Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OSEXCsI8Ndh4VhFlNaTwXvd0mLc.roa
File:                     OSEXCsI8Ndh4VhFlNaTwXvd0mLc.roa (raw, json)
Hash identifier:          bU920ZE68JzXgguwKFpgFkLU89ZD11D0FJElumJasRk=
Subject key identifier:   39:21:17:0A:C2:3C:35:D8:78:56:11:65:35:A4:F0:5E:F7:74:98:B7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01878F20C4190E2BA474B59E7C55E2C5A655
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OSEXCsI8Ndh4VhFlNaTwXvd0mLc.roa
Signing time:             Mon 17 Apr 2023 12:11:41 +0000
ROA not before:           Mon 17 Apr 2023 12:11:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8f:20:c4:19:0e:2b:a4:74:b5:9e:7c:55:e2:c5:a6:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 17 12:11:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3921170ac23c35d87856116535a4f05ef77498b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:3f:d4:14:84:1b:c2:f0:e9:62:0f:8a:6f:98:
                    e8:79:88:d2:bb:42:16:44:b1:54:d1:8c:fd:00:c4:
                    b4:ac:6f:1f:06:23:4a:50:39:c2:f4:fc:65:50:9f:
                    24:ce:9a:80:c6:f7:be:8e:0e:c8:0c:71:91:b0:91:
                    a7:0c:b1:1d:b8:23:0b:fb:bf:a9:18:2e:e3:cf:06:
                    b5:67:d9:89:9e:ce:93:94:68:ff:7c:44:93:ee:16:
                    9d:34:ab:5c:de:ee:71:9b:42:2b:47:4a:40:76:a0:
                    82:62:2b:d1:b9:a5:56:7f:2e:3d:63:f1:70:26:6c:
                    2f:e2:eb:e5:ef:a1:97:fb:15:a2:08:cc:3b:00:9f:
                    a8:da:b0:8d:b1:a9:62:de:60:bc:cc:ab:c4:b4:39:
                    17:96:af:fd:0b:9d:c1:27:cc:64:53:b4:d3:f2:93:
                    8a:d9:c9:2a:28:39:a5:fc:a8:e9:91:86:91:f3:e8:
                    20:2d:af:93:d0:38:f7:ff:5f:4f:46:a4:bd:b0:75:
                    22:e2:f0:47:1a:26:1b:07:c3:50:bf:f9:53:58:f3:
                    f8:99:b4:cb:90:a7:25:17:06:77:ab:84:f0:05:a8:
                    28:f2:1e:64:04:39:21:f1:28:13:2c:79:d3:f7:0d:
                    83:9a:6f:57:8a:2c:b7:92:fb:cd:ff:a3:71:ea:57:
                    62:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:21:17:0A:C2:3C:35:D8:78:56:11:65:35:A4:F0:5E:F7:74:98:B7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OSEXCsI8Ndh4VhFlNaTwXvd0mLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:63:d8:2b:a6:02:51:39:88:f0:98:3a:30:f9:0a:35:60:da:
         a8:6b:dc:a8:8b:de:e6:84:6a:0c:7c:da:27:0c:3f:ae:a8:a6:
         f7:34:5f:36:ae:be:9b:5d:a6:0e:c8:cd:70:ef:0e:33:22:09:
         36:8e:07:cf:24:98:0d:f6:ed:34:cc:7b:bb:26:e8:63:48:c0:
         14:77:1e:d9:79:6a:cb:f6:b2:bc:b9:bc:8a:03:66:dd:7e:fd:
         c7:ae:34:2c:f2:1c:ae:c2:b4:2e:e5:a7:5e:ff:bd:0d:e4:ad:
         94:63:ec:c6:79:fb:fc:e0:64:15:b0:e0:ce:12:72:a0:35:29:
         57:4d:e1:ae:6d:a3:68:b3:58:cc:7a:24:90:d3:3d:67:43:6b:
         2c:aa:d1:c3:88:91:7c:5c:51:28:54:4f:ca:0d:13:22:96:26:
         34:5b:9c:30:2d:f5:3e:2f:58:a7:72:f0:95:07:d4:19:37:d8:
         c8:cd:7c:d3:58:cb:e5:16:6a:13:77:5d:95:62:e4:dd:b8:c0:
         f2:60:2d:4e:d0:52:f8:1b:9e:18:de:27:18:fb:fb:25:4c:b2:
         05:43:54:c9:7c:10:fe:75:33:45:96:a3:ca:31:50:bd:4e:26:
         d4:25:01:18:f3:07:8f:b7:85:0b:af:74:d1:04:be:04:0f:72:
         20:7a:93:6e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYePIMQZDiukdLWefFXixaZVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE3MTIxMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTIxMTcwYWMyM2MzNWQ4Nzg1NjExNjUzNWE0ZjA1ZWY3NzQ5OGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2D/UFIQbwvDpYg+Kb5joeYjSu0IW
RLFU0Yz9AMS0rG8fBiNKUDnC9PxlUJ8kzpqAxve+jg7IDHGRsJGnDLEduCML+7+p
GC7jzwa1Z9mJns6TlGj/fEST7hadNKtc3u5xm0IrR0pAdqCCYivRuaVWfy49Y/Fw
Jmwv4uvl76GX+xWiCMw7AJ+o2rCNsali3mC8zKvEtDkXlq/9C53BJ8xkU7TT8pOK
2ckqKDml/KjpkYaR8+ggLa+T0Dj3/19PRqS9sHUi4vBHGiYbB8NQv/lTWPP4mbTL
kKclFwZ3q4TwBago8h5kBDkh8SgTLHnT9w2Dmm9Xiiy3kvvN/6Nx6ldipQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDkhFwrCPDXYeFYRZTWk8F73dJi3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT1NFWENzSThOZGg0VmhGbE5hVHdYdmQwbUxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGBj2CumAlE5iPCYOjD5
CjVg2qhr3KiL3uaEagx82icMP66opvc0Xzauvptdpg7IzXDvDjMiCTaOB88kmA32
7TTMe7sm6GNIwBR3Htl5asv2sry5vIoDZt1+/ceuNCzyHK7CtC7lp17/vQ3krZRj
7MZ5+/zgZBWw4M4ScqA1KVdN4a5to2izWMx6JJDTPWdDayyq0cOIkXxcUShUT8oN
EyKWJjRbnDAt9T4vWKdy8JUH1Bk32MjNfNNYy+UWahN3XZVi5N24wPJgLU7QUvgb
nhjeJxj7+yVMsgVDVMl8EP51M0WWo8oxUL1OJtQlARjzB4+3hQuvdNEEvgQPciB6
k24=
-----END CERTIFICATE-----