Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Grsg124mgYQM4Jy2bFrzt_3W-VA.roa
File:                     Grsg124mgYQM4Jy2bFrzt_3W-VA.roa (raw, json)
Hash identifier:          VFFaPWNtWmFicD1wrOc+QoXFUBV8CLkUNaImVMLB0pI=
Subject key identifier:   1A:BB:20:D7:6E:26:81:84:0C:E0:9C:B6:6C:5A:F3:B7:FD:D6:F9:50
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187B0CF31F841D138664CE6980A627FD048
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Grsg124mgYQM4Jy2bFrzt_3W-VA.roa
Signing time:             Mon 24 Apr 2023 01:09:41 +0000
ROA not before:           Mon 24 Apr 2023 01:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b0:cf:31:f8:41:d1:38:66:4c:e6:98:0a:62:7f:d0:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 24 01:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1abb20d76e2681840ce09cb66c5af3b7fdd6f950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a3:99:f5:53:6d:97:ec:e1:e7:f4:65:6b:68:
                    fa:c7:c2:2c:07:71:55:bb:88:e4:73:6d:8e:c9:bc:
                    88:41:0e:ef:93:69:e5:ab:6d:ed:05:cb:46:e4:88:
                    6d:83:ee:38:c8:bc:63:dc:0b:c8:4f:4f:10:03:22:
                    2b:c3:cf:9e:78:af:c6:0b:76:ff:98:26:f7:98:c6:
                    f1:17:d8:62:d3:e0:58:64:55:ef:aa:8a:93:0c:d9:
                    ce:98:21:2f:08:6b:37:c2:54:82:4b:5a:57:0b:c7:
                    56:26:d8:f6:f0:41:be:fe:da:e3:48:68:b6:92:81:
                    23:a1:3b:31:a8:b4:71:35:13:67:e5:70:8e:4d:82:
                    7d:41:47:57:5c:56:fc:0c:4d:bf:08:18:a2:2d:d4:
                    95:3f:df:b2:fc:b9:db:a8:a2:e9:75:9a:e0:46:1d:
                    da:f5:a9:ff:c8:ab:7e:39:aa:df:f4:cd:9e:88:0a:
                    f5:23:f1:af:77:b6:2a:2c:e1:85:15:08:c4:e1:17:
                    ae:0a:7e:ff:95:4c:8b:10:49:2a:ac:ab:7f:f0:95:
                    c3:08:2a:40:36:24:64:2a:b0:94:9d:44:ec:b8:8f:
                    c2:0d:16:ce:d5:21:b7:ea:9c:76:ec:e6:61:9c:ed:
                    10:54:8e:05:3e:bb:0d:58:0d:6d:c7:36:47:03:70:
                    74:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:BB:20:D7:6E:26:81:84:0C:E0:9C:B6:6C:5A:F3:B7:FD:D6:F9:50
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Grsg124mgYQM4Jy2bFrzt_3W-VA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:1a:30:37:21:93:05:56:cb:2b:36:c6:56:39:d4:56:ca:17:
         4d:70:a6:ab:47:03:69:c8:ed:3a:bd:ac:77:ca:16:10:f7:b5:
         ec:ed:d0:5a:ce:6a:7f:85:2d:d0:d8:bf:46:d7:95:0a:9a:6c:
         7c:b3:e4:e8:bc:b6:9d:77:1e:01:a7:9a:47:f7:79:27:b8:ac:
         34:7b:07:43:3a:9e:71:20:3a:36:c5:2f:8d:d8:d2:6d:98:74:
         15:dd:2d:26:bc:31:5a:59:55:06:90:d4:04:44:6b:e4:c4:39:
         a7:08:02:b9:57:58:84:43:3c:5c:cf:16:f1:81:0b:0b:a7:e8:
         e1:76:4e:11:c9:fb:8b:4f:5f:d4:c6:fa:c4:43:b3:e6:7b:6f:
         c3:88:b4:2e:e6:e5:48:c2:c6:b4:9b:d0:9d:a7:e8:75:ac:a3:
         6d:61:6e:c9:4d:23:30:dc:88:59:f4:4a:b1:29:c0:6b:e7:0a:
         d6:46:c1:77:ec:58:0a:19:b5:ab:f7:7e:15:0b:2b:6b:6f:1b:
         fe:f9:1a:b6:ec:dc:99:5a:e9:2f:01:ca:85:00:90:d4:d3:dc:
         41:6d:e0:7c:f9:ee:94:95:c4:1d:c5:eb:43:9d:27:42:e4:5c:
         cc:78:9f:db:a3:58:e1:e1:ea:28:65:34:ec:be:5d:be:b1:f3:
         23:81:bd:0a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYewzzH4QdE4ZkzmmApif9BIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI0MDEwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWJiMjBkNzZlMjY4MTg0MGNlMDljYjY2YzVhZjNiN2ZkZDZmOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6OZ9VNtl+zh5/Rla2j6x8IsB3FV
u4jkc22OybyIQQ7vk2nlq23tBctG5Ihtg+44yLxj3AvIT08QAyIrw8+eeK/GC3b/
mCb3mMbxF9hi0+BYZFXvqoqTDNnOmCEvCGs3wlSCS1pXC8dWJtj28EG+/trjSGi2
koEjoTsxqLRxNRNn5XCOTYJ9QUdXXFb8DE2/CBiiLdSVP9+y/LnbqKLpdZrgRh3a
9an/yKt+Oarf9M2eiAr1I/Gvd7YqLOGFFQjE4ReuCn7/lUyLEEkqrKt/8JXDCCpA
NiRkKrCUnUTsuI/CDRbO1SG36px27OZhnO0QVI4FPrsNWA1txzZHA3B0EwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBq7INduJoGEDOCctmxa87f91vlQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvR3JzZzEyNG1nWVFNNEp5MmJGcnp0XzNXLVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABUaMDchkwVWyys2xlY5
1FbKF01wpqtHA2nI7Tq9rHfKFhD3tezt0FrOan+FLdDYv0bXlQqabHyz5Oi8tp13
HgGnmkf3eSe4rDR7B0M6nnEgOjbFL43Y0m2YdBXdLSa8MVpZVQaQ1AREa+TEOacI
ArlXWIRDPFzPFvGBCwun6OF2ThHJ+4tPX9TG+sRDs+Z7b8OItC7m5UjCxrSb0J2n
6HWso21hbslNIzDciFn0SrEpwGvnCtZGwXfsWAoZtav3fhULK2tvG/75Grbs3Jla
6S8ByoUAkNTT3EFt4Hz57pSVxB3F60OdJ0LkXMx4n9ujWOHh6ihlNOy+Xb6x8yOB
vQo=
-----END CERTIFICATE-----