Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-qyEs7FNzCEeFie5yWkJrVh5zzQ.roa
File:                     1-qyEs7FNzCEeFie5yWkJrVh5zzQ.roa (raw, json)
Hash identifier:          qs0I2KNUY3Ru7GcD8qO0e1Dplx5G9CpwkHTHyZWyoMU=
Subject key identifier:   FA:AC:84:B3:B1:4D:CC:21:1E:16:27:B9:C9:69:09:AD:58:79:CF:34
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B360A533561A45F7669AACE7E7158FCC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-qyEs7FNzCEeFie5yWkJrVh5zzQ.roa
Signing time:             Sun 05 Mar 2023 20:05:00 +0000
ROA not before:           Sun 05 Mar 2023 20:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:b360:1c0d/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b3:60:a5:33:56:1a:45:f7:66:9a:ac:e7:e7:15:8f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  5 20:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=faac84b3b14dcc211e1627b9c96909ad5879cf34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:fc:31:93:51:72:6b:de:de:31:21:51:3e:e4:
                    b8:8e:05:24:f7:4b:1b:c1:b4:d2:16:d5:cf:18:03:
                    41:6a:a3:a6:27:f1:c8:31:5a:59:f0:bf:1c:5d:2c:
                    ce:3f:13:2e:79:a9:2a:cf:ff:90:c6:74:aa:0c:63:
                    03:ba:36:75:80:bc:80:57:29:7a:b0:13:b5:0e:83:
                    8a:5d:56:41:93:95:97:78:a1:d3:3a:4a:bf:77:46:
                    e5:d1:ae:44:43:82:0a:82:b6:aa:41:25:08:f3:bf:
                    3f:74:89:1c:63:22:a5:02:a1:30:83:dd:b1:1d:cc:
                    f9:25:74:83:a6:b5:f2:00:ad:1a:25:79:54:91:f6:
                    c5:a0:81:7a:93:a8:ce:2b:8e:ae:33:28:16:86:a7:
                    35:43:38:71:ee:8b:14:72:2e:d0:84:9b:00:ac:83:
                    73:1a:f3:c1:bc:90:ba:4c:db:eb:a3:06:c2:7d:b1:
                    40:75:65:ce:ec:67:32:af:5c:c5:92:ec:1f:be:b2:
                    71:cc:0b:f1:bd:d4:92:3c:57:c7:6b:ce:4c:bd:22:
                    66:46:76:21:1e:35:23:de:9f:cc:1f:3e:5c:cd:2d:
                    8d:2e:af:6f:43:89:bc:ef:54:22:f4:61:e7:64:18:
                    ec:b2:34:cf:d8:b3:ee:fd:06:fa:eb:07:c5:29:ed:
                    eb:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:AC:84:B3:B1:4D:CC:21:1E:16:27:B9:C9:69:09:AD:58:79:CF:34
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-qyEs7FNzCEeFie5yWkJrVh5zzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:6c:0b:3e:33:1b:97:59:05:25:a2:79:cf:df:84:39:72:e9:
         cd:56:6d:f1:cc:ec:77:be:28:cd:51:ce:84:ca:58:8f:b2:3e:
         ca:c9:e8:b4:26:43:47:69:a0:1d:e5:bf:37:2e:94:94:dd:c5:
         a4:1c:ad:0b:78:37:f5:c8:80:4a:dc:cf:6b:d1:37:50:7c:ec:
         eb:eb:0c:8b:14:9f:7b:d9:60:99:03:78:88:dc:08:ed:77:5a:
         bc:05:df:78:bb:6f:27:29:14:41:af:81:16:df:d4:6c:24:2a:
         b0:ed:53:1f:56:35:2d:26:db:8f:9d:4e:2b:01:8d:91:94:e1:
         f4:06:a8:66:10:d2:26:30:80:50:35:fe:02:79:bf:0d:d4:91:
         d9:f2:6e:65:61:c0:db:2a:87:6f:5e:c0:0e:47:56:0e:58:a2:
         3a:64:09:e9:76:46:37:37:f7:c3:34:07:12:75:61:4b:ae:31:
         6e:cd:df:34:02:aa:0a:8f:98:18:fa:62:bd:d3:d0:a2:11:08:
         65:36:31:6d:e3:04:d4:3e:6c:be:31:ce:3c:99:6f:dc:8b:02:
         2c:6b:7d:5c:dd:ea:13:d9:fa:58:1f:48:04:23:6f:65:31:18:
         f9:c6:5e:ec:e3:0b:15:a3:9c:86:55:96:04:89:54:29:58:c7:
         8b:19:5d:68
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYazYKUzVhpF92aarOfnFY/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA1MjAwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWFjODRiM2IxNGRjYzIxMWUxNjI3YjljOTY5MDlhZDU4NzljZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPwxk1Fya97eMSFRPuS4jgUk90sb
wbTSFtXPGANBaqOmJ/HIMVpZ8L8cXSzOPxMueakqz/+QxnSqDGMDujZ1gLyAVyl6
sBO1DoOKXVZBk5WXeKHTOkq/d0bl0a5EQ4IKgraqQSUI878/dIkcYyKlAqEwg92x
Hcz5JXSDprXyAK0aJXlUkfbFoIF6k6jOK46uMygWhqc1Qzhx7osUci7QhJsArINz
GvPBvJC6TNvrowbCfbFAdWXO7Gcyr1zFkuwfvrJxzAvxvdSSPFfHa85MvSJmRnYh
HjUj3p/MHz5czS2NLq9vQ4m871Qi9GHnZBjssjTP2LPu/Qb66wfFKe3rEQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPqshLOxTcwhHhYnuclpCa1Yec80MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1xeUVzN0ZOekNFZUZpZTV5V2tKclZoNXp6US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQCJbAs+MxuXWQUlonnP
34Q5cunNVm3xzOx3vijNUc6EyliPsj7Kyei0JkNHaaAd5b83LpSU3cWkHK0LeDf1
yIBK3M9r0TdQfOzr6wyLFJ972WCZA3iI3Ajtd1q8Bd94u28nKRRBr4EW39RsJCqw
7VMfVjUtJtuPnU4rAY2RlOH0BqhmENImMIBQNf4Ceb8N1JHZ8m5lYcDbKodvXsAO
R1YOWKI6ZAnpdkY3N/fDNAcSdWFLrjFuzd80AqoKj5gY+mK909CiEQhlNjFt4wTU
Pmy+Mc48mW/ciwIsa31c3eoT2fpYH0gEI29lMRj5xl7s4wsVo5yGVZYEiVQpWMeL
GV1o
-----END CERTIFICATE-----