Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2e2xMDrCnqNoTRjNrcZ0BDxXUFA.roa
File:                     2e2xMDrCnqNoTRjNrcZ0BDxXUFA.roa (raw, json)
Hash identifier:          90JG+YxEciduYJjgEayXRRcQk8w73UmypGdTGhB3fXY=
Subject key identifier:   D9:ED:B1:30:3A:C2:9E:A3:68:4D:18:CD:AD:C6:74:04:3C:57:50:50
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B0CD7687A4B5646F4786F55F2AAEEE80
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2e2xMDrCnqNoTRjNrcZ0BDxXUFA.roa
Signing time:             Sun 05 Mar 2023 08:05:00 +0000
ROA not before:           Sun 05 Mar 2023 08:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:b0cc:d4fe/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b0:cd:76:87:a4:b5:64:6f:47:86:f5:5f:2a:ae:ee:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  5 08:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d9edb1303ac29ea3684d18cdadc674043c575050
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6f:a1:8d:3a:e5:e5:78:03:70:ae:50:64:0e:
                    e5:54:80:d0:12:59:98:6b:3e:ed:a2:b8:0d:9d:af:
                    06:62:ee:0a:ee:bc:30:78:36:cc:8d:c2:2a:47:0d:
                    bb:46:a6:d1:d3:3d:53:50:d1:c6:ca:93:d0:f4:4d:
                    5b:07:b2:36:90:ff:80:fc:c6:5f:2d:bb:71:e7:e9:
                    d1:26:c3:a7:c2:f1:b5:41:6d:e7:12:84:fe:cd:5b:
                    2f:b2:4f:58:33:1b:98:e5:c1:85:93:6c:33:2b:57:
                    af:4b:65:b7:87:c4:10:1b:69:bc:92:f7:20:00:6f:
                    41:ac:70:b1:80:ac:fd:4c:c9:9f:a0:f9:2f:d7:2a:
                    2d:85:fa:2f:b8:17:46:b8:ad:33:91:70:83:aa:97:
                    cf:7e:90:ad:b2:ad:64:d9:b1:97:b0:67:40:48:2f:
                    fe:f0:7a:64:6e:c5:a1:a1:22:6f:e3:db:2d:83:48:
                    54:66:ef:07:ff:ae:96:21:7b:89:15:08:f8:84:c4:
                    23:57:5b:41:3e:de:06:bc:32:3d:a6:58:a6:44:31:
                    f1:d7:1f:a5:64:61:68:18:3d:30:03:24:f5:6d:89:
                    ce:d8:bf:30:7d:b7:5b:e7:a1:b1:77:56:ab:32:d9:
                    cf:1a:02:8e:24:fb:1b:6f:62:40:8a:46:d9:f3:55:
                    09:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:ED:B1:30:3A:C2:9E:A3:68:4D:18:CD:AD:C6:74:04:3C:57:50:50
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2e2xMDrCnqNoTRjNrcZ0BDxXUFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:fa:a7:a4:fa:7c:c6:c6:66:30:c1:d9:48:02:eb:39:8c:9f:
         c0:24:89:75:e5:57:bf:25:6f:f7:11:41:65:5f:30:fb:2b:fe:
         ae:73:2b:fa:39:bd:c8:c4:4b:2d:e1:24:92:1f:36:60:d3:1e:
         8d:bb:c6:9a:2c:51:e7:3b:2a:c6:4d:e7:a6:fa:b4:45:be:39:
         3a:61:5a:63:3e:a2:f7:ff:eb:d5:2f:3d:19:30:55:6b:49:39:
         fd:80:88:49:6d:49:9c:01:af:45:14:7b:f4:0c:0c:ae:c9:5e:
         19:14:ff:10:bb:47:67:15:88:d8:02:29:90:1b:e5:a8:2b:42:
         a4:21:68:9a:86:8a:5b:7c:fa:de:b0:21:d1:47:94:87:3c:14:
         3c:49:1c:ff:be:df:b8:d3:7d:43:81:0b:32:9a:f6:b9:2f:8b:
         6e:f1:dc:2e:23:de:73:31:f1:23:97:05:44:6c:6b:2c:df:e1:
         f6:02:c0:5b:f0:51:f8:3b:af:68:fc:22:02:88:22:8a:20:71:
         6f:a8:db:40:1a:f9:d9:6b:4d:58:32:0f:47:d2:6d:7b:80:b4:
         98:5b:e1:27:e0:df:fd:f1:f9:0d:46:a0:4c:13:47:54:63:f4:
         ec:1d:50:8a:a7:9b:82:5e:4a:a1:53:33:8f:9f:3a:ca:b9:75:
         aa:6e:8b:e0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYawzXaHpLVkb0eG9V8qru6AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA1MDgwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWVkYjEzMDNhYzI5ZWEzNjg0ZDE4Y2RhZGM2NzQwNDNjNTc1MDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW+hjTrl5XgDcK5QZA7lVIDQElmY
az7torgNna8GYu4K7rwweDbMjcIqRw27RqbR0z1TUNHGypPQ9E1bB7I2kP+A/MZf
Lbtx5+nRJsOnwvG1QW3nEoT+zVsvsk9YMxuY5cGFk2wzK1evS2W3h8QQG2m8kvcg
AG9BrHCxgKz9TMmfoPkv1yothfovuBdGuK0zkXCDqpfPfpCtsq1k2bGXsGdASC/+
8HpkbsWhoSJv49stg0hUZu8H/66WIXuJFQj4hMQjV1tBPt4GvDI9plimRDHx1x+l
ZGFoGD0wAyT1bYnO2L8wfbdb56Gxd1arMtnPGgKOJPsbb2JAikbZ81UJQwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNntsTA6wp6jaE0Yza3GdAQ8V1BQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMmUyeE1EckNucU5vVFJqTnJjWjBCRHhYVUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE/6p6T6fMbGZjDB2UgC
6zmMn8AkiXXlV78lb/cRQWVfMPsr/q5zK/o5vcjESy3hJJIfNmDTHo27xposUec7
KsZN56b6tEW+OTphWmM+ovf/69UvPRkwVWtJOf2AiEltSZwBr0UUe/QMDK7JXhkU
/xC7R2cViNgCKZAb5agrQqQhaJqGilt8+t6wIdFHlIc8FDxJHP++37jTfUOBCzKa
9rkvi27x3C4j3nMx8SOXBURsayzf4fYCwFvwUfg7r2j8IgKIIoogcW+o20Aa+dlr
TVgyD0fSbXuAtJhb4Sfg3/3x+Q1GoEwTR1Rj9OwdUIqnm4JeSqFTM4+fOsq5dapu
i+A=
-----END CERTIFICATE-----