Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BLBCLuSO3WQJahZW5IP-s7vQW1U.roa
File:                     BLBCLuSO3WQJahZW5IP-s7vQW1U.roa (raw, json)
Hash identifier:          LqzaRYkiqqjClhmRKuhdxg/hcgHuVSGfTPMg1IIuyxc=
Subject key identifier:   04:B0:42:2E:E4:8E:DD:64:09:6A:16:56:E4:83:FE:B3:BB:D0:5B:55
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01870CE5E8C4210350A32D8A27FBB1F593BE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BLBCLuSO3WQJahZW5IP-s7vQW1U.roa
Signing time:             Thu 23 Mar 2023 05:16:46 +0000
ROA not before:           Thu 23 Mar 2023 05:16:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0c:e5:e8:c4:21:03:50:a3:2d:8a:27:fb:b1:f5:93:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 23 05:16:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=04b0422ee48edd64096a1656e483feb3bbd05b55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fb:4d:67:32:c9:b0:3b:2b:36:9c:36:2b:5c:
                    45:0b:22:e9:d1:b5:28:13:02:74:eb:ec:3d:ef:d4:
                    ce:dc:72:af:c3:7b:32:f3:d5:be:83:1a:38:8a:36:
                    c2:2a:a4:58:72:8a:1e:fd:04:78:4a:4c:62:38:39:
                    82:1c:07:31:5f:93:1c:04:96:b9:ae:94:a5:d7:fa:
                    0a:70:e5:7a:7d:71:cb:f0:c1:f5:64:0d:b4:22:7d:
                    57:77:ea:92:a9:3d:31:a3:c4:a9:b0:4d:3c:38:f3:
                    e7:ea:4a:05:d9:18:94:80:c8:0a:9c:5c:f1:6c:46:
                    b7:a4:82:1d:3c:aa:3a:e5:2b:5e:74:c9:f6:9e:34:
                    48:2f:85:e4:93:00:5a:bc:ac:30:96:50:96:80:62:
                    1d:12:02:33:7e:b9:46:68:3f:28:d1:1f:bc:bd:59:
                    c7:88:a7:cb:dc:1e:0d:dc:48:1d:0c:be:ce:1f:79:
                    7c:d4:f4:d4:3a:86:29:a5:45:47:76:f2:d2:ea:be:
                    77:1a:09:cd:ce:60:2d:94:26:67:88:21:e5:29:d0:
                    34:82:3c:ae:60:92:d6:4e:d0:d1:15:45:2a:1f:49:
                    c1:74:4c:c0:29:81:5f:dc:d5:1e:53:56:04:89:b8:
                    43:11:7d:88:2f:46:75:36:9b:d3:6a:43:64:75:e4:
                    e8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B0:42:2E:E4:8E:DD:64:09:6A:16:56:E4:83:FE:B3:BB:D0:5B:55
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/BLBCLuSO3WQJahZW5IP-s7vQW1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:01:69:87:6a:57:f9:72:20:e1:8c:b6:34:00:c2:16:3b:67:
         bf:13:10:2c:0d:81:36:60:20:49:27:a3:9b:d4:44:64:4c:76:
         2a:d0:45:9d:6a:f1:31:dc:36:70:7e:41:d2:fe:0a:55:ee:08:
         a8:49:b7:4b:ef:44:1a:6d:1f:59:8f:86:0b:1b:1b:d2:73:57:
         2c:1d:ac:0a:76:47:77:5a:5d:3b:52:7a:89:2a:93:da:49:07:
         2b:14:1b:09:d3:d3:6c:98:1f:8a:82:ba:42:13:9c:fc:78:ff:
         7f:90:a3:76:30:6b:a0:42:e8:bb:b8:3c:e6:63:c9:a7:83:ab:
         1e:c4:94:6d:67:dd:77:b6:89:4d:86:c0:6b:83:59:db:23:1e:
         41:6b:76:f2:ec:ea:8f:a0:08:43:32:81:37:20:09:97:74:3a:
         ae:90:6e:af:ca:4d:27:7a:e8:08:c8:68:98:56:03:11:d9:43:
         48:3b:a4:22:5c:e5:33:04:7e:8c:9b:58:45:26:94:36:f4:7b:
         4a:60:15:57:90:13:e5:00:2e:f1:a3:98:fa:6e:28:42:46:92:
         93:43:c8:80:af:9a:69:cf:83:8d:d5:73:00:1a:b8:78:ec:89:
         00:96:91:bd:27:e3:ff:af:dc:2c:d6:3a:51:14:cf:86:b9:de:
         34:d6:9f:f1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcM5ejEIQNQoy2KJ/ux9ZO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIzMDUxNjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGIwNDIyZWU0OGVkZDY0MDk2YTE2NTZlNDgzZmViM2JiZDA1YjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/tNZzLJsDsrNpw2K1xFCyLp0bUo
EwJ06+w979TO3HKvw3sy89W+gxo4ijbCKqRYcooe/QR4SkxiODmCHAcxX5McBJa5
rpSl1/oKcOV6fXHL8MH1ZA20In1Xd+qSqT0xo8SpsE08OPPn6koF2RiUgMgKnFzx
bEa3pIIdPKo65StedMn2njRIL4XkkwBavKwwllCWgGIdEgIzfrlGaD8o0R+8vVnH
iKfL3B4N3EgdDL7OH3l81PTUOoYppUVHdvLS6r53GgnNzmAtlCZniCHlKdA0gjyu
YJLWTtDRFUUqH0nBdEzAKYFf3NUeU1YEibhDEX2IL0Z1NpvTakNkdeToaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFASwQi7kjt1kCWoWVuSD/rO70FtVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQkxCQ0x1U08zV1FKYWhaVzVJUC1zN3ZRVzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEIBaYdqV/lyIOGMtjQA
whY7Z78TECwNgTZgIEkno5vURGRMdirQRZ1q8THcNnB+QdL+ClXuCKhJt0vvRBpt
H1mPhgsbG9JzVywdrAp2R3daXTtSeokqk9pJBysUGwnT02yYH4qCukITnPx4/3+Q
o3Ywa6BC6Lu4POZjyaeDqx7ElG1n3Xe2iU2GwGuDWdsjHkFrdvLs6o+gCEMygTcg
CZd0Oq6Qbq/KTSd66AjIaJhWAxHZQ0g7pCJc5TMEfoybWEUmlDb0e0pgFVeQE+UA
LvGjmPpuKEJGkpNDyICvmmnPg43VcwAauHjsiQCWkb0n4/+v3CzWOlEUz4a53jTW
n/E=
-----END CERTIFICATE-----