Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P5QYWvc9L8TDSy9N8rgZ2UrdTtM.roa
File:                     P5QYWvc9L8TDSy9N8rgZ2UrdTtM.roa (raw, json)
Hash identifier:          6BcpHMNXUPxUPBcfintCDAAKy8dAY7t4/kCQt+TgeIY=
Subject key identifier:   3F:94:18:5A:F7:3D:2F:C4:C3:4B:2F:4D:F2:B8:19:D9:4A:DD:4E:D3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188428270A154EFA1F59170BAC23B07CCF5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P5QYWvc9L8TDSy9N8rgZ2UrdTtM.roa
Signing time:             Mon 22 May 2023 08:10:24 +0000
ROA not before:           Mon 22 May 2023 08:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:42:82:70:a1:54:ef:a1:f5:91:70:ba:c2:3b:07:cc:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 22 08:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f94185af73d2fc4c34b2f4df2b819d94add4ed3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:9b:e2:3d:e4:39:e9:78:b2:83:5c:d3:18:82:
                    6f:a9:ac:21:65:14:ca:0c:da:50:d2:ad:bb:a0:57:
                    43:92:07:8e:0b:fc:74:78:9a:b3:28:34:88:8d:29:
                    1a:9c:9e:8a:e1:ab:c1:41:28:17:cd:bd:c2:a7:64:
                    32:7b:c1:a5:9d:8b:9f:a2:a6:a3:7b:b3:e8:74:ea:
                    08:c9:00:68:6b:c4:dd:14:dc:f6:d0:4a:81:86:38:
                    80:f3:d1:80:61:85:d2:e2:57:a8:da:ef:5c:ab:39:
                    08:b7:7e:06:64:c4:71:16:be:8a:c5:80:39:05:2d:
                    84:45:62:39:23:4b:8e:6c:84:85:57:99:a5:93:78:
                    94:7b:7e:44:66:05:23:87:c3:69:50:bb:fc:00:4d:
                    b8:b3:1a:9d:83:c3:3f:45:05:41:87:d9:8b:f8:1c:
                    19:96:10:5d:26:a3:ba:2f:73:7f:e6:48:f4:bc:cb:
                    33:c7:50:99:a2:e6:ad:4d:d6:5a:f5:8a:84:f0:62:
                    f9:ac:b3:36:25:a1:3c:61:de:92:61:09:50:c3:d8:
                    ef:c1:49:87:3e:77:6e:34:19:19:98:43:4b:b8:a7:
                    b9:77:37:76:60:67:1a:37:de:cc:94:b4:cc:17:94:
                    2e:93:72:5b:68:5b:17:ac:cd:d3:bd:ad:e5:96:c6:
                    a3:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:94:18:5A:F7:3D:2F:C4:C3:4B:2F:4D:F2:B8:19:D9:4A:DD:4E:D3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P5QYWvc9L8TDSy9N8rgZ2UrdTtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:52:78:59:c6:85:3e:ed:0c:2b:2e:1c:4d:e9:c5:25:42:2d:
         31:9a:53:4b:f7:14:b6:f9:24:ba:da:e8:2f:f0:a8:bb:d2:26:
         f8:44:6d:63:c8:79:47:a4:d8:5c:3d:b9:b6:33:54:7d:f6:33:
         b1:ff:58:10:6e:01:b6:64:d8:ce:49:91:47:67:2f:78:4e:01:
         f9:b7:e0:26:b6:eb:bd:2e:14:43:30:03:15:40:20:4c:ee:3f:
         47:17:12:e8:7c:df:ad:80:18:75:e6:63:44:40:31:df:d1:2f:
         10:2a:e9:f9:98:ce:40:0b:b3:f4:9d:99:5e:31:32:b0:f7:18:
         31:9a:92:a4:8a:bb:ab:d3:be:84:e9:d5:2e:b9:9e:f5:18:cd:
         2e:77:59:d8:ba:ae:de:68:0a:1f:89:09:f8:59:a0:b6:c5:e6:
         e6:b7:09:e6:51:77:f0:b5:a6:31:ce:90:37:c5:d5:93:89:d7:
         07:c5:48:66:86:f7:be:e5:f4:1f:d9:05:18:5d:64:3f:fd:bc:
         03:f3:bd:64:f8:0c:1a:a9:52:27:e1:98:04:e0:6f:d8:cd:7a:
         93:3d:34:72:e8:ae:bd:a4:d7:8b:42:0f:8b:4d:82:2f:c4:d5:
         23:12:3e:b3:6a:31:ef:83:cd:fd:04:bd:6b:43:c5:48:c9:04:
         2a:7b:d3:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhCgnChVO+h9ZFwusI7B8z1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIyMDgxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjk0MTg1YWY3M2QyZmM0YzM0YjJmNGRmMmI4MTlkOTRhZGQ0ZWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5viPeQ56Xiyg1zTGIJvqawhZRTK
DNpQ0q27oFdDkgeOC/x0eJqzKDSIjSkanJ6K4avBQSgXzb3Cp2Qye8GlnYufoqaj
e7PodOoIyQBoa8TdFNz20EqBhjiA89GAYYXS4leo2u9cqzkIt34GZMRxFr6KxYA5
BS2ERWI5I0uObISFV5mlk3iUe35EZgUjh8NpULv8AE24sxqdg8M/RQVBh9mL+BwZ
lhBdJqO6L3N/5kj0vMszx1CZouatTdZa9YqE8GL5rLM2JaE8Yd6SYQlQw9jvwUmH
PnduNBkZmENLuKe5dzd2YGcaN97MlLTMF5Quk3JbaFsXrM3Tva3llsajfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD+UGFr3PS/Ew0svTfK4GdlK3U7TMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUDVRWVd2YzlMOFREU3k5TjhyZ1oyVXJkVHRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFxSeFnGhT7tDCsuHE3p
xSVCLTGaU0v3FLb5JLra6C/wqLvSJvhEbWPIeUek2Fw9ubYzVH32M7H/WBBuAbZk
2M5JkUdnL3hOAfm34Ca2670uFEMwAxVAIEzuP0cXEuh8362AGHXmY0RAMd/RLxAq
6fmYzkALs/SdmV4xMrD3GDGakqSKu6vTvoTp1S65nvUYzS53Wdi6rt5oCh+JCfhZ
oLbF5ua3CeZRd/C1pjHOkDfF1ZOJ1wfFSGaG977l9B/ZBRhdZD/9vAPzvWT4DBqp
UifhmATgb9jNepM9NHLorr2k14tCD4tNgi/E1SMSPrNqMe+Dzf0EvWtDxUjJBCp7
0/Y=
-----END CERTIFICATE-----