Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HmhP25mr6-vM68jTNa7ucog-GzU.roa
File:                     HmhP25mr6-vM68jTNa7ucog-GzU.roa (raw, json)
Hash identifier:          cGkbdzD+CEZtgK5ESHrl1QdZ7e9X5FgBQ7Tb4rnHq08=
Subject key identifier:   1E:68:4F:DB:99:AB:EB:EB:CC:EB:C8:D3:35:AE:EE:72:88:3E:1B:35
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888574022C469FA9B01777D0B9ED49A979
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HmhP25mr6-vM68jTNa7ucog-GzU.roa
Signing time:             Sun 04 Jun 2023 08:09:12 +0000
ROA not before:           Sun 04 Jun 2023 08:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:85:74:02:2c:46:9f:a9:b0:17:77:d0:b9:ed:49:a9:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  4 08:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1e684fdb99abebebccebc8d335aeee72883e1b35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:30:96:8a:85:49:6d:4b:2a:05:1d:ea:d4:7e:
                    35:d2:9c:4b:c8:ec:0e:6a:4d:8f:45:ab:57:41:29:
                    2e:87:4d:20:78:b8:0b:6f:aa:d0:36:6f:16:03:56:
                    6e:f8:50:52:18:ce:4f:e6:56:d7:d8:cb:a7:e2:46:
                    6c:19:71:fe:bf:21:e0:04:ea:54:ba:c5:f5:08:9d:
                    6c:c0:79:1c:96:08:0f:67:ca:0c:87:49:8c:19:e1:
                    cb:fe:db:61:c9:89:5d:0a:8f:80:34:2c:6a:d3:89:
                    45:e3:e5:b0:cc:b0:5a:58:f2:6b:5e:ce:e0:b1:9a:
                    6b:c7:25:e4:38:c2:32:46:2d:a6:c7:16:f2:99:9e:
                    a9:0d:e1:16:ba:b7:28:eb:96:d2:7c:bd:72:24:6c:
                    82:86:f8:02:de:31:95:7a:9f:2d:e3:77:2f:35:ad:
                    68:d1:f5:8f:f6:46:e9:f5:0a:4a:c2:a3:d1:cc:ca:
                    3a:6c:36:67:21:b6:7e:cd:b0:55:75:a0:59:e9:7a:
                    c1:1b:ef:90:09:52:8a:43:0a:9e:e3:b8:a4:5f:d3:
                    39:cc:c3:70:86:00:39:ec:d7:38:a2:23:8a:d3:45:
                    22:f1:c7:e4:c9:d8:ab:7e:8d:00:d5:52:34:09:cd:
                    73:b3:0c:45:3a:74:44:c7:6f:86:2b:f3:24:f1:b4:
                    7b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:68:4F:DB:99:AB:EB:EB:CC:EB:C8:D3:35:AE:EE:72:88:3E:1B:35
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HmhP25mr6-vM68jTNa7ucog-GzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:f2:31:b9:19:09:ad:05:38:25:a6:6a:7b:1f:4a:db:06:ca:
         80:e3:a0:37:35:9d:54:fc:52:8e:54:4f:e9:40:2d:75:53:31:
         fb:05:ce:27:cf:7f:f4:54:06:6c:a9:61:88:49:b5:24:29:01:
         04:29:99:4c:54:a4:01:56:04:4b:f4:16:57:d6:77:b0:66:83:
         6a:28:43:c6:07:b2:9a:db:b8:3d:5d:fd:07:06:c8:7c:e6:b6:
         f6:b9:9f:5d:35:ba:24:e1:4f:01:17:c1:ed:ee:a6:2c:4e:a6:
         ee:df:a2:8d:3b:96:67:04:d6:88:79:cc:b9:b1:ed:11:d2:aa:
         e1:1d:0c:44:c6:9f:47:8d:8c:03:09:30:20:ed:c2:81:b3:58:
         73:f0:45:8f:ab:95:d2:1f:4d:c2:fa:ac:4b:92:20:c7:7b:c5:
         a3:ba:f1:08:aa:25:02:04:74:9f:f8:39:77:c5:0d:69:56:83:
         9f:75:70:7d:55:84:3e:d9:42:e2:a0:99:f2:2e:bf:e7:f1:b0:
         e3:26:fa:58:e7:ac:63:ab:d7:a9:e0:41:b3:04:94:de:3d:c3:
         58:9d:c7:73:45:0c:54:22:82:55:89:b2:b4:d1:32:26:93:bd:
         37:25:6f:a8:fe:52:57:34:98:6f:bc:0b:d2:8e:f4:5a:0d:f3:
         0f:b7:b7:3a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiFdAIsRp+psBd30LntSal5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA0MDgwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTY4NGZkYjk5YWJlYmViY2NlYmM4ZDMzNWFlZWU3Mjg4M2UxYjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzCWioVJbUsqBR3q1H410pxLyOwO
ak2PRatXQSkuh00geLgLb6rQNm8WA1Zu+FBSGM5P5lbX2Mun4kZsGXH+vyHgBOpU
usX1CJ1swHkclggPZ8oMh0mMGeHL/tthyYldCo+ANCxq04lF4+WwzLBaWPJrXs7g
sZprxyXkOMIyRi2mxxbymZ6pDeEWurco65bSfL1yJGyChvgC3jGVep8t43cvNa1o
0fWP9kbp9QpKwqPRzMo6bDZnIbZ+zbBVdaBZ6XrBG++QCVKKQwqe47ikX9M5zMNw
hgA57Nc4oiOK00Ui8cfkydirfo0A1VI0Cc1zswxFOnREx2+GK/Mk8bR7wwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB5oT9uZq+vrzOvI0zWu7nKIPhs1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSG1oUDI1bXI2LXZNNjhqVE5hN3Vjb2ctR3pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ7yMbkZCa0FOCWmansf
StsGyoDjoDc1nVT8Uo5UT+lALXVTMfsFzifPf/RUBmypYYhJtSQpAQQpmUxUpAFW
BEv0FlfWd7Bmg2ooQ8YHsprbuD1d/QcGyHzmtva5n101uiThTwEXwe3upixOpu7f
oo07lmcE1oh5zLmx7RHSquEdDETGn0eNjAMJMCDtwoGzWHPwRY+rldIfTcL6rEuS
IMd7xaO68QiqJQIEdJ/4OXfFDWlWg591cH1VhD7ZQuKgmfIuv+fxsOMm+ljnrGOr
16ngQbMElN49w1idx3NFDFQiglWJsrTRMiaTvTclb6j+Ulc0mG+8C9KO9FoN8w+3
tzo=
-----END CERTIFICATE-----