Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Xuv6UEMWMhSoF-iLyK4TR0-fSOA.roa
File:                     Xuv6UEMWMhSoF-iLyK4TR0-fSOA.roa (raw, json)
Hash identifier:          lWvW8Y/lsLnqA90YpAJrI50pUFpIj6sy4jyE4nyKRhg=
Subject key identifier:   5E:EB:FA:50:43:16:32:14:A8:17:E8:8B:C8:AE:13:47:4F:9F:48:E0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188307E76DC6037476C643863769852150D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Xuv6UEMWMhSoF-iLyK4TR0-fSOA.roa
Signing time:             Thu 18 May 2023 20:12:54 +0000
ROA not before:           Thu 18 May 2023 20:12:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:30:7e:76:dc:60:37:47:6c:64:38:63:76:98:52:15:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 18 20:12:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5eebfa5043163214a817e88bc8ae13474f9f48e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a8:d2:07:54:53:32:10:fc:0d:e6:a6:b0:e7:
                    b6:eb:12:ba:16:53:1a:96:47:48:ff:82:81:97:1c:
                    65:40:f0:0a:09:18:34:a9:22:c5:92:ab:f4:26:46:
                    09:e7:0f:d9:14:2e:b6:94:cc:8b:fc:19:3d:1e:17:
                    ae:b5:e9:08:85:35:e4:75:d2:a6:81:cd:77:8a:0c:
                    66:98:0b:47:c2:ba:06:c9:f2:02:b8:e6:0a:5d:e3:
                    c6:3c:21:7d:d5:44:0e:71:ac:17:f1:c0:c6:e4:13:
                    c0:7e:e0:d2:34:fb:fd:00:17:3d:0d:52:6b:88:bf:
                    5f:9d:18:82:67:d4:08:f4:e7:de:60:21:2d:4a:6b:
                    19:60:3e:2d:8a:d6:aa:ac:58:0a:af:45:5e:88:07:
                    2c:88:12:b6:87:e9:1a:23:d7:20:ee:4a:c6:e6:08:
                    a8:4a:99:6e:21:21:c5:9e:d7:77:15:a5:87:d8:15:
                    8a:ac:0a:10:60:c7:11:38:8b:39:5b:6a:6c:9c:54:
                    14:53:cb:14:ab:8d:28:4d:c1:75:59:05:f9:13:09:
                    81:f4:be:3e:99:79:62:ec:d7:d3:97:e0:aa:40:62:
                    83:7d:60:0f:58:f5:df:ee:ed:b0:d1:78:7b:be:82:
                    ee:d4:c1:83:58:31:53:e7:d7:14:1e:66:52:d6:c3:
                    1e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:EB:FA:50:43:16:32:14:A8:17:E8:8B:C8:AE:13:47:4F:9F:48:E0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Xuv6UEMWMhSoF-iLyK4TR0-fSOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:cd:0f:b7:b1:30:ba:32:c9:2a:42:26:9e:a6:5d:90:a1:2c:
         dc:62:c0:6a:58:3d:8e:01:2d:cd:60:44:15:25:9d:5f:6e:97:
         47:93:87:59:dd:3c:06:20:2e:06:49:bd:8a:d8:9c:d2:c3:df:
         ff:fb:70:34:ed:bc:83:7f:c7:29:bd:2b:3b:1a:6d:fa:5a:77:
         72:50:b2:67:91:7b:c8:91:26:4b:68:3b:1b:ed:c4:6b:9c:23:
         a0:9e:0a:e3:55:16:d6:4a:be:19:e8:b6:fd:2d:b0:1d:d5:a1:
         eb:b6:9d:f2:6d:4a:93:8d:5b:9b:ee:ce:ea:12:30:f5:3b:ec:
         6b:29:e4:90:48:3b:1b:03:b7:7d:4b:ff:ad:72:7b:82:37:84:
         f2:bb:77:63:47:75:77:6c:5a:df:13:0b:b7:3d:3e:70:df:43:
         34:dc:53:d7:ab:6d:0e:ce:0a:fa:93:3a:26:6d:c3:5c:9c:1b:
         fc:65:71:d0:78:94:06:00:37:47:0a:91:ff:2b:6b:f6:d8:73:
         4b:e0:84:a9:e0:cc:41:f3:b1:a6:2b:6a:a2:f0:b8:77:72:f1:
         eb:32:6e:e1:c9:44:51:88:13:6e:06:ec:61:23:be:1f:ab:3e:
         8e:fd:9e:15:e9:59:93:95:7e:a5:61:dc:f5:f0:27:40:be:30:
         b2:92:13:9a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgwfnbcYDdHbGQ4Y3aYUhUNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE4MjAxMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWViZmE1MDQzMTYzMjE0YTgxN2U4OGJjOGFlMTM0NzRmOWY0OGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkajSB1RTMhD8DeamsOe26xK6FlMa
lkdI/4KBlxxlQPAKCRg0qSLFkqv0JkYJ5w/ZFC62lMyL/Bk9HheutekIhTXkddKm
gc13igxmmAtHwroGyfICuOYKXePGPCF91UQOcawX8cDG5BPAfuDSNPv9ABc9DVJr
iL9fnRiCZ9QI9OfeYCEtSmsZYD4titaqrFgKr0VeiAcsiBK2h+kaI9cg7krG5gio
SpluISHFntd3FaWH2BWKrAoQYMcROIs5W2psnFQUU8sUq40oTcF1WQX5EwmB9L4+
mXli7NfTl+CqQGKDfWAPWPXf7u2w0Xh7voLu1MGDWDFT59cUHmZS1sMe6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF7r+lBDFjIUqBfoi8iuE0dPn0jgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWHV2NlVFTVdNaFNvRi1pTHlLNFRSMC1mU09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHHND7exMLoyySpCJp6m
XZChLNxiwGpYPY4BLc1gRBUlnV9ul0eTh1ndPAYgLgZJvYrYnNLD3//7cDTtvIN/
xym9Kzsabfpad3JQsmeRe8iRJktoOxvtxGucI6CeCuNVFtZKvhnotv0tsB3Voeu2
nfJtSpONW5vuzuoSMPU77Gsp5JBIOxsDt31L/61ye4I3hPK7d2NHdXdsWt8TC7c9
PnDfQzTcU9erbQ7OCvqTOiZtw1ycG/xlcdB4lAYAN0cKkf8ra/bYc0vghKngzEHz
saYraqLwuHdy8esybuHJRFGIE24G7GEjvh+rPo79nhXpWZOVfqVh3PXwJ0C+MLKS
E5o=
-----END CERTIFICATE-----