Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6GKtRnjQurIG6u5OcPTwi2v2iio.roa
File:                     6GKtRnjQurIG6u5OcPTwi2v2iio.roa (raw, json)
Hash identifier:          R//y/EvVVBeduyu+CIUlYSiGFLkRHYsDg8PNH3Xa5wo=
Subject key identifier:   E8:62:AD:46:78:D0:BA:B2:06:EA:EE:4E:70:F4:F0:8B:6B:F6:8A:2A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F2E1ED76A211734D573C4160965879AE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6GKtRnjQurIG6u5OcPTwi2v2iio.roa
Signing time:             Sat 06 May 2023 21:05:05 +0000
ROA not before:           Sat 06 May 2023 21:05:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:187:f2e1:32d3/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f2:e1:ed:76:a2:11:73:4d:57:3c:41:60:96:58:79:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  6 21:05:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e862ad4678d0bab206eaee4e70f4f08b6bf68a2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d2:10:7e:dd:71:ed:f0:cc:df:2b:6f:46:a7:
                    b2:1e:ba:87:fb:9a:11:ca:7d:5f:a7:94:aa:ed:ff:
                    d6:a0:6a:8c:fd:cf:fc:dd:f1:47:7b:96:c2:af:94:
                    79:d8:48:95:44:b2:28:bb:93:ee:63:a6:63:c5:e2:
                    e1:9b:3b:e2:7d:47:87:af:d5:f1:ea:35:11:3b:37:
                    a4:bf:da:24:a4:06:0b:52:c5:90:fb:0b:a2:67:e2:
                    a1:a8:ea:d5:09:99:3e:80:db:76:b2:9c:3d:d2:96:
                    1b:16:96:c6:ce:6e:67:dd:dc:cf:f2:62:3d:39:1f:
                    3c:69:d7:c4:0a:9a:0b:d5:e5:03:b2:fd:95:9c:e1:
                    2e:9c:00:ed:a3:8a:11:1f:7f:69:3c:94:16:98:ff:
                    14:31:14:30:56:61:62:1b:7c:45:52:eb:57:4d:b1:
                    b2:de:7c:d8:ad:e0:db:3d:e8:68:d7:8f:3c:b0:76:
                    51:60:6d:dc:ac:2c:ab:7f:67:80:d4:b2:88:fd:8e:
                    30:61:62:34:05:b8:a6:d9:fb:44:23:92:fe:99:13:
                    2a:ee:1c:96:c7:8f:21:b7:77:f9:62:28:57:eb:6a:
                    10:a7:f2:1c:e3:c4:37:b7:04:68:19:cb:4e:9a:c9:
                    61:20:4b:b0:21:a9:d7:79:50:27:4a:4e:96:61:22:
                    82:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:62:AD:46:78:D0:BA:B2:06:EA:EE:4E:70:F4:F0:8B:6B:F6:8A:2A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/6GKtRnjQurIG6u5OcPTwi2v2iio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:b8:3a:ba:b6:71:c7:06:a7:4b:33:16:0c:92:b5:8a:82:7c:
         4a:66:20:0c:61:a5:39:a1:05:55:98:2b:27:e4:26:2f:72:3f:
         4f:99:e1:8e:74:28:dd:2d:92:4a:d8:77:96:b8:0a:3b:7c:28:
         cf:3e:fb:aa:fa:4d:b2:29:25:f3:63:8d:82:30:df:66:b6:68:
         b2:39:3d:7a:e0:61:0b:b3:ac:f2:9f:e5:14:47:c2:35:fc:eb:
         c7:eb:0d:b2:d8:f2:54:4d:10:87:53:82:c9:b7:6d:58:c0:8c:
         b2:f3:67:f4:d8:8a:20:61:dc:bd:ca:2e:af:7b:d9:0a:ca:b8:
         78:0a:af:d8:c6:49:6b:c0:c3:de:82:13:85:37:99:05:1e:fc:
         6c:57:a5:8b:24:04:aa:8e:b6:05:3b:e3:2f:92:cb:3f:2f:92:
         d6:e1:76:9d:8e:0d:10:d3:82:86:61:64:81:69:93:a1:ce:e6:
         39:1a:b6:fe:7e:e9:f1:ba:60:9a:f4:20:f4:5b:91:27:a6:82:
         f7:d1:88:b2:8a:e5:c7:06:02:9d:8f:ad:eb:88:68:eb:d6:90:
         3d:5c:30:22:0f:8a:fc:23:f9:cc:04:67:2e:6f:1f:c4:b7:a6:
         ff:dd:b3:f9:78:ee:30:88:02:e5:b3:48:ce:df:cb:b5:80:d6:
         dc:2c:26:e4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfy4e12ohFzTVc8QWCWWHmuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA2MjEwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODYyYWQ0Njc4ZDBiYWIyMDZlYWVlNGU3MGY0ZjA4YjZiZjY4YTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtIQft1x7fDM3ytvRqeyHrqH+5oR
yn1fp5Sq7f/WoGqM/c/83fFHe5bCr5R52EiVRLIou5PuY6ZjxeLhmzvifUeHr9Xx
6jUROzekv9okpAYLUsWQ+wuiZ+KhqOrVCZk+gNt2spw90pYbFpbGzm5n3dzP8mI9
OR88adfECpoL1eUDsv2VnOEunADto4oRH39pPJQWmP8UMRQwVmFiG3xFUutXTbGy
3nzYreDbPeho1488sHZRYG3crCyrf2eA1LKI/Y4wYWI0Bbim2ftEI5L+mRMq7hyW
x48ht3f5YihX62oQp/Ic48Q3twRoGctOmslhIEuwIanXeVAnSk6WYSKCwwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOhirUZ40LqyBuruTnD08Itr9ooqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNkdLdFJualF1cklHNnU1T2NQVHdpMnYyaWlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHu4Orq2cccGp0szFgyS
tYqCfEpmIAxhpTmhBVWYKyfkJi9yP0+Z4Y50KN0tkkrYd5a4Cjt8KM8++6r6TbIp
JfNjjYIw32a2aLI5PXrgYQuzrPKf5RRHwjX868frDbLY8lRNEIdTgsm3bVjAjLLz
Z/TYiiBh3L3KLq972QrKuHgKr9jGSWvAw96CE4U3mQUe/GxXpYskBKqOtgU74y+S
yz8vktbhdp2ODRDTgoZhZIFpk6HO5jkatv5+6fG6YJr0IPRbkSemgvfRiLKK5ccG
Ap2PreuIaOvWkD1cMCIPivwj+cwEZy5vH8S3pv/ds/l47jCIAuWzSM7fy7WA1tws
JuQ=
-----END CERTIFICATE-----