Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OGCASJuoMxvmWYTeK3CALlsjzHg.roa
File:                     OGCASJuoMxvmWYTeK3CALlsjzHg.roa (raw, json)
Hash identifier:          U2CeQpOzqagEWyT5gj7Ycp9DsiaFtMtPzHta+HRKcrM=
Subject key identifier:   38:60:80:48:9B:A8:33:1B:E6:59:84:DE:2B:70:80:2E:5B:23:CC:78
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872444BAB1CB5BE0BD517D5D34C54D0E67
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OGCASJuoMxvmWYTeK3CALlsjzHg.roa
Signing time:             Mon 27 Mar 2023 18:11:36 +0000
ROA not before:           Mon 27 Mar 2023 18:11:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:24:44:ba:b1:cb:5b:e0:bd:51:7d:5d:34:c5:4d:0e:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 27 18:11:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=386080489ba8331be65984de2b70802e5b23cc78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:42:65:1a:10:30:df:95:5c:9e:20:37:20:cf:
                    64:0c:82:f0:24:22:bc:c5:aa:f7:21:fb:54:a0:d0:
                    bb:36:b8:a5:0c:df:4c:c2:45:fc:af:9c:ec:8e:23:
                    2a:79:75:58:b7:46:05:41:fa:86:93:ce:77:45:2b:
                    ce:31:17:27:29:87:37:9b:8e:74:1a:d5:61:64:7b:
                    78:52:03:71:83:60:3a:f7:bf:ca:e4:fd:60:2b:fc:
                    1d:4f:39:16:eb:96:38:74:52:c2:f7:84:10:08:76:
                    e7:48:9b:85:4a:ee:71:1d:89:cb:fc:ea:43:54:d7:
                    de:d7:d4:01:17:7b:95:12:3e:42:3e:c0:c0:1d:b2:
                    51:5a:09:2b:7a:76:97:d6:58:6b:4a:19:33:58:2c:
                    13:39:86:61:ad:16:34:ca:e7:f1:b6:8f:6e:ff:6c:
                    64:56:ad:c9:be:89:fd:d9:61:3d:25:9a:fe:2f:e6:
                    d3:30:cd:68:a8:5f:24:4d:fc:af:39:19:e3:08:bb:
                    05:9f:33:28:ca:8f:35:61:7c:97:53:f3:d9:a6:2f:
                    a0:13:18:78:7c:f4:c4:c4:f0:a8:7c:3c:5c:c7:00:
                    a6:1e:59:fc:27:c2:c9:b9:d4:1e:ae:f3:d9:b1:f3:
                    ba:e5:31:a6:bd:04:ad:6f:1c:4e:55:a4:ff:9a:0b:
                    9f:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:60:80:48:9B:A8:33:1B:E6:59:84:DE:2B:70:80:2E:5B:23:CC:78
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OGCASJuoMxvmWYTeK3CALlsjzHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:94:b8:39:1f:52:2e:ba:11:8f:54:5e:7d:08:d5:e0:6f:c6:
         8c:53:3b:9d:f2:41:e8:05:fa:2e:4d:b7:ef:c7:51:8b:37:c1:
         2a:65:5c:d7:18:43:01:e2:a2:28:73:8e:da:55:a6:e5:ee:8e:
         35:f6:89:cb:75:d1:1a:13:ad:ce:ab:68:1f:8e:b6:b1:55:44:
         6f:a5:ed:c3:95:7f:bf:90:76:f3:4f:94:a6:c6:ad:63:7e:ff:
         23:c5:8b:4b:6a:8a:4f:55:57:ff:0d:75:c9:03:1d:4e:62:55:
         5c:62:99:6a:fe:b6:40:66:d2:b0:79:4a:33:59:ca:15:29:8c:
         b9:aa:98:ab:03:0c:9e:c0:05:94:3b:3d:b8:17:ff:aa:d5:01:
         72:a5:88:fb:48:85:1d:c0:fc:9f:fe:74:2e:e9:45:c7:00:cf:
         28:5d:11:c3:0f:fb:84:17:bd:e0:fb:08:7e:ed:fd:52:a7:2b:
         b3:a2:13:95:e3:d7:50:29:a9:34:8a:d6:4a:74:0b:e7:9c:ce:
         53:ab:99:01:20:5f:7e:6b:ed:b0:7c:2a:13:d0:48:d8:d1:dc:
         90:7f:cb:c7:74:b4:4e:e6:61:de:16:63:9d:49:03:9f:d6:b1:
         b8:46:ec:fa:fc:b7:3c:10:ca:79:3b:43:8e:35:ef:60:b9:69:
         5f:e9:9e:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYckRLqxy1vgvVF9XTTFTQ5nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI3MTgxMTM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODYwODA0ODliYTgzMzFiZTY1OTg0ZGUyYjcwODAyZTViMjNjYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0JlGhAw35VcniA3IM9kDILwJCK8
xar3IftUoNC7NrilDN9MwkX8r5zsjiMqeXVYt0YFQfqGk853RSvOMRcnKYc3m450
GtVhZHt4UgNxg2A697/K5P1gK/wdTzkW65Y4dFLC94QQCHbnSJuFSu5xHYnL/OpD
VNfe19QBF3uVEj5CPsDAHbJRWgkrenaX1lhrShkzWCwTOYZhrRY0yufxto9u/2xk
Vq3Jvon92WE9JZr+L+bTMM1oqF8kTfyvORnjCLsFnzMoyo81YXyXU/PZpi+gExh4
fPTExPCofDxcxwCmHln8J8LJudQervPZsfO65TGmvQStbxxOVaT/mgufIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDhggEibqDMb5lmE3itwgC5bI8x4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT0dDQVNKdW9NeHZtV1lUZUszQ0FMbHNqekhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALKUuDkfUi66EY9UXn0I
1eBvxoxTO53yQegF+i5Nt+/HUYs3wSplXNcYQwHioihzjtpVpuXujjX2ict10RoT
rc6raB+OtrFVRG+l7cOVf7+QdvNPlKbGrWN+/yPFi0tqik9VV/8NdckDHU5iVVxi
mWr+tkBm0rB5SjNZyhUpjLmqmKsDDJ7ABZQ7PbgX/6rVAXKliPtIhR3A/J/+dC7p
RccAzyhdEcMP+4QXveD7CH7t/VKnK7OiE5Xj11ApqTSK1kp0C+eczlOrmQEgX35r
7bB8KhPQSNjR3JB/y8d0tE7mYd4WY51JA5/WsbhG7Pr8tzwQynk7Q44172C5aV/p
nu8=
-----END CERTIFICATE-----