Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0NzuIoGwcg6aFcBuWGN2_V0S3r4.roa
File:                     0NzuIoGwcg6aFcBuWGN2_V0S3r4.roa (raw, json)
Hash identifier:          vmrIS78Pp7mhB5nD3/WQLFELj2EzWfxuQJBAgV43LgA=
Subject key identifier:   D0:DC:EE:22:81:B0:72:0E:9A:15:C0:6E:58:63:76:FD:5D:12:DE:BE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187BF9D7AF01B419C85F1D80C2FACC2FF01
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0NzuIoGwcg6aFcBuWGN2_V0S3r4.roa
Signing time:             Wed 26 Apr 2023 22:09:41 +0000
ROA not before:           Wed 26 Apr 2023 22:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:bf:9d:7a:f0:1b:41:9c:85:f1:d8:0c:2f:ac:c2:ff:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 26 22:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d0dcee2281b0720e9a15c06e586376fd5d12debe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f1:78:5a:da:a1:7f:cc:ed:2c:38:e7:1f:38:
                    4e:ba:fc:06:70:e6:3f:cd:f9:63:18:2b:9d:a9:01:
                    ba:69:2f:0e:e1:3c:37:fc:84:2a:cd:02:71:f4:90:
                    75:99:a5:76:58:a1:ec:7b:49:4d:ce:96:de:4f:c8:
                    ef:7d:e8:c1:a3:64:c6:a2:65:f5:d9:2b:ac:5d:05:
                    1a:a3:90:9f:85:f7:94:b9:7a:1e:87:51:c0:ad:62:
                    2e:0a:e8:61:69:b6:65:22:18:80:a2:44:88:e5:84:
                    09:8c:3c:c4:d4:f5:1a:fb:ed:b3:60:50:4d:49:17:
                    c5:1b:9f:74:83:85:ae:75:6b:df:12:57:53:f5:2e:
                    cd:d4:d8:f1:cc:e9:dd:1d:78:23:52:cc:0c:e4:47:
                    e7:9b:72:06:63:a1:fb:5e:aa:d6:ff:bf:9c:e1:12:
                    53:5a:1c:6d:3f:7e:05:24:18:f6:48:56:16:85:f3:
                    4e:1e:52:52:ab:32:56:8e:80:f4:f2:d9:c8:4d:93:
                    d2:3d:52:8e:f7:ee:7b:ad:e8:13:64:13:9e:b2:99:
                    e3:e1:c4:05:d8:e2:a8:dc:98:b7:b4:16:33:ac:8a:
                    fb:ef:7e:7b:4b:83:94:d7:f3:7a:69:79:73:8e:ab:
                    79:d2:74:42:d7:16:e4:e1:bf:c4:7e:2f:36:53:e9:
                    b0:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:DC:EE:22:81:B0:72:0E:9A:15:C0:6E:58:63:76:FD:5D:12:DE:BE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/0NzuIoGwcg6aFcBuWGN2_V0S3r4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:4b:79:40:8e:e3:e4:6b:1e:d5:30:eb:58:1d:da:31:28:28:
         da:f8:4a:8e:19:97:14:fc:dd:a7:b4:93:8b:d7:93:a9:e4:4a:
         61:ea:a4:ba:1a:64:fa:09:2a:e3:8e:5d:13:3c:fb:4d:dd:70:
         3c:1c:49:c3:13:52:43:97:73:8e:ba:31:c5:66:20:70:eb:b1:
         20:c9:51:70:8b:58:1c:24:c0:59:bf:28:93:4b:06:77:22:02:
         1d:b8:7e:02:3b:62:86:bc:fe:93:9a:d0:cc:3a:88:c2:25:52:
         80:d0:0a:4b:e7:fa:15:50:a3:f3:c0:36:ee:39:f5:b5:90:e7:
         ef:a9:96:30:ac:29:97:1d:3c:c0:3a:ad:72:0e:a2:92:df:3f:
         aa:b3:8e:c7:3a:e6:04:63:b7:46:d4:0b:39:6a:65:ff:81:d7:
         16:b2:c2:0c:a5:e7:6a:9d:68:f6:c2:6d:db:da:da:bf:3e:fc:
         63:15:d9:3f:79:23:b6:90:27:c1:67:18:7a:7e:0a:ce:73:2c:
         cf:cf:47:78:0a:40:92:bf:19:0c:ba:6d:56:b5:8a:9b:59:45:
         11:c0:86:e6:6b:5d:71:87:e6:3e:66:9f:b9:ed:26:e8:24:44:
         1e:ea:52:23:60:86:8d:74:2e:6c:cb:08:c8:c2:86:4b:69:3e:
         59:8d:c3:74
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYe/nXrwG0GchfHYDC+swv8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI2MjIwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGRjZWUyMjgxYjA3MjBlOWExNWMwNmU1ODYzNzZmZDVkMTJkZWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvF4Wtqhf8ztLDjnHzhOuvwGcOY/
zfljGCudqQG6aS8O4Tw3/IQqzQJx9JB1maV2WKHse0lNzpbeT8jvfejBo2TGomX1
2SusXQUao5CfhfeUuXoeh1HArWIuCuhhabZlIhiAokSI5YQJjDzE1PUa++2zYFBN
SRfFG590g4WudWvfEldT9S7N1NjxzOndHXgjUswM5Efnm3IGY6H7XqrW/7+c4RJT
WhxtP34FJBj2SFYWhfNOHlJSqzJWjoD08tnITZPSPVKO9+57regTZBOespnj4cQF
2OKo3Ji3tBYzrIr77357S4OU1/N6aXlzjqt50nRC1xbk4b/Efi82U+mwUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNDc7iKBsHIOmhXAblhjdv1dEt6+MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvME56dUlvR3djZzZhRmNCdVdHTjJfVjBTM3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA9LeUCO4+RrHtUw61gd
2jEoKNr4So4ZlxT83ae0k4vXk6nkSmHqpLoaZPoJKuOOXRM8+03dcDwcScMTUkOX
c466McVmIHDrsSDJUXCLWBwkwFm/KJNLBnciAh24fgI7Yoa8/pOa0Mw6iMIlUoDQ
Ckvn+hVQo/PANu459bWQ5++pljCsKZcdPMA6rXIOopLfP6qzjsc65gRjt0bUCzlq
Zf+B1xaywgyl52qdaPbCbdva2r8+/GMV2T95I7aQJ8FnGHp+Cs5zLM/PR3gKQJK/
GQy6bVa1iptZRRHAhuZrXXGH5j5mn7ntJugkRB7qUiNgho10LmzLCMjChktpPlmN
w3Q=
-----END CERTIFICATE-----