Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P3Z3xe719_EQpwopaWnbcBNH-5k.roa
File:                     P3Z3xe719_EQpwopaWnbcBNH-5k.roa (raw, json)
Hash identifier:          PEL2L++JjYPeQzquVLMmcEho1rT7FqIr8BNX4tk9ao4=
Subject key identifier:   3F:76:77:C5:EE:F5:F7:F1:10:A7:0A:29:69:69:DB:70:13:47:FB:99
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F46D936181F61E667859600DF93DB102
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P3Z3xe719_EQpwopaWnbcBNH-5k.roa
Signing time:             Sat 18 Mar 2023 11:14:27 +0000
ROA not before:           Sat 18 Mar 2023 11:14:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f4:6d:93:61:81:f6:1e:66:78:59:60:0d:f9:3d:b1:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 18 11:14:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f7677c5eef5f7f110a70a296969db701347fb99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d4:3a:3e:dd:40:b6:0d:16:41:a5:6f:77:c4:
                    e1:5f:8b:c5:02:55:5f:bf:92:83:a6:43:66:c7:45:
                    28:f0:16:eb:4f:04:8c:a6:dc:58:06:ec:ac:4a:32:
                    2f:05:f4:9b:4d:4d:62:18:e0:aa:14:0f:e9:84:83:
                    f9:28:a6:a3:ec:ef:50:eb:85:57:30:10:30:44:35:
                    f4:9e:99:28:df:68:15:ce:ea:ec:33:cb:27:6a:48:
                    40:51:1d:e9:f3:50:99:21:22:65:f2:35:45:40:1f:
                    98:41:ed:3c:f6:67:56:2f:e9:7d:fa:c7:e7:db:e9:
                    42:58:74:2f:69:8a:55:94:40:c5:b5:89:a0:9c:cd:
                    9f:89:03:ab:fc:38:7b:0a:44:9d:97:ce:57:83:5c:
                    a7:46:e6:de:df:ec:e4:91:4a:5d:aa:f8:06:d9:7d:
                    ec:c9:a2:6f:32:8a:a6:a5:3d:3d:04:b1:37:41:0d:
                    90:38:8b:67:ad:b2:6a:8e:76:9a:ec:cc:98:94:40:
                    cb:5d:57:7e:23:10:ff:ab:98:48:e8:2c:f2:25:39:
                    86:0c:b7:a4:56:db:9e:b0:18:f5:ea:e6:e7:b6:03:
                    d4:6f:b3:cd:87:a2:9d:1d:22:c8:41:9b:75:f0:3a:
                    48:f3:ab:2b:0c:0c:b9:1c:7f:81:59:a5:d8:34:e9:
                    12:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:76:77:C5:EE:F5:F7:F1:10:A7:0A:29:69:69:DB:70:13:47:FB:99
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P3Z3xe719_EQpwopaWnbcBNH-5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:c9:35:9c:f0:6f:c5:d0:3b:53:5d:2b:99:3b:90:1b:97:7d:
         fd:fb:1f:e5:15:14:94:e8:9a:14:ce:72:58:99:2f:4c:03:84:
         3d:c0:2c:42:d4:63:13:b3:b2:a7:1d:48:b8:5e:64:f5:b6:25:
         72:f0:46:47:8c:09:a3:41:17:96:5f:56:0d:f2:f0:5e:fe:61:
         de:67:e6:c9:f0:88:1a:7a:09:46:47:00:64:2e:fb:a0:31:f0:
         dc:67:a2:ae:b7:8f:b9:6f:54:f1:cb:df:ba:a5:ba:55:88:22:
         05:7f:1d:ac:d8:62:66:ed:4b:d8:bb:9a:03:98:1c:18:fe:10:
         05:fb:51:50:8c:00:42:02:85:d4:be:f1:87:9d:f1:f2:7f:68:
         ef:5c:7a:67:e8:de:ec:1c:62:5c:82:f9:b3:fc:e3:cc:4c:a7:
         21:b0:cc:e9:67:18:b9:36:05:c5:ad:c7:7d:28:0e:b4:c6:ad:
         67:2c:22:e1:41:3b:dd:7a:53:74:d1:e1:02:67:ac:50:b1:33:
         a4:76:9d:88:33:81:ed:bb:27:27:80:69:07:0a:2a:bc:d0:f6:
         51:61:c5:2b:18:05:51:89:79:09:0c:36:4e:bf:01:8d:a2:5f:
         07:ef:4a:ee:08:e3:06:4f:8a:36:4f:60:8b:b8:53:17:65:8e:
         4e:0e:6d:cf
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb0bZNhgfYeZnhZYA35PbECMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE4MTExNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjc2NzdjNWVlZjVmN2YxMTBhNzBhMjk2OTY5ZGI3MDEzNDdmYjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdQ6Pt1Atg0WQaVvd8ThX4vFAlVf
v5KDpkNmx0Uo8BbrTwSMptxYBuysSjIvBfSbTU1iGOCqFA/phIP5KKaj7O9Q64VX
MBAwRDX0npko32gVzursM8snakhAUR3p81CZISJl8jVFQB+YQe089mdWL+l9+sfn
2+lCWHQvaYpVlEDFtYmgnM2fiQOr/Dh7CkSdl85Xg1ynRube3+zkkUpdqvgG2X3s
yaJvMoqmpT09BLE3QQ2QOItnrbJqjnaa7MyYlEDLXVd+IxD/q5hI6CzyJTmGDLek
VtuesBj16ubntgPUb7PNh6KdHSLIQZt18DpI86srDAy5HH+BWaXYNOkSnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD92d8Xu9ffxEKcKKWlp23ATR/uZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUDNaM3hlNzE5X0VRcHdvcGFXbmJjQk5ILTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE/JNZzwb8XQO1NdK5k7
kBuXff37H+UVFJTomhTOcliZL0wDhD3ALELUYxOzsqcdSLheZPW2JXLwRkeMCaNB
F5ZfVg3y8F7+Yd5n5snwiBp6CUZHAGQu+6Ax8Nxnoq63j7lvVPHL37qlulWIIgV/
HazYYmbtS9i7mgOYHBj+EAX7UVCMAEIChdS+8Yed8fJ/aO9cemfo3uwcYlyC+bP8
48xMpyGwzOlnGLk2BcWtx30oDrTGrWcsIuFBO916U3TR4QJnrFCxM6R2nYgzge27
JyeAaQcKKrzQ9lFhxSsYBVGJeQkMNk6/AY2iXwfvSu4I4wZPijZPYIu4Uxdljk4O
bc8=
-----END CERTIFICATE-----