Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qb3KLVF786tH4UvVMVaL1UHZ33A.roa
File:                     qb3KLVF786tH4UvVMVaL1UHZ33A.roa (raw, json)
Hash identifier:          XRkogXtr/75d1AxkIyi0vtA/C4bCPt2Az6s+u2dglGg=
Subject key identifier:   A9:BD:CA:2D:51:7B:F3:AB:47:E1:4B:D5:31:56:8B:D5:41:D9:DF:70
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A9B7733E0E2C55DB41DDF08BC8B69469
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qb3KLVF786tH4UvVMVaL1UHZ33A.roa
Signing time:             Sun 11 Jun 2023 09:09:12 +0000
ROA not before:           Sun 11 Jun 2023 09:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a9:b7:73:3e:0e:2c:55:db:41:dd:f0:8b:c8:b6:94:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 11 09:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a9bdca2d517bf3ab47e14bd531568bd541d9df70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ac:de:5d:2a:fe:77:2b:11:4a:52:57:37:03:
                    fc:d8:c0:d8:52:60:d1:6c:71:17:d2:84:34:49:2b:
                    b1:f2:cf:d0:f6:96:98:8b:c4:8c:f8:fc:a9:ae:e8:
                    24:d4:14:08:ee:cd:79:c8:4d:47:f9:11:bf:0f:e1:
                    ce:19:d0:a3:5b:c9:50:8f:aa:18:17:49:06:8e:ce:
                    3c:2c:89:7a:21:bb:1c:a7:80:1b:46:0f:4e:12:ca:
                    8c:32:93:f8:67:97:44:86:32:40:90:6e:06:38:b3:
                    b9:14:b1:c8:61:c8:18:a9:b6:c5:4d:3e:ec:e0:da:
                    d1:49:34:67:52:c3:34:f5:ec:2b:32:f1:17:61:db:
                    2b:12:1e:14:66:35:04:1e:85:a1:24:ed:11:84:56:
                    5e:11:c4:39:76:8e:31:e9:1b:ef:2e:5f:ee:af:e4:
                    2b:04:07:12:2f:c5:84:7b:81:8a:80:ea:75:b3:4e:
                    cd:e0:64:cd:93:39:90:21:ae:f5:92:29:6b:cc:67:
                    4f:4e:af:48:69:7f:d0:05:c4:45:68:23:fb:66:a2:
                    d0:19:7d:d4:48:ee:71:2d:5c:fb:48:19:6b:e7:89:
                    84:36:c4:2a:b9:ca:36:d6:95:d2:7d:b7:70:40:28:
                    21:c7:b1:90:e8:96:55:6e:4d:87:27:eb:a3:4a:51:
                    0d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:BD:CA:2D:51:7B:F3:AB:47:E1:4B:D5:31:56:8B:D5:41:D9:DF:70
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qb3KLVF786tH4UvVMVaL1UHZ33A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:72:b3:a3:32:fc:f8:64:f2:d3:c7:26:5c:39:13:5f:47:0f:
         3b:47:8a:ee:c9:0a:d9:08:84:21:81:46:b2:28:9c:e0:ee:76:
         b0:a8:91:c7:fd:54:ed:b6:7e:32:ea:74:5b:1f:94:ff:9c:e6:
         40:0f:3f:24:40:1e:f2:71:34:65:f1:2c:e9:d9:d0:d8:71:7f:
         61:c2:90:eb:c7:67:53:88:c6:27:80:ac:9c:01:b2:e1:01:56:
         0c:c8:0e:1c:82:9f:c2:4d:8d:07:f8:73:f8:dd:d9:60:85:4b:
         d1:1e:3f:c0:04:7e:d5:a2:c9:0a:1b:3c:55:b4:42:1b:53:93:
         13:57:16:4b:cc:2f:29:5d:67:8e:2d:a3:d5:67:51:ae:48:e2:
         0f:f2:21:35:b6:16:0f:c2:59:29:3e:0d:70:8d:ff:51:fd:7d:
         47:4a:e0:4d:e6:52:8f:a7:d1:a1:84:64:c6:88:ae:69:80:45:
         e2:26:36:8f:7b:5e:dc:7f:12:2c:93:84:1a:3f:12:33:d8:dc:
         42:76:dd:43:a3:45:5c:67:ca:af:31:69:77:e3:f7:6c:17:77:
         48:5a:83:72:3c:b5:d3:b4:22:de:8f:c8:75:af:d3:e1:f7:8a:
         c8:7e:ae:9b:02:a8:a2:e9:73:f6:77:03:3f:3b:eb:85:39:8d:
         52:39:09:17
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYipt3M+DixV20Hd8IvItpRpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjExMDkwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWJkY2EyZDUxN2JmM2FiNDdlMTRiZDUzMTU2OGJkNTQxZDlkZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKzeXSr+dysRSlJXNwP82MDYUmDR
bHEX0oQ0SSux8s/Q9paYi8SM+Pyprugk1BQI7s15yE1H+RG/D+HOGdCjW8lQj6oY
F0kGjs48LIl6Ibscp4AbRg9OEsqMMpP4Z5dEhjJAkG4GOLO5FLHIYcgYqbbFTT7s
4NrRSTRnUsM09ewrMvEXYdsrEh4UZjUEHoWhJO0RhFZeEcQ5do4x6RvvLl/ur+Qr
BAcSL8WEe4GKgOp1s07N4GTNkzmQIa71kilrzGdPTq9IaX/QBcRFaCP7ZqLQGX3U
SO5xLVz7SBlr54mENsQquco21pXSfbdwQCghx7GQ6JZVbk2HJ+ujSlENGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKm9yi1Re/OrR+FL1TFWi9VB2d9wMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcWIzS0xWRjc4NnRINFV2Vk1WYUwxVUhaMzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAxys6My/Phk8tPHJlw5
E19HDztHiu7JCtkIhCGBRrIonODudrCokcf9VO22fjLqdFsflP+c5kAPPyRAHvJx
NGXxLOnZ0Nhxf2HCkOvHZ1OIxieArJwBsuEBVgzIDhyCn8JNjQf4c/jd2WCFS9Ee
P8AEftWiyQobPFW0QhtTkxNXFkvMLyldZ44to9VnUa5I4g/yITW2Fg/CWSk+DXCN
/1H9fUdK4E3mUo+n0aGEZMaIrmmAReImNo97Xtx/EiyThBo/EjPY3EJ23UOjRVxn
yq8xaXfj92wXd0hag3I8tdO0It6PyHWv0+H3ish+rpsCqKLpc/Z3Az8764U5jVI5
CRc=
-----END CERTIFICATE-----