Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RPnYVEyUtwjqkbLV_gk3S7I9EwU.roa
File:                     RPnYVEyUtwjqkbLV_gk3S7I9EwU.roa (raw, json)
Hash identifier:          94c/+ZMqql61gweP3bQKbOmOWJqlAWTPXN5JzwuFynA=
Subject key identifier:   44:F9:D8:54:4C:94:B7:08:EA:91:B2:D5:FE:09:37:4B:B2:3D:13:05
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186BD10CE86955A1815FB7FA13A79795016
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RPnYVEyUtwjqkbLV_gk3S7I9EwU.roa
Signing time:             Tue 07 Mar 2023 17:14:00 +0000
ROA not before:           Tue 07 Mar 2023 17:14:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bd:10:ce:86:95:5a:18:15:fb:7f:a1:3a:79:79:50:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  7 17:14:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=44f9d8544c94b708ea91b2d5fe09374bb23d1305
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:0b:5f:e0:3a:9b:5c:30:f6:ae:ae:12:4a:82:
                    22:f0:6a:78:27:ee:78:fe:b4:56:8f:e9:85:bc:7c:
                    5b:13:e3:62:b3:c3:46:a9:9b:5a:b4:59:be:91:08:
                    20:b2:e3:1d:5f:fc:ea:3e:9a:09:24:33:9f:25:68:
                    bd:12:aa:84:de:3d:00:ed:75:ee:51:16:40:1d:85:
                    1f:a2:1d:01:45:55:5b:66:41:c0:c5:af:73:90:40:
                    94:d3:1a:00:b6:e7:40:be:b7:35:7a:f6:d2:76:e1:
                    a5:36:ef:b9:85:69:1a:2e:b1:55:cd:a0:46:d1:48:
                    4e:62:db:1a:aa:85:f5:28:3b:99:1a:e4:6a:eb:96:
                    d2:d1:56:99:62:ed:e0:4b:c6:b1:87:6a:cc:32:b7:
                    4a:be:6d:82:3a:fa:b4:35:0a:8e:a6:d4:49:ec:93:
                    5a:70:a3:29:65:3a:87:5d:fc:d1:d1:a8:49:87:10:
                    04:ae:ca:a4:60:61:77:b4:c1:1c:a8:14:70:4d:c1:
                    be:82:f1:47:6c:3e:42:05:77:b9:f1:6f:4a:f9:f0:
                    d3:9e:d4:19:11:87:51:f3:6c:aa:4a:9b:a6:c9:f0:
                    8d:aa:e6:f1:14:55:bc:66:aa:33:12:f9:69:40:4d:
                    88:18:96:bd:25:f2:2b:c1:b3:28:1c:54:d1:23:25:
                    91:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:F9:D8:54:4C:94:B7:08:EA:91:B2:D5:FE:09:37:4B:B2:3D:13:05
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RPnYVEyUtwjqkbLV_gk3S7I9EwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:bb:8a:d1:ad:df:56:19:d9:7b:35:ee:2e:b1:37:3e:98:98:
         4e:a8:06:a3:e2:77:a8:53:f8:21:70:ac:f7:5c:c8:2d:b8:b7:
         93:4c:90:15:f4:51:32:88:f3:ea:94:6f:a6:e8:a2:59:ad:15:
         0d:6f:2f:b6:9a:2b:23:2a:76:f4:80:c8:47:58:f0:c8:f6:25:
         5f:f0:a6:b0:b7:c9:c3:8c:00:57:98:b6:10:2c:c7:d8:37:42:
         0f:26:15:ea:5f:4e:5d:67:97:fb:cd:fb:f1:fa:e6:9a:10:a9:
         83:f1:80:e7:ed:cb:53:47:ce:a5:44:c7:40:de:2b:11:8b:cf:
         4f:07:be:a2:0d:84:3b:d3:c9:cb:b6:7d:d6:a2:ca:a4:5c:28:
         89:b1:26:54:da:48:a0:52:7c:3d:92:9b:13:a7:13:b6:59:cb:
         99:d7:b4:cb:83:58:68:a3:4d:e8:08:07:a0:cb:31:7a:eb:fc:
         a8:28:87:13:53:4e:63:47:ca:0b:78:65:8c:0c:39:aa:43:a5:
         fb:91:57:8b:34:6c:ea:84:cc:72:b1:84:43:3f:86:46:c7:f2:
         bc:c0:4d:cd:f9:86:d9:7c:1b:83:59:d8:21:2e:a8:47:8a:e3:
         d9:91:6a:93:2f:48:e7:ed:6d:c5:4c:4b:04:5b:ea:bd:a7:2c:
         99:bc:2c:84
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa9EM6GlVoYFft/oTp5eVAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA3MTcxNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGY5ZDg1NDRjOTRiNzA4ZWE5MWIyZDVmZTA5Mzc0YmIyM2QxMzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAtf4DqbXDD2rq4SSoIi8Gp4J+54
/rRWj+mFvHxbE+Nis8NGqZtatFm+kQggsuMdX/zqPpoJJDOfJWi9EqqE3j0A7XXu
URZAHYUfoh0BRVVbZkHAxa9zkECU0xoAtudAvrc1evbSduGlNu+5hWkaLrFVzaBG
0UhOYtsaqoX1KDuZGuRq65bS0VaZYu3gS8axh2rMMrdKvm2COvq0NQqOptRJ7JNa
cKMpZTqHXfzR0ahJhxAErsqkYGF3tMEcqBRwTcG+gvFHbD5CBXe58W9K+fDTntQZ
EYdR82yqSpumyfCNqubxFFW8ZqozEvlpQE2IGJa9JfIrwbMoHFTRIyWRkwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFET52FRMlLcI6pGy1f4JN0uyPRMFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUlBuWVZFeVV0d2pxa2JMVl9nazNTN0k5RXdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFe7itGt31YZ2Xs17i6x
Nz6YmE6oBqPid6hT+CFwrPdcyC24t5NMkBX0UTKI8+qUb6boolmtFQ1vL7aaKyMq
dvSAyEdY8Mj2JV/wprC3ycOMAFeYthAsx9g3Qg8mFepfTl1nl/vN+/H65poQqYPx
gOfty1NHzqVEx0DeKxGLz08HvqINhDvTycu2fdaiyqRcKImxJlTaSKBSfD2SmxOn
E7ZZy5nXtMuDWGijTegIB6DLMXrr/KgohxNTTmNHygt4ZYwMOapDpfuRV4s0bOqE
zHKxhEM/hkbH8rzATc35htl8G4NZ2CEuqEeK49mRapMvSOftbcVMSwRb6r2nLJm8
LIQ=
-----END CERTIFICATE-----