject key identifier:   40:DF:7D:10:E0:B0:7D:21:5A:6D:4E:72:C5:F2:99:CE:03:9F:CF:C3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188039EA8A61BB68D650CDF7BF203F9219E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QN99EOCwfSFabU5yxfKZzgOfz8M.roa
Signing time:             Wed 10 May 2023 03:05:09 +0000
ROA not before:           Wed 10 May 2023 03:05:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:188:39e:e99/128 maxlen: 128
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:03:9e:a8:a6:1b:b6:8d:65:0c:df:7b:f2:03:f9:21:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 10 03:05:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40df7d10e0b07d215a6d4e72c5f299ce039fcfc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:15:dc:c8:e3:02:04:ef:a4:86:4b:39:e0:81:
                    10:c7:c7:70:e4:75:5d:44:7b:a2:1d:b8:58:3f:ba:
                    3d:77:cf:e5:3e:c9:96:cb:c5:26:62:6d:33:77:2c:
                    8e:f5:54:c3:bc:b1:a3:07:7d:e6:1d:f9:95:99:35:
                    35:d0:52:e6:77:25:ca:c5:bb:d3:7d:8b:f4:5d:88:
                    e0:72:02:62:58:48:37:62:3f:ce:0d:1a:64:99:ec:
                    7a:d3:00:54:b1:af:6d:92:0f:c5:fc:02:fe:f3:31:
                    a3:2b:42:0e:69:f1:ab:ce:0d:ae:6d:95:a9:e2:c9:
                    af:0a:59:30:24:0e:0d:b7:dd:71:d2:19:32:ab:5d:
                    d4:c8:0d:53:fe:a3:70:83:84:6f:2a:e8:df:e7:d4:
                    30:73:27:55:ea:92:02:91:ee:dc:85:a0:7c:fb:1f:
                    63:df:2c:05:ce:6f:55:8c:89:7a:cf:f7:13:f7:3d:
                    e6:b4:fa:0a:2a:73:c6:25:dc:10:a0:a0:93:45:64:
                    1c:61:16:bb:64:96:5f:68:52:14:1f:ee:9a:4a:a9:
                    84:8c:c2:79:71:fd:5f:7e:6e:d5:93:32:b0:4e:c1:
                    ce:61:0a:8f:cf:6c:f6:02:74:d7:36:fa:92:72:c2:
                    ae:f0:4c:b3:2d:60:5e:ae:9c:c5:77:63:08:b5:8c:
                    37:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:DF:7D:10:E0:B0:7D:21:5A:6D:4E:72:C5:F2:99:CE:03:9F:CF:C3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QN99EOCwfSFabU5yxfKZzgOfz8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:99:0b:7d:b1:2b:76:83:bb:43:a7:6d:5e:e2:c7:85:92:ca:
         ef:b3:29:d3:9b:8e:44:e6:35:b7:11:cf:b3:c6:3c:15:a6:78:
         8a:b2:fd:2c:52:bd:20:d2:e5:0e:fe:9c:d9:3f:d2:98:46:d8:
         16:39:c9:35:5d:f9:72:18:84:ac:5c:2e:0b:8e:ec:a4:de:ad:
         76:0d:0d:32:60:ad:88:37:47:db:df:82:4b:3f:01:35:a9:56:
         51:45:53:11:7c:a0:a8:ae:2e:6a:cd:19:75:27:ad:ca:80:12:
         b3:9d:a7:54:4a:42:fc:2b:2d:1f:1c:72:5d:8f:d9:f7:94:96:
         f1:64:53:6d:0f:0e:8f:47:3e:71:b0:04:c6:59:d0:a4:08:09:
         69:e8:f3:b1:b8:a4:90:3c:82:14:03:5c:79:c0:c6:36:a2:1e:
         30:78:95:a6:6c:f6:b9:8c:fb:b8:e8:c7:4e:7d:9b:1a:9f:95:
         f7:7f:38:f4:2f:3b:4a:3a:bc:e1:11:97:4d:4c:b2:89:21:e3:
         9b:8b:2d:b8:b4:96:b1:65:62:57:03:93:d0:51:21:df:26:63:
         66:d6:f6:ae:10:43:47:a9:c3:71:42:11:b8:80:f7:fd:2a:55:
         4f:d8:65:ef:51:df:a1:3c:da:98:e1:1b:97:95:76:c5:52:13:
         d3:93:dd:42
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgDnqimG7aNZQzfe/ID+SGeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEwMDMwNTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGRmN2QxMGUwYjA3ZDIxNWE2ZDRlNzJjNWYyOTljZTAzOWZjZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxxXcyOMCBO+khks54IEQx8dw5HVd
RHuiHbhYP7o9d8/lPsmWy8UmYm0zdyyO9VTDvLGjB33mHfmVmTU10FLmdyXKxbvT
fYv0XYjgcgJiWEg3Yj/ODRpkmex60wBUsa9tkg/F/AL+8zGjK0IOafGrzg2ubZWp
4smvClkwJA4Nt91x0hkyq13UyA1T/qNwg4RvKujf59QwcydV6pICke7chaB8+x9j
3ywFzm9VjIl6z/cT9z3mtPoKKnPGJdwQoKCTRWQcYRa7ZJZfaFIUH+6aSqmEjMJ5
cf1ffm7VkzKwTsHOYQqPz2z2AnTXNvqScsKu8EyzLWBerpzFd2MItYw3NwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEDffRDgsH0hWm1OcsXymc4Dn8/DMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUU45OUVPQ3dmU0ZhYlU1eXhmS1p6Z09mejhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFiZC32xK3aDu0OnbV7i
x4WSyu+zKdObjkTmNbcRz7PGPBWmeIqy/SxSvSDS5Q7+nNk/0phG2BY5yTVd+XIY
hKxcLguO7KTerXYNDTJgrYg3R9vfgks/ATWpVlFFUxF8oKiuLmrNGXUnrcqAErOd
p1RKQvwrLR8ccl2P2feUlvFkU20PDo9HPnGwBMZZ0KQICWno87G4pJA8ghQDXHnA
xjaiHjB4laZs9rmM+7jox059mxqflfd/OPQvO0o6vOERl01Msokh45uLLbi0lrFl
YlcDk9BRId8mY2bW9q4QQ0epw3FCEbiA9/0qVU/YZe9R36E82pjhG5eVdsVSE9OT
3UI=
-----END CERTIFICATE-----