Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CwOL5I4s0oF6XZdyE2_BxhWu3Yg.roa
File:                     CwOL5I4s0oF6XZdyE2_BxhWu3Yg.roa (raw, json)
Hash identifier:          YpALMCXK3qf+xK6ED97uDnNNHEeJ46SbAbQorkEDXV8=
Subject key identifier:   0B:03:8B:E4:8E:2C:D2:81:7A:5D:97:72:13:6F:C1:C6:15:AE:DD:88
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018944692E8B77FC7FD4770CBA14F0750324
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CwOL5I4s0oF6XZdyE2_BxhWu3Yg.roa
Signing time:             Tue 11 Jul 2023 10:04:51 +0000
ROA not before:           Tue 11 Jul 2023 10:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:189:4468:c404/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:44:69:2e:8b:77:fc:7f:d4:77:0c:ba:14:f0:75:03:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 11 10:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0b038be48e2cd2817a5d9772136fc1c615aedd88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ce:6a:a0:fe:06:f5:75:c1:de:13:4f:45:03:
                    f4:8d:1d:52:05:96:17:c5:66:54:c9:34:5c:c4:9a:
                    04:3b:e1:b1:b2:94:66:9c:d6:8c:0f:fa:12:82:2a:
                    9b:4e:7a:b5:29:ee:41:ac:ac:1b:95:05:5e:af:a5:
                    ea:09:85:6d:8d:0c:a1:57:5f:10:35:34:06:b4:f2:
                    94:08:dc:f4:c5:77:28:ad:8e:20:01:c5:74:c9:12:
                    2c:c0:f3:08:c2:e0:a9:1e:54:97:cd:5e:e6:4d:ae:
                    5d:90:52:12:2e:25:04:0e:66:7a:26:2e:b7:b1:e8:
                    5c:6d:63:5c:27:a9:40:e1:0a:d2:1f:86:5d:2c:36:
                    6d:1c:45:75:1c:3c:3d:2a:c6:30:89:18:9a:55:8a:
                    49:17:02:35:24:5e:93:f5:2a:66:9f:69:d2:ed:94:
                    82:72:b5:ba:f8:90:b7:d6:45:e9:8a:05:81:ee:24:
                    dc:d9:5e:5c:eb:b3:2b:11:7c:dd:d8:09:35:50:0f:
                    13:5d:41:12:fa:5c:ea:12:04:6d:b1:87:d8:58:bb:
                    1b:0a:95:a9:c7:12:0e:df:ac:7b:02:60:56:44:0e:
                    f5:9e:89:58:63:1a:b7:b1:10:84:40:9a:9a:0e:f7:
                    ea:62:e2:9e:f9:df:15:48:eb:b7:6e:4a:64:a8:e3:
                    63:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:03:8B:E4:8E:2C:D2:81:7A:5D:97:72:13:6F:C1:C6:15:AE:DD:88
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CwOL5I4s0oF6XZdyE2_BxhWu3Yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:c5:2c:20:1a:61:ee:d1:13:d2:75:ad:a2:33:12:68:8a:a1:
         44:7c:db:f5:38:82:e0:15:c7:13:9c:35:da:6c:43:2d:c7:2d:
         ff:3a:82:e4:0a:10:cd:48:2a:35:10:78:fd:aa:df:46:99:e4:
         55:06:95:65:8b:11:00:31:01:b5:b7:ee:7e:87:ef:ca:a5:4a:
         2b:6c:b2:92:2c:6e:c8:d3:4e:b1:31:ac:b8:5e:d8:55:59:66:
         2c:88:ec:11:06:94:0e:be:36:2b:c2:76:1f:43:01:43:88:ef:
         e7:67:ba:13:fa:3a:6d:54:20:06:49:1c:9b:fa:95:6e:39:3b:
         5d:f9:23:0e:09:14:45:38:1a:a2:45:30:20:2e:93:97:d1:9f:
         5c:71:93:d4:d9:85:8e:06:26:34:0c:a1:41:cc:e3:5f:ed:75:
         24:fe:80:17:8b:89:f6:fe:40:e8:c0:37:18:f9:b0:4e:e2:2b:
         e8:06:59:6f:65:47:b6:bd:b9:eb:64:da:fc:8d:08:78:82:8e:
         13:b2:d8:c5:9a:d1:91:71:74:a5:a9:a0:8b:2a:18:02:b6:0d:
         76:ea:aa:68:a6:b8:82:db:cf:39:5c:f8:d2:5f:ba:57:fd:9b:
         00:f6:15:e9:f1:4e:61:aa:7e:a1:6d:2a:37:25:06:14:7f:03:
         68:63:e9:d0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlEaS6Ld/x/1HcMuhTwdQMkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzExMTAwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjAzOGJlNDhlMmNkMjgxN2E1ZDk3NzIxMzZmYzFjNjE1YWVkZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis5qoP4G9XXB3hNPRQP0jR1SBZYX
xWZUyTRcxJoEO+GxspRmnNaMD/oSgiqbTnq1Ke5BrKwblQVer6XqCYVtjQyhV18Q
NTQGtPKUCNz0xXcorY4gAcV0yRIswPMIwuCpHlSXzV7mTa5dkFISLiUEDmZ6Ji63
sehcbWNcJ6lA4QrSH4ZdLDZtHEV1HDw9KsYwiRiaVYpJFwI1JF6T9Spmn2nS7ZSC
crW6+JC31kXpigWB7iTc2V5c67MrEXzd2Ak1UA8TXUES+lzqEgRtsYfYWLsbCpWp
xxIO36x7AmBWRA71nolYYxq3sRCEQJqaDvfqYuKe+d8VSOu3bkpkqONj9wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAsDi+SOLNKBel2XchNvwcYVrt2IMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ3dPTDVJNHMwb0Y2WFpkeUUyX0J4aFd1M1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFTFLCAaYe7RE9J1raIz
EmiKoUR82/U4guAVxxOcNdpsQy3HLf86guQKEM1IKjUQeP2q30aZ5FUGlWWLEQAx
AbW37n6H78qlSitsspIsbsjTTrExrLhe2FVZZiyI7BEGlA6+NivCdh9DAUOI7+dn
uhP6Om1UIAZJHJv6lW45O135Iw4JFEU4GqJFMCAuk5fRn1xxk9TZhY4GJjQMoUHM
41/tdST+gBeLifb+QOjANxj5sE7iK+gGWW9lR7a9uetk2vyNCHiCjhOy2MWa0ZFx
dKWpoIsqGAK2DXbqqmimuILbzzlc+NJfulf9mwD2FenxTmGqfqFtKjclBhR/A2hj
6dA=
-----END CERTIFICATE-----