Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7x3wjqMZLDYS1mfB28YvzI-ItXI.roa
File:                     7x3wjqMZLDYS1mfB28YvzI-ItXI.roa (raw, json)
Hash identifier:          2WEZ1plYUljI7qLSkbmw3oAvB+EOKzr9emPYzrhPVdI=
Subject key identifier:   EF:1D:F0:8E:A3:19:2C:36:12:D6:67:C1:DB:C6:2F:CC:8F:88:B5:72
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018805919FF0CA3FB7FB000820DDA6F67031
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7x3wjqMZLDYS1mfB28YvzI-ItXI.roa
Signing time:             Wed 10 May 2023 12:10:09 +0000
ROA not before:           Wed 10 May 2023 12:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:05:91:9f:f0:ca:3f:b7:fb:00:08:20:dd:a6:f6:70:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 10 12:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ef1df08ea3192c3612d667c1dbc62fcc8f88b572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:61:e0:78:8f:32:0e:ef:fb:6d:50:54:e0:e3:
                    9c:6c:fa:ab:de:b3:0e:ab:7d:91:cf:34:b8:5d:ee:
                    6e:c2:64:4e:76:f2:ef:5f:3c:10:f8:a1:b6:1e:a9:
                    fb:95:03:56:b7:cc:26:2c:bc:8a:6c:d3:4f:ae:ef:
                    d6:da:66:f3:d8:c8:38:51:98:f8:4f:cf:32:32:98:
                    e5:9b:cb:36:2d:aa:cd:af:35:da:90:c0:39:ac:f1:
                    63:ca:ee:e4:24:a2:e7:9d:d5:6b:fb:5a:54:ae:c8:
                    69:ca:43:60:31:17:bd:a5:aa:cd:13:c5:24:1f:f3:
                    3b:44:9e:32:35:be:b1:af:74:82:ba:e6:e4:67:42:
                    62:4c:52:0a:18:5c:7c:cf:34:82:37:35:cc:5f:e6:
                    ed:cc:e0:72:a2:ef:bc:ba:07:d6:c4:1a:91:42:43:
                    c1:b3:bc:e6:6e:d7:a5:00:92:19:ba:bd:3c:ad:7f:
                    81:42:fa:00:1e:4f:3c:c1:e6:3a:51:83:72:e7:37:
                    fd:4c:6e:c9:6e:ee:66:79:31:d2:74:f0:23:a3:f4:
                    be:49:e3:c4:93:9e:ba:89:9a:ac:48:f6:d8:64:5c:
                    26:c4:e4:f3:09:5e:d9:85:0e:23:8e:20:cd:96:db:
                    4e:90:fa:c0:13:8c:bf:3c:dc:9d:f5:c8:3a:4f:b3:
                    db:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:1D:F0:8E:A3:19:2C:36:12:D6:67:C1:DB:C6:2F:CC:8F:88:B5:72
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/7x3wjqMZLDYS1mfB28YvzI-ItXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:c2:88:7f:40:9d:df:8a:e1:ac:11:d5:e8:19:c8:44:dc:14:
         ea:2e:9b:a0:aa:3c:1b:0b:47:5e:1e:b3:b1:ea:4f:eb:2c:ce:
         99:6b:21:4a:24:35:22:37:d9:c5:71:32:5f:01:7a:7f:65:17:
         eb:4e:77:7b:52:b7:3d:19:cb:a0:21:c1:84:14:d7:0d:cd:83:
         5c:1f:94:45:b5:a8:11:e0:fa:00:4b:2a:81:34:d4:d2:e5:eb:
         7c:6d:02:0d:a3:90:01:6c:e6:b6:9b:3e:6d:06:dd:7e:9a:09:
         f4:4e:15:8a:75:f0:0e:55:34:05:ff:a2:12:99:46:1a:4f:b8:
         57:44:d6:63:17:ff:e2:3a:12:b3:8c:7d:6b:58:0b:39:b7:33:
         63:c1:e4:e6:50:60:f5:62:f2:a3:74:f5:ee:84:c9:26:44:ce:
         0f:c5:24:6a:7b:0e:c7:f2:7f:b1:bc:8f:28:06:6b:ec:25:72:
         72:66:94:59:3f:1f:bb:fc:7b:2a:42:f3:8c:bb:65:7f:0d:54:
         65:c8:c1:bc:04:f0:c5:14:b1:4a:1f:e9:db:ac:07:69:c4:7c:
         1a:03:1c:3f:9f:39:5c:da:1d:d7:31:61:c1:3a:6f:f1:44:58:
         0a:7e:dd:5d:1f:ff:4e:96:4d:9a:69:5f:00:4b:80:f3:d1:8d:
         f7:0d:eb:40
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgFkZ/wyj+3+wAIIN2m9nAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEwMTIxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjFkZjA4ZWEzMTkyYzM2MTJkNjY3YzFkYmM2MmZjYzhmODhiNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGHgeI8yDu/7bVBU4OOcbPqr3rMO
q32RzzS4Xe5uwmROdvLvXzwQ+KG2Hqn7lQNWt8wmLLyKbNNPru/W2mbz2Mg4UZj4
T88yMpjlm8s2LarNrzXakMA5rPFjyu7kJKLnndVr+1pUrshpykNgMRe9parNE8Uk
H/M7RJ4yNb6xr3SCuubkZ0JiTFIKGFx8zzSCNzXMX+btzOByou+8ugfWxBqRQkPB
s7zmbtelAJIZur08rX+BQvoAHk88weY6UYNy5zf9TG7Jbu5meTHSdPAjo/S+SePE
k566iZqsSPbYZFwmxOTzCV7ZhQ4jjiDNlttOkPrAE4y/PNyd9cg6T7PbCwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO8d8I6jGSw2EtZnwdvGL8yPiLVyMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvN3gzd2pxTVpMRFlTMW1mQjI4WXZ6SS1JdFhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACzCiH9And+K4awR1egZ
yETcFOoum6CqPBsLR14es7HqT+sszplrIUokNSI32cVxMl8Ben9lF+tOd3tStz0Z
y6AhwYQU1w3Ng1wflEW1qBHg+gBLKoE01NLl63xtAg2jkAFs5rabPm0G3X6aCfRO
FYp18A5VNAX/ohKZRhpPuFdE1mMX/+I6ErOMfWtYCzm3M2PB5OZQYPVi8qN09e6E
ySZEzg/FJGp7Dsfyf7G8jygGa+wlcnJmlFk/H7v8eypC84y7ZX8NVGXIwbwE8MUU
sUof6dusB2nEfBoDHD+fOVzaHdcxYcE6b/FEWAp+3V0f/06WTZppXwBLgPPRjfcN
60A=
-----END CERTIFICATE-----