Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3mFu-7sr6quTcvzD2ICkabvMHFI.roa
File:                     3mFu-7sr6quTcvzD2ICkabvMHFI.roa (raw, json)
Hash identifier:          CTqt2nKyPFvp34Givvf88KMORIeyFf3iYg+POsovvrs=
Subject key identifier:   DE:61:6E:FB:BB:2B:EA:AB:93:72:FC:C3:D8:80:A4:69:BB:CC:1C:52
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F623348525026368A6C1B4C74C3CC9D6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3mFu-7sr6quTcvzD2ICkabvMHFI.roa
Signing time:             Sat 18 Mar 2023 19:12:27 +0000
ROA not before:           Sat 18 Mar 2023 19:12:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f6:23:34:85:25:02:63:68:a6:c1:b4:c7:4c:3c:c9:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 18 19:12:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de616efbbb2beaab9372fcc3d880a469bbcc1c52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7e:cb:0c:be:ef:2c:b3:af:ee:4a:74:06:1a:
                    43:d2:a1:22:8e:0b:e8:d3:74:57:1a:68:b3:94:3a:
                    0c:9e:5d:65:c3:ea:36:0d:9e:b5:9b:89:48:43:ec:
                    22:93:fc:a7:1a:04:be:05:74:01:b8:f1:4b:e1:07:
                    f1:94:ef:1f:56:b6:1d:50:24:bb:cc:0a:59:25:06:
                    46:92:05:64:04:12:9b:f8:64:fa:13:eb:35:cc:e1:
                    19:37:d8:c3:49:e6:f5:6b:19:80:a2:4c:2a:91:2a:
                    fc:69:19:4e:01:1d:4c:b3:b0:93:9d:f3:a8:69:06:
                    39:97:46:03:cb:7a:ec:46:df:39:39:e7:fe:88:3f:
                    c1:64:56:b7:bd:7b:92:b4:05:44:5a:dd:01:bc:7f:
                    9e:0e:1d:a9:f7:59:56:2b:ae:56:50:79:d6:4e:6a:
                    eb:2b:0a:b7:c5:32:e9:c9:94:77:78:1b:be:83:57:
                    21:3f:0e:ab:a2:67:32:05:e4:30:b8:08:b3:b3:aa:
                    5d:ae:27:2f:54:bb:3c:e5:c7:a1:15:c5:1c:84:88:
                    d9:6b:31:a9:a6:69:3a:df:95:dd:fd:42:7c:63:54:
                    6c:d2:d2:37:07:a5:58:95:7d:c4:19:1d:48:94:63:
                    43:93:a9:96:e7:43:99:df:65:ae:00:f0:c7:ea:19:
                    61:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:61:6E:FB:BB:2B:EA:AB:93:72:FC:C3:D8:80:A4:69:BB:CC:1C:52
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3mFu-7sr6quTcvzD2ICkabvMHFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:0b:bc:68:08:93:aa:96:9a:83:7c:e6:d3:06:43:44:e7:f1:
         30:25:81:c7:88:1f:51:cc:12:58:ac:1d:ac:c3:43:81:e2:6c:
         47:9c:ad:18:e7:e1:7b:b3:98:2c:d5:ba:37:88:f6:76:8a:53:
         05:f0:90:3b:2e:18:77:0d:68:b0:e7:e8:ea:6d:da:f1:d2:43:
         9c:31:7e:e4:57:79:a4:6b:e8:13:1e:4f:dc:02:69:c3:8c:e6:
         eb:7a:87:b6:ba:e2:1d:0c:35:29:38:65:ee:e5:5c:86:de:e2:
         3b:1b:7f:ca:37:09:53:03:67:c5:09:73:4b:b5:c7:f3:c4:ea:
         7f:ce:eb:c7:17:8c:c0:d4:15:27:28:6d:dc:da:76:f0:7f:0a:
         34:1c:7a:78:9e:f6:ac:51:1a:6b:9d:5a:08:97:24:50:56:99:
         54:eb:57:15:a7:e4:5a:1c:1b:d2:74:46:6d:c4:a1:3d:3c:31:
         67:d1:4c:50:a5:06:91:f1:8d:9a:ed:76:7f:1e:06:30:2f:11:
         06:96:15:04:a9:7e:d9:c9:56:be:19:87:12:09:bd:5c:b9:62:
         97:7d:6d:4e:d3:ac:a9:6d:70:74:1f:64:3a:21:6d:92:42:3a:
         ee:18:bd:14:33:d9:df:5a:ed:d6:13:01:a6:a5:db:66:89:42:
         8a:f3:ef:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb2IzSFJQJjaKbBtMdMPMnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE4MTkxMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTYxNmVmYmJiMmJlYWFiOTM3MmZjYzNkODgwYTQ2OWJiY2MxYzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp37LDL7vLLOv7kp0BhpD0qEijgvo
03RXGmizlDoMnl1lw+o2DZ61m4lIQ+wik/ynGgS+BXQBuPFL4QfxlO8fVrYdUCS7
zApZJQZGkgVkBBKb+GT6E+s1zOEZN9jDSeb1axmAokwqkSr8aRlOAR1Ms7CTnfOo
aQY5l0YDy3rsRt85Oef+iD/BZFa3vXuStAVEWt0BvH+eDh2p91lWK65WUHnWTmrr
Kwq3xTLpyZR3eBu+g1chPw6romcyBeQwuAizs6pdricvVLs85cehFcUchIjZazGp
pmk635Xd/UJ8Y1Rs0tI3B6VYlX3EGR1IlGNDk6mW50OZ32WuAPDH6hlhCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN5hbvu7K+qrk3L8w9iApGm7zBxSMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM21GdS03c3I2cXVUY3Z6RDJJQ2thYnZNSEZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFMLvGgIk6qWmoN85tMG
Q0Tn8TAlgceIH1HMElisHazDQ4HibEecrRjn4XuzmCzVujeI9naKUwXwkDsuGHcN
aLDn6Opt2vHSQ5wxfuRXeaRr6BMeT9wCacOM5ut6h7a64h0MNSk4Ze7lXIbe4jsb
f8o3CVMDZ8UJc0u1x/PE6n/O68cXjMDUFScobdzadvB/CjQcenie9qxRGmudWgiX
JFBWmVTrVxWn5FocG9J0Rm3EoT08MWfRTFClBpHxjZrtdn8eBjAvEQaWFQSpftnJ
Vr4ZhxIJvVy5Ypd9bU7TrKltcHQfZDohbZJCOu4YvRQz2d9a7dYTAaal22aJQorz
7x0=
-----END CERTIFICATE-----