Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QPaE9OP95KU4Y9S8dvp7A4lmXuE.roa
File:                     QPaE9OP95KU4Y9S8dvp7A4lmXuE.roa (raw, json)
Hash identifier:          RfA7i8T7dEby0I/SWQPRvhYbGrTAtLXkbRhYP1CYxMc=
Subject key identifier:   40:F6:84:F4:E3:FD:E4:A5:38:63:D4:BC:76:FA:7B:03:89:66:5E:E1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01886D360FC12AD669FA707CCA1A7C7D1D85
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QPaE9OP95KU4Y9S8dvp7A4lmXuE.roa
Signing time:             Tue 30 May 2023 15:10:39 +0000
ROA not before:           Tue 30 May 2023 15:10:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:6d:36:0f:c1:2a:d6:69:fa:70:7c:ca:1a:7c:7d:1d:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 30 15:10:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40f684f4e3fde4a53863d4bc76fa7b0389665ee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:80:98:fb:e9:01:83:e7:7f:1b:10:20:66:6d:
                    b1:6f:52:3a:6d:65:f9:bc:3a:0f:ad:86:27:1c:7c:
                    99:1a:56:3b:ab:68:f0:7c:ec:2d:7a:0f:4c:64:fc:
                    07:0d:4f:22:f5:30:b5:6e:6a:e1:7a:3a:7b:2c:7b:
                    1d:6d:45:be:2e:f5:d7:e7:f9:5b:11:b0:74:f0:81:
                    f0:ce:4b:38:e3:65:82:63:72:50:b2:0c:01:08:f9:
                    a3:14:91:aa:89:c4:d9:78:ee:49:3e:93:7c:57:8d:
                    15:73:e1:4a:62:9b:26:47:cf:8d:64:6a:c2:2d:8d:
                    2b:4d:bb:38:0b:32:f7:da:16:61:7b:a3:68:7e:28:
                    f1:2c:81:8f:a8:19:cb:f2:64:e8:cc:af:4b:1f:13:
                    83:fc:d0:82:cb:e0:e8:7a:5a:ff:43:43:52:9b:c5:
                    9f:61:84:d0:c9:b4:f7:89:2f:80:6e:49:00:86:0d:
                    0d:8f:a2:48:ad:b9:3a:e3:ce:0c:6c:6e:b3:73:32:
                    95:b2:46:45:67:0b:02:51:06:bc:b2:91:16:22:1d:
                    c9:a5:ae:b8:bf:f9:af:0d:e9:f4:95:07:e2:b0:85:
                    ed:fc:53:e2:ba:34:6c:c9:d1:35:b2:f7:44:d4:0a:
                    1f:51:2c:11:73:74:cc:94:dc:d8:32:74:ce:d4:11:
                    05:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:F6:84:F4:E3:FD:E4:A5:38:63:D4:BC:76:FA:7B:03:89:66:5E:E1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QPaE9OP95KU4Y9S8dvp7A4lmXuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:46:3f:d3:fe:1a:e4:47:88:51:d0:2e:e3:3f:07:8b:dd:a2:
         bd:07:ab:c1:3d:c9:c6:7a:25:53:1e:9b:35:e6:7e:ad:c2:b0:
         83:6d:36:89:ae:6e:bc:c3:de:fb:4c:4d:02:ee:38:4b:a5:58:
         df:65:2f:39:0f:1b:67:9d:cb:a0:b2:b4:b3:de:51:a9:58:8c:
         92:e2:0a:02:60:d0:7f:5c:b3:7e:15:70:4b:ca:7e:46:5e:e1:
         12:ee:97:ec:e5:84:27:59:9b:14:85:4e:dd:2e:79:a0:4a:7e:
         2f:02:19:06:93:3a:df:7b:20:59:47:a4:bd:5c:6d:4a:56:a9:
         94:5a:e2:d3:73:6f:ce:00:b6:71:cc:a1:ed:24:64:42:76:5d:
         eb:a7:fe:d6:16:70:9b:9e:16:6d:f5:6d:c9:6e:a1:3a:b5:d2:
         77:e8:03:d6:b7:12:4c:93:85:00:91:ce:54:73:3c:c5:03:51:
         a6:b1:b6:c9:b6:5b:1a:9d:a5:af:b0:1b:cf:b3:76:9f:e2:73:
         30:2a:54:10:83:07:1c:a5:63:6c:a6:a2:47:a8:46:d6:4c:c8:
         b6:04:3a:0c:e8:df:a1:a6:d2:a3:d6:a1:c9:b7:61:e7:ba:c6:
         b1:91:9f:bb:c7:8a:28:33:08:24:fb:cf:7f:0f:40:d3:19:e2:
         12:0d:ee:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhtNg/BKtZp+nB8yhp8fR2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTMwMTUxMDM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGY2ODRmNGUzZmRlNGE1Mzg2M2Q0YmM3NmZhN2IwMzg5NjY1ZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnoCY++kBg+d/GxAgZm2xb1I6bWX5
vDoPrYYnHHyZGlY7q2jwfOwteg9MZPwHDU8i9TC1bmrhejp7LHsdbUW+LvXX5/lb
EbB08IHwzks442WCY3JQsgwBCPmjFJGqicTZeO5JPpN8V40Vc+FKYpsmR8+NZGrC
LY0rTbs4CzL32hZhe6NofijxLIGPqBnL8mTozK9LHxOD/NCCy+Doelr/Q0NSm8Wf
YYTQybT3iS+AbkkAhg0Nj6JIrbk6484MbG6zczKVskZFZwsCUQa8spEWIh3Jpa64
v/mvDen0lQfisIXt/FPiujRsydE1svdE1AofUSwRc3TMlNzYMnTO1BEFmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFED2hPTj/eSlOGPUvHb6ewOJZl7hMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUVBhRTlPUDk1S1U0WTlTOGR2cDdBNGxtWHVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEpGP9P+GuRHiFHQLuM/
B4vdor0Hq8E9ycZ6JVMemzXmfq3CsINtNomubrzD3vtMTQLuOEulWN9lLzkPG2ed
y6CytLPeUalYjJLiCgJg0H9cs34VcEvKfkZe4RLul+zlhCdZmxSFTt0ueaBKfi8C
GQaTOt97IFlHpL1cbUpWqZRa4tNzb84AtnHMoe0kZEJ2Xeun/tYWcJueFm31bclu
oTq10nfoA9a3EkyThQCRzlRzPMUDUaaxtsm2Wxqdpa+wG8+zdp/iczAqVBCDBxyl
Y2ymokeoRtZMyLYEOgzo36Gm0qPWocm3Yee6xrGRn7vHiigzCCT7z38PQNMZ4hIN
7u8=
-----END CERTIFICATE-----