Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8vkTDYry23m8GvWj5bi2et58oOs.roa
File:                     8vkTDYry23m8GvWj5bi2et58oOs.roa (raw, json)
Hash identifier:          lh2A98RmrYKHT2oEvm90PMzbLS40tLyyBAyfJhYLnPI=
Subject key identifier:   F2:F9:13:0D:8A:F2:DB:79:BC:1A:F5:A3:E5:B8:B6:7A:DE:7C:A0:EB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C64BFA63DCB13051938DF42C896951DA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8vkTDYry23m8GvWj5bi2et58oOs.roa
Signing time:             Thu 09 Mar 2023 12:15:13 +0000
ROA not before:           Thu 09 Mar 2023 12:15:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c6:4b:fa:63:dc:b1:30:51:93:8d:f4:2c:89:69:51:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  9 12:15:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f2f9130d8af2db79bc1af5a3e5b8b67ade7ca0eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1b:da:6a:78:4d:b8:b3:1c:15:1c:11:41:c4:
                    be:08:e7:cf:f6:96:ae:dd:63:b4:1f:8e:9e:71:07:
                    d1:bd:84:42:71:45:be:ad:f1:b4:dd:d4:af:cc:d6:
                    ea:14:12:4f:81:54:c5:93:c1:21:e6:9f:b3:7d:97:
                    3d:a5:1f:1b:d6:34:dd:07:5e:b0:9b:1f:c1:57:59:
                    6f:10:01:1d:ec:37:c5:06:15:fd:41:2f:ac:59:a2:
                    b5:4e:59:43:cf:8d:ad:1f:1a:c9:fd:2e:24:0f:df:
                    99:7f:39:1d:49:c8:15:67:a7:5a:a0:75:14:86:b4:
                    ae:6f:64:ee:91:f7:73:10:fa:e7:28:fb:2a:3b:e7:
                    5b:bc:a1:a4:65:e3:c3:a2:9c:9d:d1:89:4d:2c:bd:
                    c1:31:dc:c6:af:d6:f6:1b:54:31:42:65:bc:d7:76:
                    18:93:85:d4:61:29:9f:7f:b3:75:36:4c:b7:a5:69:
                    68:f1:0c:38:8b:9f:bc:11:55:58:ff:f3:80:bb:01:
                    c0:dd:cf:11:f2:7d:06:38:60:87:bd:91:56:6b:03:
                    5b:fe:aa:fa:da:8d:37:d7:78:ff:48:89:80:ec:db:
                    c7:32:58:54:d5:6a:58:f0:7e:06:14:8d:46:f1:55:
                    17:f5:8a:dd:3f:cd:97:ad:f1:b5:35:1f:d2:da:2b:
                    18:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:F9:13:0D:8A:F2:DB:79:BC:1A:F5:A3:E5:B8:B6:7A:DE:7C:A0:EB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8vkTDYry23m8GvWj5bi2et58oOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:f3:16:dd:d9:06:42:cc:0e:9a:f4:73:cb:b3:bf:bd:4d:1c:
         e5:eb:12:e1:56:be:7c:a7:a8:e0:8e:20:c9:21:d6:ab:19:f5:
         b8:df:35:1d:fd:12:7d:1b:12:b2:2c:0f:84:a5:9f:0d:a5:5c:
         fe:0e:5f:b0:55:9e:f4:5f:81:65:8b:68:fb:89:db:f9:42:c4:
         d3:44:b0:57:54:c1:5d:5c:eb:e5:6f:87:48:e7:8d:27:9c:cf:
         30:9a:c0:7d:05:07:39:f2:4c:ee:e6:cc:39:41:4c:96:69:79:
         e8:7b:06:84:7a:c6:69:84:68:1d:f7:27:8c:0d:ed:51:eb:76:
         ee:93:07:58:bf:c3:3e:91:35:49:22:d3:fd:9c:1b:c0:b6:6a:
         66:09:2a:38:51:8b:44:0a:41:82:0d:20:ad:fd:95:17:35:87:
         e1:eb:2c:a7:72:9e:d7:3e:f2:fc:98:77:5e:e7:e4:8e:4f:ee:
         28:30:6e:a5:a2:2d:cc:e5:ec:2f:90:62:c8:28:cc:32:4b:d0:
         52:bf:83:3f:f5:dc:c1:d3:96:b3:ac:3b:2c:91:ed:fb:9b:ec:
         a0:6f:64:81:91:31:f5:b2:41:6f:54:ac:b2:1c:44:ef:3a:45:
         e0:49:cc:10:8c:de:b5:63:1a:3b:19:55:c0:4c:7a:c4:db:6e:
         49:a8:bd:09
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbGS/pj3LEwUZON9CyJaVHaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA5MTIxNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmY5MTMwZDhhZjJkYjc5YmMxYWY1YTNlNWI4YjY3YWRlN2NhMGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRvaanhNuLMcFRwRQcS+COfP9pau
3WO0H46ecQfRvYRCcUW+rfG03dSvzNbqFBJPgVTFk8Eh5p+zfZc9pR8b1jTdB16w
mx/BV1lvEAEd7DfFBhX9QS+sWaK1TllDz42tHxrJ/S4kD9+ZfzkdScgVZ6daoHUU
hrSub2TukfdzEPrnKPsqO+dbvKGkZePDopyd0YlNLL3BMdzGr9b2G1QxQmW813YY
k4XUYSmff7N1Nky3pWlo8Qw4i5+8EVVY//OAuwHA3c8R8n0GOGCHvZFWawNb/qr6
2o0313j/SImA7NvHMlhU1WpY8H4GFI1G8VUX9YrdP82XrfG1NR/S2isYcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPL5Ew2K8tt5vBr1o+W4tnrefKDrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOHZrVERZcnkyM204R3ZXajViaTJldDU4b09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKzzFt3ZBkLMDpr0c8uz
v71NHOXrEuFWvnynqOCOIMkh1qsZ9bjfNR39En0bErIsD4Slnw2lXP4OX7BVnvRf
gWWLaPuJ2/lCxNNEsFdUwV1c6+Vvh0jnjSeczzCawH0FBznyTO7mzDlBTJZpeeh7
BoR6xmmEaB33J4wN7VHrdu6TB1i/wz6RNUki0/2cG8C2amYJKjhRi0QKQYINIK39
lRc1h+HrLKdyntc+8vyYd17n5I5P7igwbqWiLczl7C+QYsgozDJL0FK/gz/13MHT
lrOsOyyR7fub7KBvZIGRMfWyQW9UrLIcRO86ReBJzBCM3rVjGjsZVcBMesTbbkmo
vQk=
-----END CERTIFICATE-----