Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CIZLrqb_of9wHndY2mmovd9lO6E.roa
File:                     CIZLrqb_of9wHndY2mmovd9lO6E.roa (raw, json)
Hash identifier:          y/wTubsku1ydWjoZ1cL5fRB/RMfSyvvgAysKLOJLWJU=
Subject key identifier:   08:86:4B:AE:A6:FF:A1:FF:70:1E:77:58:DA:69:A8:BD:DF:65:3B:A1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018969F5D8B390DDD3A43421D73A31A9E83B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CIZLrqb_of9wHndY2mmovd9lO6E.roa
Signing time:             Tue 18 Jul 2023 17:04:26 +0000
ROA not before:           Tue 18 Jul 2023 17:04:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:189:69f5:b281/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:69:f5:d8:b3:90:dd:d3:a4:34:21:d7:3a:31:a9:e8:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 18 17:04:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=08864baea6ffa1ff701e7758da69a8bddf653ba1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:26:56:82:99:0c:9b:3e:43:aa:b9:63:71:f1:
                    40:d1:af:80:c9:44:0f:d6:59:f1:56:30:2c:ff:0c:
                    f3:05:e9:d1:a7:88:ec:57:2f:c8:24:d7:16:2b:af:
                    fc:e7:6f:62:1c:1b:cf:46:c8:f8:c4:06:53:11:ee:
                    ed:3e:a7:12:ac:66:18:a7:f1:5a:8c:49:eb:1c:cb:
                    64:39:68:c5:b9:42:de:22:5d:b6:d0:06:9c:47:e5:
                    cb:27:83:2a:87:1d:c0:34:f1:57:cf:45:91:cd:d2:
                    e3:2e:b6:e8:39:11:c6:ea:68:b8:b8:2a:d4:56:33:
                    28:4f:36:90:bc:12:c4:1d:06:66:de:c2:30:9f:03:
                    1a:c2:75:e6:79:09:d5:35:ec:a5:1b:11:1e:13:fc:
                    7f:29:b0:8d:4f:a2:bf:a1:cf:f1:4c:17:7e:ab:82:
                    f9:e1:08:eb:86:cf:26:0d:33:18:00:ed:db:29:77:
                    b4:3d:64:a9:fe:4c:ab:58:93:6d:20:88:c8:55:21:
                    ad:09:f5:e2:70:47:4a:bf:bf:5a:ff:21:e9:0c:df:
                    23:d4:72:b9:31:31:f8:26:24:7a:62:15:3d:e3:12:
                    d4:4f:a2:16:6c:72:5b:83:ed:0d:3a:33:0f:56:ae:
                    d8:6a:56:55:f4:1f:b4:49:33:0f:68:40:b8:59:dc:
                    a9:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:86:4B:AE:A6:FF:A1:FF:70:1E:77:58:DA:69:A8:BD:DF:65:3B:A1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CIZLrqb_of9wHndY2mmovd9lO6E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:5b:fe:cc:53:4f:8d:c1:9d:9d:3a:26:ac:92:68:d2:3c:62:
         16:10:b2:3f:df:74:07:59:4a:3c:b8:b0:29:66:a4:37:27:fb:
         16:56:e6:65:7d:e2:9e:df:42:81:4f:53:05:3b:6a:79:d6:b6:
         e1:9f:d1:a6:07:d3:e8:73:bb:1b:83:58:8f:73:3b:64:92:ae:
         a1:03:73:33:b7:85:91:10:06:b7:e4:40:82:6b:8a:a6:42:68:
         da:33:39:93:90:ec:5d:fe:e5:bd:d6:02:f8:78:fe:12:c3:91:
         30:2c:65:b3:dd:0b:4f:b2:57:35:d0:2a:f5:61:e8:73:11:ac:
         3f:ec:ad:a9:be:69:d3:1e:52:a5:4f:9c:35:8f:6e:80:10:3e:
         5f:48:19:19:37:6f:79:d2:e4:8e:a0:a8:a5:cd:f5:b9:76:9e:
         92:44:1d:c8:60:63:f0:10:b8:52:f5:1a:00:7c:53:61:fb:1c:
         41:4a:e9:f8:b7:7f:ef:fb:60:0d:03:cf:71:f4:04:2d:17:fe:
         50:08:48:2e:b4:2c:6c:b8:f2:9e:40:0b:2d:cb:4e:84:cc:d5:
         0d:2c:47:9b:c1:61:4e:3b:5d:37:2d:02:1e:9f:f3:20:6e:a4:
         4c:f0:5c:3f:91:c1:e6:16:09:57:d2:7b:16:80:e7:44:fa:dd:
         cf:06:bf:e4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlp9dizkN3TpDQh1zoxqeg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE4MTcwNDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODg2NGJhZWE2ZmZhMWZmNzAxZTc3NThkYTY5YThiZGRmNjUzYmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyZWgpkMmz5DqrljcfFA0a+AyUQP
1lnxVjAs/wzzBenRp4jsVy/IJNcWK6/8529iHBvPRsj4xAZTEe7tPqcSrGYYp/Fa
jEnrHMtkOWjFuULeIl220AacR+XLJ4Mqhx3ANPFXz0WRzdLjLrboORHG6mi4uCrU
VjMoTzaQvBLEHQZm3sIwnwMawnXmeQnVNeylGxEeE/x/KbCNT6K/oc/xTBd+q4L5
4Qjrhs8mDTMYAO3bKXe0PWSp/kyrWJNtIIjIVSGtCfXicEdKv79a/yHpDN8j1HK5
MTH4JiR6YhU94xLUT6IWbHJbg+0NOjMPVq7YalZV9B+0STMPaEC4WdypSwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAiGS66m/6H/cB53WNppqL3fZTuhMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ0laTHJxYl9vZjl3SG5kWTJtbW92ZDlsTzZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADxb/sxTT43BnZ06JqyS
aNI8YhYQsj/fdAdZSjy4sClmpDcn+xZW5mV94p7fQoFPUwU7annWtuGf0aYH0+hz
uxuDWI9zO2SSrqEDczO3hZEQBrfkQIJriqZCaNozOZOQ7F3+5b3WAvh4/hLDkTAs
ZbPdC0+yVzXQKvVh6HMRrD/sram+adMeUqVPnDWPboAQPl9IGRk3b3nS5I6gqKXN
9bl2npJEHchgY/AQuFL1GgB8U2H7HEFK6fi3f+/7YA0Dz3H0BC0X/lAISC60LGy4
8p5ACy3LToTM1Q0sR5vBYU47XTctAh6f8yBupEzwXD+RweYWCVfSexaA50T63c8G
v+Q=
-----END CERTIFICATE-----