Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AafhO_5lgT19s_bLiSv8gJmIwYY.roa
File:                     AafhO_5lgT19s_bLiSv8gJmIwYY.roa (raw, json)
Hash identifier:          oRoddb1Iv5yw+vRVay6unkqg7gHi2kxrq5UBmrtT/Pw=
Subject key identifier:   01:A7:E1:3B:FE:65:81:3D:7D:B3:F6:CB:89:2B:FC:80:99:88:C1:86
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888FC0B86D621908B7C6DCDBA1CEB838B1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AafhO_5lgT19s_bLiSv8gJmIwYY.roa
Signing time:             Tue 06 Jun 2023 08:09:11 +0000
ROA not before:           Tue 06 Jun 2023 08:09:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8f:c0:b8:6d:62:19:08:b7:c6:dc:db:a1:ce:b8:38:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  6 08:09:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=01a7e13bfe65813d7db3f6cb892bfc809988c186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:30:be:2d:00:6b:3e:ce:4c:6c:4e:9b:cd:9d:
                    f8:bc:23:a4:69:0e:3a:96:36:20:c1:ae:28:5e:9f:
                    f9:bd:a5:02:fb:70:85:48:37:cd:07:2d:f9:d0:7c:
                    ee:31:5a:3a:8c:a4:f6:69:ae:da:cc:0a:61:cb:02:
                    23:33:87:e2:c2:b5:84:f0:18:44:f6:b0:28:38:95:
                    25:bb:95:ab:13:10:10:73:46:6f:cb:c5:68:f6:fa:
                    fc:9e:85:ad:07:6e:aa:08:77:c5:6f:fc:12:fc:f0:
                    83:c4:8f:b0:83:13:c1:8d:36:19:bf:61:a1:0c:dc:
                    25:20:0f:be:34:1a:c2:48:d3:e4:51:24:86:bc:3a:
                    26:02:27:ac:66:80:a2:a2:c1:b9:a0:29:7f:e8:b7:
                    f4:8e:03:77:fa:e1:c0:47:e1:46:7d:e3:b8:39:4f:
                    25:60:64:43:34:e0:72:74:40:23:9f:b1:4d:63:d5:
                    60:82:39:d7:aa:0e:e0:2f:1b:f0:8e:fa:4d:bc:a0:
                    d9:8c:de:c3:ea:d9:ff:95:56:f8:7e:7c:e2:72:8d:
                    43:07:e8:fd:70:f8:b2:ff:b5:ab:83:52:ab:b4:fe:
                    bd:e0:e4:b2:9c:c3:5b:70:80:63:06:ec:e8:de:63:
                    15:22:f5:82:7c:8e:ed:2d:c5:7f:00:74:ac:9c:90:
                    ff:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A7:E1:3B:FE:65:81:3D:7D:B3:F6:CB:89:2B:FC:80:99:88:C1:86
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AafhO_5lgT19s_bLiSv8gJmIwYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:6d:f8:ea:ab:c8:43:95:2b:fe:73:1c:27:51:cc:18:de:26:
         eb:61:9c:51:d7:40:06:42:ff:b8:9e:af:fc:0f:7a:5a:a2:e2:
         52:4f:b8:a9:3d:9d:c4:cf:56:14:a2:16:35:d5:64:24:69:e4:
         a4:c2:1c:97:f7:d5:f0:d1:f6:bf:f7:c4:70:5d:21:61:59:ec:
         8a:f9:be:e0:6f:1c:97:79:28:4b:8a:98:65:20:03:cc:28:81:
         f3:bc:21:f3:9c:18:70:1d:7a:51:47:c0:cd:fe:6f:ae:fe:80:
         14:6e:ab:14:ed:47:b6:29:51:2f:80:81:40:26:93:23:13:44:
         e9:ae:86:95:11:5e:5e:f7:22:ed:b2:c3:67:86:bf:65:41:75:
         08:87:cf:91:2d:25:72:bb:27:08:83:df:11:80:c2:31:1b:34:
         d7:15:3a:2f:d0:fa:6a:c3:cf:b4:f2:40:cc:01:81:b5:a2:4c:
         56:89:50:e3:c7:f6:bc:47:87:44:e0:a7:cd:e3:1a:dd:45:cb:
         10:2b:75:04:2b:f9:dd:c5:eb:0d:75:43:ff:8c:11:a5:39:c4:
         14:50:22:55:ce:31:fc:e9:7c:cb:af:c1:d9:4e:75:50:0b:f5:
         39:f9:cb:78:93:bf:c2:ae:70:2a:1a:dc:5e:e2:ae:84:68:10:
         6d:e1:39:79
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiPwLhtYhkIt8bc26HOuDixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA2MDgwOTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWE3ZTEzYmZlNjU4MTNkN2RiM2Y2Y2I4OTJiZmM4MDk5ODhjMTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDC+LQBrPs5MbE6bzZ34vCOkaQ46
ljYgwa4oXp/5vaUC+3CFSDfNBy350HzuMVo6jKT2aa7azAphywIjM4fiwrWE8BhE
9rAoOJUlu5WrExAQc0Zvy8Vo9vr8noWtB26qCHfFb/wS/PCDxI+wgxPBjTYZv2Gh
DNwlIA++NBrCSNPkUSSGvDomAiesZoCiosG5oCl/6Lf0jgN3+uHAR+FGfeO4OU8l
YGRDNOBydEAjn7FNY9VggjnXqg7gLxvwjvpNvKDZjN7D6tn/lVb4fnzico1DB+j9
cPiy/7Wrg1KrtP694OSynMNbcIBjBuzo3mMVIvWCfI7tLcV/AHSsnJD/mwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAGn4Tv+ZYE9fbP2y4kr/ICZiMGGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQWFmaE9fNWxnVDE5c19iTGlTdjhnSm1Jd1lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAElt+OqryEOVK/5zHCdR
zBjeJuthnFHXQAZC/7ier/wPelqi4lJPuKk9ncTPVhSiFjXVZCRp5KTCHJf31fDR
9r/3xHBdIWFZ7Ir5vuBvHJd5KEuKmGUgA8wogfO8IfOcGHAdelFHwM3+b67+gBRu
qxTtR7YpUS+AgUAmkyMTROmuhpURXl73Iu2yw2eGv2VBdQiHz5EtJXK7JwiD3xGA
wjEbNNcVOi/Q+mrDz7TyQMwBgbWiTFaJUOPH9rxHh0Tgp83jGt1FyxArdQQr+d3F
6w11Q/+MEaU5xBRQIlXOMfzpfMuvwdlOdVAL9Tn5y3iTv8KucCoa3F7iroRoEG3h
OXk=
-----END CERTIFICATE-----