Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TdAPtV9urT2Zc7tWYc-b8zaEza0.roa
File:                     TdAPtV9urT2Zc7tWYc-b8zaEza0.roa (raw, json)
Hash identifier:          VK76jMSnzxfrpiySKOSABIrwevD52ek0yXeb0DOn4ws=
Subject key identifier:   4D:D0:0F:B5:5F:6E:AD:3D:99:73:BB:56:61:CF:9B:F3:36:84:CD:AD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187582F85C52781056852860269EE435E75
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TdAPtV9urT2Zc7tWYc-b8zaEza0.roa
Signing time:             Thu 06 Apr 2023 20:08:42 +0000
ROA not before:           Thu 06 Apr 2023 20:08:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:58:2f:85:c5:27:81:05:68:52:86:02:69:ee:43:5e:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  6 20:08:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4dd00fb55f6ead3d9973bb5661cf9bf33684cdad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b8:24:0e:da:cd:15:46:f6:45:25:42:3d:2d:
                    c5:a0:d2:8e:74:f2:66:44:27:dd:36:00:ba:e2:60:
                    f4:1b:a2:a2:ea:79:f6:d8:82:ce:bf:18:d9:67:e0:
                    61:d8:ca:35:07:62:28:f3:93:ca:9c:73:93:63:c8:
                    ee:c9:41:e9:96:88:10:a5:5e:35:40:13:96:63:27:
                    55:a5:85:88:1b:f0:0a:79:e8:a9:97:b3:2f:bb:05:
                    b7:a2:21:21:a7:d1:58:93:fd:7f:4e:d4:13:8b:73:
                    93:1e:6f:65:07:fd:74:ab:57:8b:0a:57:b7:d9:6f:
                    b0:fa:e3:a0:fb:a4:43:a9:10:43:24:26:8d:2e:19:
                    ef:c8:a8:45:ef:82:13:85:32:c0:4b:51:a2:d8:73:
                    00:90:20:a7:8e:da:d1:1e:c7:5f:1d:9b:a1:44:b5:
                    23:33:45:19:cd:3e:36:f4:d2:c4:ef:20:26:bf:e5:
                    27:92:d1:87:91:51:fd:71:8f:ac:d8:76:7e:e4:04:
                    7a:8c:67:4f:5d:61:5d:43:7d:c3:43:23:13:8f:de:
                    57:d0:29:f9:4f:aa:90:01:da:43:fc:e5:f1:07:e0:
                    0a:77:e7:18:11:27:2f:b9:bf:da:31:a4:7a:3b:f8:
                    00:38:8b:17:90:7e:d8:de:ab:3f:c0:64:4c:42:fb:
                    06:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:D0:0F:B5:5F:6E:AD:3D:99:73:BB:56:61:CF:9B:F3:36:84:CD:AD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TdAPtV9urT2Zc7tWYc-b8zaEza0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:c4:cd:38:5a:45:ac:39:8a:2f:72:85:c2:37:35:b2:34:47:
         cd:03:0c:70:b6:12:54:01:6e:73:b1:71:cf:c4:96:2f:ef:d8:
         44:eb:70:5e:77:c6:ee:3b:11:77:15:64:54:a2:89:a7:37:a1:
         08:f7:b3:d2:93:4a:03:19:3b:eb:b4:db:29:f8:92:1f:0d:ab:
         bb:e4:5a:cc:30:fb:b5:40:f7:bd:2f:51:b2:11:4b:e0:5b:29:
         d9:ab:d7:4f:03:64:63:45:00:4d:e3:f7:26:b6:b1:8c:0c:6c:
         0b:a8:b9:c3:54:5f:3e:1a:62:a0:d9:ff:f3:a3:50:e4:37:f6:
         75:57:ff:7f:fa:79:4d:f5:1b:11:b9:a1:24:ff:97:ee:72:8e:
         c5:0e:c7:94:8d:23:b0:07:b3:f7:b1:9f:43:37:10:3b:4d:45:
         13:9e:62:7a:20:ce:28:38:5a:74:6b:47:3c:f8:44:c6:26:3a:
         b5:22:aa:35:11:2a:46:40:11:47:28:7b:aa:31:b3:72:2f:ce:
         b7:6c:aa:0e:ca:92:e9:3b:9f:6a:00:52:0e:28:20:72:7f:d4:
         5d:b0:b3:5b:ff:1f:6c:2e:bb:29:86:69:d4:44:88:40:66:27:
         8a:0d:04:99:87:3d:3e:35:55:50:4f:28:fc:30:cd:7d:b0:a8:
         91:f6:0b:73
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdYL4XFJ4EFaFKGAmnuQ151MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA2MjAwODQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGQwMGZiNTVmNmVhZDNkOTk3M2JiNTY2MWNmOWJmMzM2ODRjZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrgkDtrNFUb2RSVCPS3FoNKOdPJm
RCfdNgC64mD0G6Ki6nn22ILOvxjZZ+Bh2Mo1B2Io85PKnHOTY8juyUHplogQpV41
QBOWYydVpYWIG/AKeeipl7MvuwW3oiEhp9FYk/1/TtQTi3OTHm9lB/10q1eLCle3
2W+w+uOg+6RDqRBDJCaNLhnvyKhF74IThTLAS1Gi2HMAkCCnjtrRHsdfHZuhRLUj
M0UZzT429NLE7yAmv+UnktGHkVH9cY+s2HZ+5AR6jGdPXWFdQ33DQyMTj95X0Cn5
T6qQAdpD/OXxB+AKd+cYEScvub/aMaR6O/gAOIsXkH7Y3qs/wGRMQvsGNQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE3QD7Vfbq09mXO7VmHPm/M2hM2tMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVGRBUHRWOXVyVDJaYzd0V1ljLWI4emFFemEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADHEzThaRaw5ii9yhcI3
NbI0R80DDHC2ElQBbnOxcc/Eli/v2ETrcF53xu47EXcVZFSiiac3oQj3s9KTSgMZ
O+u02yn4kh8Nq7vkWsww+7VA970vUbIRS+BbKdmr108DZGNFAE3j9ya2sYwMbAuo
ucNUXz4aYqDZ//OjUOQ39nVX/3/6eU31GxG5oST/l+5yjsUOx5SNI7AHs/exn0M3
EDtNRROeYnogzig4WnRrRzz4RMYmOrUiqjURKkZAEUcoe6oxs3Ivzrdsqg7Kkuk7
n2oAUg4oIHJ/1F2ws1v/H2wuuymGadREiEBmJ4oNBJmHPT41VVBPKPwwzX2wqJH2
C3M=
-----END CERTIFICATE-----