Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CxkRB5inu55IT59e_N0BduEcjUI.roa
File:                     CxkRB5inu55IT59e_N0BduEcjUI.roa (raw, json)
Hash identifier:          2HmQjqMS1kZ08cpRgVBhwnGCwDd5NUrN2zvzqgSdqVI=
Subject key identifier:   0B:19:11:07:98:A7:BB:9E:48:4F:9F:5E:FC:DD:01:76:E1:1C:8D:42
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01875B317C1E4C3F823CB9DD3C5FE0FE9EDF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CxkRB5inu55IT59e_N0BduEcjUI.roa
Signing time:             Fri 07 Apr 2023 10:09:42 +0000
ROA not before:           Fri 07 Apr 2023 10:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:5b:31:7c:1e:4c:3f:82:3c:b9:dd:3c:5f:e0:fe:9e:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  7 10:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0b19110798a7bb9e484f9f5efcdd0176e11c8d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:35:d1:1c:c8:0d:b8:41:28:81:c7:59:ca:70:
                    b0:66:41:1d:92:07:f8:48:ef:03:52:5a:80:13:20:
                    ac:e9:2d:f5:cd:99:dc:ea:1f:c6:0f:80:ce:8f:d5:
                    1a:b1:02:be:2a:92:81:9a:4f:b9:a7:39:99:6b:be:
                    0e:4a:07:a6:49:65:95:b7:28:4e:39:fe:ff:30:d2:
                    6c:9c:aa:97:40:a0:da:6d:5e:b1:ab:1b:07:e5:c2:
                    b4:fe:d1:5a:a2:2c:cb:37:88:91:c6:f3:ef:74:7a:
                    98:a8:d7:7d:c0:be:cb:c7:35:42:91:f6:f1:ab:94:
                    d9:00:11:00:2a:6f:f0:f5:3e:75:49:75:99:c9:19:
                    e5:95:4f:61:ff:33:24:ec:9e:f3:c2:fa:9f:82:74:
                    3a:b0:14:2a:3d:4d:ec:82:07:37:81:05:cd:2b:64:
                    c6:9d:7f:67:be:f8:25:ef:67:a1:fb:7c:1d:d4:1d:
                    41:6c:c9:ac:b5:37:0f:34:f1:74:65:4a:2f:67:77:
                    e4:51:8b:d0:c9:cd:c6:dc:fa:73:bd:4a:8a:b0:be:
                    37:e5:36:16:81:0d:83:b2:9c:9f:bd:02:ce:42:60:
                    e2:7f:bb:9b:db:11:9b:e8:98:1d:25:77:fa:2c:bb:
                    75:15:37:d1:56:40:2e:e6:b6:42:19:7d:55:c9:c4:
                    92:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:19:11:07:98:A7:BB:9E:48:4F:9F:5E:FC:DD:01:76:E1:1C:8D:42
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/CxkRB5inu55IT59e_N0BduEcjUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:b4:74:42:81:32:e5:ae:e7:e5:a3:cf:43:9a:83:0c:dd:8c:
         46:64:de:6c:1d:71:c7:d5:92:92:78:3c:e1:7e:6f:59:ef:67:
         dc:cd:92:ef:c4:97:e0:f8:ee:28:37:2e:ba:cf:69:1b:de:11:
         d5:33:5b:58:b8:22:bf:c4:fb:1c:6c:87:6c:84:34:29:07:61:
         31:43:aa:77:77:57:c0:18:d1:4c:3f:15:4e:71:40:f0:a8:67:
         d3:95:06:fa:ce:53:35:63:b0:83:f2:8d:3b:a7:f2:fb:10:1d:
         91:57:d6:82:3a:c4:6d:d9:23:37:28:d6:7a:09:49:d7:88:2e:
         f9:b1:17:b0:73:eb:7b:9c:02:54:f9:f2:3a:33:e2:b9:52:31:
         9b:31:32:2f:47:32:bf:e4:ef:70:a6:76:7b:a1:70:87:e0:16:
         25:89:5e:10:1b:2f:64:63:8b:ea:da:1b:53:50:aa:7e:37:43:
         be:fa:b2:ef:e8:ab:d3:11:86:0d:c7:12:d3:0c:bc:b5:07:12:
         a8:88:2e:4c:81:4c:c8:56:d7:15:05:ea:24:25:b7:e9:4c:aa:
         4d:91:de:61:a6:1a:3d:19:58:d4:07:ba:62:87:c5:df:41:53:
         16:9d:5f:b0:5e:34:06:e1:36:bb:8b:ab:da:6e:37:18:df:4e:
         37:7b:9b:ec
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdbMXweTD+CPLndPF/g/p7fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA3MTAwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjE5MTEwNzk4YTdiYjllNDg0ZjlmNWVmY2RkMDE3NmUxMWM4ZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjXRHMgNuEEogcdZynCwZkEdkgf4
SO8DUlqAEyCs6S31zZnc6h/GD4DOj9UasQK+KpKBmk+5pzmZa74OSgemSWWVtyhO
Of7/MNJsnKqXQKDabV6xqxsH5cK0/tFaoizLN4iRxvPvdHqYqNd9wL7LxzVCkfbx
q5TZABEAKm/w9T51SXWZyRnllU9h/zMk7J7zwvqfgnQ6sBQqPU3sggc3gQXNK2TG
nX9nvvgl72eh+3wd1B1BbMmstTcPNPF0ZUovZ3fkUYvQyc3G3PpzvUqKsL435TYW
gQ2DspyfvQLOQmDif7ub2xGb6JgdJXf6LLt1FTfRVkAu5rZCGX1VycSSJwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAsZEQeYp7ueSE+fXvzdAXbhHI1CMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQ3hrUkI1aW51NTVJVDU5ZV9OMEJkdUVjalVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKK0dEKBMuWu5+Wjz0Oa
gwzdjEZk3mwdccfVkpJ4POF+b1nvZ9zNku/El+D47ig3LrrPaRveEdUzW1i4Ir/E
+xxsh2yENCkHYTFDqnd3V8AY0Uw/FU5xQPCoZ9OVBvrOUzVjsIPyjTun8vsQHZFX
1oI6xG3ZIzco1noJSdeILvmxF7Bz63ucAlT58joz4rlSMZsxMi9HMr/k73Cmdnuh
cIfgFiWJXhAbL2Rji+raG1NQqn43Q776su/oq9MRhg3HEtMMvLUHEqiILkyBTMhW
1xUF6iQlt+lMqk2R3mGmGj0ZWNQHumKHxd9BUxadX7BeNAbhNruLq9puNxjfTjd7
m+w=
-----END CERTIFICATE-----