Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3GduJ35zwiIA0bowT5OcdWq6VS8.roa
File:                     3GduJ35zwiIA0bowT5OcdWq6VS8.roa (raw, json)
Hash identifier:          UBU7a1RedK3PKIjMXX45xBeP5MP4kSVHbM7yRoZiYbg=
Subject key identifier:   DC:67:6E:27:7E:73:C2:22:00:D1:BA:30:4F:93:9C:75:6A:BA:55:2F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018930B008FEE8386820E9D3510F424F6621
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3GduJ35zwiIA0bowT5OcdWq6VS8.roa
Signing time:             Fri 07 Jul 2023 14:09:50 +0000
ROA not before:           Fri 07 Jul 2023 14:09:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:30:b0:08:fe:e8:38:68:20:e9:d3:51:0f:42:4f:66:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul  7 14:09:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc676e277e73c22200d1ba304f939c756aba552f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:38:46:af:3e:b6:ab:59:a1:40:57:5c:0f:9f:
                    9b:0c:cf:83:a2:52:2e:6f:9b:67:c2:88:f1:ad:55:
                    74:69:c2:09:42:aa:c0:88:70:31:8d:df:8c:4b:21:
                    41:89:6c:99:41:45:dc:a5:e9:6a:06:db:de:e2:f0:
                    3a:c7:b1:88:a4:01:e3:03:4b:99:a0:ab:48:4b:9c:
                    ab:b2:8a:cf:d6:e8:c7:37:b1:c7:5f:47:3f:9d:c3:
                    8c:98:2d:7c:7f:8a:40:e6:01:0e:b2:db:9c:b8:da:
                    47:c9:44:45:09:14:27:f2:8d:97:d3:3b:40:5a:f2:
                    5e:88:e1:42:77:91:c9:d7:7a:1e:9e:2b:d8:9d:8b:
                    01:73:95:04:81:06:39:38:52:66:1f:d9:ba:25:24:
                    11:37:d2:49:14:2e:52:69:a3:a1:ef:f9:ec:86:00:
                    fd:c5:56:79:28:6b:15:bb:77:de:36:93:21:fd:6d:
                    40:94:06:b5:75:82:d8:b6:b9:39:7a:0a:37:20:e9:
                    9a:c5:b8:1f:73:be:52:a7:bd:4e:11:16:1a:5e:3d:
                    fa:a4:dc:1b:8d:f3:77:21:43:68:6b:a5:40:87:51:
                    bb:57:39:80:d9:79:42:4f:dc:90:79:33:e3:97:e4:
                    96:2c:31:4e:e9:97:14:d0:39:d1:0d:a9:d8:c6:5d:
                    84:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:67:6E:27:7E:73:C2:22:00:D1:BA:30:4F:93:9C:75:6A:BA:55:2F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3GduJ35zwiIA0bowT5OcdWq6VS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:4f:c6:38:e7:d7:29:e4:13:3b:48:d9:c1:06:15:fe:2e:3c:
         1b:bd:c6:f5:7e:c9:f9:b8:c8:ab:82:8c:00:2c:d0:15:d6:5b:
         b0:65:19:c7:94:55:30:a5:60:a5:cf:75:9f:d5:dd:0a:2c:44:
         90:69:81:3a:16:1d:e3:47:58:6c:ea:cf:68:16:9e:d2:c6:fb:
         24:27:9c:d6:3d:59:47:ae:3f:c3:9f:e2:89:2d:98:3b:c1:0b:
         7d:92:7a:b7:75:3f:a1:38:de:10:43:fa:8a:0a:ed:ab:d0:ea:
         3d:27:45:20:11:8c:af:62:78:60:cc:3e:ea:a7:6f:05:77:e1:
         6a:d1:17:67:08:8a:2a:dc:2c:5c:00:c1:17:53:df:a4:ab:eb:
         8d:d4:f2:66:68:07:b4:eb:4b:2f:08:91:26:54:fa:04:dc:e5:
         fb:3e:26:a9:2a:9f:a4:21:8e:b3:62:7b:75:02:26:c5:7e:a0:
         f9:c8:13:73:06:90:8d:2a:fc:24:6a:10:a0:40:88:4b:7a:6c:
         70:b0:f5:ea:95:96:0f:9d:52:98:7f:16:64:95:6f:aa:35:12:
         c8:98:74:32:8d:9a:8c:1a:0d:47:62:6e:e9:84:c2:cc:5b:dd:
         79:53:df:9f:c6:ac:6b:14:19:cd:31:eb:7c:b5:b8:71:b6:63:
         7e:25:9e:62
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYkwsAj+6DhoIOnTUQ9CT2YhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzA3MTQwOTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzY3NmUyNzdlNzNjMjIyMDBkMWJhMzA0ZjkzOWM3NTZhYmE1NTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiThGrz62q1mhQFdcD5+bDM+DolIu
b5tnwojxrVV0acIJQqrAiHAxjd+MSyFBiWyZQUXcpelqBtve4vA6x7GIpAHjA0uZ
oKtIS5yrsorP1ujHN7HHX0c/ncOMmC18f4pA5gEOstucuNpHyURFCRQn8o2X0ztA
WvJeiOFCd5HJ13oenivYnYsBc5UEgQY5OFJmH9m6JSQRN9JJFC5SaaOh7/nshgD9
xVZ5KGsVu3feNpMh/W1AlAa1dYLYtrk5ego3IOmaxbgfc75Sp71OERYaXj36pNwb
jfN3IUNoa6VAh1G7VzmA2XlCT9yQeTPjl+SWLDFO6ZcU0DnRDanYxl2EOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNxnbid+c8IiANG6ME+TnHVqulUvMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM0dkdUozNXp3aUlBMGJvd1Q1T2NkV3E2VlM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFFPxjjn1ynkEztI2cEG
Ff4uPBu9xvV+yfm4yKuCjAAs0BXWW7BlGceUVTClYKXPdZ/V3QosRJBpgToWHeNH
WGzqz2gWntLG+yQnnNY9WUeuP8Of4oktmDvBC32Serd1P6E43hBD+ooK7avQ6j0n
RSARjK9ieGDMPuqnbwV34WrRF2cIiircLFwAwRdT36Sr643U8mZoB7TrSy8IkSZU
+gTc5fs+Jqkqn6QhjrNie3UCJsV+oPnIE3MGkI0q/CRqEKBAiEt6bHCw9eqVlg+d
Uph/FmSVb6o1EsiYdDKNmowaDUdibumEwsxb3XlT35/GrGsUGc0x63y1uHG2Y34l
nmI=
-----END CERTIFICATE-----