Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VYvjQhCDXDfgnjFuHOKcracHnm8.roa
File:                     VYvjQhCDXDfgnjFuHOKcracHnm8.roa (raw, json)
Hash identifier:          HNnI+rCYxasbai+qxdRxwgZZ5zRNC+arEhI/im3WC+o=
Subject key identifier:   55:8B:E3:42:10:83:5C:37:E0:9E:31:6E:1C:E2:9C:AD:A7:07:9E:6F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01874B1F4A6D5DD600C43DC78CD94AC16A14
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VYvjQhCDXDfgnjFuHOKcracHnm8.roa
Signing time:             Tue 04 Apr 2023 07:15:54 +0000
ROA not before:           Tue 04 Apr 2023 07:15:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:4b:1f:4a:6d:5d:d6:00:c4:3d:c7:8c:d9:4a:c1:6a:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  4 07:15:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=558be34210835c37e09e316e1ce29cada7079e6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c2:3f:d3:55:06:24:d0:03:e9:d4:0a:e5:aa:
                    cf:51:40:c6:56:cc:86:21:93:24:16:26:4d:23:10:
                    7d:42:4d:05:62:c5:95:b4:df:64:67:b7:99:7b:79:
                    79:f7:2b:30:67:3e:28:86:28:d2:51:b2:f0:d0:c7:
                    8a:fe:10:ae:e5:0b:20:80:53:8f:1b:0a:c1:d6:0f:
                    4a:7b:ad:9d:ab:5d:a0:8c:de:86:ae:34:9b:11:26:
                    1f:a2:55:04:5a:58:e8:ae:01:4b:9a:45:7e:98:98:
                    39:dd:b4:e7:85:c6:d9:7f:a0:3b:8e:8f:6a:f5:0d:
                    e9:4a:a6:11:a9:fe:38:e9:77:45:94:dd:4f:4c:76:
                    8b:dd:d6:19:0f:37:12:bf:00:c7:f5:99:01:4c:15:
                    71:fd:e4:95:68:fa:9b:41:de:9a:2f:5e:53:8a:cf:
                    c7:c0:87:53:64:99:ed:03:3b:da:37:fa:22:31:bc:
                    4b:58:7d:d7:57:97:b2:a8:87:ea:b8:bf:94:d2:aa:
                    6b:98:cd:96:3a:57:f3:60:d0:f6:2f:b7:d3:15:ed:
                    2d:b6:5a:23:c5:3f:01:f7:8a:43:b9:25:8b:e9:36:
                    89:4a:c1:4d:bf:b9:50:cd:76:07:39:76:c0:d7:cc:
                    6e:42:b6:42:af:24:d0:2a:c8:bc:91:0a:64:38:7f:
                    24:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:8B:E3:42:10:83:5C:37:E0:9E:31:6E:1C:E2:9C:AD:A7:07:9E:6F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VYvjQhCDXDfgnjFuHOKcracHnm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:6e:6a:dd:98:1e:33:6b:02:06:3b:62:eb:3f:16:9c:18:fa:
         37:ef:5a:85:9f:ac:c1:5a:a4:91:92:69:76:63:83:d3:a2:31:
         67:7a:06:5e:aa:9d:5c:c1:6b:67:53:db:8f:be:86:52:ce:92:
         cf:85:93:55:c1:f9:7a:0a:72:f6:0e:07:26:92:79:21:b6:e0:
         da:e3:b0:61:96:e6:fc:63:ff:15:c1:f1:f5:58:48:70:34:cc:
         d0:ff:84:6a:8c:0e:b6:80:1b:66:7c:75:32:9b:2d:c2:b4:c4:
         9e:57:45:c9:5d:b6:8f:05:42:84:19:fa:15:89:ac:14:73:0b:
         7a:68:01:e2:90:87:d3:5c:43:a1:da:6b:79:07:3d:ae:aa:4d:
         8d:5f:c6:9a:ac:3c:eb:8d:c7:42:2c:63:01:40:8d:02:82:b8:
         8f:85:c0:4d:76:60:93:90:22:48:18:0a:45:a2:cb:57:02:d8:
         ea:9f:f1:36:89:4a:25:69:54:a7:5a:eb:d2:0b:ec:27:bf:4f:
         af:33:c5:ab:c7:15:6d:9c:7d:4b:90:0f:2d:5a:4e:24:ae:1a:
         a5:b3:aa:6c:53:8e:89:3f:71:a2:e1:cc:79:c5:ee:c6:7d:c2:
         f7:77:7a:ad:ae:e7:83:4c:f1:41:7e:0d:9a:eb:bc:ee:e0:fe:
         71:71:8e:c7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdLH0ptXdYAxD3HjNlKwWoUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA0MDcxNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NThiZTM0MjEwODM1YzM3ZTA5ZTMxNmUxY2UyOWNhZGE3MDc5ZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcI/01UGJNAD6dQK5arPUUDGVsyG
IZMkFiZNIxB9Qk0FYsWVtN9kZ7eZe3l59yswZz4ohijSUbLw0MeK/hCu5QsggFOP
GwrB1g9Ke62dq12gjN6GrjSbESYfolUEWljorgFLmkV+mJg53bTnhcbZf6A7jo9q
9Q3pSqYRqf446XdFlN1PTHaL3dYZDzcSvwDH9ZkBTBVx/eSVaPqbQd6aL15Tis/H
wIdTZJntAzvaN/oiMbxLWH3XV5eyqIfquL+U0qprmM2WOlfzYND2L7fTFe0ttloj
xT8B94pDuSWL6TaJSsFNv7lQzXYHOXbA18xuQrZCryTQKsi8kQpkOH8kKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFWL40IQg1w34J4xbhzinK2nB55vMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVll2alFoQ0RYRGZnbmpGdUhPS2NyYWNIbm04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABJuat2YHjNrAgY7Yus/
FpwY+jfvWoWfrMFapJGSaXZjg9OiMWd6Bl6qnVzBa2dT24++hlLOks+Fk1XB+XoK
cvYOByaSeSG24NrjsGGW5vxj/xXB8fVYSHA0zND/hGqMDraAG2Z8dTKbLcK0xJ5X
Rcldto8FQoQZ+hWJrBRzC3poAeKQh9NcQ6Haa3kHPa6qTY1fxpqsPOuNx0IsYwFA
jQKCuI+FwE12YJOQIkgYCkWiy1cC2Oqf8TaJSiVpVKda69IL7Ce/T68zxavHFW2c
fUuQDy1aTiSuGqWzqmxTjok/caLhzHnF7sZ9wvd3eq2u54NM8UF+DZrrvO7g/nFx
jsc=
-----END CERTIFICATE-----