Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LrQJ2WH7Maqunv9k-3u7B6Bti4I.roa
File:                     LrQJ2WH7Maqunv9k-3u7B6Bti4I.roa (raw, json)
Hash identifier:          oRMbZmpfFl1uUeoXriEcUtRF2Aimkt6lWXdzcWrjHJk=
Subject key identifier:   2E:B4:09:D9:61:FB:31:AA:AE:9E:FF:64:FB:7B:BB:07:A0:6D:8B:82
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187149E896D5AD02BACFA59EE1D3EBB14B1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LrQJ2WH7Maqunv9k-3u7B6Bti4I.roa
Signing time:             Fri 24 Mar 2023 17:15:46 +0000
ROA not before:           Fri 24 Mar 2023 17:15:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:14:9e:89:6d:5a:d0:2b:ac:fa:59:ee:1d:3e:bb:14:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 24 17:15:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2eb409d961fb31aaae9eff64fb7bbb07a06d8b82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:5b:03:3f:f8:c2:b0:f5:75:49:e6:0f:d6:65:
                    9d:a3:fb:82:27:48:1e:68:a4:72:3b:ca:40:77:88:
                    f5:19:7f:bc:6d:42:c0:5a:8b:04:5b:8d:28:8b:6c:
                    41:d3:42:21:fb:e4:bd:a7:ff:ba:db:5a:11:a2:ee:
                    23:c3:01:e0:a7:72:8c:03:84:4a:fd:77:18:75:04:
                    b6:7d:05:ce:32:24:82:0e:b6:f2:fa:fc:99:08:81:
                    9d:da:73:b1:71:43:d7:8d:14:8e:c8:c6:bd:e1:b0:
                    d1:eb:ae:8c:34:78:61:5d:ec:b8:6e:c7:db:03:af:
                    bd:8f:7e:9c:5a:35:12:21:28:5a:bb:37:62:10:1c:
                    32:e8:7d:91:8c:87:1f:bb:4f:cf:de:54:f8:5e:ea:
                    e2:8b:27:18:ff:5e:5c:28:f9:f3:43:1d:39:e5:e8:
                    72:49:87:fc:9e:ee:78:8f:9e:21:a4:c3:0f:24:de:
                    24:fc:4f:e5:61:42:83:b0:f0:5f:bc:25:da:31:07:
                    f8:80:99:69:9b:16:2d:e6:57:3f:a7:8f:06:0b:58:
                    51:a8:ec:46:a8:58:ff:25:c2:6e:dc:15:6f:eb:9e:
                    67:8c:b2:34:4d:63:bc:02:ad:34:83:23:a4:db:50:
                    e3:02:5f:4e:01:77:7b:44:45:e1:e1:38:ed:41:1e:
                    e0:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B4:09:D9:61:FB:31:AA:AE:9E:FF:64:FB:7B:BB:07:A0:6D:8B:82
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LrQJ2WH7Maqunv9k-3u7B6Bti4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:0d:1d:86:30:ed:56:a4:e7:5c:6c:2e:59:66:0f:d8:d6:8e:
         1f:dd:e1:b0:47:92:a5:8c:2d:18:ac:d0:16:70:3b:d0:51:45:
         d1:71:9d:a9:81:80:b9:d9:59:fa:7f:87:af:21:4d:28:16:b7:
         d1:36:99:6e:ea:10:9a:e6:cf:62:e4:83:1a:8c:83:a7:4a:6f:
         d5:4c:ec:f5:d3:55:03:07:c4:00:07:81:17:a4:a5:64:59:b1:
         64:dc:37:4f:96:47:2d:07:30:5e:5e:6d:0a:31:13:fc:ca:60:
         5a:ce:42:85:ad:4b:b4:f9:c7:8a:96:08:36:7c:5c:81:d9:63:
         73:05:95:83:d5:3c:a0:fd:bf:dc:76:2e:36:ce:8e:d3:b1:4a:
         b4:de:89:48:cd:80:86:fb:5d:39:8a:03:e6:84:94:44:9e:2c:
         df:a8:46:ee:ba:a2:3c:da:0c:f0:6f:1a:a8:c2:3c:be:f6:b6:
         68:40:8d:0a:92:7a:03:8b:80:22:90:7c:17:75:68:5d:9a:ec:
         e8:31:36:7c:45:a1:13:88:91:00:02:de:81:16:aa:f3:6a:99:
         56:21:db:15:1b:c1:80:42:fc:55:0a:eb:31:17:26:dd:fb:09:
         da:86:2f:83:27:a0:12:bb:86:d6:f3:c9:94:0b:c6:02:4f:80:
         ab:98:b1:49
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcUnoltWtArrPpZ7h0+uxSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI0MTcxNTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWI0MDlkOTYxZmIzMWFhYWU5ZWZmNjRmYjdiYmIwN2EwNmQ4YjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglsDP/jCsPV1SeYP1mWdo/uCJ0ge
aKRyO8pAd4j1GX+8bULAWosEW40oi2xB00Ih++S9p/+621oRou4jwwHgp3KMA4RK
/XcYdQS2fQXOMiSCDrby+vyZCIGd2nOxcUPXjRSOyMa94bDR666MNHhhXey4bsfb
A6+9j36cWjUSIShauzdiEBwy6H2RjIcfu0/P3lT4XuriiycY/15cKPnzQx055ehy
SYf8nu54j54hpMMPJN4k/E/lYUKDsPBfvCXaMQf4gJlpmxYt5lc/p48GC1hRqOxG
qFj/JcJu3BVv655njLI0TWO8Aq00gyOk21DjAl9OAXd7REXh4TjtQR7gRwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC60Cdlh+zGqrp7/ZPt7uwegbYuCMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTHJRSjJXSDdNYXF1bnY5ay0zdTdCNkJ0aTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFkNHYYw7Vak51xsLllm
D9jWjh/d4bBHkqWMLRis0BZwO9BRRdFxnamBgLnZWfp/h68hTSgWt9E2mW7qEJrm
z2LkgxqMg6dKb9VM7PXTVQMHxAAHgRekpWRZsWTcN0+WRy0HMF5ebQoxE/zKYFrO
QoWtS7T5x4qWCDZ8XIHZY3MFlYPVPKD9v9x2LjbOjtOxSrTeiUjNgIb7XTmKA+aE
lESeLN+oRu66ojzaDPBvGqjCPL72tmhAjQqSegOLgCKQfBd1aF2a7OgxNnxFoROI
kQAC3oEWqvNqmVYh2xUbwYBC/FUK6zEXJt37CdqGL4MnoBK7htbzyZQLxgJPgKuY
sUk=
-----END CERTIFICATE-----