Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Lpc8hv9mqlIYB25Xgx9laWiEKaA.roa
File:                     Lpc8hv9mqlIYB25Xgx9laWiEKaA.roa (raw, json)
Hash identifier:          JyAR8kK9M1t8W51TNEkurwGvEsO8UM3+efDU35bIXvA=
Subject key identifier:   2E:97:3C:86:FF:66:AA:52:18:07:6E:57:83:1F:65:69:68:84:29:A0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01881D9BCCC9FFC466F00B87D16C58AB58F1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Lpc8hv9mqlIYB25Xgx9laWiEKaA.roa
Signing time:             Mon 15 May 2023 04:12:09 +0000
ROA not before:           Mon 15 May 2023 04:12:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:1d:9b:cc:c9:ff:c4:66:f0:0b:87:d1:6c:58:ab:58:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 15 04:12:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2e973c86ff66aa5218076e57831f6569688429a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:b4:b3:2a:27:04:ad:5c:c2:5e:09:84:b4:d9:
                    98:d4:11:50:1e:e5:3a:84:15:02:34:5b:9b:36:43:
                    bc:f3:ad:cd:91:ae:be:f3:a5:50:c7:2b:72:7a:d1:
                    7c:58:0d:14:91:58:c5:9e:38:4e:c0:34:84:e0:3d:
                    bd:6d:09:d2:e4:f3:f5:48:b8:c5:fb:e0:15:21:7f:
                    9b:a0:fa:fe:b3:1f:ff:7c:51:53:8d:00:d5:b1:f6:
                    72:a8:a1:77:e9:c1:33:1f:be:e8:5a:19:30:43:13:
                    30:3d:3d:cc:94:1b:d8:5f:18:7d:d2:f0:49:2c:e7:
                    34:e9:04:be:a2:68:f4:a7:17:4e:96:57:ef:6f:63:
                    64:e7:d7:35:13:58:0c:99:35:7f:49:0a:a6:36:86:
                    19:29:35:ca:81:e2:6c:c4:6e:05:92:a8:82:b5:8d:
                    9a:45:de:ab:fe:79:63:43:ca:25:96:c0:d5:6b:2f:
                    a0:49:b8:96:8f:cf:51:5c:8a:06:ad:f5:e0:f5:aa:
                    35:10:5a:3c:3f:7c:53:aa:ae:a6:20:bd:78:c4:a7:
                    dc:2f:85:b2:f7:e5:3c:93:8e:0c:db:72:94:b4:5d:
                    3e:e0:33:73:51:70:13:33:ea:c6:2e:ae:94:d1:a0:
                    55:f3:28:15:f5:b3:e1:84:5c:bb:39:1b:4b:ab:1a:
                    90:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:97:3C:86:FF:66:AA:52:18:07:6E:57:83:1F:65:69:68:84:29:A0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Lpc8hv9mqlIYB25Xgx9laWiEKaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:4e:46:5e:c9:3a:5d:1e:69:92:6f:34:7b:1c:11:a4:e7:49:
         b7:05:3e:dc:ff:87:89:df:b4:74:de:e6:3b:86:aa:10:9d:a7:
         23:04:66:fd:cc:b3:8f:d9:e1:13:ec:3d:29:2f:5f:65:2e:9b:
         2a:96:78:90:9b:aa:46:5a:f0:19:2a:63:1c:50:d0:ff:71:b6:
         df:1b:40:03:cb:a8:66:39:55:e6:43:a7:11:ad:58:d6:78:f4:
         4f:60:f9:c4:14:31:14:cd:fd:b9:8c:c5:92:26:1d:96:37:4d:
         9d:1b:8b:7d:58:43:f0:7f:a1:f7:f3:6d:96:ad:4d:97:3e:84:
         55:de:1f:58:f1:9b:72:df:9f:0c:58:56:29:9c:ac:f9:b2:d7:
         4c:50:fa:c3:69:ed:f7:f6:e3:6a:59:8a:81:23:4e:4e:d8:e0:
         c1:b5:19:12:27:d4:e3:8c:5e:04:6f:fe:08:68:2f:a3:bf:e5:
         67:81:10:41:f1:5e:ba:bf:5e:f9:76:74:26:83:a8:b5:80:54:
         bb:ca:cf:cb:fc:0a:de:1b:79:19:a8:05:72:8b:67:a1:53:a2:
         b7:34:d9:a6:55:31:18:25:65:95:00:11:89:39:a6:66:f2:5d:
         2a:7f:15:99:f6:97:18:85:3c:89:0d:b2:82:96:eb:c1:82:c2:
         bf:1f:50:9a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgdm8zJ/8Rm8AuH0WxYq1jxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE1MDQxMjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTk3M2M4NmZmNjZhYTUyMTgwNzZlNTc4MzFmNjU2OTY4ODQyOWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6rSzKicErVzCXgmEtNmY1BFQHuU6
hBUCNFubNkO8863Nka6+86VQxytyetF8WA0UkVjFnjhOwDSE4D29bQnS5PP1SLjF
++AVIX+boPr+sx//fFFTjQDVsfZyqKF36cEzH77oWhkwQxMwPT3MlBvYXxh90vBJ
LOc06QS+omj0pxdOllfvb2Nk59c1E1gMmTV/SQqmNoYZKTXKgeJsxG4FkqiCtY2a
Rd6r/nljQ8ollsDVay+gSbiWj89RXIoGrfXg9ao1EFo8P3xTqq6mIL14xKfcL4Wy
9+U8k44M23KUtF0+4DNzUXATM+rGLq6U0aBV8ygV9bPhhFy7ORtLqxqQEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC6XPIb/ZqpSGAduV4MfZWlohCmgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTHBjOGh2OW1xbElZQjI1WGd4OWxhV2lFS2FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACpORl7JOl0eaZJvNHsc
EaTnSbcFPtz/h4nftHTe5juGqhCdpyMEZv3Ms4/Z4RPsPSkvX2UumyqWeJCbqkZa
8BkqYxxQ0P9xtt8bQAPLqGY5VeZDpxGtWNZ49E9g+cQUMRTN/bmMxZImHZY3TZ0b
i31YQ/B/offzbZatTZc+hFXeH1jxm3LfnwxYVimcrPmy10xQ+sNp7ff242pZioEj
Tk7Y4MG1GRIn1OOMXgRv/ghoL6O/5WeBEEHxXrq/Xvl2dCaDqLWAVLvKz8v8Ct4b
eRmoBXKLZ6FTorc02aZVMRglZZUAEYk5pmbyXSp/FZn2lxiFPIkNsoKW68GCwr8f
UJo=
-----END CERTIFICATE-----