Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HS1otrp0Zh_9J1NJPKZVzq96Nhs.roa
File:                     HS1otrp0Zh_9J1NJPKZVzq96Nhs.roa (raw, json)
Hash identifier:          Jk+J7hbJoleDT+DakAcbBeQRu5mqoF9gJNvXII/Thvo=
Subject key identifier:   1D:2D:68:B6:BA:74:66:1F:FD:27:53:49:3C:A6:55:CE:AF:7A:36:1B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C45CACD3CF37FE06208C6244DAD4B284
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HS1otrp0Zh_9J1NJPKZVzq96Nhs.roa
Signing time:             Thu 09 Mar 2023 03:14:13 +0000
ROA not before:           Thu 09 Mar 2023 03:14:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c4:5c:ac:d3:cf:37:fe:06:20:8c:62:44:da:d4:b2:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  9 03:14:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1d2d68b6ba74661ffd2753493ca655ceaf7a361b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d5:e4:06:67:23:72:10:81:eb:85:fc:df:15:
                    7a:90:d8:87:96:c8:6d:1c:17:f7:db:ca:47:6d:4d:
                    b8:b5:eb:fe:b2:3a:38:bf:5d:04:bf:21:ad:e2:99:
                    19:55:12:70:09:9b:06:ee:5c:19:97:a2:70:99:78:
                    7f:70:62:ca:a0:91:38:74:f8:c5:bc:6d:e8:f9:cc:
                    2b:e7:4a:7f:4b:79:fa:33:c7:fd:54:0f:96:35:2e:
                    49:bd:8a:e0:c8:de:7e:62:b0:58:6c:09:b1:0e:69:
                    33:64:05:f2:3f:b2:4e:22:51:9b:76:0f:5f:35:85:
                    7d:d2:e8:d1:5a:05:44:31:75:01:4e:e3:97:2d:93:
                    a6:2c:d2:04:97:61:6a:57:f5:a2:d6:f2:41:3a:1c:
                    d4:c8:14:14:2a:ac:a9:39:9f:f8:c5:f6:f0:91:46:
                    28:e3:30:da:a6:c2:a5:8a:3f:92:c4:fc:e4:86:04:
                    60:f0:00:f1:38:79:fd:11:d1:e1:7b:b6:76:83:65:
                    76:55:22:ad:4a:43:1d:30:54:08:47:eb:6f:48:bf:
                    2e:32:93:b2:c8:60:5e:25:86:d2:df:a3:09:a3:c6:
                    ce:8f:e5:5c:9b:70:3b:2c:d4:8a:35:24:aa:70:41:
                    fd:ae:ad:0e:4c:34:b3:0b:84:09:77:0a:ea:83:7f:
                    e2:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:2D:68:B6:BA:74:66:1F:FD:27:53:49:3C:A6:55:CE:AF:7A:36:1B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HS1otrp0Zh_9J1NJPKZVzq96Nhs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:f1:a2:e6:9a:22:1f:b9:74:bc:7f:b4:29:34:69:aa:29:02:
         a1:37:59:c3:54:c5:1d:d7:1c:91:a4:6f:b6:94:96:f2:d6:9b:
         06:a2:70:06:dc:7c:65:ae:1a:f0:92:cd:0d:49:60:e5:b8:a4:
         f3:cd:27:6e:82:d9:1b:4c:af:9a:13:9b:3a:56:db:7b:44:b6:
         77:bf:68:97:3e:05:65:b0:5d:90:3e:19:70:23:b3:a3:2e:87:
         d6:e8:fd:7f:88:b7:32:36:e7:e9:38:c1:cf:6c:b0:81:8c:5e:
         1b:46:ed:ad:d0:b4:f0:64:40:65:d5:01:af:5a:85:ad:1b:76:
         22:03:34:64:62:4e:24:f4:62:84:eb:0e:64:53:8a:7b:81:17:
         d9:2c:ea:b6:59:2f:b2:20:fd:24:38:c9:4e:b4:1b:2d:ed:ef:
         1d:27:0a:ac:31:0b:2e:cd:92:83:00:f0:6d:c8:73:f0:3f:36:
         b2:9c:c7:47:16:3a:25:14:c7:1c:44:d0:4c:4e:b0:31:4f:dc:
         6a:d4:94:20:f3:77:40:35:f8:da:1e:c4:5b:38:b6:9c:a0:e7:
         83:74:fc:1e:ea:3d:62:bb:fd:88:66:a7:4c:87:71:09:83:a3:
         72:00:7c:b9:8c:f1:a4:e2:76:67:c6:21:2f:be:23:b1:42:c0:
         dd:50:f8:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbEXKzTzzf+BiCMYkTa1LKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA5MDMxNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDJkNjhiNmJhNzQ2NjFmZmQyNzUzNDkzY2E2NTVjZWFmN2EzNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9XkBmcjchCB64X83xV6kNiHlsht
HBf328pHbU24tev+sjo4v10EvyGt4pkZVRJwCZsG7lwZl6JwmXh/cGLKoJE4dPjF
vG3o+cwr50p/S3n6M8f9VA+WNS5JvYrgyN5+YrBYbAmxDmkzZAXyP7JOIlGbdg9f
NYV90ujRWgVEMXUBTuOXLZOmLNIEl2FqV/Wi1vJBOhzUyBQUKqypOZ/4xfbwkUYo
4zDapsKlij+SxPzkhgRg8ADxOHn9EdHhe7Z2g2V2VSKtSkMdMFQIR+tvSL8uMpOy
yGBeJYbS36MJo8bOj+Vcm3A7LNSKNSSqcEH9rq0OTDSzC4QJdwrqg3/imQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB0taLa6dGYf/SdTSTymVc6vejYbMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSFMxb3RycDBaaF85SjFOSlBLWlZ6cTk2TmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACnxouaaIh+5dLx/tCk0
aaopAqE3WcNUxR3XHJGkb7aUlvLWmwaicAbcfGWuGvCSzQ1JYOW4pPPNJ26C2RtM
r5oTmzpW23tEtne/aJc+BWWwXZA+GXAjs6Muh9bo/X+ItzI25+k4wc9ssIGMXhtG
7a3QtPBkQGXVAa9aha0bdiIDNGRiTiT0YoTrDmRTinuBF9ks6rZZL7Ig/SQ4yU60
Gy3t7x0nCqwxCy7NkoMA8G3Ic/A/NrKcx0cWOiUUxxxE0ExOsDFP3GrUlCDzd0A1
+NoexFs4tpyg54N0/B7qPWK7/Yhmp0yHcQmDo3IAfLmM8aTidmfGIS++I7FCwN1Q
+KU=
-----END CERTIFICATE-----