Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VN3F6CJawn0HZqRy-DfMn89Ypkg.roa
File:                     VN3F6CJawn0HZqRy-DfMn89Ypkg.roa (raw, json)
Hash identifier:          YXW5TbM5R8y6/Xo0eCd9rIwLA+lhc00fRpCYe0VmuDw=
Subject key identifier:   54:DD:C5:E8:22:5A:C2:7D:07:66:A4:72:F8:37:CC:9F:CF:58:A6:48
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188B3602897B57E037EB22483FC8F062FFE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VN3F6CJawn0HZqRy-DfMn89Ypkg.roa
Signing time:             Tue 13 Jun 2023 06:10:03 +0000
ROA not before:           Tue 13 Jun 2023 06:10:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b3:60:28:97:b5:7e:03:7e:b2:24:83:fc:8f:06:2f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 13 06:10:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=54ddc5e8225ac27d0766a472f837cc9fcf58a648
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b0:3c:d3:a5:88:81:68:02:f0:1f:2c:1a:f1:
                    16:2b:1b:53:15:cf:8b:88:ed:71:68:a8:c3:fa:25:
                    22:7f:46:ee:1b:46:ba:09:89:06:48:b9:3a:9c:cd:
                    bd:bd:32:37:58:76:25:74:f0:ce:51:df:df:ee:7d:
                    5d:05:cf:dc:d8:55:c2:c6:d8:d6:6b:7b:90:fa:c9:
                    3c:1c:7b:3d:f8:22:71:d2:25:0f:3d:c1:4d:b4:3b:
                    08:51:a3:43:ed:57:3b:d7:80:8b:23:4b:cf:c0:ee:
                    ae:6e:92:30:11:10:ca:12:8f:88:78:2b:2f:6c:fb:
                    f9:06:6e:92:42:8f:cf:a5:fa:08:7d:01:9b:20:e6:
                    f6:5e:82:4b:c2:78:9b:c2:62:a2:74:e7:15:a7:bd:
                    1e:50:11:4f:2e:f8:be:a0:35:dd:76:bf:34:48:8a:
                    fe:ff:0c:af:06:9d:02:fd:a5:20:97:12:0e:ae:8b:
                    0e:20:f1:50:0c:aa:98:d4:f2:f9:fb:51:5e:9a:ce:
                    a2:7a:16:8e:a6:ee:c9:69:1c:de:78:89:c2:ca:40:
                    20:61:3d:8b:0c:31:e5:89:e1:03:03:83:ae:5d:22:
                    c9:d5:a7:71:43:13:7d:42:da:c1:f8:2c:ed:1f:a2:
                    e2:eb:0e:a1:5a:df:63:bf:f3:62:29:a2:80:45:21:
                    27:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:DD:C5:E8:22:5A:C2:7D:07:66:A4:72:F8:37:CC:9F:CF:58:A6:48
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VN3F6CJawn0HZqRy-DfMn89Ypkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:8a:58:75:4d:1b:93:13:48:ae:f4:f8:be:2c:71:62:14:e8:
         11:23:98:8b:13:c1:63:f8:d0:b0:5c:35:b2:d4:7e:0e:21:58:
         1e:5e:f2:4f:fe:eb:68:10:db:66:33:a9:b1:6c:d9:1d:14:d9:
         82:9c:58:5b:36:19:63:4c:99:ce:3c:0e:95:fe:21:ae:8b:f6:
         14:b6:fa:6c:ce:c1:28:3c:75:15:31:08:38:fb:a0:e4:e7:89:
         07:e7:b0:3e:b2:6f:d1:fb:9f:f0:66:7f:2c:40:3d:2d:cd:6c:
         cd:f2:a0:b3:1b:23:5f:93:da:0a:d0:df:1b:c2:73:3d:51:15:
         6d:9a:3d:26:82:64:4a:d3:0d:3c:18:08:5c:e9:30:e1:27:fd:
         0d:45:83:1a:33:ab:77:1f:bc:d5:46:84:41:c4:b8:d9:33:60:
         69:b9:00:3f:63:6c:3c:1a:ce:10:b1:01:49:a9:b4:cc:6e:74:
         8d:ba:98:6d:b6:8f:5c:a9:5f:94:39:99:b6:14:ab:4b:2d:ad:
         a9:bc:6e:e8:72:c5:d1:f5:7e:a9:41:8e:eb:6e:f3:00:2e:8b:
         88:9b:ce:11:52:35:da:b2:07:a3:b4:1d:33:9e:f1:18:b5:62:
         e7:c6:e9:8e:39:31:19:64:ee:16:9f:be:d0:9b:b7:bb:34:19:
         42:37:6d:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYizYCiXtX4DfrIkg/yPBi/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjEzMDYxMDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGRkYzVlODIyNWFjMjdkMDc2NmE0NzJmODM3Y2M5ZmNmNThhNjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLA806WIgWgC8B8sGvEWKxtTFc+L
iO1xaKjD+iUif0buG0a6CYkGSLk6nM29vTI3WHYldPDOUd/f7n1dBc/c2FXCxtjW
a3uQ+sk8HHs9+CJx0iUPPcFNtDsIUaND7Vc714CLI0vPwO6ubpIwERDKEo+IeCsv
bPv5Bm6SQo/PpfoIfQGbIOb2XoJLwnibwmKidOcVp70eUBFPLvi+oDXddr80SIr+
/wyvBp0C/aUglxIOrosOIPFQDKqY1PL5+1Fems6iehaOpu7JaRzeeInCykAgYT2L
DDHlieEDA4OuXSLJ1adxQxN9QtrB+CztH6Li6w6hWt9jv/NiKaKARSEnawIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFTdxegiWsJ9B2akcvg3zJ/PWKZIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVk4zRjZDSmF3bjBIWnFSeS1EZk1uODlZcGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALGKWHVNG5MTSK70+L4s
cWIU6BEjmIsTwWP40LBcNbLUfg4hWB5e8k/+62gQ22YzqbFs2R0U2YKcWFs2GWNM
mc48DpX+Ia6L9hS2+mzOwSg8dRUxCDj7oOTniQfnsD6yb9H7n/BmfyxAPS3NbM3y
oLMbI1+T2grQ3xvCcz1RFW2aPSaCZErTDTwYCFzpMOEn/Q1Fgxozq3cfvNVGhEHE
uNkzYGm5AD9jbDwazhCxAUmptMxudI26mG22j1ypX5Q5mbYUq0stram8buhyxdH1
fqlBjutu8wAui4ibzhFSNdqyB6O0HTOe8Ri1YufG6Y45MRlk7hafvtCbt7s0GUI3
baU=
-----END CERTIFICATE-----