Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TNCtGeWmG-XJifQPQrZBUNTO09Y.roa
File:                     TNCtGeWmG-XJifQPQrZBUNTO09Y.roa (raw, json)
Hash identifier:          PvFz6nVt+gs+V8l9XJnr4akqToEn2Rsp1jl/Ge8BTW8=
Subject key identifier:   4C:D0:AD:19:E5:A6:1B:E5:C9:89:F4:0F:42:B6:41:50:D4:CE:D3:D6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01897B5DB99CE93156441BE12F681C6104D9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TNCtGeWmG-XJifQPQrZBUNTO09Y.roa
Signing time:             Sat 22 Jul 2023 02:11:27 +0000
ROA not before:           Sat 22 Jul 2023 02:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:7b:5d:b9:9c:e9:31:56:44:1b:e1:2f:68:1c:61:04:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 22 02:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4cd0ad19e5a61be5c989f40f42b64150d4ced3d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:5f:4d:f1:f6:99:8e:1f:53:7b:af:cc:f4:4d:
                    ab:df:14:81:e1:d7:1b:80:94:9e:3a:ba:89:e0:71:
                    ba:22:d3:f9:8c:81:ef:a3:16:27:25:83:22:c5:29:
                    1b:7c:4c:48:42:bb:a8:f3:9d:d0:f9:a3:37:c9:d8:
                    ca:2f:5d:84:24:63:18:c8:88:38:13:b4:eb:44:5a:
                    c1:6d:e1:b3:53:c6:7f:ab:e1:87:7f:fe:de:e8:6d:
                    ad:1f:71:cc:36:b2:0e:6d:1f:f6:a7:82:06:3f:aa:
                    ee:45:a7:a6:e9:80:22:55:bc:e1:9d:d9:c6:83:06:
                    44:08:27:96:6b:45:e1:36:87:fb:74:22:94:8c:f5:
                    c9:1c:38:53:94:5d:81:1e:2f:06:83:78:0f:13:2e:
                    43:27:50:bb:f7:18:46:ad:66:1c:8d:70:9e:d9:06:
                    89:f0:6d:4b:c2:6b:05:ff:8a:88:d6:4a:66:8d:c9:
                    86:15:ca:a1:ce:bd:37:31:b4:eb:9a:19:37:c7:90:
                    2d:3f:71:4b:94:9b:25:57:7b:e8:c6:7d:66:d2:3d:
                    25:7f:96:29:80:be:3d:c1:ed:f5:4c:8f:d6:82:2e:
                    38:90:88:cd:58:fb:82:7f:bf:d5:c9:c3:ba:00:92:
                    84:d8:61:46:b0:fa:ea:7a:03:53:49:e5:81:5c:55:
                    ca:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:D0:AD:19:E5:A6:1B:E5:C9:89:F4:0F:42:B6:41:50:D4:CE:D3:D6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TNCtGeWmG-XJifQPQrZBUNTO09Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:a5:b1:7f:d7:6d:57:7e:68:35:3c:52:f9:f0:1f:7e:1a:d0:
         e1:40:2d:3b:21:1f:a1:d7:cf:11:cd:51:64:ec:52:b0:94:97:
         bb:89:92:d4:d4:fd:6c:14:d8:66:af:c0:5a:73:1f:60:2b:04:
         86:2f:2e:1a:c4:3e:09:89:c9:44:b3:9a:5b:75:29:93:03:61:
         c9:3f:86:af:d1:86:bf:61:3e:f9:11:eb:a6:c9:f0:97:59:1a:
         88:f5:4d:35:b5:55:40:13:3e:5f:92:e1:82:41:98:b4:26:65:
         18:74:f9:93:99:3e:82:7a:ed:35:a4:e8:59:88:8c:5d:bf:76:
         66:0c:41:fe:5d:0b:53:2a:46:13:60:3b:52:8d:55:2c:6a:f8:
         5b:69:25:79:d8:ad:7c:49:5d:d8:89:80:6b:b7:e4:78:88:e2:
         b0:80:6e:2d:f2:ec:2b:8d:1b:da:21:64:3b:9a:ae:8b:bd:64:
         df:ee:9f:f7:f6:b3:71:8b:ba:25:18:62:bc:15:40:83:1e:93:
         38:0b:dc:db:9a:00:5c:47:ee:3e:eb:5b:4d:3f:22:24:19:0b:
         e2:8e:f1:3c:d5:00:f3:9f:f0:0d:0d:1e:3b:99:2d:6e:a2:e8:
         1f:91:42:fb:4e:c6:8d:12:0b:8f:3d:31:2e:44:1d:fd:8c:a2:
         0f:83:53:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl7Xbmc6TFWRBvhL2gcYQTZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIyMDIxMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2QwYWQxOWU1YTYxYmU1Yzk4OWY0MGY0MmI2NDE1MGQ0Y2VkM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhl9N8faZjh9Te6/M9E2r3xSB4dcb
gJSeOrqJ4HG6ItP5jIHvoxYnJYMixSkbfExIQruo853Q+aM3ydjKL12EJGMYyIg4
E7TrRFrBbeGzU8Z/q+GHf/7e6G2tH3HMNrIObR/2p4IGP6ruRaem6YAiVbzhndnG
gwZECCeWa0XhNof7dCKUjPXJHDhTlF2BHi8Gg3gPEy5DJ1C79xhGrWYcjXCe2QaJ
8G1LwmsF/4qI1kpmjcmGFcqhzr03MbTrmhk3x5AtP3FLlJslV3voxn1m0j0lf5Yp
gL49we31TI/Wgi44kIjNWPuCf7/VycO6AJKE2GFGsPrqegNTSeWBXFXKpwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEzQrRnlphvlyYn0D0K2QVDUztPWMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVE5DdEdlV21HLVhKaWZRUFFyWkJVTlRPMDlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABilsX/XbVd+aDU8Uvnw
H34a0OFALTshH6HXzxHNUWTsUrCUl7uJktTU/WwU2GavwFpzH2ArBIYvLhrEPgmJ
yUSzmlt1KZMDYck/hq/Rhr9hPvkR66bJ8JdZGoj1TTW1VUATPl+S4YJBmLQmZRh0
+ZOZPoJ67TWk6FmIjF2/dmYMQf5dC1MqRhNgO1KNVSxq+FtpJXnYrXxJXdiJgGu3
5HiI4rCAbi3y7CuNG9ohZDuarou9ZN/un/f2s3GLuiUYYrwVQIMekzgL3NuaAFxH
7j7rW00/IiQZC+KO8TzVAPOf8A0NHjuZLW6i6B+RQvtOxo0SC489MS5EHf2Mog+D
U04=
-----END CERTIFICATE-----