Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QeHMDHG5YxpmydLKWS0mgz4hmBs.roa
File:                     QeHMDHG5YxpmydLKWS0mgz4hmBs.roa (raw, json)
Hash identifier:          MywkC2vxjVbsZwKiNkpkedNQ3BFKHsFSvT2oB8E4Dl0=
Subject key identifier:   41:E1:CC:0C:71:B9:63:1A:66:C9:D2:CA:59:2D:26:83:3E:21:98:1B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018894E803E94521EBC690C33D40BD97F1D4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QeHMDHG5YxpmydLKWS0mgz4hmBs.roa
Signing time:             Wed 07 Jun 2023 08:10:13 +0000
ROA not before:           Wed 07 Jun 2023 08:10:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:94:e8:03:e9:45:21:eb:c6:90:c3:3d:40:bd:97:f1:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  7 08:10:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=41e1cc0c71b9631a66c9d2ca592d26833e21981b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:3e:94:19:c5:b9:b5:39:8b:f5:99:fc:e1:b7:
                    0d:4e:56:e1:36:99:66:94:c2:ff:ba:6d:1b:bb:d6:
                    4f:4d:bd:4a:1b:98:81:a2:9f:8a:51:51:fc:b4:f7:
                    a1:09:b6:5d:d8:03:0e:34:02:46:c2:b9:e4:28:81:
                    55:c7:c8:5b:34:9d:c9:7e:6c:30:64:6d:40:e9:23:
                    d4:b7:df:fc:79:b7:ce:fc:b2:6e:f1:f9:4a:e7:70:
                    7d:ee:bb:bd:ef:c5:74:56:39:9a:62:ec:6a:38:9f:
                    42:99:17:d6:6c:05:9d:1c:c4:31:35:69:8f:7d:79:
                    08:ee:9b:31:40:8e:43:fe:13:fa:6c:2a:a0:c1:4c:
                    7c:db:1f:d6:e4:a3:4d:53:73:f2:3f:a5:42:3c:0c:
                    d1:cf:14:1b:a4:06:2b:24:7f:0c:42:23:f6:e5:2c:
                    f9:ca:2f:d7:e8:c6:3e:84:47:50:9b:11:5e:dc:20:
                    a9:d6:3c:f4:d4:b0:d1:a7:ec:f9:a9:63:10:51:89:
                    9a:b5:a8:8a:af:23:21:bf:0c:52:ae:28:d1:ec:d2:
                    0c:f1:28:04:fd:f0:31:25:25:5f:c2:bc:11:51:61:
                    8a:70:91:be:83:c8:29:38:5e:1a:64:94:21:2b:7e:
                    e4:d9:ca:61:d2:0c:42:29:65:74:9b:ad:07:e5:2f:
                    14:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:E1:CC:0C:71:B9:63:1A:66:C9:D2:CA:59:2D:26:83:3E:21:98:1B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QeHMDHG5YxpmydLKWS0mgz4hmBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:65:77:d2:70:3d:01:1a:57:b6:2b:ff:fd:9a:77:22:45:cb:
         45:e5:97:25:a7:2e:57:3a:5f:24:4e:e7:7f:3b:9a:d3:60:95:
         f1:d1:5b:63:b3:7f:99:32:42:10:37:a7:75:ce:24:a6:19:4e:
         ec:3d:b4:c0:d0:eb:14:05:a8:5b:aa:76:16:29:97:9d:85:db:
         da:5d:f6:e6:9a:79:0c:f5:44:ff:56:a4:a4:b5:78:44:e2:0a:
         e2:7c:74:bc:fa:e9:4e:5d:43:03:88:6d:22:7a:88:72:8e:08:
         52:69:da:bd:95:a5:1b:34:67:e5:f8:1f:7a:be:32:12:35:7c:
         d1:9a:fd:24:60:1e:86:35:71:34:c8:d1:7b:ef:e1:5f:22:87:
         14:bf:9e:84:bf:e3:bc:0b:46:ea:89:8d:f9:73:d2:6a:4c:63:
         4c:9c:56:c1:b6:1d:26:4c:a9:1f:70:c9:0e:ff:67:1b:22:40:
         04:ae:1b:bb:fa:e1:cf:10:b4:fd:df:04:f7:1d:71:d5:0e:ad:
         91:a5:07:88:52:40:a6:ac:3a:bd:00:44:9b:0f:82:3c:98:82:
         2d:d5:eb:4e:3d:93:5b:06:ff:76:b4:c5:a1:ce:70:c6:5a:fb:
         64:a3:32:69:52:47:17:61:4c:a6:d4:f8:50:d9:18:ea:6d:db:
         b0:8b:73:d1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiU6APpRSHrxpDDPUC9l/HUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA3MDgxMDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWUxY2MwYzcxYjk2MzFhNjZjOWQyY2E1OTJkMjY4MzNlMjE5ODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApj6UGcW5tTmL9Zn84bcNTlbhNplm
lML/um0bu9ZPTb1KG5iBop+KUVH8tPehCbZd2AMONAJGwrnkKIFVx8hbNJ3Jfmww
ZG1A6SPUt9/8ebfO/LJu8flK53B97ru978V0VjmaYuxqOJ9CmRfWbAWdHMQxNWmP
fXkI7psxQI5D/hP6bCqgwUx82x/W5KNNU3PyP6VCPAzRzxQbpAYrJH8MQiP25Sz5
yi/X6MY+hEdQmxFe3CCp1jz01LDRp+z5qWMQUYmataiKryMhvwxSrijR7NIM8SgE
/fAxJSVfwrwRUWGKcJG+g8gpOF4aZJQhK37k2cph0gxCKWV0m60H5S8U4QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEHhzAxxuWMaZsnSylktJoM+IZgbMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUWVITURIRzVZeHBteWRMS1dTMG1nejRobUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJdld9JwPQEaV7Yr//2a
dyJFy0XllyWnLlc6XyRO5387mtNglfHRW2Ozf5kyQhA3p3XOJKYZTuw9tMDQ6xQF
qFuqdhYpl52F29pd9uaaeQz1RP9WpKS1eETiCuJ8dLz66U5dQwOIbSJ6iHKOCFJp
2r2VpRs0Z+X4H3q+MhI1fNGa/SRgHoY1cTTI0Xvv4V8ihxS/noS/47wLRuqJjflz
0mpMY0ycVsG2HSZMqR9wyQ7/ZxsiQASuG7v64c8QtP3fBPcdcdUOrZGlB4hSQKas
Or0ARJsPgjyYgi3V6049k1sG/3a0xaHOcMZa+2SjMmlSRxdhTKbU+FDZGOpt27CL
c9E=
-----END CERTIFICATE-----