Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QBpfOf7G2dkHVuebTjvAX6HEsCw.roa
File:                     QBpfOf7G2dkHVuebTjvAX6HEsCw.roa (raw, json)
Hash identifier:          xmjqbGtr0EA+Xegff5Fly8DPiGQYNu3AOCeF/O7/kow=
Subject key identifier:   40:1A:5F:39:FE:C6:D9:D9:07:56:E7:9B:4E:3B:C0:5F:A1:C4:B0:2C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018852639AF9629518ADC05F61B850D0B381
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QBpfOf7G2dkHVuebTjvAX6HEsCw.roa
Signing time:             Thu 25 May 2023 10:10:39 +0000
ROA not before:           Thu 25 May 2023 10:10:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:52:63:9a:f9:62:95:18:ad:c0:5f:61:b8:50:d0:b3:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 25 10:10:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=401a5f39fec6d9d90756e79b4e3bc05fa1c4b02c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:85:d4:e6:89:59:79:c0:29:fc:d9:4b:f0:eb:
                    e3:48:2f:66:b2:1d:fd:21:e4:94:94:9a:3c:65:3a:
                    53:c1:cf:8e:8e:ae:57:30:9d:d6:56:04:1a:24:42:
                    b3:78:97:18:77:b9:3f:fe:f4:54:a7:21:5c:c1:e1:
                    71:e6:6a:86:e5:09:00:57:b0:0c:28:16:ca:ec:39:
                    ba:b6:74:75:e7:85:bc:68:e2:5e:6a:01:4c:c3:61:
                    e8:94:8a:9f:6e:7c:b8:c8:05:0a:5b:e7:9e:dd:c7:
                    2e:1a:b5:72:f5:eb:ab:3f:66:d2:24:c3:a1:18:c9:
                    07:f6:54:90:3f:3b:0a:10:82:3b:b7:d0:55:fc:a3:
                    a1:e8:44:97:52:b9:62:2b:21:b4:fc:00:6d:7f:87:
                    e1:9b:78:08:0e:68:ca:10:56:56:7a:9f:34:e0:c3:
                    41:06:cb:04:99:16:31:b7:7a:0b:ae:71:91:bd:8a:
                    8e:35:ea:66:06:30:1b:c2:6c:14:c4:3f:9f:25:3f:
                    4f:66:8c:d8:72:b3:5c:53:61:79:08:35:5a:ae:0d:
                    10:7e:e8:6a:94:a1:1e:50:ae:02:23:08:d6:b5:ac:
                    af:c5:c6:bd:83:c8:24:50:00:fe:38:32:48:ed:38:
                    a8:43:8a:4c:9a:c9:d8:1d:30:e7:6e:be:1b:64:61:
                    60:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:1A:5F:39:FE:C6:D9:D9:07:56:E7:9B:4E:3B:C0:5F:A1:C4:B0:2C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QBpfOf7G2dkHVuebTjvAX6HEsCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         64:69:99:ef:c1:b6:6e:d6:ac:58:66:c3:a4:a1:35:fb:e4:08:
         53:b5:b2:55:c1:d5:6b:33:6a:a3:47:97:50:61:bc:a2:ed:20:
         53:9b:a7:28:1c:f6:99:ef:9e:11:08:41:c4:5d:05:f6:78:d3:
         36:1b:16:ed:ab:39:81:95:34:a0:34:63:32:a5:e8:48:db:d5:
         19:f7:5c:5e:70:89:23:21:7b:6f:cb:26:ad:b9:1c:92:1a:11:
         29:64:74:c7:fa:1e:3f:c0:26:e1:41:01:27:d8:3d:9e:79:ae:
         8c:bc:f2:2a:d5:ce:4b:03:bb:2d:9b:a2:3f:4b:7d:81:6a:eb:
         fe:2b:e4:5a:9c:9d:32:2a:fd:a4:d4:0f:2e:5f:10:e7:77:61:
         f9:36:69:d1:e0:df:74:9f:bf:8d:c5:1b:c3:27:ae:27:09:21:
         ba:df:26:ef:e7:8a:c8:b7:88:a2:ea:cd:b7:a6:18:c7:94:5a:
         5b:ed:a5:4d:5c:8b:fe:85:82:19:ed:9d:46:90:40:91:8b:11:
         d7:24:fd:df:87:2b:dc:ef:be:46:17:92:c0:51:df:1e:9b:00:
         67:51:b1:0c:78:56:19:d3:39:0c:01:58:f5:58:0f:fa:fc:be:
         44:e5:7a:7e:20:fd:a2:4a:9f:de:49:d6:45:38:34:a1:b3:ce:
         fd:00:46:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhSY5r5YpUYrcBfYbhQ0LOBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI1MTAxMDM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDFhNWYzOWZlYzZkOWQ5MDc1NmU3OWI0ZTNiYzA1ZmExYzRiMDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYXU5olZecAp/NlL8OvjSC9msh39
IeSUlJo8ZTpTwc+Ojq5XMJ3WVgQaJEKzeJcYd7k//vRUpyFcweFx5mqG5QkAV7AM
KBbK7Dm6tnR154W8aOJeagFMw2HolIqfbny4yAUKW+ee3ccuGrVy9eurP2bSJMOh
GMkH9lSQPzsKEII7t9BV/KOh6ESXUrliKyG0/ABtf4fhm3gIDmjKEFZWep804MNB
BssEmRYxt3oLrnGRvYqONepmBjAbwmwUxD+fJT9PZozYcrNcU2F5CDVarg0Qfuhq
lKEeUK4CIwjWtayvxca9g8gkUAD+ODJI7TioQ4pMmsnYHTDnbr4bZGFghQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEAaXzn+xtnZB1bnm047wF+hxLAsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUUJwZk9mN0cyZGtIVnVlYlRqdkFYNkhFc0N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGRpme/Btm7WrFhmw6Sh
NfvkCFO1slXB1WszaqNHl1BhvKLtIFObpygc9pnvnhEIQcRdBfZ40zYbFu2rOYGV
NKA0YzKl6Ejb1Rn3XF5wiSMhe2/LJq25HJIaESlkdMf6Hj/AJuFBASfYPZ55roy8
8irVzksDuy2boj9LfYFq6/4r5FqcnTIq/aTUDy5fEOd3Yfk2adHg33Sfv43FG8Mn
ricJIbrfJu/nisi3iKLqzbemGMeUWlvtpU1ci/6FghntnUaQQJGLEdck/d+HK9zv
vkYXksBR3x6bAGdRsQx4VhnTOQwBWPVYD/r8vkTlen4g/aJKn95J1kU4NKGzzv0A
RhA=
-----END CERTIFICATE-----