Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-Ml1EVnDas7xtwq0ZWyz9ko3zok.roa
File:                     1-Ml1EVnDas7xtwq0ZWyz9ko3zok.roa (raw, json)
Hash identifier:          7BHkaqk5NTDm5ay97zDwxYLkR/FkcYGVkJwU91tipsE=
Subject key identifier:   F8:C9:75:11:59:C3:6A:CE:F1:B7:0A:B4:65:6C:B3:F6:4A:37:CE:89
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01883152DD233D7610DF6A9DE6BD8FDF9008
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-Ml1EVnDas7xtwq0ZWyz9ko3zok.roa
Signing time:             Fri 19 May 2023 00:04:54 +0000
ROA not before:           Fri 19 May 2023 00:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:188:3152:b0a9/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:31:52:dd:23:3d:76:10:df:6a:9d:e6:bd:8f:df:90:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 19 00:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f8c9751159c36acef1b70ab4656cb3f64a37ce89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:46:a0:f0:43:d1:40:8a:5c:24:ab:42:82:7c:
                    14:98:0d:87:79:54:17:30:05:59:5a:04:17:92:3d:
                    9f:52:42:4f:70:59:5b:19:1c:eb:56:4d:1f:7b:bb:
                    05:70:93:85:fe:e8:07:09:7d:c9:9e:f7:b3:16:6d:
                    6d:a2:45:a8:17:03:e8:6e:6a:aa:38:f0:a7:81:3c:
                    d8:f9:b0:b6:6a:ab:87:67:c0:d6:24:ad:b7:2d:df:
                    76:ea:87:22:1f:76:1e:9a:6d:91:2b:05:aa:57:47:
                    63:de:7e:4e:98:8e:5f:3c:ba:4c:2a:15:00:cb:c5:
                    9d:91:a1:5c:6d:26:d7:05:de:dd:b0:c6:9b:e7:d1:
                    d6:16:ba:e0:35:71:b3:b4:72:45:32:4c:43:e6:8e:
                    10:30:cc:ae:fc:a7:3e:eb:2c:8e:b7:4e:4c:bd:0b:
                    25:f9:14:d7:5b:12:20:d4:96:c0:ad:6c:0f:7b:77:
                    a8:5c:de:97:2d:2b:9c:09:ca:e6:08:32:03:ea:92:
                    8a:99:36:78:c2:fb:f2:2b:00:1f:4a:c7:0d:11:67:
                    7d:b2:1f:a9:8a:56:b6:bf:bd:1e:11:22:a3:a2:90:
                    b5:1b:f9:26:9c:cb:63:50:dd:35:07:5a:03:47:40:
                    02:38:ba:8e:6b:62:58:a3:88:c5:24:92:e8:cd:cc:
                    38:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:C9:75:11:59:C3:6A:CE:F1:B7:0A:B4:65:6C:B3:F6:4A:37:CE:89
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-Ml1EVnDas7xtwq0ZWyz9ko3zok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:dd:d8:f0:3f:55:28:b8:6d:bd:e0:76:6b:b0:ba:6b:66:ad:
         23:49:9e:49:2c:c1:7c:7d:e9:93:5c:c2:3a:bc:37:3b:3f:ac:
         a8:e5:d4:f8:ea:83:a6:16:a6:a1:18:1a:69:44:37:ad:62:8f:
         47:9a:9a:53:7d:24:b2:54:d0:ee:d7:c9:23:a3:cf:18:7e:54:
         1b:50:f7:d6:3a:90:87:70:a1:a4:77:aa:c2:e6:b4:c5:1d:17:
         aa:ed:97:74:fa:89:5c:60:8f:3d:6f:00:bf:cf:22:fe:4c:0d:
         06:0c:ac:e1:94:94:91:9d:40:5a:63:1c:63:04:ee:6f:01:a1:
         94:a6:89:f7:cf:fd:f2:65:31:15:d8:48:77:07:91:ce:9d:8b:
         e5:25:8c:a1:c6:b7:e7:a3:1f:ed:75:f5:9f:4c:cf:2d:0f:35:
         5b:d8:ee:f5:c3:13:01:9b:54:5c:13:63:36:26:29:08:2e:b8:
         76:54:c9:13:5c:f2:09:87:b5:27:f3:d8:25:40:5c:c1:3e:79:
         d7:2e:d4:0f:48:a7:9b:1b:28:d4:7f:31:55:38:04:cd:6b:3d:
         09:ab:5f:53:56:8f:a1:1e:06:4d:11:a8:47:d9:23:35:59:e3:
         52:95:77:b8:f2:17:73:3c:d9:51:a2:c4:59:8e:e9:a0:59:93:
         ca:0d:a1:5c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYgxUt0jPXYQ32qd5r2P35AIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE5MDAwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGM5NzUxMTU5YzM2YWNlZjFiNzBhYjQ2NTZjYjNmNjRhMzdjZTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUag8EPRQIpcJKtCgnwUmA2HeVQX
MAVZWgQXkj2fUkJPcFlbGRzrVk0fe7sFcJOF/ugHCX3JnvezFm1tokWoFwPobmqq
OPCngTzY+bC2aquHZ8DWJK23Ld926ociH3Yemm2RKwWqV0dj3n5OmI5fPLpMKhUA
y8WdkaFcbSbXBd7dsMab59HWFrrgNXGztHJFMkxD5o4QMMyu/Kc+6yyOt05MvQsl
+RTXWxIg1JbArWwPe3eoXN6XLSucCcrmCDID6pKKmTZ4wvvyKwAfSscNEWd9sh+p
ila2v70eESKjopC1G/kmnMtjUN01B1oDR0ACOLqOa2JYo4jFJJLozcw4PQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPjJdRFZw2rO8bcKtGVss/ZKN86JMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1NbDFFVm5EYXM3eHR3cTBaV3l6OWtvM3pvay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQBn3djwP1UouG294HZr
sLprZq0jSZ5JLMF8femTXMI6vDc7P6yo5dT46oOmFqahGBppRDetYo9HmppTfSSy
VNDu18kjo88YflQbUPfWOpCHcKGkd6rC5rTFHReq7Zd0+olcYI89bwC/zyL+TA0G
DKzhlJSRnUBaYxxjBO5vAaGUpon3z/3yZTEV2Eh3B5HOnYvlJYyhxrfnox/tdfWf
TM8tDzVb2O71wxMBm1RcE2M2JikILrh2VMkTXPIJh7Un89glQFzBPnnXLtQPSKeb
GyjUfzFVOATNaz0Jq19TVo+hHgZNEahH2SM1WeNSlXe48hdzPNlRosRZjumgWZPK
DaFc
-----END CERTIFICATE-----