Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QotpkWfG3wwhUcALuBWvgUgRJuk.roa
File:                     QotpkWfG3wwhUcALuBWvgUgRJuk.roa (raw, json)
Hash identifier:          qhoVcCRSZk1nW8Ffz9zrA7i+JyHfvIt+CYVduHznbb0=
Subject key identifier:   42:8B:69:91:67:C6:DF:0C:21:51:C0:0B:B8:15:AF:81:48:11:26:E9
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A1904777DF402465937A4DF1588BEAD7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QotpkWfG3wwhUcALuBWvgUgRJuk.roa
Signing time:             Fri 09 Jun 2023 19:09:27 +0000
ROA not before:           Fri 09 Jun 2023 19:09:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a1:90:47:77:df:40:24:65:93:7a:4d:f1:58:8b:ea:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  9 19:09:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=428b699167c6df0c2151c00bb815af81481126e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:45:cb:9c:e9:02:ee:5f:6e:ed:40:84:b6:6f:
                    f8:4d:cf:ef:8c:bb:a5:0a:85:be:70:df:67:e3:a7:
                    4c:b9:ae:d8:88:2f:c8:d0:5b:a0:35:5a:09:ef:9a:
                    1f:d7:66:ab:44:e7:2c:f0:1e:5e:a5:1b:50:e1:fb:
                    ff:11:be:c6:45:26:6e:fa:1d:4d:fb:51:23:69:bd:
                    07:e9:80:78:77:38:b2:dd:ad:8d:11:16:6d:cb:e8:
                    a3:25:37:75:99:a8:30:24:95:50:04:dc:ab:59:af:
                    21:69:38:08:2f:9c:1c:a0:67:ac:bf:5e:9a:7c:fb:
                    a7:3a:d5:08:49:32:60:f1:33:5e:67:8e:4a:8c:c1:
                    96:e6:7b:d3:7e:f8:7d:9c:53:95:bc:0a:49:fd:a1:
                    1c:85:33:db:3d:15:47:76:46:1a:4b:c2:ce:85:48:
                    a4:c1:63:bf:64:61:69:83:c0:a5:12:62:49:20:b0:
                    a2:49:3f:81:c0:e1:af:25:e9:04:4c:16:09:a3:e3:
                    8b:82:cb:e7:d1:59:bf:90:80:1e:83:bd:d7:9e:9f:
                    07:6f:22:8a:72:c7:27:ad:29:d1:2b:26:02:3f:2c:
                    0a:ab:6c:cf:f0:07:68:1f:b3:b0:00:41:d7:7e:40:
                    c6:aa:c4:6c:01:06:df:2d:7d:00:0b:35:95:55:50:
                    6a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:8B:69:91:67:C6:DF:0C:21:51:C0:0B:B8:15:AF:81:48:11:26:E9
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QotpkWfG3wwhUcALuBWvgUgRJuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:63:34:fb:9e:f0:84:a8:96:03:21:ff:89:8d:ab:f9:b1:99:
         f3:08:26:02:7c:c5:ab:21:e8:8e:01:36:5c:29:72:db:01:3a:
         8b:bf:e8:38:08:bb:40:52:63:e6:d4:b1:88:de:ba:ad:67:5b:
         c3:c4:14:c5:db:12:69:ea:b7:d1:e1:89:ae:37:7e:cb:50:0a:
         4a:be:38:f4:59:09:69:3d:4d:c6:88:89:c5:d3:9f:c4:37:42:
         33:94:51:b9:74:de:3b:96:a4:b6:48:87:0c:26:20:64:3c:6d:
         e2:82:b3:a9:9b:3f:ee:4b:b7:6b:38:c0:cc:7b:a2:24:be:47:
         a2:a9:f0:f0:50:e0:b5:cd:89:00:1e:08:49:14:fb:1c:cc:cf:
         b6:44:ed:f8:35:e9:d7:20:31:07:b7:3b:ba:31:d3:22:15:e5:
         7a:41:c4:78:e4:9e:3a:a5:cd:72:72:3d:47:cf:4f:43:6c:71:
         97:ea:19:e7:e9:66:a6:13:fc:b1:d5:47:cf:0e:a5:5b:6f:44:
         ca:6b:7c:07:ff:03:14:6b:5b:24:91:d0:30:cb:ea:74:af:4b:
         98:dc:27:d6:af:28:eb:7d:a4:47:fd:9e:f3:da:d2:d5:aa:d0:
         6b:5c:94:f5:f6:4a:0f:bb:ca:9f:5f:3c:33:75:1a:e2:09:b2:
         44:b4:eb:4a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYihkEd330AkZZN6TfFYi+rXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA5MTkwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjhiNjk5MTY3YzZkZjBjMjE1MWMwMGJiODE1YWY4MTQ4MTEyNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEXLnOkC7l9u7UCEtm/4Tc/vjLul
CoW+cN9n46dMua7YiC/I0FugNVoJ75of12arROcs8B5epRtQ4fv/Eb7GRSZu+h1N
+1Ejab0H6YB4dziy3a2NERZty+ijJTd1magwJJVQBNyrWa8haTgIL5wcoGesv16a
fPunOtUISTJg8TNeZ45KjMGW5nvTfvh9nFOVvApJ/aEchTPbPRVHdkYaS8LOhUik
wWO/ZGFpg8ClEmJJILCiST+BwOGvJekETBYJo+OLgsvn0Vm/kIAeg73Xnp8HbyKK
cscnrSnRKyYCPywKq2zP8AdoH7OwAEHXfkDGqsRsAQbfLX0ACzWVVVBqEQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEKLaZFnxt8MIVHAC7gVr4FIESbpMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUW90cGtXZkczd3doVWNBTHVCV3ZnVWdSSnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAB5jNPue8ISolgMh/4mN
q/mxmfMIJgJ8xash6I4BNlwpctsBOou/6DgIu0BSY+bUsYjeuq1nW8PEFMXbEmnq
t9Hhia43fstQCkq+OPRZCWk9TcaIicXTn8Q3QjOUUbl03juWpLZIhwwmIGQ8beKC
s6mbP+5Lt2s4wMx7oiS+R6Kp8PBQ4LXNiQAeCEkU+xzMz7ZE7fg16dcgMQe3O7ox
0yIV5XpBxHjknjqlzXJyPUfPT0NscZfqGefpZqYT/LHVR88OpVtvRMprfAf/AxRr
WySR0DDL6nSvS5jcJ9avKOt9pEf9nvPa0tWq0GtclPX2Sg+7yp9fPDN1GuIJskS0
60o=
-----END CERTIFICATE-----