Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-dJ-0C57WubNYAcBR1QXTVqB10.roa
File:                     1-dJ-0C57WubNYAcBR1QXTVqB10.roa (raw, json)
Hash identifier:          /8YDl7hBuzv+whguBnmNLpxGYnJaKUWlO8LIrGl9hK8=
Subject key identifier:   D7:E7:49:FB:40:B9:ED:6B:9B:35:80:1C:05:1D:50:5D:35:6A:07:5D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186D251133B55AB76AC1A3B82E28DA9E56C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-dJ-0C57WubNYAcBR1QXTVqB10.roa
Signing time:             Sat 11 Mar 2023 20:16:14 +0000
ROA not before:           Sat 11 Mar 2023 20:16:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d2:51:13:3b:55:ab:76:ac:1a:3b:82:e2:8d:a9:e5:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 11 20:16:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d7e749fb40b9ed6b9b35801c051d505d356a075d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:8c:1e:00:48:bc:21:81:17:83:93:f0:b7:d6:
                    e8:c4:b4:aa:33:29:7f:77:28:01:ef:b6:f5:a4:85:
                    0c:2a:cd:bd:b9:24:a6:0b:bf:dd:a9:19:31:51:22:
                    86:2b:89:e9:37:6c:2d:96:93:87:a9:e6:21:97:6b:
                    38:ba:4a:19:d1:b5:4f:5f:9a:3e:6d:ca:d5:a3:1c:
                    91:08:f0:f7:8e:9a:eb:da:88:59:c2:24:ba:c2:0c:
                    02:a1:eb:80:5f:75:3d:a8:25:bd:13:0d:d6:f2:cf:
                    94:1e:73:01:e2:7a:aa:e5:a9:65:7f:85:17:b8:d9:
                    c8:23:24:ab:a3:1b:70:dd:f4:46:09:bf:25:8e:30:
                    1a:3c:a1:e9:27:3a:ef:2c:ef:5b:3b:21:18:5f:cc:
                    f6:2d:66:17:97:37:d9:6d:0f:1d:58:40:59:f5:0c:
                    28:bf:1b:07:fd:88:93:28:54:87:c9:e9:86:14:c6:
                    04:ac:cd:63:2f:3c:33:ac:70:24:11:49:90:f7:f1:
                    9f:44:8a:a8:f1:df:0c:fd:8e:d1:90:96:0c:8d:70:
                    df:25:cf:18:dc:5f:5c:0c:30:35:19:f2:5c:7e:35:
                    9e:2f:6b:06:63:b7:0d:1e:59:3d:58:41:b0:70:0c:
                    d1:35:5d:dd:bb:7b:a2:25:3e:6c:32:4e:fe:b1:ec:
                    95:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E7:49:FB:40:B9:ED:6B:9B:35:80:1C:05:1D:50:5D:35:6A:07:5D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-dJ-0C57WubNYAcBR1QXTVqB10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:6e:47:a9:cc:94:2e:2c:1f:a0:4d:46:bc:11:95:32:41:b0:
         58:5c:95:31:c1:94:a2:9c:3b:1d:13:8c:67:f6:84:f3:d8:17:
         74:e9:a2:0d:86:4b:01:73:ae:b7:26:79:df:84:5d:be:28:49:
         76:a2:10:d4:64:ae:0a:6c:b1:6b:5e:c2:19:54:97:e1:49:4d:
         85:6d:5d:15:c2:d4:da:8d:69:0e:0b:ac:ad:38:b8:e7:fe:72:
         f9:45:47:55:b6:8b:38:aa:2f:a3:20:e7:ca:b4:c4:fc:b2:81:
         b5:8e:07:68:54:0e:56:05:95:06:ca:72:fc:6c:4a:13:6d:83:
         1c:d4:68:dc:89:ef:a8:f0:2b:f8:88:65:48:b7:2a:5e:ea:d5:
         86:98:6f:2a:79:fe:e5:05:97:f8:39:f9:5a:61:03:b9:55:3c:
         0e:8c:f1:03:57:57:ad:3b:de:0b:73:6c:74:33:ea:37:ec:5b:
         0d:3f:25:ac:91:a6:b4:d0:f3:0b:1b:13:83:39:de:b6:27:43:
         38:23:7b:48:4b:83:ca:59:e4:af:9b:7f:53:a2:1e:e8:fd:e6:
         ef:29:54:10:90:eb:cd:85:59:ec:41:c6:a2:1f:8f:6f:64:95:
         42:d3:72:74:62:69:f4:3f:0f:20:d2:8e:b9:1b:6d:f0:d3:bb:
         f3:1d:ea:78
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbSURM7Vat2rBo7guKNqeVsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzExMjAxNjE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2U3NDlmYjQwYjllZDZiOWIzNTgwMWMwNTFkNTA1ZDM1NmEwNzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4weAEi8IYEXg5Pwt9boxLSqMyl/
dygB77b1pIUMKs29uSSmC7/dqRkxUSKGK4npN2wtlpOHqeYhl2s4ukoZ0bVPX5o+
bcrVoxyRCPD3jprr2ohZwiS6wgwCoeuAX3U9qCW9Ew3W8s+UHnMB4nqq5allf4UX
uNnIIySroxtw3fRGCb8ljjAaPKHpJzrvLO9bOyEYX8z2LWYXlzfZbQ8dWEBZ9Qwo
vxsH/YiTKFSHyemGFMYErM1jLzwzrHAkEUmQ9/GfRIqo8d8M/Y7RkJYMjXDfJc8Y
3F9cDDA1GfJcfjWeL2sGY7cNHlk9WEGwcAzRNV3du3uiJT5sMk7+seyVMwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNfnSftAue1rmzWAHAUdUF01agddMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1kSi0wQzU3V3ViTllBY0JSMVFYVFZxQjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGpuR6nMlC4sH6BNRrwR
lTJBsFhclTHBlKKcOx0TjGf2hPPYF3Tpog2GSwFzrrcmed+EXb4oSXaiENRkrgps
sWtewhlUl+FJTYVtXRXC1NqNaQ4LrK04uOf+cvlFR1W2iziqL6Mg58q0xPyygbWO
B2hUDlYFlQbKcvxsShNtgxzUaNyJ76jwK/iIZUi3Kl7q1YaYbyp5/uUFl/g5+Vph
A7lVPA6M8QNXV6073gtzbHQz6jfsWw0/JayRprTQ8wsbE4M53rYnQzgje0hLg8pZ
5K+bf1OiHuj95u8pVBCQ682FWexBxqIfj29klULTcnRiafQ/DyDSjrkbbfDTu/Md
6ng=
-----END CERTIFICATE-----