Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/09IFwgY0rcFPH0wW9AMyDa9KOg4.roa
File:                     09IFwgY0rcFPH0wW9AMyDa9KOg4.roa (raw, json)
Hash identifier:          fkppUoFcSrhx0yJkzTsKLLO0X4hlHPHXHuS9RKZul1c=
Subject key identifier:   D3:D2:05:C2:06:34:AD:C1:4F:1F:4C:16:F4:03:32:0D:AF:4A:3A:0E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186E45873F35660D887D59FF835D3418BCA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/09IFwgY0rcFPH0wW9AMyDa9KOg4.roa
Signing time:             Wed 15 Mar 2023 08:17:27 +0000
ROA not before:           Wed 15 Mar 2023 08:17:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e4:58:73:f3:56:60:d8:87:d5:9f:f8:35:d3:41:8b:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 15 08:17:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d3d205c20634adc14f1f4c16f403320daf4a3a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:48:0b:fd:56:75:5b:46:31:dd:f1:c9:07:8b:
                    ed:71:66:a0:55:40:06:54:b1:bc:44:8f:a2:34:96:
                    dc:0c:3b:52:d1:05:36:22:ac:0b:2c:fa:44:34:9b:
                    64:63:0a:20:29:d6:0d:ac:31:d4:db:5e:af:b6:85:
                    4a:81:e2:c5:55:3a:e7:de:c8:a7:28:80:15:31:be:
                    9f:83:3f:55:8a:ad:3c:9a:54:23:8a:39:f8:7c:ee:
                    22:d3:45:72:20:73:6f:ac:ea:1b:49:39:89:b1:e8:
                    3b:f7:b2:9f:47:8b:20:ef:d7:4f:35:89:9e:6e:16:
                    85:50:13:c6:00:b9:e8:4f:ed:01:f9:fb:77:bd:40:
                    be:ea:64:66:46:80:23:5c:23:87:40:64:6f:d6:a2:
                    c6:ad:53:a9:cb:fb:c3:68:d4:07:84:3c:7d:9f:5a:
                    19:ed:99:06:7d:98:d2:b8:22:7d:b9:45:ca:b2:9e:
                    4c:35:7a:6c:1e:19:b4:5a:69:bb:56:5b:ef:6a:24:
                    f6:1d:a5:bc:74:a2:6d:6c:97:1c:c0:db:03:08:7b:
                    73:c3:fd:12:6a:f8:6f:73:7d:87:f3:4b:c6:af:61:
                    6f:d4:e5:b0:a6:55:05:7e:28:41:52:72:26:54:1d:
                    9f:57:32:0b:4d:df:8c:c5:ea:b5:43:0f:ae:fd:61:
                    ce:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:D2:05:C2:06:34:AD:C1:4F:1F:4C:16:F4:03:32:0D:AF:4A:3A:0E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/09IFwgY0rcFPH0wW9AMyDa9KOg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:7f:f0:91:1b:ac:06:a8:49:27:59:14:cf:5b:50:73:29:be:
         02:de:a5:98:49:01:0c:d5:be:ff:c6:ea:52:e1:fc:30:05:29:
         b2:22:c3:01:21:2e:a0:ff:2c:03:ec:ad:b4:7a:5b:53:87:48:
         90:6f:ce:10:b8:0b:b7:0e:3e:7b:d5:40:93:31:7f:06:5e:11:
         d7:4f:10:9c:1a:25:1e:7c:fb:cb:1c:2f:15:98:18:c7:5a:b8:
         db:80:70:c8:73:34:f8:01:10:af:36:f5:90:3f:71:c5:89:73:
         92:62:5f:54:1b:c4:d5:c6:8f:26:de:70:cd:3a:f7:22:41:ea:
         af:f9:c6:3c:27:57:d0:ae:85:00:48:3b:20:ea:97:c7:08:0b:
         b4:4c:8c:b7:dd:46:a3:61:92:f6:81:12:45:99:04:74:64:f1:
         fb:84:51:32:7c:bd:97:69:06:47:8f:2e:b2:11:94:ef:19:fe:
         5f:fa:f4:7d:07:0e:e6:68:c7:43:20:18:22:5f:86:57:fe:82:
         51:af:d2:ed:4d:a7:d3:40:71:9f:34:4c:71:17:76:50:66:7c:
         20:a2:09:d5:26:92:39:f3:7e:9c:5c:33:76:2a:1c:fb:bb:b9:
         ed:9f:1f:38:6a:ca:11:b0:ed:07:1d:8f:68:35:3b:69:03:d4:
         4e:2f:af:e7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbkWHPzVmDYh9Wf+DXTQYvKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE1MDgxNzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2QyMDVjMjA2MzRhZGMxNGYxZjRjMTZmNDAzMzIwZGFmNGEzYTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0gL/VZ1W0Yx3fHJB4vtcWagVUAG
VLG8RI+iNJbcDDtS0QU2IqwLLPpENJtkYwogKdYNrDHU216vtoVKgeLFVTrn3sin
KIAVMb6fgz9Viq08mlQjijn4fO4i00VyIHNvrOobSTmJseg797KfR4sg79dPNYme
bhaFUBPGALnoT+0B+ft3vUC+6mRmRoAjXCOHQGRv1qLGrVOpy/vDaNQHhDx9n1oZ
7ZkGfZjSuCJ9uUXKsp5MNXpsHhm0Wmm7VlvvaiT2HaW8dKJtbJccwNsDCHtzw/0S
avhvc32H80vGr2Fv1OWwplUFfihBUnImVB2fVzILTd+Mxeq1Qw+u/WHOrQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNPSBcIGNK3BTx9MFvQDMg2vSjoOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMDlJRndnWTByY0ZQSDB3VzlBTXlEYTlLT2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKF/8JEbrAaoSSdZFM9b
UHMpvgLepZhJAQzVvv/G6lLh/DAFKbIiwwEhLqD/LAPsrbR6W1OHSJBvzhC4C7cO
PnvVQJMxfwZeEddPEJwaJR58+8scLxWYGMdauNuAcMhzNPgBEK829ZA/ccWJc5Ji
X1QbxNXGjybecM069yJB6q/5xjwnV9CuhQBIOyDql8cIC7RMjLfdRqNhkvaBEkWZ
BHRk8fuEUTJ8vZdpBkePLrIRlO8Z/l/69H0HDuZox0MgGCJfhlf+glGv0u1Np9NA
cZ80THEXdlBmfCCiCdUmkjnzfpxcM3YqHPu7ue2fHzhqyhGw7Qcdj2g1O2kD1E4v
r+c=
-----END CERTIFICATE-----