Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/meg9zxwRp5rYfYZY43DXepTu7ps.roa
File:                     meg9zxwRp5rYfYZY43DXepTu7ps.roa (raw, json)
Hash identifier:          O2P0LIJeLNouGYLT5iXfvXIu4hM4Ok9lh5tlrk9vYzw=
Subject key identifier:   99:E8:3D:CF:1C:11:A7:9A:D8:7D:86:58:E3:70:D7:7A:94:EE:EE:9B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187CD2317D4037A1E5DE1CD1069E794E104
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/meg9zxwRp5rYfYZY43DXepTu7ps.roa
Signing time:             Sat 29 Apr 2023 13:10:41 +0000
ROA not before:           Sat 29 Apr 2023 13:10:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:cd:23:17:d4:03:7a:1e:5d:e1:cd:10:69:e7:94:e1:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 29 13:10:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=99e83dcf1c11a79ad87d8658e370d77a94eeee9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:99:b3:52:35:6d:b1:67:ca:27:dc:02:b7:32:
                    cd:48:1b:e5:a9:a3:d2:04:50:9f:ee:d9:d1:09:a2:
                    22:46:bd:65:e4:f4:47:24:95:0a:f2:6a:a8:62:4e:
                    d5:78:56:1c:b4:28:21:01:0b:36:e7:0b:e3:20:6b:
                    b0:16:a9:8d:34:2c:53:9d:4a:f2:a3:d9:3f:27:33:
                    ec:9d:35:72:d3:66:8d:21:fd:f5:fc:ec:06:e3:df:
                    31:64:da:72:8d:04:43:a8:4d:40:c3:0a:d3:51:ba:
                    f9:11:c0:eb:e5:69:ea:e2:c0:7e:dd:2e:88:c2:16:
                    23:3c:76:6f:2e:3f:89:0d:80:b7:db:5d:75:31:76:
                    90:a9:45:03:7d:4c:fb:e7:01:2b:1f:c7:c9:e9:1d:
                    28:d1:74:51:1d:eb:7c:d1:d5:a1:e4:93:f0:5d:6d:
                    d7:9b:d0:e9:93:67:ce:4d:7b:26:e9:d0:fd:2f:9d:
                    0f:dc:a3:b4:d3:f8:70:6c:5a:09:54:08:a2:b8:44:
                    e2:d0:d0:ce:99:b7:0a:61:6b:9c:9c:c8:c7:7c:f7:
                    9a:90:1e:e9:a2:ea:d4:5e:55:a5:6b:56:78:1b:79:
                    4c:08:6a:b0:57:3f:a5:c1:2b:b6:ad:7d:0c:d6:e7:
                    53:03:8c:59:cd:e7:8d:50:68:54:e6:19:86:8d:b4:
                    71:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:E8:3D:CF:1C:11:A7:9A:D8:7D:86:58:E3:70:D7:7A:94:EE:EE:9B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/meg9zxwRp5rYfYZY43DXepTu7ps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:d2:d5:3e:5d:a5:7e:ad:71:d8:8a:2f:0f:47:74:09:e0:49:
         bb:1f:3a:6a:f7:75:7b:c0:80:2f:fb:95:63:81:49:a7:62:7d:
         00:4e:19:f6:c6:23:5d:59:e1:21:6b:dd:7f:89:3c:de:c7:a2:
         1a:13:22:a6:ba:f8:4b:ae:e5:a7:5a:70:a4:3b:c2:40:f3:6c:
         14:c1:ae:0a:78:e6:2b:d2:e7:2b:6c:85:80:a0:b5:5e:dc:02:
         05:54:8e:39:00:96:59:0e:c7:9d:1c:ae:64:67:18:a5:04:53:
         bd:91:74:39:37:8e:4d:8d:2c:96:b1:47:4c:26:18:1b:4a:85:
         a7:af:b4:0b:5d:ef:87:ad:5c:50:f6:da:7a:04:fd:2a:aa:70:
         58:28:73:0c:09:80:10:4f:08:0a:1b:36:30:8c:84:86:8d:79:
         1e:3a:9b:1f:8b:24:9b:55:31:41:48:a2:60:a0:29:78:74:0b:
         d9:8b:ae:56:57:71:a5:2e:ad:a3:77:f1:06:22:8a:e9:02:d4:
         88:79:a9:bc:fe:ac:20:76:86:81:35:a4:c2:6c:57:2d:cf:2a:
         73:ef:bf:22:ff:39:e1:dd:ce:3d:66:6e:19:a4:23:b9:67:c3:
         42:ac:ed:0f:fb:00:29:b0:4a:60:a1:8b:77:57:94:fc:16:37:
         97:86:c8:20
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfNIxfUA3oeXeHNEGnnlOEEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI5MTMxMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWU4M2RjZjFjMTFhNzlhZDg3ZDg2NThlMzcwZDc3YTk0ZWVlZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpmzUjVtsWfKJ9wCtzLNSBvlqaPS
BFCf7tnRCaIiRr1l5PRHJJUK8mqoYk7VeFYctCghAQs25wvjIGuwFqmNNCxTnUry
o9k/JzPsnTVy02aNIf31/OwG498xZNpyjQRDqE1AwwrTUbr5EcDr5Wnq4sB+3S6I
whYjPHZvLj+JDYC32111MXaQqUUDfUz75wErH8fJ6R0o0XRRHet80dWh5JPwXW3X
m9Dpk2fOTXsm6dD9L50P3KO00/hwbFoJVAiiuETi0NDOmbcKYWucnMjHfPeakB7p
ourUXlWla1Z4G3lMCGqwVz+lwSu2rX0M1udTA4xZzeeNUGhU5hmGjbRxkwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJnoPc8cEaea2H2GWONw13qU7u6bMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbWVnOXp4d1JwNXJZZllaWTQzRFhlcFR1N3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA3S1T5dpX6tcdiKLw9H
dAngSbsfOmr3dXvAgC/7lWOBSadifQBOGfbGI11Z4SFr3X+JPN7HohoTIqa6+Euu
5adacKQ7wkDzbBTBrgp45ivS5ytshYCgtV7cAgVUjjkAllkOx50crmRnGKUEU72R
dDk3jk2NLJaxR0wmGBtKhaevtAtd74etXFD22noE/SqqcFgocwwJgBBPCAobNjCM
hIaNeR46mx+LJJtVMUFIomCgKXh0C9mLrlZXcaUuraN38QYiiukC1Ih5qbz+rCB2
hoE1pMJsVy3PKnPvvyL/OeHdzj1mbhmkI7lnw0Ks7Q/7ACmwSmChi3dXlPwWN5eG
yCA=
-----END CERTIFICATE-----