Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CbmsLNXhAFChDBqk9YHo1SfyfNU.roa
File:                     CbmsLNXhAFChDBqk9YHo1SfyfNU.roa (raw, json)
Hash identifier:          y5VBIq2ZO8XXdZCct4l+TmJKEUl8iL1qLCszb0Y/6j0=
Subject key identifier:   09:B9:AC:2C:D5:E1:00:50:A1:0C:1A:A4:F5:81:E8:D5:27:F2:7C:D5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01887DBC4C371E2760F74D5B2360A1EA08FE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CbmsLNXhAFChDBqk9YHo1SfyfNU.roa
Signing time:             Fri 02 Jun 2023 20:11:12 +0000
ROA not before:           Fri 02 Jun 2023 20:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:7d:bc:4c:37:1e:27:60:f7:4d:5b:23:60:a1:ea:08:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  2 20:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=09b9ac2cd5e10050a10c1aa4f581e8d527f27cd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2a:f0:28:a7:fe:38:6b:a2:65:6c:21:53:4c:
                    79:33:41:7e:a8:4a:6d:ff:a1:5b:d8:b9:e4:11:6b:
                    1c:f2:8f:04:7c:1c:64:96:dd:1d:a4:88:3a:56:83:
                    a1:3f:5c:1a:0f:79:45:f8:6f:c7:7b:cd:96:c2:fe:
                    d6:78:d7:6d:b3:de:da:9d:90:91:c4:f4:b0:f9:13:
                    a1:44:8e:fe:49:03:f0:c6:ab:6f:ce:ed:25:9e:44:
                    5a:dd:60:b6:fa:29:bf:f1:91:0d:20:60:b8:82:0f:
                    f3:f2:94:04:17:b6:9e:f8:42:4a:60:ce:75:b9:54:
                    a1:2f:ab:cb:e9:2e:6b:07:8d:44:7f:6b:e9:b2:27:
                    8f:47:0a:a5:7a:af:6d:f5:7c:62:1f:68:51:2a:1e:
                    2e:69:8d:6f:db:b7:37:81:f1:aa:30:22:12:eb:5a:
                    c3:b3:95:b7:9f:cc:bb:bb:ad:a5:50:36:50:90:10:
                    f8:fd:1b:32:13:bd:e1:59:d9:e8:1e:1d:b4:d9:bb:
                    82:dc:74:97:a2:a5:5c:9c:d4:80:eb:a7:51:7d:6c:
                    0f:2e:11:ba:af:34:8a:63:15:64:d9:f4:87:a6:38:
                    09:b6:e5:fb:0c:3e:d5:b4:a2:04:47:e9:b0:55:c7:
                    42:27:31:3b:27:5a:74:02:ce:f6:e6:e8:1a:6f:f5:
                    12:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:B9:AC:2C:D5:E1:00:50:A1:0C:1A:A4:F5:81:E8:D5:27:F2:7C:D5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CbmsLNXhAFChDBqk9YHo1SfyfNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:a7:7a:2d:f8:7b:bb:05:26:cd:bf:4e:d2:28:ff:5c:ab:26:
         52:27:1b:f1:0b:37:82:7c:d9:4e:50:e7:87:c8:12:18:bc:e9:
         f6:c1:82:f7:a2:d6:fc:1e:8d:96:6b:dd:51:3d:f0:d5:00:ff:
         03:09:43:37:01:71:fc:3f:47:43:2a:95:1d:e2:d4:8c:9b:cc:
         e8:e3:39:e8:3e:e4:10:80:2d:5c:78:6b:56:1e:e7:18:69:00:
         f3:25:49:db:47:2b:0f:7f:2e:f2:eb:47:2e:2d:af:44:c1:e5:
         6d:66:eb:24:e8:ad:1d:0c:53:2b:c4:cb:18:0a:4e:08:58:86:
         5a:c1:46:d4:74:49:9e:ba:85:22:8b:f8:c8:0c:3e:7e:16:e8:
         d0:f3:d3:d3:8e:df:1c:52:b0:19:46:94:51:1b:98:20:2a:f5:
         45:21:38:7c:09:6c:dd:42:0f:df:6b:93:2f:88:ad:6f:0d:6b:
         5f:99:23:84:31:7b:ee:07:4e:69:53:60:0e:6c:68:9b:c5:d6:
         f2:83:8f:99:ad:ad:5b:5c:62:4d:4f:14:5c:a0:e5:67:87:9e:
         be:af:64:bd:52:3b:e2:1e:1d:c0:65:77:0d:41:5e:10:ea:ac:
         ed:c0:27:36:bd:9c:6e:00:a3:46:c0:87:f7:96:a8:63:8d:47:
         ef:dd:c9:2e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh9vEw3Hidg901bI2Ch6gj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAyMjAxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWI5YWMyY2Q1ZTEwMDUwYTEwYzFhYTRmNTgxZThkNTI3ZjI3Y2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCrwKKf+OGuiZWwhU0x5M0F+qEpt
/6Fb2LnkEWsc8o8EfBxklt0dpIg6VoOhP1waD3lF+G/He82Wwv7WeNdts97anZCR
xPSw+ROhRI7+SQPwxqtvzu0lnkRa3WC2+im/8ZENIGC4gg/z8pQEF7ae+EJKYM51
uVShL6vL6S5rB41Ef2vpsiePRwqleq9t9XxiH2hRKh4uaY1v27c3gfGqMCIS61rD
s5W3n8y7u62lUDZQkBD4/RsyE73hWdnoHh202buC3HSXoqVcnNSA66dRfWwPLhG6
rzSKYxVk2fSHpjgJtuX7DD7VtKIER+mwVcdCJzE7J1p0As725ugab/USoQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAm5rCzV4QBQoQwapPWB6NUn8nzVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ2Jtc0xOWGhBRkNoREJxazlZSG8xU2Z5Zk5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK+nei34e7sFJs2/TtIo
/1yrJlInG/ELN4J82U5Q54fIEhi86fbBgvei1vwejZZr3VE98NUA/wMJQzcBcfw/
R0MqlR3i1IybzOjjOeg+5BCALVx4a1Ye5xhpAPMlSdtHKw9/LvLrRy4tr0TB5W1m
6yTorR0MUyvEyxgKTghYhlrBRtR0SZ66hSKL+MgMPn4W6NDz09OO3xxSsBlGlFEb
mCAq9UUhOHwJbN1CD99rky+IrW8Na1+ZI4Qxe+4HTmlTYA5saJvF1vKDj5mtrVtc
Yk1PFFyg5WeHnr6vZL1SO+IeHcBldw1BXhDqrO3AJza9nG4Ao0bAh/eWqGONR+/d
yS4=
-----END CERTIFICATE-----