Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9WvokOWKi1xGLPOKgzldXvI_L1E.roa
File:                     9WvokOWKi1xGLPOKgzldXvI_L1E.roa (raw, json)
Hash identifier:          YZ1MU1U+wicw8iYnWdyByaX1aMJXvzmzi/19APVWCUA=
Subject key identifier:   F5:6B:E8:90:E5:8A:8B:5C:46:2C:F3:8A:83:39:5D:5E:F2:3F:2F:51
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01884AE46F88213231DED27BDE676D02A9A5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9WvokOWKi1xGLPOKgzldXvI_L1E.roa
Signing time:             Tue 23 May 2023 23:14:24 +0000
ROA not before:           Tue 23 May 2023 23:14:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:4a:e4:6f:88:21:32:31:de:d2:7b:de:67:6d:02:a9:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 23 23:14:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f56be890e58a8b5c462cf38a83395d5ef23f2f51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:24:7a:62:9b:14:0c:3b:4e:c9:b2:99:59:1e:
                    8f:83:d1:8d:66:f0:ab:d9:4f:32:db:40:ed:a1:fc:
                    56:b4:ba:8b:2a:55:05:a9:ac:02:74:54:98:c2:be:
                    40:64:d1:08:b3:24:20:05:2b:49:6f:20:14:00:30:
                    ef:c6:64:1b:6d:57:26:8b:2d:04:cb:3f:ab:87:fa:
                    49:be:2b:47:19:ae:d6:78:dc:b8:3b:96:f4:09:25:
                    8e:8e:18:79:87:78:f2:9f:6f:70:f0:67:38:5d:4c:
                    a5:e2:91:ca:4e:16:da:15:a1:01:49:1a:55:d8:b9:
                    30:5a:47:34:f1:bf:93:c3:be:10:e3:67:06:32:4d:
                    cc:3d:42:69:0b:c1:c2:63:54:92:00:40:4d:95:ed:
                    48:ac:34:45:53:85:fa:02:7d:2c:a0:fe:21:18:e4:
                    06:44:c9:ab:bf:cb:60:48:51:18:58:ff:e8:ff:ea:
                    d9:f9:68:a7:d5:62:98:66:b9:23:5d:44:f6:52:4e:
                    1b:89:44:c7:8d:c0:2f:5e:07:0a:d0:70:3f:b7:c9:
                    81:0e:3e:45:0f:96:be:7b:20:42:7e:d2:7d:b9:6f:
                    6c:aa:ac:79:9f:e4:bd:34:eb:e0:34:27:d4:a0:0e:
                    9b:17:37:49:41:13:7d:6d:ef:07:fe:8a:c3:88:b7:
                    61:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:6B:E8:90:E5:8A:8B:5C:46:2C:F3:8A:83:39:5D:5E:F2:3F:2F:51
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9WvokOWKi1xGLPOKgzldXvI_L1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:ee:e5:89:f4:70:40:a5:fb:12:85:86:7a:83:12:2b:2a:b9:
         29:e0:2e:2a:87:15:82:ba:bb:46:34:15:90:e1:68:bf:a7:c9:
         72:25:04:d8:d5:d1:98:c1:e7:45:e4:b2:18:13:5c:49:05:9a:
         08:d3:f7:14:a9:6b:bb:c0:1f:9d:d1:72:54:7a:e7:6b:8e:ba:
         fb:b3:ef:d4:61:cf:a8:ea:61:58:9e:62:0c:3b:23:79:ec:e7:
         38:af:ed:e2:ca:a2:45:d8:93:68:43:a1:69:17:e2:75:b8:42:
         8f:5f:15:f3:95:c3:f6:28:ba:07:e0:b6:fe:34:a4:cb:cb:f6:
         df:ec:06:04:15:1b:55:60:2c:92:62:fa:25:c8:c5:c1:ea:e2:
         82:23:fb:c5:c8:6a:5b:d6:c1:62:83:cd:9d:31:9e:05:83:39:
         ad:b2:f8:a1:b0:e4:54:e1:12:7d:f8:4e:1d:d5:31:33:d3:8d:
         e7:6a:b4:de:51:91:9d:8b:db:fb:d7:4d:c9:cf:13:f8:ef:5d:
         b7:48:7c:96:76:a2:84:24:96:46:8f:cb:39:3b:af:ea:e7:96:
         dc:46:1b:ae:7b:10:de:37:ed:ca:2b:07:be:47:e3:7e:43:c4:
         aa:ad:ee:61:76:05:68:e3:2e:d1:e3:a0:4e:c8:d5:ef:40:03:
         19:dd:2c:1f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhK5G+IITIx3tJ73mdtAqmlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIzMjMxNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTZiZTg5MGU1OGE4YjVjNDYyY2YzOGE4MzM5NWQ1ZWYyM2YyZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCR6YpsUDDtOybKZWR6Pg9GNZvCr
2U8y20DtofxWtLqLKlUFqawCdFSYwr5AZNEIsyQgBStJbyAUADDvxmQbbVcmiy0E
yz+rh/pJvitHGa7WeNy4O5b0CSWOjhh5h3jyn29w8Gc4XUyl4pHKThbaFaEBSRpV
2LkwWkc08b+Tw74Q42cGMk3MPUJpC8HCY1SSAEBNle1IrDRFU4X6An0soP4hGOQG
RMmrv8tgSFEYWP/o/+rZ+Win1WKYZrkjXUT2Uk4biUTHjcAvXgcK0HA/t8mBDj5F
D5a+eyBCftJ9uW9sqqx5n+S9NOvgNCfUoA6bFzdJQRN9be8H/orDiLdh5wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPVr6JDliotcRizzioM5XV7yPy9RMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOVd2b2tPV0tpMXhHTFBPS2d6bGRYdklfTDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADLu5Yn0cECl+xKFhnqD
EisquSngLiqHFYK6u0Y0FZDhaL+nyXIlBNjV0ZjB50XkshgTXEkFmgjT9xSpa7vA
H53RclR652uOuvuz79Rhz6jqYVieYgw7I3ns5ziv7eLKokXYk2hDoWkX4nW4Qo9f
FfOVw/Yougfgtv40pMvL9t/sBgQVG1VgLJJi+iXIxcHq4oIj+8XIalvWwWKDzZ0x
ngWDOa2y+KGw5FThEn34Th3VMTPTjedqtN5RkZ2L2/vXTcnPE/jvXbdIfJZ2ooQk
lkaPyzk7r+rnltxGG657EN437corB75H435DxKqt7mF2BWjjLtHjoE7I1e9AAxnd
LB8=
-----END CERTIFICATE-----