Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ECnulPIOacJ4jpppJ8NdM3Fk-UE.roa
File:                     ECnulPIOacJ4jpppJ8NdM3Fk-UE.roa (raw, json)
Hash identifier:          JsihPN/1HQW7gpx+uXEFRQ4U/7ZhWcU44OzVgY4EjvI=
Subject key identifier:   10:29:EE:94:F2:0E:69:C2:78:8E:9A:69:27:C3:5D:33:71:64:F9:41
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01883B36C3F55355AF6E827F16B2D3E6CF43
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ECnulPIOacJ4jpppJ8NdM3Fk-UE.roa
Signing time:             Sat 20 May 2023 22:10:24 +0000
ROA not before:           Sat 20 May 2023 22:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:3b:36:c3:f5:53:55:af:6e:82:7f:16:b2:d3:e6:cf:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 20 22:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1029ee94f20e69c2788e9a6927c35d337164f941
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:d6:13:57:e1:4e:40:e9:3f:f4:3e:6c:82:52:
                    55:85:21:e6:c7:86:34:8a:58:0a:52:af:ca:6c:07:
                    d9:81:9c:fc:46:c4:df:50:f8:ba:9c:81:78:a1:7f:
                    ff:d8:35:71:86:4f:35:88:10:99:26:6d:c0:4e:a7:
                    5b:2a:db:01:08:74:bf:f3:71:72:25:b2:56:77:11:
                    be:91:a4:0e:87:87:a9:cc:02:1b:c2:52:e0:40:4e:
                    90:5a:79:41:b8:4d:9a:68:6a:75:7b:a7:fc:2d:ba:
                    e0:f8:35:a3:ea:df:9b:1f:31:85:0f:8b:c7:77:bd:
                    7a:dd:99:47:14:8c:84:1d:d9:37:80:cd:47:40:9c:
                    21:f4:ce:a0:6a:28:cb:d6:ac:c7:8c:ea:7a:c3:a5:
                    38:9a:c5:98:96:a4:b4:15:4f:06:22:44:78:ff:c4:
                    a8:97:23:0c:2f:49:17:e0:68:53:24:c5:42:fa:21:
                    ee:84:4f:a5:20:3e:db:9b:f9:d9:b9:26:1e:d1:08:
                    50:45:74:aa:ec:73:e1:99:d8:77:bc:96:4c:ac:98:
                    c4:76:fd:4d:20:6f:1b:0c:39:df:ec:0b:c9:14:8c:
                    bc:91:d4:26:46:c4:77:09:01:80:6a:9f:b3:73:9c:
                    81:b8:3b:cf:dd:59:88:76:ba:3d:92:04:be:bb:91:
                    4d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:29:EE:94:F2:0E:69:C2:78:8E:9A:69:27:C3:5D:33:71:64:F9:41
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ECnulPIOacJ4jpppJ8NdM3Fk-UE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:18:34:9a:2b:32:a7:5c:a0:16:7c:a7:cb:48:92:63:b1:e6:
         a1:23:a8:61:b3:38:6c:7c:8a:80:b7:0d:e9:25:48:6e:a5:85:
         4d:16:4b:12:64:5e:29:8b:86:a5:fe:be:28:ab:8b:9f:2d:a0:
         35:e4:59:d8:b6:cd:db:a6:2f:ae:56:7e:70:ba:b1:a5:cb:70:
         92:34:ba:83:01:d4:a8:cb:da:94:2b:66:e5:45:e7:08:5b:d4:
         5c:f8:4c:89:7f:6d:63:36:73:23:30:02:fc:17:a6:a5:38:bf:
         12:04:03:c8:b3:83:f1:53:a4:58:fa:28:bf:c1:9e:28:df:3b:
         69:f9:e2:94:bd:2d:33:c5:f1:b7:04:68:db:b0:37:c2:10:fa:
         c4:f5:25:40:49:4b:3f:53:41:22:c6:d9:96:3d:9c:81:59:14:
         62:79:28:97:6e:02:56:49:d5:65:18:af:93:e1:7a:23:9b:1e:
         96:42:b2:1c:39:11:f3:f8:0a:c3:65:74:32:5f:50:28:44:8e:
         f3:9a:b1:53:da:22:91:12:89:bf:2a:58:23:ce:d7:6e:5b:6b:
         3f:6d:28:0a:f5:e1:f8:b0:1d:32:67:40:47:51:ea:d9:e5:96:
         4b:19:3c:23:1f:d6:81:2f:20:17:f2:7f:06:0b:b1:fe:ce:58:
         d9:35:19:8f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg7NsP1U1WvboJ/FrLT5s9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIwMjIxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDI5ZWU5NGYyMGU2OWMyNzg4ZTlhNjkyN2MzNWQzMzcxNjRmOTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3dYTV+FOQOk/9D5sglJVhSHmx4Y0
ilgKUq/KbAfZgZz8RsTfUPi6nIF4oX//2DVxhk81iBCZJm3ATqdbKtsBCHS/83Fy
JbJWdxG+kaQOh4epzAIbwlLgQE6QWnlBuE2aaGp1e6f8Lbrg+DWj6t+bHzGFD4vH
d7163ZlHFIyEHdk3gM1HQJwh9M6gaijL1qzHjOp6w6U4msWYlqS0FU8GIkR4/8So
lyMML0kX4GhTJMVC+iHuhE+lID7bm/nZuSYe0QhQRXSq7HPhmdh3vJZMrJjEdv1N
IG8bDDnf7AvJFIy8kdQmRsR3CQGAap+zc5yBuDvP3VmIdro9kgS+u5FNfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBAp7pTyDmnCeI6aaSfDXTNxZPlBMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRUNudWxQSU9hY0o0anBwcEo4TmRNM0ZrLVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAB0YNJorMqdcoBZ8p8tI
kmOx5qEjqGGzOGx8ioC3DeklSG6lhU0WSxJkXimLhqX+viiri58toDXkWdi2zdum
L65WfnC6saXLcJI0uoMB1KjL2pQrZuVF5whb1Fz4TIl/bWM2cyMwAvwXpqU4vxIE
A8izg/FTpFj6KL/BnijfO2n54pS9LTPF8bcEaNuwN8IQ+sT1JUBJSz9TQSLG2ZY9
nIFZFGJ5KJduAlZJ1WUYr5PheiObHpZCshw5EfP4CsNldDJfUChEjvOasVPaIpES
ib8qWCPO125baz9tKAr14fiwHTJnQEdR6tnllksZPCMf1oEvIBfyfwYLsf7OWNk1
GY8=
-----END CERTIFICATE-----