Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3yg3TaYRYWFK1Lok3pOtbDNB13U.roa
File:                     3yg3TaYRYWFK1Lok3pOtbDNB13U.roa (raw, json)
Hash identifier:          WDgrSUwwstPdO+hmq7htQ5cfqVjNi1k7/bxcd7GtQJU=
Subject key identifier:   DF:28:37:4D:A6:11:61:61:4A:D4:BA:24:DE:93:AD:6C:33:41:D7:75
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186DDE58CDD88E228A4421958099385C72C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3yg3TaYRYWFK1Lok3pOtbDNB13U.roa
Signing time:             Tue 14 Mar 2023 02:14:13 +0000
ROA not before:           Tue 14 Mar 2023 02:14:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:dd:e5:8c:dd:88:e2:28:a4:42:19:58:09:93:85:c7:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 14 02:14:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=df28374da61161614ad4ba24de93ad6c3341d775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:69:6e:55:ac:f0:e1:a9:d9:79:bf:cd:d4:a9:
                    77:a0:61:43:ca:23:2b:3a:2d:55:8c:d5:8d:bf:7b:
                    e8:13:42:83:6b:ee:b2:6e:1b:06:4d:46:8c:4f:28:
                    f4:ad:94:d1:5a:63:09:88:e9:d1:81:92:13:2c:ce:
                    ed:ad:e7:b1:0b:f5:73:5e:ce:a6:1a:c7:26:68:7a:
                    11:86:fd:fa:1e:ce:c4:65:bb:04:18:54:3f:f1:f5:
                    5b:4d:e4:3e:50:ba:b9:04:59:02:df:c4:37:58:16:
                    fa:89:94:de:68:60:7d:f6:f8:67:6e:70:87:3d:f6:
                    f5:66:73:12:ba:fd:e3:db:0d:3a:5d:c5:30:5f:57:
                    06:54:68:23:f3:bd:40:80:64:b9:3e:88:13:f0:83:
                    42:ed:74:6b:16:8a:de:e0:fe:4c:f9:c1:d4:34:71:
                    a6:61:4b:a4:56:cd:88:ed:ab:03:49:ae:9f:f9:03:
                    3c:d4:96:4b:4b:f0:a5:7c:ff:cd:ba:9b:51:f5:a9:
                    50:01:0b:f8:44:39:35:43:57:65:ec:77:56:34:e3:
                    08:85:34:18:76:79:c5:01:df:d6:2e:35:a1:0e:ef:
                    ee:1b:ad:b2:cd:bb:b6:7c:52:cb:c9:d9:b6:b1:8f:
                    21:64:33:62:b1:bb:1c:37:01:05:23:97:80:9c:a8:
                    32:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:28:37:4D:A6:11:61:61:4A:D4:BA:24:DE:93:AD:6C:33:41:D7:75
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3yg3TaYRYWFK1Lok3pOtbDNB13U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:e9:93:13:fb:ff:4b:8b:a8:aa:93:36:f1:be:e2:18:b6:b4:
         09:86:1a:af:ed:47:82:d3:c3:8e:00:57:fe:30:43:a4:6b:ca:
         dd:b4:da:e9:03:80:7e:82:ac:f4:3d:7d:8f:eb:ec:bc:7e:95:
         a0:2b:7f:a9:67:01:7f:23:5e:35:1d:b7:23:dd:91:86:75:56:
         73:3e:be:69:65:2b:fc:6b:ac:5e:29:78:71:b5:5a:9d:93:52:
         78:4b:09:1c:59:2a:e9:b9:2f:32:93:16:c3:64:27:9b:f6:e0:
         d5:f5:1c:49:8f:be:a8:a9:c8:77:af:79:dc:98:d7:21:8e:a8:
         6a:6d:ed:df:4d:14:c9:ff:fd:cb:92:10:57:f0:b4:ca:15:af:
         79:a0:79:54:9c:f9:97:1f:1e:9c:85:03:06:88:1a:19:01:c7:
         73:45:0e:66:75:91:cf:db:73:4e:e2:5a:4a:df:97:32:c7:6d:
         e1:76:a8:a2:c0:f0:18:2a:0d:de:b3:51:3d:75:57:73:d2:e3:
         16:f1:dd:ff:16:15:a2:0d:6b:45:e1:ed:4b:af:c0:d5:47:3e:
         17:c9:68:3f:05:33:df:37:d4:55:0e:ae:01:08:81:66:33:45:
         bf:1a:90:b0:85:e1:28:64:a0:f5:b0:11:f3:7f:92:81:33:de:
         c1:76:94:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbd5YzdiOIopEIZWAmThccsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE0MDIxNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjI4Mzc0ZGE2MTE2MTYxNGFkNGJhMjRkZTkzYWQ2YzMzNDFkNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGluVazw4anZeb/N1Kl3oGFDyiMr
Oi1VjNWNv3voE0KDa+6ybhsGTUaMTyj0rZTRWmMJiOnRgZITLM7treexC/VzXs6m
GscmaHoRhv36Hs7EZbsEGFQ/8fVbTeQ+ULq5BFkC38Q3WBb6iZTeaGB99vhnbnCH
Pfb1ZnMSuv3j2w06XcUwX1cGVGgj871AgGS5PogT8INC7XRrFore4P5M+cHUNHGm
YUukVs2I7asDSa6f+QM81JZLS/ClfP/NuptR9alQAQv4RDk1Q1dl7HdWNOMIhTQY
dnnFAd/WLjWhDu/uG62yzbu2fFLLydm2sY8hZDNisbscNwEFI5eAnKgytwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN8oN02mEWFhStS6JN6TrWwzQdd1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM3lnM1RhWVJZV0ZLMUxvazNwT3RiRE5CMTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHfpkxP7/0uLqKqTNvG+
4hi2tAmGGq/tR4LTw44AV/4wQ6Rryt202ukDgH6CrPQ9fY/r7Lx+laArf6lnAX8j
XjUdtyPdkYZ1VnM+vmllK/xrrF4peHG1Wp2TUnhLCRxZKum5LzKTFsNkJ5v24NX1
HEmPvqipyHevedyY1yGOqGpt7d9NFMn//cuSEFfwtMoVr3mgeVSc+ZcfHpyFAwaI
GhkBx3NFDmZ1kc/bc07iWkrflzLHbeF2qKLA8BgqDd6zUT11V3PS4xbx3f8WFaIN
a0Xh7UuvwNVHPhfJaD8FM9831FUOrgEIgWYzRb8akLCF4ShkoPWwEfN/koEz3sF2
lFQ=
-----END CERTIFICATE-----