Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CK3YmFny3vU9QPOrbDo85cx1qyc.roa
File:                     CK3YmFny3vU9QPOrbDo85cx1qyc.roa (raw, json)
Hash identifier:          a8bY/Z+Fc6tnQEXW5uf2hVwtPi40Z7ekVDn8cQgcMaY=
Subject key identifier:   08:AD:D8:98:59:F2:DE:F5:3D:40:F3:AB:6C:3A:3C:E5:CC:75:AB:27
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01870297FB4596B42A0DAEB986D05655B833
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CK3YmFny3vU9QPOrbDo85cx1qyc.roa
Signing time:             Tue 21 Mar 2023 05:15:27 +0000
ROA not before:           Tue 21 Mar 2023 05:15:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:02:97:fb:45:96:b4:2a:0d:ae:b9:86:d0:56:55:b8:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 21 05:15:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=08add89859f2def53d40f3ab6c3a3ce5cc75ab27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:87:d6:be:c0:d9:c7:36:c4:cb:94:23:8c:f9:
                    f6:bb:43:da:73:e6:0f:43:1d:7c:d8:dd:66:bd:f0:
                    37:a2:74:6d:df:4e:0e:25:87:18:66:45:d6:9a:7c:
                    66:5b:f2:c6:24:2b:d4:7f:0c:b2:00:72:3d:18:47:
                    0f:2d:7b:fd:50:51:26:f3:7b:d7:3c:e8:64:9d:64:
                    ae:12:7b:d2:66:b3:3b:d1:37:d3:8a:49:b0:47:7d:
                    5c:c4:ee:5c:92:cf:38:41:0f:3e:7b:b1:fd:ef:ee:
                    1e:f1:88:fa:44:53:96:98:ec:8b:5d:2b:04:74:67:
                    2b:1d:6a:75:b2:5d:6d:60:20:ce:f2:10:cd:fc:8d:
                    d8:9f:61:7a:e5:2f:91:52:60:36:ea:55:26:48:65:
                    34:01:29:45:e8:c0:0b:ce:17:63:3b:d5:c4:f9:1b:
                    08:2f:71:66:e1:1c:10:b3:1e:32:e6:6b:2e:26:96:
                    61:77:b4:fa:e1:4f:0b:12:08:5d:45:a8:02:9b:da:
                    17:28:14:e1:5e:b6:22:eb:2c:57:a9:13:cb:b4:ba:
                    d8:a7:5e:e6:01:71:5b:d2:a5:fe:55:fd:23:66:8f:
                    24:b7:91:09:71:39:16:b0:4d:f8:14:c4:78:9b:55:
                    64:82:50:db:1d:b4:6d:0f:a3:ed:8b:33:85:92:85:
                    ec:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:AD:D8:98:59:F2:DE:F5:3D:40:F3:AB:6C:3A:3C:E5:CC:75:AB:27
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CK3YmFny3vU9QPOrbDo85cx1qyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:d6:b5:52:99:f9:95:83:e0:9b:e5:16:c4:52:9f:92:dc:80:
         be:25:9f:5c:a2:96:ee:bf:51:7b:36:6a:41:e6:73:7c:d1:66:
         b6:69:98:28:6c:f1:00:59:29:0e:be:90:2c:fe:7c:fa:3a:75:
         47:50:4e:b8:a6:1b:e9:4b:de:c3:24:d0:7f:2f:9d:09:b2:91:
         5d:27:94:f1:ba:32:35:7d:72:ae:a7:16:ee:d4:e9:38:c1:b1:
         97:22:52:4a:5a:53:00:da:f3:ba:ad:63:bf:fa:4d:84:66:ae:
         6d:91:f5:0e:c0:1d:6a:a8:62:b6:58:b0:00:bb:16:f8:d3:e9:
         94:ab:59:39:17:71:ff:26:ec:31:2c:43:d2:68:f3:9c:1b:c9:
         3d:64:cc:68:68:eb:29:ce:45:f4:12:4d:1f:77:06:c4:8f:43:
         85:cf:12:50:95:c2:c4:ad:74:9b:4c:da:12:a7:a0:3d:1a:1f:
         5f:1d:14:3c:95:59:7b:ec:6e:6c:6f:7b:de:e9:da:88:d9:51:
         ff:92:ac:b3:7b:26:86:a0:ef:03:66:01:89:6c:40:11:13:64:
         34:c2:84:06:bf:f5:b4:5c:c0:7b:bd:3f:7a:c9:5a:4c:25:30:
         82:45:e0:b5:4c:37:db:31:44:0f:51:64:92:21:20:91:74:82:
         95:77:3b:16
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcCl/tFlrQqDa65htBWVbgzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIxMDUxNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGFkZDg5ODU5ZjJkZWY1M2Q0MGYzYWI2YzNhM2NlNWNjNzVhYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIfWvsDZxzbEy5QjjPn2u0Pac+YP
Qx182N1mvfA3onRt304OJYcYZkXWmnxmW/LGJCvUfwyyAHI9GEcPLXv9UFEm83vX
POhknWSuEnvSZrM70TfTikmwR31cxO5cks84QQ8+e7H97+4e8Yj6RFOWmOyLXSsE
dGcrHWp1sl1tYCDO8hDN/I3Yn2F65S+RUmA26lUmSGU0ASlF6MALzhdjO9XE+RsI
L3Fm4RwQsx4y5msuJpZhd7T64U8LEghdRagCm9oXKBThXrYi6yxXqRPLtLrYp17m
AXFb0qX+Vf0jZo8kt5EJcTkWsE34FMR4m1VkglDbHbRtD6PtizOFkoXsAwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAit2JhZ8t71PUDzq2w6POXMdasnMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ0szWW1GbnkzdlU5UVBPcmJEbzg1Y3gxcXljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAArWtVKZ+ZWD4JvlFsRS
n5LcgL4ln1yilu6/UXs2akHmc3zRZrZpmChs8QBZKQ6+kCz+fPo6dUdQTrimG+lL
3sMk0H8vnQmykV0nlPG6MjV9cq6nFu7U6TjBsZciUkpaUwDa87qtY7/6TYRmrm2R
9Q7AHWqoYrZYsAC7FvjT6ZSrWTkXcf8m7DEsQ9Jo85wbyT1kzGho6ynORfQSTR93
BsSPQ4XPElCVwsStdJtM2hKnoD0aH18dFDyVWXvsbmxve97p2ojZUf+SrLN7Joag
7wNmAYlsQBETZDTChAa/9bRcwHu9P3rJWkwlMIJF4LVMN9sxRA9RZJIhIJF0gpV3
OxY=
-----END CERTIFICATE-----