Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OOzTlR-T19_VzD17jLVTdiIlFs0.roa
File:                     OOzTlR-T19_VzD17jLVTdiIlFs0.roa (raw, json)
Hash identifier:          wcr6EJJEDoJsGTn4BTznMnYRMDEFSn+9sF7sFswD+T8=
Subject key identifier:   38:EC:D3:95:1F:93:D7:DF:D5:CC:3D:7B:8C:B5:53:76:22:25:16:CD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187AFBBA0A96B6A36131B5FA414A931F7EC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OOzTlR-T19_VzD17jLVTdiIlFs0.roa
Signing time:             Sun 23 Apr 2023 20:08:41 +0000
ROA not before:           Sun 23 Apr 2023 20:08:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:af:bb:a0:a9:6b:6a:36:13:1b:5f:a4:14:a9:31:f7:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 23 20:08:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38ecd3951f93d7dfd5cc3d7b8cb55376222516cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:25:3d:aa:41:6d:f8:5f:c3:af:d4:7e:0f:e3:
                    d2:13:1f:61:11:77:b5:03:68:1d:6d:6e:cc:94:ca:
                    bd:40:31:df:96:d6:b3:a8:68:4a:e1:0c:6b:3b:1f:
                    33:b6:26:b7:84:13:35:3c:4a:51:15:94:16:80:46:
                    b9:e5:0b:64:0d:cf:09:c6:28:ed:58:c5:46:38:03:
                    f1:19:a2:6e:56:11:1c:7e:eb:68:bf:fb:78:ed:9e:
                    83:1c:d9:2a:ab:eb:cd:a3:35:93:aa:55:82:b6:5a:
                    32:c3:f9:f5:23:50:c1:85:d4:97:31:c8:c5:08:15:
                    04:0d:c2:ee:0a:7e:f5:6b:c1:3d:33:d3:30:b1:5f:
                    74:5b:5c:79:dc:dd:be:45:9a:9c:b9:ef:fe:19:04:
                    8f:ac:b4:e5:98:9b:44:d1:c6:ff:c8:ec:a8:99:4e:
                    90:cd:3d:c5:9e:f1:f2:7d:01:92:8c:07:68:5a:76:
                    b0:09:fa:0c:dc:fc:15:b5:f0:13:51:3e:25:58:80:
                    3c:8a:99:1e:1c:17:11:7a:a2:b8:8c:29:3c:e8:6b:
                    eb:27:2a:26:bd:0d:b4:89:57:a2:db:d0:7f:52:96:
                    99:97:9a:ba:46:52:80:f7:19:28:dc:ba:7b:0c:fc:
                    64:c4:79:9a:85:3f:ce:a1:90:cd:d8:14:a9:f7:68:
                    84:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:EC:D3:95:1F:93:D7:DF:D5:CC:3D:7B:8C:B5:53:76:22:25:16:CD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OOzTlR-T19_VzD17jLVTdiIlFs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:60:6c:e1:a7:4a:2a:ca:77:02:a0:c2:9e:50:62:68:e5:07:
         fa:bd:b6:b9:ac:49:ff:8f:34:5c:ea:b7:82:e6:21:48:af:17:
         28:dd:34:8b:18:72:a5:a7:fc:7a:77:f6:76:c3:2b:05:75:80:
         ac:65:b8:94:f8:d9:f9:16:96:cf:74:c8:41:db:5c:33:17:f1:
         6d:69:c2:32:eb:62:c2:92:dd:dc:c3:38:6b:ae:5d:d9:db:36:
         ec:18:74:51:29:3e:8c:80:14:fc:99:4e:d6:fb:7f:35:8a:e1:
         3e:e5:e6:c2:f8:04:2b:c4:5d:18:93:3a:fd:02:33:5b:5c:de:
         5b:47:a9:b9:ae:65:78:1d:f9:1c:d0:54:70:ea:ca:fb:ef:93:
         2f:b8:70:6f:8a:6e:17:29:3e:57:0d:e2:4e:1f:36:a3:0d:74:
         a5:45:2a:d8:2a:8a:5b:15:ec:b1:5b:3f:bc:12:ed:21:52:a5:
         0d:28:c5:c1:cb:cb:0b:73:0a:00:fd:9d:c7:80:f6:d9:12:ae:
         82:a7:1b:17:fa:02:7b:da:17:76:2d:ad:5b:8e:a7:c7:e9:a9:
         67:15:14:43:b5:b7:de:f0:66:be:72:55:29:46:ad:ae:6c:e3:
         16:b7:0a:ec:f5:77:ab:f4:3c:4a:71:81:4f:da:56:2a:2e:1d:
         aa:0c:8a:b5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYevu6Cpa2o2ExtfpBSpMffsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDIzMjAwODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGVjZDM5NTFmOTNkN2RmZDVjYzNkN2I4Y2I1NTM3NjIyMjUxNmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSU9qkFt+F/Dr9R+D+PSEx9hEXe1
A2gdbW7MlMq9QDHfltazqGhK4QxrOx8ztia3hBM1PEpRFZQWgEa55QtkDc8Jxijt
WMVGOAPxGaJuVhEcfutov/t47Z6DHNkqq+vNozWTqlWCtloyw/n1I1DBhdSXMcjF
CBUEDcLuCn71a8E9M9MwsV90W1x53N2+RZqcue/+GQSPrLTlmJtE0cb/yOyomU6Q
zT3FnvHyfQGSjAdoWnawCfoM3PwVtfATUT4lWIA8ipkeHBcReqK4jCk86GvrJyom
vQ20iVei29B/UpaZl5q6RlKA9xko3Lp7DPxkxHmahT/OoZDN2BSp92iEYQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDjs05Ufk9ff1cw9e4y1U3YiJRbNMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT096VGxSLVQxOV9WekQxN2pMVlRkaUlsRnMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGpgbOGnSirKdwKgwp5Q
YmjlB/q9trmsSf+PNFzqt4LmIUivFyjdNIsYcqWn/Hp39nbDKwV1gKxluJT42fkW
ls90yEHbXDMX8W1pwjLrYsKS3dzDOGuuXdnbNuwYdFEpPoyAFPyZTtb7fzWK4T7l
5sL4BCvEXRiTOv0CM1tc3ltHqbmuZXgd+RzQVHDqyvvvky+4cG+KbhcpPlcN4k4f
NqMNdKVFKtgqilsV7LFbP7wS7SFSpQ0oxcHLywtzCgD9nceA9tkSroKnGxf6Anva
F3YtrVuOp8fpqWcVFEO1t97wZr5yVSlGra5s4xa3Cuz1d6v0PEpxgU/aViouHaoM
irU=
-----END CERTIFICATE-----