Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/T0ot2ANyFhSjSHpMpYAQugtRMJk.roa
File:                     T0ot2ANyFhSjSHpMpYAQugtRMJk.roa (raw, json)
Hash identifier:          bC9oKPstvise5ipsfItDJYxQlgm1k58zbjybKvzWDqI=
Subject key identifier:   4F:4A:2D:D8:03:72:16:14:A3:48:7A:4C:A5:80:10:BA:0B:51:30:99
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188DE49756C9C40D44CDE6207EC136D3DAE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/T0ot2ANyFhSjSHpMpYAQugtRMJk.roa
Signing time:             Wed 21 Jun 2023 14:08:56 +0000
ROA not before:           Wed 21 Jun 2023 14:08:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:de:49:75:6c:9c:40:d4:4c:de:62:07:ec:13:6d:3d:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 21 14:08:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4f4a2dd803721614a3487a4ca58010ba0b513099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:01:13:a5:79:0b:26:9a:f0:55:09:a1:be:d9:
                    bd:e6:54:37:33:b6:74:cb:d1:a1:7d:44:7b:8c:2a:
                    00:c3:d5:ec:96:ed:ff:ec:98:b6:aa:2e:0f:7f:7b:
                    be:65:74:37:fb:62:72:ea:b8:12:eb:a2:10:d6:d8:
                    bf:b4:c3:bc:1a:0a:e0:83:07:31:72:62:b7:2b:47:
                    02:1d:d7:e9:ff:b7:c9:2b:ac:75:12:23:c9:86:d8:
                    a2:54:58:34:40:a3:c9:48:02:8b:f8:cb:82:47:ec:
                    a1:f1:62:6c:95:43:31:be:f2:f9:c7:dc:a8:62:2a:
                    04:ac:02:0a:79:81:ff:2c:cc:bc:5c:fd:b8:2b:84:
                    9e:83:bc:95:7a:54:b1:cd:26:5e:c7:c2:da:9a:0b:
                    b9:27:b3:ce:01:1d:e7:bf:c5:58:bf:3a:68:1e:0d:
                    2c:9d:0a:d1:62:7d:0f:c9:e5:6c:e4:91:03:91:35:
                    30:d0:e8:8d:b1:51:5b:76:24:43:5c:ca:8f:9f:51:
                    e2:99:0a:ab:fe:7f:42:20:90:73:89:e9:28:9d:31:
                    79:e1:a8:0c:f8:33:f0:00:b4:6e:55:c5:8b:4c:d1:
                    82:c7:5b:0f:b0:1d:f2:43:15:bb:8c:9b:78:19:39:
                    d3:2b:99:34:19:2a:7c:7e:25:a6:a7:7e:b6:e7:0e:
                    1a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:4A:2D:D8:03:72:16:14:A3:48:7A:4C:A5:80:10:BA:0B:51:30:99
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/T0ot2ANyFhSjSHpMpYAQugtRMJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:0f:7e:f6:6d:6b:4c:a7:c6:97:01:84:e3:da:6e:61:74:4e:
         13:24:c1:04:b9:94:3a:e9:f4:a1:30:fc:b0:0a:bf:be:3c:c4:
         ed:f9:17:c5:08:b0:64:62:c7:8e:b2:4b:8e:b5:30:5d:4c:1b:
         4f:22:86:4e:4d:f2:ce:1c:22:61:5d:4e:29:40:f4:24:68:b5:
         f1:61:68:bd:de:8b:d9:71:0e:6b:97:11:99:86:07:f8:87:8e:
         97:68:7e:bc:0e:d5:fb:67:6a:7b:b1:11:db:34:ec:da:9d:e5:
         f5:5d:ed:e7:57:ec:7e:58:1f:cd:4b:7d:61:5f:45:74:2d:b1:
         e8:9c:d9:c1:4c:7c:aa:64:38:d4:d7:94:ef:b6:ef:5e:98:e7:
         02:45:93:c8:da:57:c8:c1:31:12:e4:dc:b8:86:a2:5b:2a:74:
         2e:02:75:ac:cf:b4:50:04:00:b6:7d:a0:1e:d8:7c:f8:ac:c2:
         06:bf:61:ed:67:da:d8:27:40:7c:f9:89:15:16:e8:d7:d2:1b:
         e7:14:48:c2:eb:79:86:f7:7b:89:d0:f8:05:32:44:10:a2:19:
         b4:a6:cd:ac:3f:33:fc:94:5a:fa:67:e9:67:39:cc:8a:01:0b:
         92:e5:26:5e:59:32:bf:5b:81:6c:14:5d:5a:67:2b:3c:c8:74:
         92:43:e3:95
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjeSXVsnEDUTN5iB+wTbT2uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIxMTQwODU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjRhMmRkODAzNzIxNjE0YTM0ODdhNGNhNTgwMTBiYTBiNTEzMDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswETpXkLJprwVQmhvtm95lQ3M7Z0
y9GhfUR7jCoAw9Xslu3/7Ji2qi4Pf3u+ZXQ3+2Jy6rgS66IQ1ti/tMO8Ggrggwcx
cmK3K0cCHdfp/7fJK6x1EiPJhtiiVFg0QKPJSAKL+MuCR+yh8WJslUMxvvL5x9yo
YioErAIKeYH/LMy8XP24K4Seg7yVelSxzSZex8Lamgu5J7POAR3nv8VYvzpoHg0s
nQrRYn0PyeVs5JEDkTUw0OiNsVFbdiRDXMqPn1HimQqr/n9CIJBziekonTF54agM
+DPwALRuVcWLTNGCx1sPsB3yQxW7jJt4GTnTK5k0GSp8fiWmp3625w4akQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE9KLdgDchYUo0h6TKWAELoLUTCZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVDBvdDJBTnlGaFNqU0hwTXBZQVF1Z3RSTUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHUPfvZta0ynxpcBhOPa
bmF0ThMkwQS5lDrp9KEw/LAKv748xO35F8UIsGRix46yS461MF1MG08ihk5N8s4c
ImFdTilA9CRotfFhaL3ei9lxDmuXEZmGB/iHjpdofrwO1ftnanuxEds07Nqd5fVd
7edX7H5YH81LfWFfRXQtseic2cFMfKpkONTXlO+2716Y5wJFk8jaV8jBMRLk3LiG
olsqdC4CdazPtFAEALZ9oB7YfPiswga/Ye1n2tgnQHz5iRUW6NfSG+cUSMLreYb3
e4nQ+AUyRBCiGbSmzaw/M/yUWvpn6Wc5zIoBC5LlJl5ZMr9bgWwUXVpnKzzIdJJD
45U=
-----END CERTIFICATE-----