Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NgGASW3taDJuuHh1suRVDqjDNP4.roa
File:                     NgGASW3taDJuuHh1suRVDqjDNP4.roa (raw, json)
Hash identifier:          UoECztZTSvOFYykAqTWiURH6qMO9whoyPSDV7+PgXwE=
Subject key identifier:   36:01:80:49:6D:ED:68:32:6E:B8:78:75:B2:E4:55:0E:A8:C3:34:FE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018836B5338DDA6F20D4C226F9EE15974E85
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NgGASW3taDJuuHh1suRVDqjDNP4.roa
Signing time:             Sat 20 May 2023 01:10:24 +0000
ROA not before:           Sat 20 May 2023 01:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:36:b5:33:8d:da:6f:20:d4:c2:26:f9:ee:15:97:4e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 20 01:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=360180496ded68326eb87875b2e4550ea8c334fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:87:b1:88:ae:dc:d0:e8:4f:69:17:e5:7b:54:
                    74:67:f1:16:93:ec:af:96:6b:65:18:35:6c:81:77:
                    87:41:27:b1:6e:ca:40:e7:6d:22:05:7f:c1:b1:4b:
                    cc:de:c1:e4:0d:26:6c:3b:60:c7:2e:1c:48:c3:2e:
                    17:83:1a:8b:4a:3b:a7:8e:b9:09:25:7b:04:f6:17:
                    b2:8a:03:b6:84:55:4a:9e:7a:b5:db:59:17:61:24:
                    e3:65:13:80:de:9a:a8:8e:19:77:bd:c1:9d:2f:95:
                    0d:02:5d:24:27:7f:23:2e:ba:df:d9:b3:c7:c4:e9:
                    fb:75:4d:0b:4f:14:fa:bc:48:db:fe:c2:5b:dd:49:
                    60:eb:9c:7b:b7:77:c8:1f:7c:fd:9b:26:29:de:34:
                    70:b0:0f:6d:9c:eb:bc:54:f7:9c:fa:b5:63:55:f5:
                    85:bc:ac:78:e1:ac:fc:a9:50:63:cf:dc:13:5a:e5:
                    08:8c:4d:97:e2:50:6d:c9:9b:9e:30:61:e6:08:00:
                    f1:45:9e:c3:af:41:9f:40:66:42:9f:75:68:92:27:
                    3f:2c:b8:51:07:d6:dd:5d:8f:c7:98:f2:18:02:93:
                    b2:1e:c8:e3:13:60:a6:85:6d:fd:d4:58:88:cb:74:
                    d1:d5:76:ba:68:8e:ea:7b:b7:61:20:5c:0d:a3:5c:
                    22:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:01:80:49:6D:ED:68:32:6E:B8:78:75:B2:E4:55:0E:A8:C3:34:FE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NgGASW3taDJuuHh1suRVDqjDNP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:6f:eb:1d:29:97:68:8c:67:69:a6:c3:43:c3:de:60:b3:5d:
         ff:88:ea:d7:a0:e5:97:0b:3a:84:df:39:6d:98:70:c1:ba:04:
         43:c4:90:78:9a:b3:d7:3c:0f:4d:39:78:e3:a1:ae:2a:7e:34:
         53:34:e4:6d:ba:b1:dc:0a:b3:27:18:cf:4c:1a:c7:4a:7f:e8:
         52:7f:9d:5d:2a:db:f7:53:4a:25:5b:17:9f:f4:20:04:73:dd:
         4c:8a:f6:5b:29:36:c3:d4:49:b7:02:3a:70:b4:47:86:77:99:
         dd:27:33:0e:56:c2:79:a4:79:8e:e1:0d:94:9d:71:79:66:9a:
         f4:29:6c:ef:67:b1:64:ff:8f:03:bd:a7:6c:7c:17:16:a3:e1:
         b1:8f:05:fa:a8:ae:dd:f4:8a:aa:cd:fa:4a:7a:14:5b:0c:cd:
         6b:6b:3a:4a:f4:c6:41:f3:3d:9d:10:09:25:4f:b2:2b:af:6e:
         b3:1c:e5:57:55:a3:bf:16:f2:bc:0a:5a:c8:48:c5:af:0c:2c:
         d3:20:ac:1b:0d:e2:ec:d8:63:b9:c6:e4:f6:3b:93:8b:5d:1b:
         33:2b:7c:4d:1d:f5:f5:d7:72:9f:3a:fd:66:83:f6:2a:9c:17:
         80:5c:ce:50:5d:67:1f:21:6e:84:14:74:6e:15:f3:92:ca:32:
         2d:af:a5:ae
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg2tTON2m8g1MIm+e4Vl06FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIwMDExMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjAxODA0OTZkZWQ2ODMyNmViODc4NzViMmU0NTUwZWE4YzMzNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjoexiK7c0OhPaRfle1R0Z/EWk+yv
lmtlGDVsgXeHQSexbspA520iBX/BsUvM3sHkDSZsO2DHLhxIwy4XgxqLSjunjrkJ
JXsE9heyigO2hFVKnnq121kXYSTjZROA3pqojhl3vcGdL5UNAl0kJ38jLrrf2bPH
xOn7dU0LTxT6vEjb/sJb3Ulg65x7t3fIH3z9myYp3jRwsA9tnOu8VPec+rVjVfWF
vKx44az8qVBjz9wTWuUIjE2X4lBtyZueMGHmCADxRZ7Dr0GfQGZCn3Vokic/LLhR
B9bdXY/HmPIYApOyHsjjE2CmhW391FiIy3TR1Xa6aI7qe7dhIFwNo1wi1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDYBgElt7Wgybrh4dbLkVQ6owzT+MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTmdHQVNXM3RhREp1dUhoMXN1UlZEcWpETlA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEtv6x0pl2iMZ2mmw0PD
3mCzXf+I6teg5ZcLOoTfOW2YcMG6BEPEkHias9c8D005eOOhrip+NFM05G26sdwK
sycYz0wax0p/6FJ/nV0q2/dTSiVbF5/0IARz3UyK9lspNsPUSbcCOnC0R4Z3md0n
Mw5WwnmkeY7hDZSdcXlmmvQpbO9nsWT/jwO9p2x8Fxaj4bGPBfqort30iqrN+kp6
FFsMzWtrOkr0xkHzPZ0QCSVPsiuvbrMc5VdVo78W8rwKWshIxa8MLNMgrBsN4uzY
Y7nG5PY7k4tdGzMrfE0d9fXXcp86/WaD9iqcF4BczlBdZx8hboQUdG4V85LKMi2v
pa4=
-----END CERTIFICATE-----