Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3MGM-mRM38V87UyL_GiyC1shEw4.roa
File:                     3MGM-mRM38V87UyL_GiyC1shEw4.roa (raw, json)
Hash identifier:          GXzNjwIpPhQrwmypdpGj5k6KdVxr+DCCd6Equ/Ow0iw=
Subject key identifier:   DC:C1:8C:FA:64:4C:DF:C5:7C:ED:4C:8B:FC:68:B2:0B:5B:21:13:0E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018824E6AD34F18D0C0E23DFA631185B5EB8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3MGM-mRM38V87UyL_GiyC1shEw4.roa
Signing time:             Tue 16 May 2023 14:11:17 +0000
ROA not before:           Tue 16 May 2023 14:11:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:24:e6:ad:34:f1:8d:0c:0e:23:df:a6:31:18:5b:5e:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 16 14:11:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dcc18cfa644cdfc57ced4c8bfc68b20b5b21130e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:57:26:58:9c:23:af:f2:05:63:20:d5:d1:1c:
                    13:7c:e0:5a:de:8a:c9:7a:e9:65:71:85:52:c7:16:
                    69:34:22:f9:3f:5c:e2:d3:f0:bf:e4:ef:7f:1a:e0:
                    80:98:3f:55:49:c4:74:dc:db:09:fb:4b:7d:e3:e6:
                    a4:e9:06:01:19:4d:a5:00:7e:3e:a2:97:16:48:30:
                    b5:d6:16:87:05:ec:85:ae:ac:bf:45:f9:8f:f7:9d:
                    d9:c5:ae:c1:ca:cd:53:e5:97:a0:e6:13:5d:2a:0d:
                    ff:95:14:fb:2d:0b:0e:a7:1b:d0:9f:d5:b9:1f:e1:
                    e8:d6:30:4e:af:fd:30:ad:d0:39:76:cb:f3:81:83:
                    63:eb:f3:b7:12:88:a2:b2:71:67:bf:2e:71:e0:a5:
                    1b:ad:34:bf:6e:0d:76:f9:db:87:43:ab:b5:70:5d:
                    e1:89:2c:9f:bb:57:83:a3:df:34:23:54:ef:19:8f:
                    9a:40:2f:a0:27:41:d9:c0:7b:f8:65:f4:8f:e3:41:
                    d0:01:16:c0:4b:42:72:ae:bb:4e:b6:b6:0d:9a:2a:
                    1f:06:bf:bb:d0:b0:7f:be:fd:a8:b1:9e:54:1c:dc:
                    44:9d:6c:65:2e:5b:92:fe:c0:b7:5b:f9:bb:39:1d:
                    4a:62:32:76:c6:84:b5:e3:5d:eb:2c:e2:bb:c0:a4:
                    bb:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:C1:8C:FA:64:4C:DF:C5:7C:ED:4C:8B:FC:68:B2:0B:5B:21:13:0E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3MGM-mRM38V87UyL_GiyC1shEw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:be:f7:9e:5c:92:6f:52:a4:56:5a:48:c1:79:88:4e:5a:87:
         9a:61:88:7f:66:60:ed:ba:9a:43:71:94:af:fe:3b:5f:e7:21:
         1f:20:1f:78:b3:45:bd:7b:ee:d1:c2:da:ab:4c:db:ad:6d:59:
         e5:3a:ac:28:ac:b9:b1:06:ff:fd:7b:58:a3:41:90:3c:60:d5:
         77:64:46:2d:f2:e6:7e:99:5c:da:6d:73:40:fc:69:0b:b6:fb:
         79:04:6a:32:02:4c:3f:7c:95:b0:6f:da:5f:3d:3e:eb:bb:15:
         a3:cb:f9:f9:9b:72:45:bd:73:1d:f6:28:cb:3c:79:ff:4c:4f:
         bd:90:da:0b:43:8e:5c:68:50:2f:86:2a:e7:88:ca:41:d2:67:
         37:02:45:e8:21:97:b2:d8:ce:8f:a9:d2:82:79:96:74:d6:ff:
         06:30:aa:20:ae:28:4a:26:4c:3b:e0:d9:39:bb:11:09:e7:c9:
         a3:34:3d:e7:9d:2e:9d:f7:fa:51:a2:09:dc:62:fa:f9:5a:0e:
         a8:8f:7e:3f:bf:17:21:09:0b:fd:e2:f0:2b:c5:30:23:62:93:
         e9:c9:3e:2e:7e:80:f1:26:9c:cd:55:fe:52:9f:05:89:21:2e:
         9b:9b:90:2e:44:1d:9e:9d:f7:d0:f0:b6:a9:7a:60:6a:5c:df:
         36:de:57:03
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgk5q008Y0MDiPfpjEYW164MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE2MTQxMTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2MxOGNmYTY0NGNkZmM1N2NlZDRjOGJmYzY4YjIwYjViMjExMzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11cmWJwjr/IFYyDV0RwTfOBa3orJ
eullcYVSxxZpNCL5P1zi0/C/5O9/GuCAmD9VScR03NsJ+0t94+ak6QYBGU2lAH4+
opcWSDC11haHBeyFrqy/RfmP953Zxa7Bys1T5Zeg5hNdKg3/lRT7LQsOpxvQn9W5
H+Ho1jBOr/0wrdA5dsvzgYNj6/O3EoiisnFnvy5x4KUbrTS/bg12+duHQ6u1cF3h
iSyfu1eDo980I1TvGY+aQC+gJ0HZwHv4ZfSP40HQARbAS0JyrrtOtrYNmiofBr+7
0LB/vv2osZ5UHNxEnWxlLluS/sC3W/m7OR1KYjJ2xoS1413rLOK7wKS7ZQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNzBjPpkTN/FfO1Mi/xosgtbIRMOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM01HTS1tUk0zOFY4N1V5TF9HaXlDMXNoRXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALG+955ckm9SpFZaSMF5
iE5ah5phiH9mYO26mkNxlK/+O1/nIR8gH3izRb177tHC2qtM261tWeU6rCisubEG
//17WKNBkDxg1XdkRi3y5n6ZXNptc0D8aQu2+3kEajICTD98lbBv2l89Puu7FaPL
+fmbckW9cx32KMs8ef9MT72Q2gtDjlxoUC+GKueIykHSZzcCReghl7LYzo+p0oJ5
lnTW/wYwqiCuKEomTDvg2Tm7EQnnyaM0PeedLp33+lGiCdxi+vlaDqiPfj+/FyEJ
C/3i8CvFMCNik+nJPi5+gPEmnM1V/lKfBYkhLpubkC5EHZ6d99Dwtql6YGpc3zbe
VwM=
-----END CERTIFICATE-----