Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3CoLI7Wwc9x-4zQZu1t7Cycs_tg.roa
File:                     3CoLI7Wwc9x-4zQZu1t7Cycs_tg.roa (raw, json)
Hash identifier:          1zy/9CJf4Wr33nv4Um+gatIfWRjwmM6+HHhdp6QRbUU=
Subject key identifier:   DC:2A:0B:23:B5:B0:73:DC:7E:E3:34:19:BB:5B:7B:0B:27:2C:FE:D8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01885595DCC066C3354B8B3BC63459A1475F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3CoLI7Wwc9x-4zQZu1t7Cycs_tg.roa
Signing time:             Fri 26 May 2023 01:04:24 +0000
ROA not before:           Fri 26 May 2023 01:04:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5595:d199/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:55:95:dc:c0:66:c3:35:4b:8b:3b:c6:34:59:a1:47:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 26 01:04:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc2a0b23b5b073dc7ee33419bb5b7b0b272cfed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:b6:23:6f:cc:be:25:c7:c8:74:a6:01:a0:d0:
                    17:fe:cd:d1:b5:31:57:d8:37:21:3c:78:a2:7b:87:
                    0b:e0:b0:73:83:d6:27:23:50:d0:96:5c:fa:88:0e:
                    ad:45:00:4c:4e:70:96:3a:b1:3c:4a:3e:88:93:ee:
                    04:ad:74:18:89:6f:a3:84:2f:7e:b2:9c:83:3d:99:
                    c0:b4:9d:b0:61:a7:89:dd:41:6c:a3:b7:8b:4a:2f:
                    a1:59:65:f4:e0:62:26:78:96:6a:0b:1f:c1:79:8b:
                    14:03:0d:1f:04:5b:2e:40:0f:e6:c9:95:49:5b:f2:
                    48:c6:c1:0a:dc:59:74:cd:5c:10:d7:b0:0c:51:01:
                    8d:fb:f4:51:e9:24:1e:ab:d7:73:4c:20:20:11:16:
                    50:88:70:7d:1c:c1:d7:61:5d:33:11:a2:62:4f:89:
                    d8:d8:89:94:35:10:fa:8a:76:da:25:bd:57:9e:80:
                    f9:c2:9e:a7:40:df:56:89:c0:5a:92:8c:7b:aa:21:
                    0e:5b:2b:88:11:64:3e:ca:99:8e:f3:9b:6c:20:c5:
                    7f:32:a9:f4:d3:40:07:4d:de:9e:22:4b:62:0b:78:
                    35:97:ec:ae:b4:db:44:84:9a:ef:78:00:9e:3b:6d:
                    97:03:b0:ce:f3:6c:9d:0c:c0:33:70:f9:c6:7b:39:
                    ed:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:2A:0B:23:B5:B0:73:DC:7E:E3:34:19:BB:5B:7B:0B:27:2C:FE:D8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3CoLI7Wwc9x-4zQZu1t7Cycs_tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:4e:43:ec:79:66:5b:8a:54:f4:ca:6a:72:c6:4a:51:37:50:
         bc:67:34:1c:ec:f8:9b:82:31:03:01:8c:60:ce:72:0c:62:fe:
         6b:f4:de:d4:90:e9:84:5b:bc:df:e1:28:b5:ac:a4:0b:7e:73:
         d1:b5:5b:8f:f0:c0:48:94:17:db:0d:bb:85:5c:e8:ce:a1:da:
         f8:e3:a1:f5:f2:59:8c:ee:f8:d2:4e:2e:1f:31:8a:fb:d2:55:
         56:4d:6b:c0:22:07:a2:72:26:e5:fd:db:85:16:3b:f9:07:d2:
         57:29:e1:16:fe:67:f5:d5:15:d3:b3:fe:dd:1b:bf:8d:ef:c9:
         01:2d:95:62:7a:94:85:07:6c:ea:da:c9:c6:ab:fc:26:3c:bb:
         1e:1f:a4:ef:c6:b2:85:be:2b:23:15:a2:b3:b8:62:56:28:68:
         cf:6d:ff:17:7c:6a:db:58:ba:cf:79:78:e0:05:19:bd:e8:65:
         2f:78:59:50:71:74:93:66:52:2d:2b:87:9e:be:e9:aa:11:c5:
         65:5b:10:53:e1:c5:9d:43:1e:2b:f1:aa:b2:6f:84:c9:7b:f1:
         f0:a1:ec:61:13:58:d7:9f:1d:83:ac:2d:0d:bb:ca:62:ec:d4:
         03:68:4d:28:65:c8:73:69:10:bf:e1:f0:e0:c9:97:c8:d8:6a:
         dd:4f:cf:f3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhVldzAZsM1S4s7xjRZoUdfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI2MDEwNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzJhMGIyM2I1YjA3M2RjN2VlMzM0MTliYjViN2IwYjI3MmNmZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmLYjb8y+JcfIdKYBoNAX/s3RtTFX
2DchPHiie4cL4LBzg9YnI1DQllz6iA6tRQBMTnCWOrE8Sj6Ik+4ErXQYiW+jhC9+
spyDPZnAtJ2wYaeJ3UFso7eLSi+hWWX04GImeJZqCx/BeYsUAw0fBFsuQA/myZVJ
W/JIxsEK3Fl0zVwQ17AMUQGN+/RR6SQeq9dzTCAgERZQiHB9HMHXYV0zEaJiT4nY
2ImUNRD6inbaJb1XnoD5wp6nQN9WicBakox7qiEOWyuIEWQ+ypmO85tsIMV/Mqn0
00AHTd6eIktiC3g1l+yutNtEhJrveACeO22XA7DO82ydDMAzcPnGeznt+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNwqCyO1sHPcfuM0GbtbewsnLP7YMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM0NvTEk3V3djOXgtNHpRWnUxdDdDeWNzX3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKxOQ+x5ZluKVPTKanLG
SlE3ULxnNBzs+JuCMQMBjGDOcgxi/mv03tSQ6YRbvN/hKLWspAt+c9G1W4/wwEiU
F9sNu4Vc6M6h2vjjofXyWYzu+NJOLh8xivvSVVZNa8AiB6JyJuX924UWO/kH0lcp
4Rb+Z/XVFdOz/t0bv43vyQEtlWJ6lIUHbOraycar/CY8ux4fpO/GsoW+KyMVorO4
YlYoaM9t/xd8attYus95eOAFGb3oZS94WVBxdJNmUi0rh56+6aoRxWVbEFPhxZ1D
HivxqrJvhMl78fCh7GETWNefHYOsLQ27ymLs1ANoTShlyHNpEL/h8ODJl8jYat1P
z/M=
-----END CERTIFICATE-----