Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PFrY5giLWJiI-itpime9N0THDH0.roa
File:                     PFrY5giLWJiI-itpime9N0THDH0.roa (raw, json)
Hash identifier:          aldGKbi8TKqObafeKX6D8HrDlRxi++80hnXxzDscAcw=
Subject key identifier:   3C:5A:D8:E6:08:8B:58:98:88:FA:2B:69:8A:67:BD:37:44:C7:0C:7D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018896D6618085FF72F5F80D0AAF8DA56CA8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PFrY5giLWJiI-itpime9N0THDH0.roa
Signing time:             Wed 07 Jun 2023 17:10:12 +0000
ROA not before:           Wed 07 Jun 2023 17:10:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:96:d6:61:80:85:ff:72:f5:f8:0d:0a:af:8d:a5:6c:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  7 17:10:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c5ad8e6088b589888fa2b698a67bd3744c70c7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6c:f0:45:5c:4c:7b:84:ff:e1:5c:c9:91:7d:
                    ce:f6:78:b0:96:06:4b:da:98:a8:a3:9c:52:fd:8d:
                    22:7e:5d:76:1f:3c:46:32:12:f0:26:f8:ce:57:05:
                    20:c7:66:a9:8c:e7:6a:ed:b0:b4:b2:78:72:4e:ee:
                    4e:f4:8f:c9:25:ac:c4:0a:5a:cb:1c:4e:de:eb:60:
                    0e:43:27:2e:4f:55:77:d7:2a:09:78:26:04:5c:4c:
                    c3:46:7b:53:c5:f5:8f:42:42:1c:4b:f3:a7:d4:61:
                    a0:4e:9f:c1:7a:82:af:b6:40:13:95:4b:a2:8d:41:
                    53:ba:b5:60:a7:32:a0:5d:c8:e6:73:b7:d6:8c:a0:
                    d7:51:19:84:5c:2c:24:e7:80:50:65:0f:64:a3:47:
                    bb:d1:8e:1c:7b:a7:e6:01:d2:13:f1:0c:27:cd:ee:
                    e3:32:c0:c9:11:bb:30:be:ac:33:0d:40:2c:a4:45:
                    75:bb:e1:f3:44:72:f7:b3:bb:ac:31:9c:5f:c2:5d:
                    6c:88:56:f9:15:ba:4c:79:19:22:a9:bb:3d:f0:75:
                    76:85:27:8b:df:6b:41:ed:5f:cc:50:1a:aa:f4:b0:
                    72:11:11:40:c6:25:7a:8a:7c:a9:18:83:a4:3b:d9:
                    42:fb:9f:6f:d3:c3:e6:c2:9b:bb:be:68:9e:f7:6d:
                    a3:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:5A:D8:E6:08:8B:58:98:88:FA:2B:69:8A:67:BD:37:44:C7:0C:7D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PFrY5giLWJiI-itpime9N0THDH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:3e:e3:49:44:8b:2f:52:1d:46:d2:18:2e:19:03:0f:d9:5f:
         8c:cb:1d:6f:ef:38:00:79:fa:77:09:f4:39:b7:fd:1f:b2:b5:
         0d:c0:f7:8b:97:bb:e4:d0:81:e5:74:6b:d4:dc:43:e0:50:20:
         f0:5c:d3:d6:9d:b3:ad:b4:03:e1:84:e7:27:08:98:01:bf:49:
         9f:eb:67:e9:9c:79:39:52:e6:d9:1c:b7:a5:a6:e9:b4:cb:ce:
         51:6e:92:64:c2:bc:24:60:81:f6:8c:da:27:c2:a0:ae:7b:c5:
         77:36:90:ad:2e:ec:30:2c:0c:59:e0:d4:06:f0:ca:e1:9c:dd:
         9e:ea:40:fd:23:32:41:41:13:e2:dd:fb:cb:55:dc:18:fb:be:
         2f:be:0b:2b:e6:a2:3c:70:3e:0a:7f:5e:d4:c1:ef:4d:9a:27:
         90:eb:cb:b2:53:a1:fe:d2:6d:a0:2e:5d:08:a4:c7:3a:4c:3b:
         a6:4d:3a:f0:45:3c:24:7b:b8:39:64:69:0c:6c:bd:02:10:87:
         2a:75:f3:f9:73:78:3b:b3:ff:9e:d4:fb:d0:75:19:ae:7f:f3:
         88:33:f8:d8:63:53:7a:e7:f3:70:b8:29:b4:c1:82:f0:a0:8d:
         b2:8b:95:f8:0e:70:9b:7d:ba:08:9f:04:81:e7:f7:43:3b:9f:
         23:7a:87:06
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiW1mGAhf9y9fgNCq+NpWyoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA3MTcxMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzVhZDhlNjA4OGI1ODk4ODhmYTJiNjk4YTY3YmQzNzQ0YzcwYzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2zwRVxMe4T/4VzJkX3O9niwlgZL
2pioo5xS/Y0ifl12HzxGMhLwJvjOVwUgx2apjOdq7bC0snhyTu5O9I/JJazEClrL
HE7e62AOQycuT1V31yoJeCYEXEzDRntTxfWPQkIcS/On1GGgTp/BeoKvtkATlUui
jUFTurVgpzKgXcjmc7fWjKDXURmEXCwk54BQZQ9ko0e70Y4ce6fmAdIT8Qwnze7j
MsDJEbswvqwzDUAspEV1u+HzRHL3s7usMZxfwl1siFb5FbpMeRkiqbs98HV2hSeL
32tB7V/MUBqq9LByERFAxiV6inypGIOkO9lC+59v08Pmwpu7vmie922jrQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDxa2OYIi1iYiPoraYpnvTdExwx9MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUEZyWTVnaUxXSmlJLWl0cGltZTlOMFRIREgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACA+40lEiy9SHUbSGC4Z
Aw/ZX4zLHW/vOAB5+ncJ9Dm3/R+ytQ3A94uXu+TQgeV0a9TcQ+BQIPBc09ads620
A+GE5ycImAG/SZ/rZ+mceTlS5tkct6Wm6bTLzlFukmTCvCRggfaM2ifCoK57xXc2
kK0u7DAsDFng1AbwyuGc3Z7qQP0jMkFBE+Ld+8tV3Bj7vi++CyvmojxwPgp/XtTB
702aJ5Dry7JTof7SbaAuXQikxzpMO6ZNOvBFPCR7uDlkaQxsvQIQhyp18/lzeDuz
/57U+9B1Ga5/84gz+NhjU3rn83C4KbTBgvCgjbKLlfgOcJt9ugifBIHn90M7nyN6
hwY=
-----END CERTIFICATE-----