Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CKKNwiJVWRkEh2DeV_9az-B7mOE.roa
File:                     CKKNwiJVWRkEh2DeV_9az-B7mOE.roa (raw, json)
Hash identifier:          k8Zd0MgKCmnHnAML3UVnhct486oyR8Rn7DaFrUrj+hc=
Subject key identifier:   08:A2:8D:C2:22:55:59:19:04:87:60:DE:57:FF:5A:CF:E0:7B:98:E1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187119BAA6516FD420DD264A881769176C8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CKKNwiJVWRkEh2DeV_9az-B7mOE.roa
Signing time:             Fri 24 Mar 2023 03:13:46 +0000
ROA not before:           Fri 24 Mar 2023 03:13:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:11:9b:aa:65:16:fd:42:0d:d2:64:a8:81:76:91:76:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 24 03:13:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=08a28dc222555919048760de57ff5acfe07b98e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:8d:0b:94:db:ea:1a:37:95:e7:2e:75:5f:94:
                    a0:6e:62:78:5b:97:27:9f:ea:91:38:df:eb:6c:ed:
                    3e:79:ba:13:bf:45:0d:ed:ce:ba:da:6e:84:08:d0:
                    7f:20:55:d5:b7:e4:3a:c8:ef:e9:54:95:3a:71:02:
                    a8:fc:08:19:f8:93:0c:8b:f4:12:6c:5c:9c:b9:58:
                    5b:bb:2e:a1:71:5a:a9:5c:ca:c9:66:e5:75:6f:78:
                    aa:5e:41:74:09:ce:4d:02:ba:30:e3:f1:46:a4:9d:
                    b4:35:b7:71:77:55:e7:99:42:36:51:35:b5:6f:d6:
                    c8:9b:03:27:b8:f8:86:4a:f1:df:b5:a1:57:a5:eb:
                    ef:d1:0a:df:9f:ca:fc:5b:72:c7:ee:15:92:11:de:
                    d1:90:b6:b4:b5:f8:f9:96:f8:1b:bd:92:a3:c9:6e:
                    f3:70:07:52:15:97:b0:bf:6a:f4:ec:6d:4f:23:53:
                    96:d8:8e:82:2e:48:3c:83:8f:7c:98:df:93:d2:ce:
                    5d:7b:11:03:04:e2:7e:3e:39:8d:14:a1:94:66:99:
                    01:95:3e:b7:b6:a1:97:df:38:dd:d2:90:2f:89:87:
                    19:f6:95:dd:5f:38:d0:0b:11:d2:ec:dc:b6:9e:55:
                    ea:05:fd:64:d8:f5:85:66:0b:0b:a4:9a:56:25:58:
                    96:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A2:8D:C2:22:55:59:19:04:87:60:DE:57:FF:5A:CF:E0:7B:98:E1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CKKNwiJVWRkEh2DeV_9az-B7mOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:ff:d0:53:7c:ef:f4:12:58:d1:0f:4f:57:3e:6a:04:c6:a2:
         74:e7:ab:50:e1:80:5d:af:ff:86:86:34:ea:a3:42:f8:28:16:
         68:df:f9:f7:1c:43:dd:3f:9a:50:ca:11:5e:94:e9:8e:49:c1:
         78:d1:ee:68:7f:d7:a9:10:58:41:29:92:59:8b:cc:44:01:91:
         8c:d0:16:7a:f1:00:c2:1e:fa:02:45:f9:50:40:8a:e8:8c:a0:
         7f:a7:9c:6c:14:9c:8c:e7:30:c2:bc:b6:81:f3:f7:ff:a3:05:
         70:8d:9f:6c:94:c0:b0:b4:82:cc:74:85:ac:f5:74:ce:5e:93:
         24:4f:ec:d7:a8:eb:8c:29:bf:c6:0e:d5:bd:b1:ae:1f:73:f4:
         54:d2:2a:ec:43:d1:3a:78:88:7c:17:01:0d:eb:83:18:a6:21:
         fb:91:0d:66:34:49:a2:e1:e3:9c:a0:fa:00:ec:da:40:0b:e4:
         f8:be:a8:88:bc:67:a1:28:63:4d:fa:20:08:b7:0b:0c:ba:c3:
         e4:b4:4a:23:70:85:9b:2e:61:0c:de:cf:68:4b:8f:2e:71:d0:
         ae:97:05:38:1b:56:92:87:52:79:26:4f:e6:8e:59:5b:9a:30:
         a7:fe:a4:b8:0d:57:5b:bf:1e:64:57:00:03:47:19:ff:9a:f4:
         de:84:1d:d4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcRm6plFv1CDdJkqIF2kXbIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI0MDMxMzQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGEyOGRjMjIyNTU1OTE5MDQ4NzYwZGU1N2ZmNWFjZmUwN2I5OGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAho0LlNvqGjeV5y51X5SgbmJ4W5cn
n+qRON/rbO0+eboTv0UN7c662m6ECNB/IFXVt+Q6yO/pVJU6cQKo/AgZ+JMMi/QS
bFycuVhbuy6hcVqpXMrJZuV1b3iqXkF0Cc5NArow4/FGpJ20Nbdxd1XnmUI2UTW1
b9bImwMnuPiGSvHftaFXpevv0Qrfn8r8W3LH7hWSEd7RkLa0tfj5lvgbvZKjyW7z
cAdSFZewv2r07G1PI1OW2I6CLkg8g498mN+T0s5dexEDBOJ+PjmNFKGUZpkBlT63
tqGX3zjd0pAviYcZ9pXdXzjQCxHS7Ny2nlXqBf1k2PWFZgsLpJpWJViWcwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAiijcIiVVkZBIdg3lf/Ws/ge5jhMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ0tLTndpSlZXUmtFaDJEZVZfOWF6LUI3bU9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFj/0FN87/QSWNEPT1c+
agTGonTnq1DhgF2v/4aGNOqjQvgoFmjf+fccQ90/mlDKEV6U6Y5JwXjR7mh/16kQ
WEEpklmLzEQBkYzQFnrxAMIe+gJF+VBAiuiMoH+nnGwUnIznMMK8toHz9/+jBXCN
n2yUwLC0gsx0haz1dM5ekyRP7Neo64wpv8YO1b2xrh9z9FTSKuxD0Tp4iHwXAQ3r
gximIfuRDWY0SaLh45yg+gDs2kAL5Pi+qIi8Z6EoY036IAi3Cwy6w+S0SiNwhZsu
YQzez2hLjy5x0K6XBTgbVpKHUnkmT+aOWVuaMKf+pLgNV1u/HmRXAANHGf+a9N6E
HdQ=
-----END CERTIFICATE-----