Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/11SfCMhN9LdqIbdsCIqIvjV1yWs.roa
File:                     11SfCMhN9LdqIbdsCIqIvjV1yWs.roa (raw, json)
Hash identifier:          tKhF96/gcnpHLbkBCJ0oSMNNfteVvcp3yQp8yROcJnI=
Subject key identifier:   D7:54:9F:08:C8:4D:F4:B7:6A:21:B7:6C:08:8A:88:BE:35:75:C9:6B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187A6B968A2B12BCF46304F230005C3A93D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/11SfCMhN9LdqIbdsCIqIvjV1yWs.roa
Signing time:             Sat 22 Apr 2023 02:09:41 +0000
ROA not before:           Sat 22 Apr 2023 02:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a6:b9:68:a2:b1:2b:cf:46:30:4f:23:00:05:c3:a9:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 22 02:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d7549f08c84df4b76a21b76c088a88be3575c96b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:95:ea:93:9e:7d:1d:06:b7:85:96:68:57:92:
                    59:76:c6:df:c4:cd:16:b6:87:38:6b:28:c1:13:31:
                    ab:bb:20:51:98:f8:1e:22:00:39:10:ac:9e:ec:ed:
                    0b:55:64:7c:10:3f:3e:4b:1d:16:e5:e9:b6:c8:11:
                    c0:0b:3a:70:e1:dc:1a:9b:6b:a2:0e:72:23:a4:ee:
                    0d:54:fc:2d:63:30:5f:64:c2:2a:de:1d:83:39:27:
                    ab:58:6f:34:0a:29:e7:c1:d4:d9:ac:36:2d:98:a5:
                    cc:f3:5d:fb:45:ac:48:ca:3e:c4:be:5c:3b:6b:dc:
                    1a:18:f1:a5:cd:d4:51:a7:18:eb:8c:ad:ea:cc:3f:
                    a0:28:cd:1c:fc:4b:5b:f1:88:6c:8e:b7:59:98:45:
                    b6:ae:70:ac:02:43:96:b1:02:4e:c9:93:0b:1d:2e:
                    89:9e:8c:fd:54:39:ae:3f:4a:32:36:73:82:7f:64:
                    50:4c:38:f4:69:d1:09:bd:bc:4c:47:48:72:30:dd:
                    b1:08:c9:6f:9b:70:61:c6:df:c5:08:4f:70:e8:fd:
                    e6:07:40:04:20:83:54:c0:c7:d7:33:02:ab:29:dd:
                    54:92:d9:12:cd:25:e0:4e:f1:38:02:7d:32:6c:42:
                    49:b2:13:2c:ea:0d:d1:16:a7:27:6b:da:f4:a7:e9:
                    6d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:54:9F:08:C8:4D:F4:B7:6A:21:B7:6C:08:8A:88:BE:35:75:C9:6B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/11SfCMhN9LdqIbdsCIqIvjV1yWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:3c:4c:29:ea:d8:57:d5:71:69:b1:8a:52:73:42:b1:fa:1d:
         01:58:41:6f:65:0a:e3:7f:9c:0c:e7:4a:d5:7b:a4:2a:7d:b1:
         07:e3:f4:86:ff:31:ac:18:99:70:cd:32:9f:ac:9a:36:75:7a:
         c7:7c:9c:50:9a:85:ec:ef:83:cf:26:ff:d8:98:63:40:aa:bd:
         4f:f5:bc:f2:99:a1:0a:31:8b:3a:80:1e:c0:12:18:c1:ff:24:
         88:27:52:c9:26:fb:52:d1:5a:65:e0:2c:84:5b:dd:96:05:b4:
         e1:b6:a9:e6:fd:5d:5d:84:12:43:f0:3c:97:b2:9e:41:2d:b7:
         98:73:bb:83:7a:68:e9:ec:e8:66:2c:c3:ba:fb:35:c3:25:8d:
         27:eb:3c:96:2a:79:b2:b1:54:12:49:3b:7b:9c:fb:69:83:d8:
         45:1d:9b:14:41:1b:6e:2b:41:8d:28:d3:0f:8f:af:c1:24:4e:
         a1:e5:09:55:cf:a1:d6:21:95:d2:43:6c:24:e8:a9:35:6a:d1:
         d4:32:4b:fa:c6:41:a7:b9:2c:99:e2:d6:8e:e6:19:e3:9c:09:
         2d:64:1c:fb:09:b6:05:3c:0d:86:4b:f4:d6:74:86:0a:eb:1d:
         71:3d:45:24:66:6e:e2:20:a2:e9:ac:14:10:6e:d1:c7:b0:8b:
         47:16:d4:05
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYemuWiisSvPRjBPIwAFw6k9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIyMDIwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzU0OWYwOGM4NGRmNGI3NmEyMWI3NmMwODhhODhiZTM1NzVjOTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5Xqk559HQa3hZZoV5JZdsbfxM0W
toc4ayjBEzGruyBRmPgeIgA5EKye7O0LVWR8ED8+Sx0W5em2yBHACzpw4dwam2ui
DnIjpO4NVPwtYzBfZMIq3h2DOSerWG80CinnwdTZrDYtmKXM8137RaxIyj7Evlw7
a9waGPGlzdRRpxjrjK3qzD+gKM0c/Etb8YhsjrdZmEW2rnCsAkOWsQJOyZMLHS6J
noz9VDmuP0oyNnOCf2RQTDj0adEJvbxMR0hyMN2xCMlvm3Bhxt/FCE9w6P3mB0AE
IINUwMfXMwKrKd1UktkSzSXgTvE4An0ybEJJshMs6g3RFqcna9r0p+ltnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNdUnwjITfS3aiG3bAiKiL41dclrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMTFTZkNNaE45TGRxSWJkc0NJcUl2alYxeVdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAg8TCnq2FfVcWmxilJz
QrH6HQFYQW9lCuN/nAznStV7pCp9sQfj9Ib/MawYmXDNMp+smjZ1esd8nFCahezv
g88m/9iYY0CqvU/1vPKZoQoxizqAHsASGMH/JIgnUskm+1LRWmXgLIRb3ZYFtOG2
qeb9XV2EEkPwPJeynkEtt5hzu4N6aOns6GYsw7r7NcMljSfrPJYqebKxVBJJO3uc
+2mD2EUdmxRBG24rQY0o0w+Pr8EkTqHlCVXPodYhldJDbCToqTVq0dQyS/rGQae5
LJni1o7mGeOcCS1kHPsJtgU8DYZL9NZ0hgrrHXE9RSRmbuIgoumsFBBu0cewi0cW
1AU=
-----END CERTIFICATE-----