Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P0obb7Wth7mFnsqPd9jA2q5rkfg.roa
File:                     P0obb7Wth7mFnsqPd9jA2q5rkfg.roa (raw, json)
Hash identifier:          6QOmXJlFa50ePRb9Aq2XxjHvDrQ+Y86Fga8kJkkLMXs=
Subject key identifier:   3F:4A:1B:6F:B5:AD:87:B9:85:9E:CA:8F:77:D8:C0:DA:AE:6B:91:F8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188AF1986811F26D51FCFC3A8339F8AC722
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P0obb7Wth7mFnsqPd9jA2q5rkfg.roa
Signing time:             Mon 12 Jun 2023 10:14:25 +0000
ROA not before:           Mon 12 Jun 2023 10:14:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:af:19:86:81:1f:26:d5:1f:cf:c3:a8:33:9f:8a:c7:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 12 10:14:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f4a1b6fb5ad87b9859eca8f77d8c0daae6b91f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:49:c7:a8:12:13:21:a9:c4:01:88:51:8f:d7:
                    d5:72:27:43:55:fb:a6:57:49:a9:a7:df:97:dc:db:
                    36:01:36:26:24:70:d2:1f:85:db:67:61:11:e4:63:
                    51:22:0e:49:90:a5:18:75:19:41:96:d9:e1:92:c2:
                    f1:9b:a8:2d:37:9d:63:91:79:4f:00:f0:41:94:d2:
                    d1:65:eb:5a:a9:5f:d5:42:55:c7:b1:ef:82:ef:df:
                    21:fb:ae:63:e1:6d:2b:c4:1a:c2:be:c6:1b:be:df:
                    28:8c:3b:04:21:2a:2a:e8:93:c1:9a:e6:dd:6d:34:
                    f2:eb:20:6d:05:3d:2b:9e:c6:8f:f6:2a:80:44:bb:
                    6f:85:d1:69:ca:96:2b:11:d9:ef:c6:c5:4a:a1:c3:
                    ce:c6:8d:da:cb:f6:9d:5d:2a:8a:c9:5f:5b:ba:02:
                    a6:8c:7a:47:f4:0f:28:bc:3a:66:e4:ef:c8:42:02:
                    e4:37:e0:d9:4a:43:13:71:2b:6d:27:2f:7d:26:65:
                    3c:d4:88:16:04:7a:78:c8:79:fc:cc:42:cf:17:47:
                    30:1f:29:f0:50:51:b0:54:6d:ff:4d:67:98:d8:cd:
                    d0:ea:01:1c:40:52:34:c6:dd:a8:96:5a:89:75:47:
                    85:c3:08:a7:b3:9f:bc:aa:2e:79:09:9b:c4:a7:08:
                    db:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:4A:1B:6F:B5:AD:87:B9:85:9E:CA:8F:77:D8:C0:DA:AE:6B:91:F8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P0obb7Wth7mFnsqPd9jA2q5rkfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:95:cb:af:76:66:08:de:a6:4d:c7:65:ad:50:ea:98:b5:b1:
         e9:da:2f:2e:58:c8:cc:e0:bf:fd:64:fa:90:ec:08:1e:36:65:
         06:16:dd:75:e3:86:b6:9a:84:db:fc:46:60:60:50:2a:e0:34:
         12:7b:7e:8f:63:5e:7c:6d:83:ff:e6:fb:c1:af:a6:12:8d:78:
         5f:0b:a4:db:98:77:c8:ef:c7:35:96:f4:63:08:7a:4d:5a:7a:
         09:ae:65:2f:a9:42:8d:ce:a4:ca:72:2f:71:48:7c:14:91:30:
         31:7e:77:2e:b8:4e:a7:b2:ee:2f:40:7d:93:89:bd:1d:10:ca:
         4a:4e:cd:dc:7b:3d:7d:69:18:51:bf:20:39:b8:c8:54:f9:19:
         bd:b0:e2:38:16:fb:36:48:51:50:9d:f8:7a:2e:17:89:b4:42:
         ec:67:8a:6e:c2:80:f5:73:2f:22:be:16:1c:e0:10:36:60:5c:
         12:21:f1:a7:3a:e4:69:4b:fe:ac:5b:b0:55:be:25:f7:31:03:
         1d:59:36:ed:5d:05:13:0f:71:ec:ff:23:48:48:fb:b9:f3:3c:
         db:d7:6c:45:e6:63:3d:b0:9b:92:26:de:cf:81:4d:2c:e0:66:
         87:c4:9b:2a:7f:82:a6:da:a3:9d:d0:68:d8:e3:cd:c7:4c:f4:
         47:f8:21:29
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYivGYaBHybVH8/DqDOfisciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEyMTAxNDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjRhMWI2ZmI1YWQ4N2I5ODU5ZWNhOGY3N2Q4YzBkYWFlNmI5MWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgknHqBITIanEAYhRj9fVcidDVfum
V0mpp9+X3Ns2ATYmJHDSH4XbZ2ER5GNRIg5JkKUYdRlBltnhksLxm6gtN51jkXlP
APBBlNLRZetaqV/VQlXHse+C798h+65j4W0rxBrCvsYbvt8ojDsEISoq6JPBmubd
bTTy6yBtBT0rnsaP9iqARLtvhdFpypYrEdnvxsVKocPOxo3ay/adXSqKyV9bugKm
jHpH9A8ovDpm5O/IQgLkN+DZSkMTcSttJy99JmU81IgWBHp4yHn8zELPF0cwHynw
UFGwVG3/TWeY2M3Q6gEcQFI0xt2ollqJdUeFwwins5+8qi55CZvEpwjbmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD9KG2+1rYe5hZ7Kj3fYwNqua5H4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUDBvYmI3V3RoN21GbnNxUGQ5akEycTVya2ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIuVy692Zgjepk3HZa1Q
6pi1senaLy5YyMzgv/1k+pDsCB42ZQYW3XXjhraahNv8RmBgUCrgNBJ7fo9jXnxt
g//m+8GvphKNeF8LpNuYd8jvxzWW9GMIek1aegmuZS+pQo3OpMpyL3FIfBSRMDF+
dy64Tqey7i9AfZOJvR0QykpOzdx7PX1pGFG/IDm4yFT5Gb2w4jgW+zZIUVCd+Hou
F4m0Quxnim7CgPVzLyK+FhzgEDZgXBIh8ac65GlL/qxbsFW+JfcxAx1ZNu1dBRMP
cez/I0hI+7nzPNvXbEXmYz2wm5Im3s+BTSzgZofEmyp/gqbao53QaNjjzcdM9Ef4
ISk=
-----END CERTIFICATE-----