Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VyVwbQd901O2g9uTH9sYyi6_7l4.roa
File:                     VyVwbQd901O2g9uTH9sYyi6_7l4.roa (raw, json)
Hash identifier:          PqUF3CaHLSVvhVp8s/8QAz+znYgjEKh0pAPdENsL2GI=
Subject key identifier:   57:25:70:6D:07:7D:D3:53:B6:83:DB:93:1F:DB:18:CA:2E:BF:EE:5E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188E037D8C1C55D2F2AAF5B34107F5FCEDA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VyVwbQd901O2g9uTH9sYyi6_7l4.roa
Signing time:             Wed 21 Jun 2023 23:08:56 +0000
ROA not before:           Wed 21 Jun 2023 23:08:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e0:37:d8:c1:c5:5d:2f:2a:af:5b:34:10:7f:5f:ce:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 21 23:08:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5725706d077dd353b683db931fdb18ca2ebfee5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:10:13:18:53:80:69:55:54:09:56:45:54:88:
                    6d:e2:f5:0e:55:0b:6b:a1:d6:a4:b0:4b:fc:a0:a5:
                    00:f0:52:3e:69:35:2f:11:93:49:b7:7a:95:50:76:
                    df:4c:82:a6:68:03:e1:ed:76:e7:be:2b:85:6b:da:
                    bd:41:64:65:db:27:89:a3:e5:b7:2c:06:d7:85:f2:
                    f9:c3:fa:75:74:84:43:fc:d0:a0:02:9f:c3:d7:7d:
                    17:9c:06:66:b1:b4:74:fb:2f:15:0d:49:06:b2:ab:
                    53:68:f9:b1:55:54:7f:45:d9:ba:08:b0:23:d2:d3:
                    f5:ba:9b:68:0d:5d:bb:24:9c:9c:7e:ae:55:5b:99:
                    98:9f:78:9b:2c:f2:aa:30:00:21:ef:e8:d1:44:1a:
                    15:21:4d:0a:a7:89:92:93:9a:46:10:95:4d:9d:0d:
                    22:6c:b4:6f:25:9c:32:48:7d:3d:b1:15:65:cc:9c:
                    cc:f4:cd:9b:51:ab:99:62:43:fd:ca:01:70:6f:d0:
                    94:72:bf:c9:de:a2:56:25:5a:90:c6:3b:1b:72:72:
                    43:25:b3:cf:d7:98:0a:14:75:26:c7:0b:5c:be:18:
                    23:3b:e1:38:f8:1b:22:c1:45:96:ca:f8:52:4c:e5:
                    93:31:6f:30:7b:b2:fe:e2:4a:9e:ae:49:b5:0f:b1:
                    57:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:25:70:6D:07:7D:D3:53:B6:83:DB:93:1F:DB:18:CA:2E:BF:EE:5E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VyVwbQd901O2g9uTH9sYyi6_7l4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:a9:9b:35:57:f2:6f:40:a2:e9:85:6a:f6:b3:86:00:46:93:
         69:a5:da:f8:72:45:9c:8f:cb:63:fa:ef:a2:89:5f:71:88:37:
         d5:7e:ac:89:5b:57:c0:a6:80:aa:c0:fc:70:e0:39:d9:ca:d7:
         70:49:5c:b3:47:aa:13:71:61:c2:5e:1c:94:0b:c3:12:52:fb:
         62:5c:fd:9b:b6:99:80:19:36:67:f3:cb:68:8e:bd:5a:73:9d:
         a9:5a:ea:0b:1e:23:4b:b0:c9:27:1d:57:8d:49:d2:8e:1b:c0:
         ed:71:c5:a0:1a:f5:0e:98:ce:b7:0b:a4:6e:b7:d5:a8:0e:5d:
         16:0e:c7:2e:cc:dc:28:60:d7:86:fb:45:d2:31:55:fb:a2:59:
         99:c6:dd:52:64:22:ef:29:e4:6d:ea:22:98:5b:92:4a:dc:e6:
         d8:0a:fa:77:60:37:c2:c5:08:c8:23:c9:c8:71:63:5f:10:3d:
         0c:a7:49:0f:51:4d:b6:7c:0d:e6:ac:09:6d:0b:a9:58:a0:0c:
         21:75:f5:2e:d0:55:55:91:38:a7:fd:dd:a6:dc:ad:55:84:e9:
         2d:60:5d:bb:e6:08:26:08:51:e4:b7:7f:a9:71:95:f6:81:1b:
         fc:c0:30:c3:fd:06:64:1e:05:b7:80:62:00:a4:77:3a:0c:bd:
         de:df:e5:90
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjgN9jBxV0vKq9bNBB/X87aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIxMjMwODU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzI1NzA2ZDA3N2RkMzUzYjY4M2RiOTMxZmRiMThjYTJlYmZlZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohATGFOAaVVUCVZFVIht4vUOVQtr
odaksEv8oKUA8FI+aTUvEZNJt3qVUHbfTIKmaAPh7XbnviuFa9q9QWRl2yeJo+W3
LAbXhfL5w/p1dIRD/NCgAp/D130XnAZmsbR0+y8VDUkGsqtTaPmxVVR/Rdm6CLAj
0tP1uptoDV27JJycfq5VW5mYn3ibLPKqMAAh7+jRRBoVIU0Kp4mSk5pGEJVNnQ0i
bLRvJZwySH09sRVlzJzM9M2bUauZYkP9ygFwb9CUcr/J3qJWJVqQxjsbcnJDJbPP
15gKFHUmxwtcvhgjO+E4+BsiwUWWyvhSTOWTMW8we7L+4kqerkm1D7FXPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFclcG0HfdNTtoPbkx/bGMouv+5eMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVnlWd2JRZDkwMU8yZzl1VEg5c1l5aTZfN2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKapmzVX8m9AoumFavaz
hgBGk2ml2vhyRZyPy2P676KJX3GIN9V+rIlbV8CmgKrA/HDgOdnK13BJXLNHqhNx
YcJeHJQLwxJS+2Jc/Zu2mYAZNmfzy2iOvVpznala6gseI0uwyScdV41J0o4bwO1x
xaAa9Q6YzrcLpG631agOXRYOxy7M3Chg14b7RdIxVfuiWZnG3VJkIu8p5G3qIphb
kkrc5tgK+ndgN8LFCMgjychxY18QPQynSQ9RTbZ8DeasCW0LqVigDCF19S7QVVWR
OKf93abcrVWE6S1gXbvmCCYIUeS3f6lxlfaBG/zAMMP9BmQeBbeAYgCkdzoMvd7f
5ZA=
-----END CERTIFICATE-----