Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Fotly7QOJlubY37thwFHCEw1IKw.roa
File:                     Fotly7QOJlubY37thwFHCEw1IKw.roa (raw, json)
Hash identifier:          7tRISHrQXByYtzoS9gMy1QdYGXwkL6F2LEa0O/Xwhho=
Subject key identifier:   16:8B:65:CB:B4:0E:26:5B:9B:63:7E:ED:87:01:47:08:4C:35:20:AC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187966D5AF15BB01CF6FF65097D6CC8EEE0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Fotly7QOJlubY37thwFHCEw1IKw.roa
Signing time:             Tue 18 Apr 2023 22:12:41 +0000
ROA not before:           Tue 18 Apr 2023 22:12:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:96:6d:5a:f1:5b:b0:1c:f6:ff:65:09:7d:6c:c8:ee:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 18 22:12:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=168b65cbb40e265b9b637eed870147084c3520ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d2:f6:3b:53:4d:dd:55:97:48:a4:9f:96:7d:
                    1f:1f:89:5d:47:5c:7d:f1:dc:02:cc:4c:2f:db:3b:
                    94:bc:c0:1f:95:44:48:65:84:dd:70:7f:9c:e4:1a:
                    64:1d:78:f9:24:21:79:da:d4:ae:32:37:5a:51:41:
                    91:da:dd:d5:76:6c:05:98:2e:4e:48:dc:ff:a5:6a:
                    18:b0:01:7a:69:42:6a:c7:e4:cb:29:79:bb:53:ec:
                    43:c0:9d:03:96:51:96:7c:e9:a3:80:75:77:92:43:
                    81:24:74:67:79:8f:a7:ae:17:9d:06:d0:7b:0b:79:
                    bf:a5:82:13:94:02:39:3a:61:90:9a:b2:70:c3:f0:
                    b5:62:dc:4c:93:a8:a5:33:c2:20:c4:0e:f7:3c:b9:
                    f0:81:57:42:4b:2a:21:90:c4:95:1d:a4:1a:84:92:
                    ca:75:ae:c6:b9:8d:3f:85:cf:54:cb:52:bc:da:54:
                    4c:5e:f7:82:04:7b:da:89:ff:6c:d1:97:76:f1:cc:
                    57:0a:37:1a:b5:ed:24:aa:a9:1b:80:7f:0b:0c:27:
                    db:6f:29:af:3e:af:1f:17:b9:8f:3f:03:17:e9:6d:
                    9d:19:3b:30:1d:c6:9a:84:6b:88:a9:81:25:95:47:
                    40:1a:4b:ec:d0:5a:ca:4c:e1:e6:cb:59:13:b0:ea:
                    58:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:8B:65:CB:B4:0E:26:5B:9B:63:7E:ED:87:01:47:08:4C:35:20:AC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Fotly7QOJlubY37thwFHCEw1IKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:51:d6:02:98:53:67:70:23:7b:c8:80:a7:2a:41:9d:b3:a5:
         d7:f8:3c:95:b7:08:78:c9:6f:c8:40:47:f9:0a:49:50:4a:a6:
         2c:ff:96:a8:7e:a1:01:d5:ce:3f:5e:a9:27:b7:54:9b:1c:c2:
         79:52:64:f4:2b:6f:6f:3c:c4:56:38:43:0b:be:b8:1b:21:66:
         03:c4:01:3e:71:74:3b:41:a8:8b:69:62:9a:23:26:86:65:a3:
         2c:22:92:5b:10:7a:72:e3:6f:06:c3:a4:3f:77:28:d8:49:fe:
         dd:58:7f:e2:eb:9d:a8:77:98:82:60:30:27:a5:52:1d:f8:bf:
         5f:18:79:6d:98:75:28:12:95:fd:21:06:0b:a9:a4:64:61:75:
         6f:02:1f:8a:a5:16:f8:6e:46:82:fe:a5:b2:c3:07:a0:1e:f3:
         1e:7f:67:1a:ed:6b:dc:83:7a:79:d3:64:29:0a:b6:41:0f:37:
         8b:d9:58:64:e1:e3:7c:76:0a:5a:a8:bf:89:33:82:33:c9:08:
         27:d3:d1:2b:d9:33:2d:e3:dc:84:ab:40:b9:5a:3c:8f:39:49:
         3f:b7:ee:92:3b:0f:5f:24:27:65:3d:9b:44:41:1c:50:35:0f:
         4d:b6:29:c0:c4:28:5e:0a:ba:74:dc:73:e6:22:55:71:cb:3f:
         79:3e:70:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeWbVrxW7Ac9v9lCX1syO7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE4MjIxMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjhiNjVjYmI0MGUyNjViOWI2MzdlZWQ4NzAxNDcwODRjMzUyMGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytL2O1NN3VWXSKSfln0fH4ldR1x9
8dwCzEwv2zuUvMAflURIZYTdcH+c5BpkHXj5JCF52tSuMjdaUUGR2t3VdmwFmC5O
SNz/pWoYsAF6aUJqx+TLKXm7U+xDwJ0DllGWfOmjgHV3kkOBJHRneY+nrhedBtB7
C3m/pYITlAI5OmGQmrJww/C1YtxMk6ilM8IgxA73PLnwgVdCSyohkMSVHaQahJLK
da7GuY0/hc9Uy1K82lRMXveCBHvaif9s0Zd28cxXCjcate0kqqkbgH8LDCfbbymv
Pq8fF7mPPwMX6W2dGTswHcaahGuIqYEllUdAGkvs0FrKTOHmy1kTsOpYdwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBaLZcu0DiZbm2N+7YcBRwhMNSCsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRm90bHk3UU9KbHViWTM3dGh3RkhDRXcxSUt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAVR1gKYU2dwI3vIgKcq
QZ2zpdf4PJW3CHjJb8hAR/kKSVBKpiz/lqh+oQHVzj9eqSe3VJscwnlSZPQrb288
xFY4Qwu+uBshZgPEAT5xdDtBqItpYpojJoZloywiklsQenLjbwbDpD93KNhJ/t1Y
f+Lrnah3mIJgMCelUh34v18YeW2YdSgSlf0hBguppGRhdW8CH4qlFvhuRoL+pbLD
B6Ae8x5/Zxrta9yDennTZCkKtkEPN4vZWGTh43x2Clqov4kzgjPJCCfT0SvZMy3j
3ISrQLlaPI85ST+37pI7D18kJ2U9m0RBHFA1D022KcDEKF4KunTcc+YiVXHLP3k+
cB0=
-----END CERTIFICATE-----