Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NHdIXXD7hHp2uPqrhjsu6HoRFbI.roa
File:                     NHdIXXD7hHp2uPqrhjsu6HoRFbI.roa (raw, json)
Hash identifier:          EXVsnNSt8AsnbRxZYL5mOtutO8ZmLefzOu3g4w5WLbI=
Subject key identifier:   34:77:48:5D:70:FB:84:7A:76:B8:FA:AB:86:3B:2E:E8:7A:11:15:B2
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895DC1889E5071EC844197E0E96FB04B55
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NHdIXXD7hHp2uPqrhjsu6HoRFbI.roa
Signing time:             Sun 16 Jul 2023 08:11:51 +0000
ROA not before:           Sun 16 Jul 2023 08:11:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5d:c1:88:9e:50:71:ec:84:41:97:e0:e9:6f:b0:4b:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 16 08:11:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3477485d70fb847a76b8faab863b2ee87a1115b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c7:f9:db:18:08:df:eb:12:a3:ad:df:04:59:
                    58:15:4d:83:0f:71:41:8d:22:a0:60:79:fb:f5:b3:
                    07:01:8d:14:29:ad:9a:8d:ca:af:db:d2:0e:67:c4:
                    84:cf:2b:54:58:19:a0:c3:11:fe:d6:d9:d0:72:46:
                    2e:6c:7d:9d:9c:7e:62:fd:8b:5e:7d:eb:f9:13:2e:
                    94:d5:4b:12:39:d0:03:7f:56:84:f0:5d:c7:e4:9a:
                    47:8b:a6:43:b2:00:f7:7c:61:9e:84:9a:ac:0d:a8:
                    5e:41:c6:ad:32:ce:27:0e:ab:db:a8:09:92:f0:91:
                    fe:b5:dd:59:d4:7b:51:52:aa:1f:5c:49:a4:42:09:
                    d4:bf:fb:a7:be:76:36:f5:cd:5e:27:cb:57:81:6c:
                    fa:ac:75:bf:bb:28:99:bc:b4:a4:fb:d2:85:1c:7b:
                    84:e6:df:38:43:0a:f1:09:57:00:3b:76:3c:8e:c5:
                    a9:90:d6:16:e6:01:20:f5:7a:ea:b6:5c:6e:fb:0f:
                    b8:c0:88:76:68:96:20:47:53:a0:e0:d9:35:89:e6:
                    0e:6b:1e:0a:0e:4b:79:40:84:5b:5c:de:82:6f:88:
                    94:cc:73:1a:0e:2f:95:01:e9:19:77:f2:f1:cb:04:
                    c0:b0:9f:2b:2d:c2:fd:f5:a9:a6:77:6b:24:bf:28:
                    97:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:77:48:5D:70:FB:84:7A:76:B8:FA:AB:86:3B:2E:E8:7A:11:15:B2
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NHdIXXD7hHp2uPqrhjsu6HoRFbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:99:32:71:4d:16:4b:ca:2a:40:4d:94:44:c2:d5:62:3f:24:
         95:18:ff:03:db:86:2d:b2:e7:d7:aa:63:2b:56:c3:24:a5:83:
         9f:48:dc:0e:08:68:73:12:70:69:b6:5f:3a:58:9a:a8:28:c7:
         c6:58:3a:20:16:fa:92:19:f5:01:93:18:33:02:c9:da:03:9a:
         3e:7e:8d:62:2d:7d:bd:ae:32:25:af:06:37:b7:45:2a:c8:83:
         a2:cf:d8:01:51:81:ac:28:b6:96:d5:aa:ff:8d:69:d4:1b:89:
         ba:29:2f:54:74:bf:3e:f2:ec:88:75:59:26:ad:5e:1b:7e:1a:
         f7:96:04:cd:fd:06:06:b5:46:8d:b3:df:dc:3a:be:34:1d:64:
         dc:7d:e0:3b:7c:bd:80:da:a1:48:50:59:d8:b8:33:a0:51:c2:
         e1:42:ac:54:af:e7:19:a2:4c:fd:8a:f7:e7:db:9e:11:5a:12:
         37:b7:d1:30:64:e7:b0:b7:d7:1a:8e:fa:f2:cb:23:ef:0c:e5:
         32:70:2b:82:4c:6a:f5:29:d4:d8:26:6d:45:ba:ba:6c:cd:22:
         70:53:6e:bc:cf:f3:32:a9:d1:6d:eb:b7:a2:b1:e8:c1:1e:ca:
         c2:ca:df:52:76:ac:7d:07:ef:77:79:b2:f0:48:67:8b:f8:b2:
         57:b1:de:9d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYldwYieUHHshEGX4OlvsEtVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE2MDgxMTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDc3NDg1ZDcwZmI4NDdhNzZiOGZhYWI4NjNiMmVlODdhMTExNWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsf52xgI3+sSo63fBFlYFU2DD3FB
jSKgYHn79bMHAY0UKa2ajcqv29IOZ8SEzytUWBmgwxH+1tnQckYubH2dnH5i/Yte
fev5Ey6U1UsSOdADf1aE8F3H5JpHi6ZDsgD3fGGehJqsDaheQcatMs4nDqvbqAmS
8JH+td1Z1HtRUqofXEmkQgnUv/unvnY29c1eJ8tXgWz6rHW/uyiZvLSk+9KFHHuE
5t84QwrxCVcAO3Y8jsWpkNYW5gEg9Xrqtlxu+w+4wIh2aJYgR1Og4Nk1ieYOax4K
Dkt5QIRbXN6Cb4iUzHMaDi+VAekZd/LxywTAsJ8rLcL99ammd2skvyiXqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDR3SF1w+4R6drj6q4Y7Luh6ERWyMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTkhkSVhYRDdoSHAydVBxcmhqc3U2SG9SRmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA2ZMnFNFkvKKkBNlETC
1WI/JJUY/wPbhi2y59eqYytWwySlg59I3A4IaHMScGm2XzpYmqgox8ZYOiAW+pIZ
9QGTGDMCydoDmj5+jWItfb2uMiWvBje3RSrIg6LP2AFRgawotpbVqv+NadQbibop
L1R0vz7y7Ih1WSatXht+GveWBM39Bga1Ro2z39w6vjQdZNx94Dt8vYDaoUhQWdi4
M6BRwuFCrFSv5xmiTP2K9+fbnhFaEje30TBk57C31xqO+vLLI+8M5TJwK4JMavUp
1NgmbUW6umzNInBTbrzP8zKp0W3rt6Kx6MEeysLK31J2rH0H73d5svBIZ4v4slex
3p0=
-----END CERTIFICATE-----