Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/43GebstX2OJVNIWaY8DUbs5GGXg.roa
File:                     43GebstX2OJVNIWaY8DUbs5GGXg.roa (raw, json)
Hash identifier:          BXqnwOvAaxqEFVQ6gnEfebQYd/BJlG2ddFgyikYecro=
Subject key identifier:   E3:71:9E:6E:CB:57:D8:E2:55:34:85:9A:63:C0:D4:6E:CE:46:19:78
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872A8061B0889647BFDFDD34F85385BC8C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/43GebstX2OJVNIWaY8DUbs5GGXg.roa
Signing time:             Tue 28 Mar 2023 23:14:29 +0000
ROA not before:           Tue 28 Mar 2023 23:14:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2a:80:61:b0:88:96:47:bf:df:dd:34:f8:53:85:bc:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 28 23:14:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e3719e6ecb57d8e25534859a63c0d46ece461978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:06:93:72:b1:d0:45:8b:8c:84:18:2f:77:09:
                    84:59:fb:e9:f6:65:5c:8b:db:a7:c3:aa:ff:2a:80:
                    7f:67:20:20:cf:99:b0:3d:25:9d:5c:cb:8a:5d:a5:
                    55:ea:73:89:17:64:e3:72:df:5d:a3:53:ee:ee:2c:
                    2a:de:15:17:0c:cf:fc:e6:8b:6e:68:ca:ec:b0:b0:
                    9b:c4:c8:48:11:04:e4:eb:a1:5f:7e:ef:1c:1b:ab:
                    e3:41:b9:33:7d:b0:67:cc:95:74:67:34:79:e1:80:
                    08:05:d4:af:5b:9c:54:54:62:66:a2:8f:97:f8:fd:
                    3a:8c:58:43:71:72:89:f2:5b:ed:6d:4b:4d:85:23:
                    23:c3:98:5e:ce:06:ba:36:d1:c8:4b:5f:0f:bb:1e:
                    d1:3a:da:94:88:4d:20:10:7c:dc:d5:c4:15:e3:74:
                    69:55:fa:b1:3b:4b:57:a7:27:17:25:84:03:9e:a3:
                    ef:c2:f3:67:cf:3b:51:6e:b7:37:9e:d5:16:b3:10:
                    ad:da:9c:d6:92:09:68:d0:37:ee:ee:92:ee:8c:9f:
                    7a:b4:7a:fb:45:63:51:d6:0a:37:ee:a8:82:53:33:
                    ed:d4:8c:34:d0:16:fd:81:ce:d2:8a:6b:d8:59:47:
                    60:01:53:ab:63:f1:7d:98:b2:98:c2:96:71:cc:8c:
                    23:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:71:9E:6E:CB:57:D8:E2:55:34:85:9A:63:C0:D4:6E:CE:46:19:78
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/43GebstX2OJVNIWaY8DUbs5GGXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:3c:a4:fc:13:b1:67:79:b4:de:89:45:bf:43:26:b3:33:ea:
         0f:03:b0:f4:13:ca:0a:34:2d:7f:c7:f8:40:b8:d8:0c:2c:29:
         82:4b:6c:8e:28:23:50:01:30:9d:49:5d:61:39:08:9d:8e:9e:
         c7:f7:93:6b:e0:62:57:ea:cd:2d:7f:52:0f:2b:9f:d9:2e:6b:
         eb:7a:a2:f4:e8:7a:cd:f5:5c:ee:84:36:21:11:21:6f:09:6b:
         f3:cb:93:03:d6:a3:04:50:75:28:86:7e:1c:b4:68:98:0d:88:
         83:42:cc:3a:3d:42:35:90:6f:c1:3f:7b:d9:ec:93:81:86:14:
         58:10:7f:f3:35:62:2c:68:71:76:e5:66:65:3c:06:2b:47:0e:
         34:4d:85:c9:d5:f0:25:6c:b9:56:71:17:8c:2c:49:8b:d6:f5:
         02:20:4d:4e:8b:1e:96:55:43:1b:73:36:03:fa:60:1e:86:87:
         47:c9:27:fe:ea:4a:43:87:28:00:e7:4c:c8:d1:58:be:b3:49:
         ae:94:3e:f0:0e:63:7d:83:38:48:a2:9e:46:1a:e8:bf:72:0c:
         a8:13:f6:09:ec:b1:fb:95:5e:fe:fe:32:f8:59:56:ec:70:ec:
         b7:a7:12:90:22:48:6d:c7:28:b7:7e:c9:03:36:4c:df:91:b7:
         63:f1:62:66
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcqgGGwiJZHv9/dNPhThbyMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI4MjMxNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzcxOWU2ZWNiNTdkOGUyNTUzNDg1OWE2M2MwZDQ2ZWNlNDYxOTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwaTcrHQRYuMhBgvdwmEWfvp9mVc
i9unw6r/KoB/ZyAgz5mwPSWdXMuKXaVV6nOJF2Tjct9do1Pu7iwq3hUXDM/85otu
aMrssLCbxMhIEQTk66Fffu8cG6vjQbkzfbBnzJV0ZzR54YAIBdSvW5xUVGJmoo+X
+P06jFhDcXKJ8lvtbUtNhSMjw5hezga6NtHIS18Pux7ROtqUiE0gEHzc1cQV43Rp
VfqxO0tXpycXJYQDnqPvwvNnzztRbrc3ntUWsxCt2pzWkglo0Dfu7pLujJ96tHr7
RWNR1go37qiCUzPt1Iw00Bb9gc7SimvYWUdgAVOrY/F9mLKYwpZxzIwjqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFONxnm7LV9jiVTSFmmPA1G7ORhl4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNDNHZWJzdFgyT0pWTklXYVk4RFViczVHR1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGQ8pPwTsWd5tN6JRb9D
JrMz6g8DsPQTygo0LX/H+EC42AwsKYJLbI4oI1ABMJ1JXWE5CJ2Onsf3k2vgYlfq
zS1/Ug8rn9kua+t6ovToes31XO6ENiERIW8Ja/PLkwPWowRQdSiGfhy0aJgNiINC
zDo9QjWQb8E/e9nsk4GGFFgQf/M1YixocXblZmU8BitHDjRNhcnV8CVsuVZxF4ws
SYvW9QIgTU6LHpZVQxtzNgP6YB6Gh0fJJ/7qSkOHKADnTMjRWL6zSa6UPvAOY32D
OEiinkYa6L9yDKgT9gnssfuVXv7+MvhZVuxw7LenEpAiSG3HKLd+yQM2TN+Rt2Px
YmY=
-----END CERTIFICATE-----