Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-rP_tBs61HllJVRI3YiJ-CKC1k4.roa
File:                     1-rP_tBs61HllJVRI3YiJ-CKC1k4.roa (raw, json)
Hash identifier:          Sz//NcrJHNtqZE7lVEnveSD/V3hdF38C8dTz2d/kY28=
Subject key identifier:   FA:B3:FF:B4:1B:3A:D4:79:65:25:54:48:DD:88:89:F8:22:82:D6:4E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01870B60CF92FFCA4CE6FE7A1D5C53E712B2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-rP_tBs61HllJVRI3YiJ-CKC1k4.roa
Signing time:             Wed 22 Mar 2023 22:11:46 +0000
ROA not before:           Wed 22 Mar 2023 22:11:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0b:60:cf:92:ff:ca:4c:e6:fe:7a:1d:5c:53:e7:12:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 22 22:11:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fab3ffb41b3ad47965255448dd8889f82282d64e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ab:af:bd:12:c0:09:96:07:00:fd:f7:81:5e:
                    e4:75:43:41:57:67:fe:6b:2f:ef:1b:e1:46:52:de:
                    c0:17:b5:c2:5e:d6:e5:d2:16:b9:16:72:2f:e2:44:
                    86:9d:82:50:1f:50:4a:cf:dd:46:4b:b4:37:a9:82:
                    be:46:17:3a:d8:61:4c:7d:55:af:c9:90:72:9a:f7:
                    de:c1:28:0e:1e:d9:bf:15:3f:8c:1f:f8:be:c6:6c:
                    ea:43:47:0c:96:fc:3f:62:9a:33:0f:21:8f:95:00:
                    c4:11:d7:71:1a:ed:15:ff:48:16:bd:84:f9:33:a7:
                    ee:03:15:ec:53:44:b7:d8:a7:de:fe:79:31:22:21:
                    09:5f:8a:90:e2:cb:fc:49:03:02:75:27:5b:82:d2:
                    42:40:95:f5:0f:35:70:79:f6:8c:45:58:67:6d:1a:
                    c9:5c:81:d5:e5:33:ef:e3:e1:d8:e7:92:b0:b8:58:
                    2f:8a:ed:13:95:81:4e:0e:cd:5a:64:80:0c:53:69:
                    0b:68:20:fc:27:c1:65:50:d8:a6:30:8c:eb:5c:7a:
                    65:22:42:8e:e9:a3:9e:ff:a4:2f:6f:e1:33:58:60:
                    43:b5:3a:c1:0e:fa:d9:c9:0f:cf:44:06:7b:7f:d4:
                    4b:02:f3:a9:c6:ef:58:f2:bb:c7:3c:c9:71:59:86:
                    50:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:B3:FF:B4:1B:3A:D4:79:65:25:54:48:DD:88:89:F8:22:82:D6:4E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-rP_tBs61HllJVRI3YiJ-CKC1k4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:ec:08:0c:b7:e9:a4:d8:37:bb:7e:47:1b:59:c9:97:bc:b0:
         56:a8:b3:01:48:e2:84:63:51:8d:29:08:38:04:b8:50:f2:ac:
         99:eb:f8:7d:e7:37:91:a9:6c:e8:bd:bb:50:6e:0f:62:ac:9d:
         df:78:18:f9:f6:e7:22:c2:b2:56:ad:bc:21:13:cb:dd:02:ad:
         36:0c:51:b1:ce:90:a4:e0:18:37:ad:33:a4:71:ca:19:17:58:
         b6:8c:73:f6:82:13:b2:d8:81:11:ca:8f:2a:69:ff:1c:b5:75:
         76:e0:14:39:32:36:b4:56:78:a5:ce:9e:2c:5e:e1:dd:64:33:
         6a:94:c5:41:a9:80:75:cd:4f:14:a9:28:7b:d9:15:bd:54:08:
         29:28:46:49:0b:54:68:29:43:bf:37:70:a4:c0:ff:4d:d0:62:
         a5:da:5d:23:54:4f:e6:c8:0e:d8:c1:ed:ee:01:e9:4c:4a:1b:
         b2:a1:fa:ed:48:5b:56:dd:f5:54:86:2c:37:9a:42:51:94:84:
         26:7f:30:bb:e4:97:1d:cc:21:65:c2:88:0b:20:be:ea:18:1b:
         86:63:f9:a4:98:85:98:77:1f:18:30:bc:6f:bd:81:e8:82:ff:
         49:54:32:08:78:25:1e:ae:7a:40:ec:9b:1c:f6:6c:00:50:00:
         a6:b4:78:5a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYcLYM+S/8pM5v56HVxT5xKyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIyMjIxMTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWIzZmZiNDFiM2FkNDc5NjUyNTU0NDhkZDg4ODlmODIyODJkNjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKuvvRLACZYHAP33gV7kdUNBV2f+
ay/vG+FGUt7AF7XCXtbl0ha5FnIv4kSGnYJQH1BKz91GS7Q3qYK+Rhc62GFMfVWv
yZBymvfewSgOHtm/FT+MH/i+xmzqQ0cMlvw/YpozDyGPlQDEEddxGu0V/0gWvYT5
M6fuAxXsU0S32Kfe/nkxIiEJX4qQ4sv8SQMCdSdbgtJCQJX1DzVwefaMRVhnbRrJ
XIHV5TPv4+HY55KwuFgviu0TlYFODs1aZIAMU2kLaCD8J8FlUNimMIzrXHplIkKO
6aOe/6Qvb+EzWGBDtTrBDvrZyQ/PRAZ7f9RLAvOpxu9Y8rvHPMlxWYZQcQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPqz/7QbOtR5ZSVUSN2IifgigtZOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1yUF90QnM2MUhsbEpWUkkzWWlKLUNLQzFrNC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQA/7AgMt+mk2De7fkcb
WcmXvLBWqLMBSOKEY1GNKQg4BLhQ8qyZ6/h95zeRqWzovbtQbg9irJ3feBj59uci
wrJWrbwhE8vdAq02DFGxzpCk4Bg3rTOkccoZF1i2jHP2ghOy2IERyo8qaf8ctXV2
4BQ5Mja0Vnilzp4sXuHdZDNqlMVBqYB1zU8UqSh72RW9VAgpKEZJC1RoKUO/N3Ck
wP9N0GKl2l0jVE/myA7Ywe3uAelMShuyofrtSFtW3fVUhiw3mkJRlIQmfzC75Jcd
zCFlwogLIL7qGBuGY/mkmIWYdx8YMLxvvYHogv9JVDIIeCUernpA7Jsc9mwAUACm
tHha
-----END CERTIFICATE-----