Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SFDEKn2dQjvDGJnfE9sPlaCiLuw.roa
File:                     SFDEKn2dQjvDGJnfE9sPlaCiLuw.roa (raw, json)
Hash identifier:          AXvn/3tpqLi3+EMnuA26XuZOJZ36ZdOCrSbhuoVW+XI=
Subject key identifier:   48:50:C4:2A:7D:9D:42:3B:C3:18:99:DF:13:DB:0F:95:A0:A2:2E:EC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01883BD9BA4092874E9184BE1D74654B23E7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SFDEKn2dQjvDGJnfE9sPlaCiLuw.roa
Signing time:             Sun 21 May 2023 01:08:24 +0000
ROA not before:           Sun 21 May 2023 01:08:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:3b:d9:ba:40:92:87:4e:91:84:be:1d:74:65:4b:23:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 21 01:08:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4850c42a7d9d423bc31899df13db0f95a0a22eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:58:db:47:e3:97:79:8a:c6:cf:a6:90:03:5d:
                    c0:a0:a1:6a:56:81:50:b7:09:4c:e5:ff:b6:1a:27:
                    12:d8:b7:e1:a9:0d:b1:f0:4f:c6:f1:3d:c4:72:a4:
                    47:66:05:af:f6:95:90:f0:88:0c:97:82:4a:e5:61:
                    73:39:f0:07:77:d3:d4:fa:e1:e0:1a:d2:30:0b:bf:
                    22:cb:e7:c9:90:6b:4d:b6:9e:a9:41:09:70:7e:b8:
                    0b:3c:ea:6c:92:72:c1:9b:07:69:5a:6b:d0:d2:7b:
                    b5:d4:b9:1f:ca:9d:6f:3c:e6:da:0b:43:69:4c:63:
                    78:4e:07:ff:79:cf:bd:ab:c9:ce:03:8b:bf:de:fa:
                    3f:29:d8:58:d4:20:c7:80:1e:95:64:1e:7a:9f:e3:
                    23:c0:af:ab:1b:73:84:80:eb:8e:d0:64:e1:90:ba:
                    0d:d1:27:88:e3:7b:62:02:fc:de:ba:f9:53:9d:1a:
                    77:84:63:6d:6c:44:92:7f:1c:ed:41:4f:da:a9:26:
                    40:4f:75:fb:52:d5:d3:91:ba:92:3a:be:09:de:39:
                    c7:14:8e:5c:31:1f:23:4c:76:49:9f:e9:1b:1f:fd:
                    20:a7:52:7c:83:33:f8:2c:8d:04:21:6f:f3:e2:7e:
                    80:cf:fb:51:15:5d:4e:08:10:7f:f0:d2:e2:ae:c6:
                    c8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:50:C4:2A:7D:9D:42:3B:C3:18:99:DF:13:DB:0F:95:A0:A2:2E:EC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SFDEKn2dQjvDGJnfE9sPlaCiLuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:ce:0a:b6:07:5b:02:d8:d3:1c:32:b0:24:1f:5a:19:f5:32:
         b2:ad:fa:00:62:4e:42:bf:32:38:39:f1:42:07:67:19:eb:01:
         97:ed:94:0e:05:64:88:8a:08:84:6e:6a:73:3f:2e:0f:2a:95:
         90:9c:9a:24:a2:4d:4d:60:5e:d0:3f:25:c1:23:9d:4d:c4:bd:
         cd:0a:42:04:33:7f:47:38:f7:15:f1:0d:97:7c:0d:84:ec:7b:
         ae:d1:7b:ab:13:44:70:db:07:ff:c8:b4:bb:b7:f4:12:27:e1:
         5a:81:d7:8c:7a:c6:b7:11:87:18:98:17:0d:d4:1e:3e:48:33:
         d6:77:33:af:77:37:f1:ba:1d:e2:0e:1e:92:52:66:e3:1e:b4:
         6a:b6:54:af:19:f9:60:cd:a8:43:69:cf:8f:e4:74:8f:77:9c:
         1a:d1:36:b1:9b:ff:88:23:55:c4:4a:3c:ec:41:b5:d1:f5:e8:
         86:94:d6:7f:a3:67:84:89:24:bc:24:6c:de:07:80:db:44:cc:
         32:34:5a:d0:a6:d5:20:cd:5c:10:a5:9e:4b:b8:8f:0c:3f:fd:
         e2:38:48:6b:4d:5d:02:a6:81:f6:8d:83:fc:ab:99:53:82:23:
         fa:ad:e1:92:da:4e:45:aa:83:38:f7:72:2a:06:76:41:ea:b6:
         21:4c:c4:94
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg72bpAkodOkYS+HXRlSyPnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIxMDEwODI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODUwYzQyYTdkOWQ0MjNiYzMxODk5ZGYxM2RiMGY5NWEwYTIyZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVjbR+OXeYrGz6aQA13AoKFqVoFQ
twlM5f+2GicS2LfhqQ2x8E/G8T3EcqRHZgWv9pWQ8IgMl4JK5WFzOfAHd9PU+uHg
GtIwC78iy+fJkGtNtp6pQQlwfrgLPOpsknLBmwdpWmvQ0nu11Lkfyp1vPObaC0Np
TGN4Tgf/ec+9q8nOA4u/3vo/KdhY1CDHgB6VZB56n+MjwK+rG3OEgOuO0GThkLoN
0SeI43tiAvzeuvlTnRp3hGNtbESSfxztQU/aqSZAT3X7UtXTkbqSOr4J3jnHFI5c
MR8jTHZJn+kbH/0gp1J8gzP4LI0EIW/z4n6Az/tRFV1OCBB/8NLirsbIZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEhQxCp9nUI7wxiZ3xPbD5Wgoi7sMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU0ZERUtuMmRRanZER0puZkU5c1BsYUNpTHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABHOCrYHWwLY0xwysCQf
Whn1MrKt+gBiTkK/Mjg58UIHZxnrAZftlA4FZIiKCIRuanM/Lg8qlZCcmiSiTU1g
XtA/JcEjnU3Evc0KQgQzf0c49xXxDZd8DYTse67Re6sTRHDbB//ItLu39BIn4VqB
14x6xrcRhxiYFw3UHj5IM9Z3M693N/G6HeIOHpJSZuMetGq2VK8Z+WDNqENpz4/k
dI93nBrRNrGb/4gjVcRKPOxBtdH16IaU1n+jZ4SJJLwkbN4HgNtEzDI0WtCm1SDN
XBClnku4jww//eI4SGtNXQKmgfaNg/yrmVOCI/qt4ZLaTkWqgzj3cioGdkHqtiFM
xJQ=
-----END CERTIFICATE-----