Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Pun0AE_gTIoraPKRbqvpDM9_jLs.roa
File:                     Pun0AE_gTIoraPKRbqvpDM9_jLs.roa (raw, json)
Hash identifier:          SPh9lghXwhIpVqJN7W8RNF1OSO02ZIRu+Bo5Ykm4gBk=
Subject key identifier:   3E:E9:F4:00:4F:E0:4C:8A:2B:68:F2:91:6E:AB:E9:0C:CF:7F:8C:BB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F4D3336C4E3E58EADBF13A310663F9E1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Pun0AE_gTIoraPKRbqvpDM9_jLs.roa
Signing time:             Sat 18 Mar 2023 13:05:27 +0000
ROA not before:           Sat 18 Mar 2023 13:05:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:f4d2:7313/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f4:d3:33:6c:4e:3e:58:ea:db:f1:3a:31:06:63:f9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 18 13:05:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3ee9f4004fe04c8a2b68f2916eabe90ccf7f8cbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:37:7e:ad:0b:96:eb:ac:75:53:e3:cd:f0:82:
                    ee:c2:be:c7:51:b1:68:ab:4e:61:18:b6:0f:ea:51:
                    8a:2b:0d:f7:3a:14:17:62:13:4c:11:74:78:09:5b:
                    47:fa:61:dd:c8:49:fd:80:c8:8b:13:f6:b8:90:f3:
                    d5:fb:07:26:46:f0:77:f3:bd:20:0c:93:ce:b4:73:
                    03:75:be:4e:77:04:b3:55:84:dd:da:20:7f:37:37:
                    5b:a1:ab:58:0e:f1:f7:7f:1e:eb:6d:63:37:00:9b:
                    8e:a0:86:1a:64:18:ce:5b:28:d3:03:6d:a1:72:67:
                    b0:af:f0:12:67:fd:e1:9e:c1:64:a7:81:b2:01:f8:
                    2b:de:5b:b6:70:20:38:02:e4:fb:93:98:63:62:c8:
                    15:42:f5:c2:ad:86:25:f9:bd:8e:cf:d4:34:75:79:
                    b5:d2:e9:a5:e0:f5:63:85:56:70:de:65:6a:54:23:
                    3a:19:73:32:88:66:d0:53:10:64:df:29:d0:2b:97:
                    83:38:77:4f:48:68:d3:7f:17:4f:86:f3:f2:e7:8c:
                    e4:60:00:13:8e:42:f0:8f:b5:c9:b9:16:0e:0a:4f:
                    38:03:0d:e6:3f:2e:d9:0a:c1:25:a9:13:4d:eb:19:
                    7b:56:79:c0:11:46:77:27:9f:c4:3c:f4:6e:36:31:
                    e8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:E9:F4:00:4F:E0:4C:8A:2B:68:F2:91:6E:AB:E9:0C:CF:7F:8C:BB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Pun0AE_gTIoraPKRbqvpDM9_jLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:f2:cc:f2:0d:0f:1c:d0:e0:42:90:fd:ba:37:16:34:61:37:
         59:29:4e:76:f7:5f:22:96:ba:7f:4e:c0:4d:09:86:ea:34:9f:
         2a:90:6e:9d:f0:46:e4:48:89:6e:7e:7a:d9:c7:ee:35:e6:ab:
         08:1d:b3:fb:a3:16:2e:23:70:7c:54:45:f2:cb:57:56:e0:d8:
         ed:06:37:fa:ad:85:66:e8:3d:86:54:b6:66:81:44:70:80:62:
         e1:ce:0e:b5:68:e1:a9:29:6e:f9:21:5a:1e:72:3c:f4:3d:2c:
         87:c7:7c:b4:c6:3b:5a:ba:aa:7f:02:fa:0c:1f:96:7b:95:4e:
         1f:16:cb:ec:aa:8a:95:ab:0e:64:2a:df:72:67:56:89:47:23:
         c5:98:5a:3f:a1:0c:72:57:0d:3d:ea:bd:87:65:69:bf:6b:c2:
         92:29:f3:67:af:80:a6:0b:50:95:ff:41:aa:0c:1a:a5:ab:58:
         16:8a:98:d4:c3:ca:f5:39:9e:a2:af:ea:0b:e8:5a:98:99:bc:
         bf:f3:34:e9:90:7b:af:e4:7b:63:b4:ca:46:cd:39:1b:76:52:
         b5:d1:d8:bc:3d:d1:ed:8d:b4:84:b2:d7:63:a2:cc:6f:e2:6a:
         36:4d:70:8b:32:46:58:42:fa:f3:56:d1:0d:e5:33:e1:74:03:
         04:b2:52:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb00zNsTj5Y6tvxOjEGY/nhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE4MTMwNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWU5ZjQwMDRmZTA0YzhhMmI2OGYyOTE2ZWFiZTkwY2NmN2Y4Y2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTd+rQuW66x1U+PN8ILuwr7HUbFo
q05hGLYP6lGKKw33OhQXYhNMEXR4CVtH+mHdyEn9gMiLE/a4kPPV+wcmRvB3870g
DJPOtHMDdb5OdwSzVYTd2iB/NzdboatYDvH3fx7rbWM3AJuOoIYaZBjOWyjTA22h
cmewr/ASZ/3hnsFkp4GyAfgr3lu2cCA4AuT7k5hjYsgVQvXCrYYl+b2Oz9Q0dXm1
0uml4PVjhVZw3mVqVCM6GXMyiGbQUxBk3ynQK5eDOHdPSGjTfxdPhvPy54zkYAAT
jkLwj7XJuRYOCk84Aw3mPy7ZCsElqRNN6xl7VnnAEUZ3J5/EPPRuNjHoBwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD7p9ABP4EyKK2jykW6r6QzPf4y7MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUHVuMEFFX2dUSW9yYVBLUmJxdnBETTlfakxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALTyzPINDxzQ4EKQ/bo3
FjRhN1kpTnb3XyKWun9OwE0Jhuo0nyqQbp3wRuRIiW5+etnH7jXmqwgds/ujFi4j
cHxURfLLV1bg2O0GN/qthWboPYZUtmaBRHCAYuHODrVo4akpbvkhWh5yPPQ9LIfH
fLTGO1q6qn8C+gwflnuVTh8Wy+yqipWrDmQq33JnVolHI8WYWj+hDHJXDT3qvYdl
ab9rwpIp82evgKYLUJX/QaoMGqWrWBaKmNTDyvU5nqKv6gvoWpiZvL/zNOmQe6/k
e2O0ykbNORt2UrXR2Lw90e2NtISy12OizG/iajZNcIsyRlhC+vNW0Q3lM+F0AwSy
Ujw=
-----END CERTIFICATE-----