Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/84kZqimJxGctcHkIlYrrJazmGQw.roa
File:                     84kZqimJxGctcHkIlYrrJazmGQw.roa (raw, json)
Hash identifier:          Sl0nWw5X7ILep14v48iMukOIOtMMKOeH09eHNgIhv7I=
Subject key identifier:   F3:89:19:AA:29:89:C4:67:2D:70:79:08:95:8A:EB:25:AC:E6:19:0C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018732A91553407B6518D6A22EACB6240284
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/84kZqimJxGctcHkIlYrrJazmGQw.roa
Signing time:             Thu 30 Mar 2023 13:15:54 +0000
ROA not before:           Thu 30 Mar 2023 13:15:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:32:a9:15:53:40:7b:65:18:d6:a2:2e:ac:b6:24:02:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 30 13:15:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f38919aa2989c4672d707908958aeb25ace6190c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:df:0c:8a:aa:ac:d8:11:7c:d5:d1:5a:b0:26:
                    6c:6f:3d:42:a3:ad:91:13:fa:e6:b9:f0:bc:e1:4c:
                    b5:93:c3:27:5a:2e:44:99:5a:c8:4a:0d:5b:d0:52:
                    fc:0e:cc:84:43:a5:e1:85:c8:cc:e4:2a:95:4c:19:
                    8b:7f:9a:1f:a5:e6:61:27:ad:ff:6f:40:cb:e2:56:
                    0c:10:da:c2:e1:b1:c9:d4:10:a7:f1:34:75:5d:44:
                    0a:45:df:16:29:ed:9e:d7:72:b3:33:3a:89:60:ca:
                    7f:f9:cc:8c:03:0d:fb:23:87:99:82:ab:89:3d:1f:
                    e9:28:df:e3:51:db:f9:a5:7a:c5:da:82:d8:1e:30:
                    ad:ce:4a:4a:1c:1d:1b:ff:5e:b4:2d:63:05:2b:1b:
                    e1:f1:59:d7:7e:f9:4d:fb:91:e6:93:7d:23:58:4a:
                    23:78:0b:3d:72:b8:fd:de:4e:ba:df:37:6e:6d:73:
                    b3:6c:e2:b1:2a:13:be:de:fb:c0:ef:f2:34:43:4d:
                    a4:df:cf:85:09:0a:08:ca:ef:62:5f:f4:d4:0a:7e:
                    d8:cf:61:f7:b6:1d:bb:c2:34:92:d1:be:6f:39:04:
                    9c:8e:ea:70:22:46:80:1f:65:45:57:f8:b9:66:83:
                    e5:b5:0f:b5:de:4a:7a:5d:25:39:ca:46:34:3c:e6:
                    04:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:89:19:AA:29:89:C4:67:2D:70:79:08:95:8A:EB:25:AC:E6:19:0C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/84kZqimJxGctcHkIlYrrJazmGQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:74:8c:4a:aa:62:4c:0d:e3:ce:41:0b:85:67:aa:38:ce:3a:
         e7:02:31:e6:ff:9f:4f:9d:40:fc:90:18:8e:a3:e4:79:6a:7b:
         61:6d:33:bc:3d:34:08:fb:d2:ac:c9:37:1f:65:67:94:e3:26:
         4c:1f:31:a7:81:93:69:8c:22:4e:b9:cd:02:db:f4:5d:3b:b3:
         10:49:32:5f:54:7f:d7:67:6c:8e:93:0f:f0:c0:e3:75:1f:43:
         67:16:60:6e:6d:d6:f6:4f:b6:9d:3f:b2:a7:a1:3b:f6:b4:58:
         6a:1c:c0:19:ff:b1:d7:db:f7:c0:02:4c:3c:44:a8:59:c1:4d:
         72:65:1d:0f:e4:ad:eb:75:7e:3b:b1:1a:1e:6f:fd:45:e7:b0:
         84:2b:a1:c9:4b:70:37:1c:51:c1:03:1f:b6:7c:4f:22:3b:25:
         bd:91:8c:08:0f:ac:1f:37:0f:2d:74:ff:3d:df:51:fc:fb:bc:
         b9:7e:3e:c9:75:fd:0e:03:70:5f:b6:6a:a3:50:7a:42:a8:93:
         a7:4f:07:ac:16:89:12:8f:16:0c:75:69:db:e6:b1:dc:d3:a8:
         d3:28:41:bf:5d:7c:da:3b:94:75:fa:9f:f4:4c:1c:16:83:85:
         7f:73:fa:2d:85:48:b3:4d:77:15:5f:9e:6a:2b:a3:a7:9a:90:
         02:39:74:91
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcyqRVTQHtlGNaiLqy2JAKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMwMTMxNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzg5MTlhYTI5ODljNDY3MmQ3MDc5MDg5NThhZWIyNWFjZTYxOTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq98Miqqs2BF81dFasCZsbz1Co62R
E/rmufC84Uy1k8MnWi5EmVrISg1b0FL8DsyEQ6XhhcjM5CqVTBmLf5ofpeZhJ63/
b0DL4lYMENrC4bHJ1BCn8TR1XUQKRd8WKe2e13KzMzqJYMp/+cyMAw37I4eZgquJ
PR/pKN/jUdv5pXrF2oLYHjCtzkpKHB0b/160LWMFKxvh8VnXfvlN+5Hmk30jWEoj
eAs9crj93k663zdubXOzbOKxKhO+3vvA7/I0Q02k38+FCQoIyu9iX/TUCn7Yz2H3
th27wjSS0b5vOQScjupwIkaAH2VFV/i5ZoPltQ+13kp6XSU5ykY0POYENwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPOJGaopicRnLXB5CJWK6yWs5hkMMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvODRrWnFpbUp4R2N0Y0hrSWxZcnJKYXptR1F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJV0jEqqYkwN485BC4Vn
qjjOOucCMeb/n0+dQPyQGI6j5Hlqe2FtM7w9NAj70qzJNx9lZ5TjJkwfMaeBk2mM
Ik65zQLb9F07sxBJMl9Uf9dnbI6TD/DA43UfQ2cWYG5t1vZPtp0/sqehO/a0WGoc
wBn/sdfb98ACTDxEqFnBTXJlHQ/kret1fjuxGh5v/UXnsIQroclLcDccUcEDH7Z8
TyI7Jb2RjAgPrB83Dy10/z3fUfz7vLl+Psl1/Q4DcF+2aqNQekKok6dPB6wWiRKP
Fgx1advmsdzTqNMoQb9dfNo7lHX6n/RMHBaDhX9z+i2FSLNNdxVfnmoro6eakAI5
dJE=
-----END CERTIFICATE-----