Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QKH20iITRif4NR9b84HWt5hwwDA.roa
File:                     QKH20iITRif4NR9b84HWt5hwwDA.roa (raw, json)
Hash identifier:          ZOdwNpKzzvsM6OcTkj2H3XCKH2/liANo+GFbSPVuCcc=
Subject key identifier:   40:A1:F6:D2:22:13:46:27:F8:35:1F:5B:F3:81:D6:B7:98:70:C0:30
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01880ECBAEA304077F9C3F5C7D481EBB905C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QKH20iITRif4NR9b84HWt5hwwDA.roa
Signing time:             Fri 12 May 2023 07:10:09 +0000
ROA not before:           Fri 12 May 2023 07:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:0e:cb:ae:a3:04:07:7f:9c:3f:5c:7d:48:1e:bb:90:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 12 07:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=40a1f6d222134627f8351f5bf381d6b79870c030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c3:28:6a:22:fe:64:c8:fd:bd:e9:a9:05:ee:
                    83:a9:f0:b1:24:16:80:6b:cc:9d:c6:59:a8:09:81:
                    c3:d3:dc:79:6a:13:be:99:bd:9a:56:41:dc:79:1a:
                    aa:0b:4a:0f:1c:68:c0:02:80:cb:ed:b9:3f:a1:f5:
                    4b:80:3d:e4:88:b0:1d:87:96:d3:15:ea:9a:97:bc:
                    c3:60:65:a1:ae:df:8f:b5:11:b4:4d:75:a1:e3:50:
                    21:eb:52:69:2d:3d:21:6c:62:35:1e:08:52:93:54:
                    25:d1:b8:fd:4f:79:22:44:3c:f4:95:d8:08:bc:51:
                    27:46:b3:46:05:b4:87:39:3d:98:05:c5:3f:73:f7:
                    2a:34:88:73:82:86:cb:ea:e0:d3:b8:1e:1f:c1:8f:
                    7b:06:22:5c:07:2e:55:51:57:af:82:0e:51:46:a4:
                    83:75:48:a1:f2:58:31:f2:63:2a:11:53:3a:e5:00:
                    6f:7d:25:21:7a:f3:1b:77:28:69:4b:82:5b:4b:ea:
                    3d:4d:ca:b2:21:91:66:c7:0e:ce:53:1f:ef:51:d1:
                    97:59:9b:d1:ab:c7:5c:4b:96:1c:ea:68:41:cc:af:
                    08:48:60:ff:4b:05:a6:b5:a3:55:95:da:d4:07:b9:
                    36:08:46:15:2f:cd:44:cc:a5:a3:5a:cb:22:97:c0:
                    10:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:A1:F6:D2:22:13:46:27:F8:35:1F:5B:F3:81:D6:B7:98:70:C0:30
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QKH20iITRif4NR9b84HWt5hwwDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:57:b5:8b:c2:26:8c:d2:ee:11:82:a2:fd:57:78:e3:a1:38:
         c4:6c:8c:f2:95:13:56:52:ce:3e:bf:4b:51:27:e2:62:47:3c:
         68:83:82:12:29:dd:77:a4:86:fa:52:cb:65:4e:55:12:9b:3b:
         e1:69:1f:5c:fe:2c:b9:17:3d:ea:ac:ab:2c:0b:6c:4b:68:f2:
         3b:00:6b:08:17:ea:75:39:ed:dc:da:d5:86:5f:b5:58:03:07:
         31:12:fa:00:f6:87:b9:b6:95:fe:7c:4e:83:48:2c:92:e5:93:
         14:bc:1e:f9:11:34:5c:0b:5f:6c:e0:84:08:3b:f6:d1:4c:35:
         2a:5d:f7:99:5f:e6:35:9b:59:4e:a7:c1:4e:9f:b3:d9:5f:72:
         07:8c:70:e9:17:ff:c4:e1:a0:dd:f2:8d:c4:04:5b:ed:9f:0d:
         db:d2:f5:0a:14:42:21:1c:e4:0e:c0:17:4f:45:64:5f:da:76:
         03:a0:22:77:97:c7:8a:5f:4d:30:64:37:ee:c3:07:ec:b1:a9:
         7f:db:5e:41:bf:4b:3a:97:bd:77:2a:6b:32:71:0a:c1:63:86:
         5b:4a:2c:91:4c:d2:e3:de:4b:1f:d4:4b:fb:8c:44:67:a8:78:
         0f:10:54:d5:33:06:e0:0a:81:08:35:cf:8b:b0:e0:80:34:3b:
         30:31:46:b6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgOy66jBAd/nD9cfUgeu5BcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTEyMDcxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGExZjZkMjIyMTM0NjI3ZjgzNTFmNWJmMzgxZDZiNzk4NzBjMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcMoaiL+ZMj9vempBe6DqfCxJBaA
a8ydxlmoCYHD09x5ahO+mb2aVkHceRqqC0oPHGjAAoDL7bk/ofVLgD3kiLAdh5bT
Feqal7zDYGWhrt+PtRG0TXWh41Ah61JpLT0hbGI1HghSk1Ql0bj9T3kiRDz0ldgI
vFEnRrNGBbSHOT2YBcU/c/cqNIhzgobL6uDTuB4fwY97BiJcBy5VUVevgg5RRqSD
dUih8lgx8mMqEVM65QBvfSUhevMbdyhpS4JbS+o9TcqyIZFmxw7OUx/vUdGXWZvR
q8dcS5Yc6mhBzK8ISGD/SwWmtaNVldrUB7k2CEYVL81EzKWjWssil8AQSQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFECh9tIiE0Yn+DUfW/OB1reYcMAwMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUUtIMjBpSVRSaWY0TlI5Yjg0SFd0NWh3d0RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABpXtYvCJozS7hGCov1X
eOOhOMRsjPKVE1ZSzj6/S1En4mJHPGiDghIp3XekhvpSy2VOVRKbO+FpH1z+LLkX
PeqsqywLbEto8jsAawgX6nU57dza1YZftVgDBzES+gD2h7m2lf58ToNILJLlkxS8
HvkRNFwLX2zghAg79tFMNSpd95lf5jWbWU6nwU6fs9lfcgeMcOkX/8ThoN3yjcQE
W+2fDdvS9QoUQiEc5A7AF09FZF/adgOgIneXx4pfTTBkN+7DB+yxqX/bXkG/SzqX
vXcqazJxCsFjhltKLJFM0uPeSx/US/uMRGeoeA8QVNUzBuAKgQg1z4uw4IA0OzAx
RrY=
-----END CERTIFICATE-----