Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XKxIChciycU8qDRxOg3S54Ig7dQ.roa
File:                     XKxIChciycU8qDRxOg3S54Ig7dQ.roa (raw, json)
Hash identifier:          2Z/GFEBAqdfj1i0sdR+8wYKqNkY2+RsuwHPrr48G884=
Subject key identifier:   5C:AC:48:0A:17:22:C9:C5:3C:A8:34:71:3A:0D:D2:E7:82:20:ED:D4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188C340332CDE83687F8DF05A6356534723
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XKxIChciycU8qDRxOg3S54Ig7dQ.roa
Signing time:             Fri 16 Jun 2023 08:09:04 +0000
ROA not before:           Fri 16 Jun 2023 08:09:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:c3:40:33:2c:de:83:68:7f:8d:f0:5a:63:56:53:47:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 16 08:09:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cac480a1722c9c53ca834713a0dd2e78220edd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b3:70:e4:23:b9:91:52:41:19:07:76:f3:3b:
                    ff:1a:b4:ba:3b:5b:47:bf:75:95:bf:94:ac:a7:17:
                    99:8b:87:22:ea:c5:a7:2d:29:a5:7a:74:99:cc:93:
                    9a:1d:cc:10:8e:d1:c0:7f:09:a3:91:8a:38:1a:86:
                    e2:45:14:9f:43:3e:0d:2f:30:b6:73:67:2d:7d:a1:
                    84:02:0c:18:54:c5:8f:43:d4:6a:7d:8e:53:75:82:
                    22:94:99:8a:0b:f1:a1:7b:0c:94:5b:32:df:7f:48:
                    b0:c1:d6:9e:1e:e9:52:17:6d:b3:01:7b:13:04:93:
                    cf:d8:f7:80:d9:07:0d:3e:87:de:11:55:1e:9f:38:
                    f7:12:81:ba:ac:d1:fb:8e:29:0a:c0:e8:13:0a:fc:
                    21:ce:73:0d:ae:7d:38:7a:e0:f8:e3:bf:d1:0c:31:
                    55:e2:92:cb:62:0f:af:19:77:66:a0:0f:84:f9:d7:
                    b6:09:d1:39:f5:85:2d:dd:d9:71:86:17:b4:f8:11:
                    1f:ec:a1:b4:be:71:dc:b7:da:1c:1a:0c:9a:c9:f3:
                    74:84:e0:28:f7:31:40:bf:ac:71:24:be:6c:42:15:
                    93:6b:ee:68:34:be:32:53:1e:8a:cc:98:98:5e:b5:
                    dc:95:94:10:2a:91:43:25:91:6a:e4:1f:e6:a8:a9:
                    65:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:AC:48:0A:17:22:C9:C5:3C:A8:34:71:3A:0D:D2:E7:82:20:ED:D4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/XKxIChciycU8qDRxOg3S54Ig7dQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:e4:37:20:f9:82:b3:f1:6d:e9:2a:3f:75:03:c5:e0:b4:25:
         10:24:8e:3a:2f:1b:ba:d2:8a:8f:93:a8:a5:38:39:61:b5:53:
         91:37:9d:3c:3e:d8:7d:75:34:63:92:69:84:21:c7:4a:b9:12:
         e2:d1:fb:ed:87:df:3d:88:a6:22:eb:6a:b7:c8:a3:94:96:bf:
         02:cc:10:69:27:61:e0:df:1f:60:53:b3:22:0d:33:09:05:0a:
         b3:0f:a8:24:cc:c4:8d:a4:6e:fb:0c:0a:4f:29:b6:cf:bd:c2:
         da:f5:bd:18:6a:d4:30:95:4c:f7:7d:7b:31:c9:ce:6a:43:1c:
         3f:99:b3:d5:b7:75:a8:87:40:c2:47:40:98:6a:99:8c:7b:25:
         bf:81:48:e7:de:74:02:bc:29:86:27:87:fd:95:d6:35:00:e1:
         9e:0d:3f:09:1a:6d:e2:b5:cf:be:36:79:ba:1e:d1:86:34:04:
         33:b5:4a:9c:ae:7a:53:aa:2b:5c:4e:f5:32:cb:67:2c:21:3b:
         46:c4:e2:b3:5e:7e:36:f5:0e:32:aa:46:4a:af:a4:56:ff:1a:
         af:5d:d5:bd:55:53:3d:7a:07:cd:2d:eb:f7:a3:df:61:2c:a6:
         a0:75:ca:90:5e:18:48:2e:a7:a3:43:63:e1:2a:33:19:18:b5:
         6b:20:e3:34
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjDQDMs3oNof43wWmNWU0cjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjE2MDgwOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2FjNDgwYTE3MjJjOWM1M2NhODM0NzEzYTBkZDJlNzgyMjBlZGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLNw5CO5kVJBGQd28zv/GrS6O1tH
v3WVv5SspxeZi4ci6sWnLSmlenSZzJOaHcwQjtHAfwmjkYo4GobiRRSfQz4NLzC2
c2ctfaGEAgwYVMWPQ9RqfY5TdYIilJmKC/GhewyUWzLff0iwwdaeHulSF22zAXsT
BJPP2PeA2QcNPofeEVUenzj3EoG6rNH7jikKwOgTCvwhznMNrn04euD447/RDDFV
4pLLYg+vGXdmoA+E+de2CdE59YUt3dlxhhe0+BEf7KG0vnHct9ocGgyayfN0hOAo
9zFAv6xxJL5sQhWTa+5oNL4yUx6KzJiYXrXclZQQKpFDJZFq5B/mqKllfwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFysSAoXIsnFPKg0cToN0ueCIO3UMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWEt4SUNoY2l5Y1U4cURSeE9nM1M1NElnN2RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGPkNyD5grPxbekqP3UD
xeC0JRAkjjovG7rSio+TqKU4OWG1U5E3nTw+2H11NGOSaYQhx0q5EuLR++2H3z2I
piLrarfIo5SWvwLMEGknYeDfH2BTsyINMwkFCrMPqCTMxI2kbvsMCk8pts+9wtr1
vRhq1DCVTPd9ezHJzmpDHD+Zs9W3daiHQMJHQJhqmYx7Jb+BSOfedAK8KYYnh/2V
1jUA4Z4NPwkabeK1z742eboe0YY0BDO1SpyuelOqK1xO9TLLZywhO0bE4rNefjb1
DjKqRkqvpFb/Gq9d1b1VUz16B80t6/ej32EspqB1ypBeGEgup6NDY+EqMxkYtWsg
4zQ=
-----END CERTIFICATE-----