Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NkfIyBw16mbFIv2hQclPLB2V5ho.roa
File:                     NkfIyBw16mbFIv2hQclPLB2V5ho.roa (raw, json)
Hash identifier:          HaNN08lh91pGA5BVfo6UIOjWo0FGqs0LjIwy+huGOl8=
Subject key identifier:   36:47:C8:C8:1C:35:EA:66:C5:22:FD:A1:41:C9:4F:2C:1D:95:E6:1A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188B471E683F873D9A685852D0B5A3332B5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NkfIyBw16mbFIv2hQclPLB2V5ho.roa
Signing time:             Tue 13 Jun 2023 11:09:03 +0000
ROA not before:           Tue 13 Jun 2023 11:09:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b4:71:e6:83:f8:73:d9:a6:85:85:2d:0b:5a:33:32:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 13 11:09:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3647c8c81c35ea66c522fda141c94f2c1d95e61a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:8e:1b:08:64:f4:73:cd:85:37:2d:ba:b1:6d:
                    a7:7b:21:1c:94:a5:b5:e2:b7:24:c9:b0:85:75:e8:
                    e5:07:c5:f4:63:d9:e9:51:2a:b8:a9:29:e2:03:ba:
                    b8:e1:ee:6c:c2:f4:a4:b1:56:eb:f2:1b:fb:fb:2b:
                    06:8f:90:d1:07:e0:7d:75:7c:54:57:c3:9a:d1:89:
                    96:1e:93:e4:0f:7d:59:4f:9e:75:d3:27:a0:e1:9c:
                    0f:b4:4c:f9:31:8f:a3:4e:6c:52:4b:65:0d:39:ce:
                    81:66:ce:e8:c4:c6:a3:04:3e:5a:27:d4:63:ec:c1:
                    41:84:dc:9b:81:fe:24:d5:58:66:7a:73:e3:cf:1d:
                    c3:04:73:e9:b2:cd:6e:c1:28:fd:0d:8f:46:66:f4:
                    d2:d6:de:c7:2c:86:52:2f:1e:52:b0:f3:c3:0c:71:
                    c8:47:5c:81:10:cf:38:f3:8a:f2:b0:2f:12:f5:82:
                    70:11:99:a9:51:45:2a:ab:51:a5:42:d5:92:8a:ae:
                    b7:c2:51:86:9b:7b:60:1f:85:0a:22:b9:90:15:85:
                    2d:fe:fd:db:97:e0:ec:e3:5b:0a:b7:18:27:54:13:
                    f8:33:18:84:ea:00:2d:ef:7b:bf:3c:22:31:61:7f:
                    9f:c2:ae:eb:ab:22:a9:34:36:41:31:62:ff:38:e9:
                    a3:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:47:C8:C8:1C:35:EA:66:C5:22:FD:A1:41:C9:4F:2C:1D:95:E6:1A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/NkfIyBw16mbFIv2hQclPLB2V5ho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:e8:35:f5:ce:61:bf:3f:21:f2:42:7e:0c:bc:8a:75:63:40:
         33:fc:48:ce:e4:0e:f9:03:c9:be:49:a5:e7:48:f5:b5:29:07:
         34:29:9b:83:47:f0:ae:58:00:7c:c5:d4:49:6f:0d:6b:f1:6d:
         62:bb:99:bc:1b:3c:1d:86:15:9c:09:ad:65:29:df:41:41:af:
         6e:1c:9b:b1:6b:50:6d:de:d5:d1:d7:44:9d:a4:d0:e3:06:89:
         f6:ed:82:fc:43:d5:d4:71:31:a7:e1:12:14:0d:8c:0b:f5:ef:
         13:f4:d7:6f:60:e2:62:5e:c4:c0:f9:96:dd:5f:6c:db:c2:a3:
         c5:03:f5:b6:4a:a5:4c:94:a0:8e:b0:9e:8e:5b:ab:4d:79:f3:
         61:03:d9:08:ac:58:f8:50:09:26:d2:a9:33:13:be:d1:a4:af:
         96:db:aa:24:5c:48:e8:1d:fd:a6:55:1e:ed:21:34:c9:46:a3:
         47:db:e8:c1:9d:af:70:4a:ae:11:0f:1a:51:38:11:b8:c7:d5:
         f1:dc:53:d2:90:26:35:00:f1:92:65:0a:de:aa:70:59:61:52:
         c7:eb:8b:88:0c:79:f0:73:41:6b:ba:16:89:c2:62:d4:ab:8d:
         f7:3d:9a:18:b9:2e:05:02:4f:64:aa:79:6f:aa:00:87:e7:c6:
         12:67:3f:c5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYi0ceaD+HPZpoWFLQtaMzK1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEzMTEwOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjQ3YzhjODFjMzVlYTY2YzUyMmZkYTE0MWM5NGYyYzFkOTVlNjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Y4bCGT0c82FNy26sW2neyEclKW1
4rckybCFdejlB8X0Y9npUSq4qSniA7q44e5swvSksVbr8hv7+ysGj5DRB+B9dXxU
V8Oa0YmWHpPkD31ZT5510yeg4ZwPtEz5MY+jTmxSS2UNOc6BZs7oxMajBD5aJ9Rj
7MFBhNybgf4k1VhmenPjzx3DBHPpss1uwSj9DY9GZvTS1t7HLIZSLx5SsPPDDHHI
R1yBEM8484rysC8S9YJwEZmpUUUqq1GlQtWSiq63wlGGm3tgH4UKIrmQFYUt/v3b
l+Ds41sKtxgnVBP4MxiE6gAt73u/PCIxYX+fwq7rqyKpNDZBMWL/OOmjVwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDZHyMgcNepmxSL9oUHJTywdleYaMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTmtmSXlCdzE2bWJGSXYyaFFjbFBMQjJWNWhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC7oNfXOYb8/IfJCfgy8
inVjQDP8SM7kDvkDyb5JpedI9bUpBzQpm4NH8K5YAHzF1ElvDWvxbWK7mbwbPB2G
FZwJrWUp30FBr24cm7FrUG3e1dHXRJ2k0OMGifbtgvxD1dRxMafhEhQNjAv17xP0
129g4mJexMD5lt1fbNvCo8UD9bZKpUyUoI6wno5bq01582ED2QisWPhQCSbSqTMT
vtGkr5bbqiRcSOgd/aZVHu0hNMlGo0fb6MGdr3BKrhEPGlE4EbjH1fHcU9KQJjUA
8ZJlCt6qcFlhUsfri4gMefBzQWu6FonCYtSrjfc9mhi5LgUCT2SqeW+qAIfnxhJn
P8U=
-----END CERTIFICATE-----