Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8i0wS8Ayuct4KEsiTk3FhGpXEK4.roa
File:                     8i0wS8Ayuct4KEsiTk3FhGpXEK4.roa (raw, json)
Hash identifier:          i7r6AsKtFc5mSm9l4NTxAJPkTREg0G5k38uXnmF4294=
Subject key identifier:   F2:2D:30:4B:C0:32:B9:CB:78:28:4B:22:4E:4D:C5:84:6A:57:10:AE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B7B81806EDDC52229BCC86EC9395780A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8i0wS8Ayuct4KEsiTk3FhGpXEK4.roa
Signing time:             Mon 06 Mar 2023 16:19:00 +0000
ROA not before:           Mon 06 Mar 2023 16:19:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b7:b8:18:06:ed:dc:52:22:9b:cc:86:ec:93:95:78:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  6 16:19:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f22d304bc032b9cb78284b224e4dc5846a5710ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:55:f6:75:f1:48:59:db:1f:09:e0:12:ae:d9:
                    96:04:5f:ca:a8:e0:99:8b:d1:d8:83:0c:a1:1f:26:
                    b1:31:2a:07:61:20:de:f9:3b:b6:d7:4a:7b:b5:25:
                    ce:31:29:d5:b3:38:bd:47:69:90:00:b5:76:b3:c2:
                    cc:f0:2a:bb:56:ba:1d:dc:ce:f3:b2:35:b8:5c:cc:
                    9b:6e:44:5d:7e:0f:c1:ca:7b:2e:31:7f:79:71:77:
                    50:c1:ad:0c:95:ec:f3:50:94:9f:89:7b:37:99:f1:
                    90:cf:02:5d:78:17:f6:24:b7:1f:d9:54:08:be:6c:
                    eb:f2:75:b3:cf:de:ea:23:f2:8d:08:5a:e6:ff:cf:
                    51:b4:c7:da:1e:11:b0:dc:c7:59:07:b1:90:0c:b6:
                    bc:85:46:fc:30:4f:41:59:f4:90:de:f5:c4:91:79:
                    e4:3e:cf:32:9c:b5:a4:b0:33:62:d1:a0:7f:2f:d7:
                    b5:57:60:57:82:6e:d2:de:ed:7b:b8:74:44:b2:32:
                    68:91:3b:73:2e:8e:21:72:4a:55:f8:96:3f:5e:eb:
                    69:aa:8f:dc:c0:32:34:f4:0a:f4:4e:d5:c3:7a:36:
                    14:47:c9:02:a8:72:b2:71:79:2d:67:52:a2:8e:73:
                    1d:58:4f:97:7c:69:7f:c6:49:2f:91:2f:d2:a0:e8:
                    1b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:2D:30:4B:C0:32:B9:CB:78:28:4B:22:4E:4D:C5:84:6A:57:10:AE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8i0wS8Ayuct4KEsiTk3FhGpXEK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:1a:2d:ff:d8:ea:a0:5c:20:a6:8f:6d:b7:5d:4e:b1:42:41:
         e4:46:7d:ac:3f:a7:8b:88:97:45:c1:52:e0:f4:77:87:d9:ac:
         4c:be:25:60:f3:1e:f2:9b:b7:e8:dd:55:dc:72:06:29:00:d8:
         4f:a5:8c:44:7c:49:b9:37:56:e4:97:c9:83:4f:b9:4e:aa:82:
         18:45:da:28:8a:19:31:76:1b:a2:18:a7:ca:25:dd:d1:f2:5d:
         cc:90:68:a7:c2:2c:c0:78:00:52:fd:79:95:32:32:c6:fd:e2:
         09:3e:13:f6:1b:e9:a4:5b:d5:86:d1:12:0c:4e:af:1a:56:a3:
         02:8a:b0:ee:d7:7f:1c:fa:1e:4c:c7:7e:b7:cf:54:a8:29:0c:
         9b:78:ae:f0:da:00:d5:83:64:f1:52:ba:77:e1:5c:ff:4c:95:
         f6:b9:d5:05:bd:9d:70:c7:c6:08:ba:d7:ac:b8:d5:d0:45:42:
         a6:f0:ad:eb:0a:42:c1:cf:db:03:0d:44:da:0a:a9:75:1c:c8:
         19:18:0c:83:49:f0:67:3a:41:c4:e9:be:de:9b:1a:ca:46:ad:
         0e:fc:cc:72:8a:52:95:87:a9:0f:dd:73:e2:d2:10:46:f5:95:
         ec:cb:a7:51:e4:6a:6c:b3:18:64:51:47:19:e5:ee:2c:94:dc:
         af:08:8f:d3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa3uBgG7dxSIpvMhuyTlXgKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA2MTYxOTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjJkMzA0YmMwMzJiOWNiNzgyODRiMjI0ZTRkYzU4NDZhNTcxMGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFX2dfFIWdsfCeASrtmWBF/KqOCZ
i9HYgwyhHyaxMSoHYSDe+Tu210p7tSXOMSnVszi9R2mQALV2s8LM8Cq7Vrod3M7z
sjW4XMybbkRdfg/BynsuMX95cXdQwa0MlezzUJSfiXs3mfGQzwJdeBf2JLcf2VQI
vmzr8nWzz97qI/KNCFrm/89RtMfaHhGw3MdZB7GQDLa8hUb8ME9BWfSQ3vXEkXnk
Ps8ynLWksDNi0aB/L9e1V2BXgm7S3u17uHREsjJokTtzLo4hckpV+JY/Xutpqo/c
wDI09Ar0TtXDejYUR8kCqHKycXktZ1KijnMdWE+XfGl/xkkvkS/SoOgbKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPItMEvAMrnLeChLIk5NxYRqVxCuMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOGkwd1M4QXl1Y3Q0S0VzaVRrM0ZoR3BYRUs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKMaLf/Y6qBcIKaPbbdd
TrFCQeRGfaw/p4uIl0XBUuD0d4fZrEy+JWDzHvKbt+jdVdxyBikA2E+ljER8Sbk3
VuSXyYNPuU6qghhF2iiKGTF2G6IYp8ol3dHyXcyQaKfCLMB4AFL9eZUyMsb94gk+
E/Yb6aRb1YbREgxOrxpWowKKsO7Xfxz6HkzHfrfPVKgpDJt4rvDaANWDZPFSunfh
XP9Mlfa51QW9nXDHxgi616y41dBFQqbwresKQsHP2wMNRNoKqXUcyBkYDINJ8Gc6
QcTpvt6bGspGrQ78zHKKUpWHqQ/dc+LSEEb1lezLp1HkamyzGGRRRxnl7iyU3K8I
j9M=
-----END CERTIFICATE-----