Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Yd1nwZGKT8FQ_0HTeftnByVjfJ8.roa
File:                     Yd1nwZGKT8FQ_0HTeftnByVjfJ8.roa (raw, json)
Hash identifier:          RoMYPIecA4jUgrSbsErcRyiCf32AGPw5Cs+QITNiv5I=
Subject key identifier:   61:DD:67:C1:91:8A:4F:C1:50:FF:41:D3:79:FB:67:07:25:63:7C:9F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018759E8CF5F7E720D8035A8FCFE7104D070
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Yd1nwZGKT8FQ_0HTeftnByVjfJ8.roa
Signing time:             Fri 07 Apr 2023 04:10:42 +0000
ROA not before:           Fri 07 Apr 2023 04:10:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:59:e8:cf:5f:7e:72:0d:80:35:a8:fc:fe:71:04:d0:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  7 04:10:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=61dd67c1918a4fc150ff41d379fb670725637c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:14:32:37:45:1b:3d:ec:fd:70:31:b6:7d:e0:
                    52:01:3b:af:b3:1e:e7:67:0e:a5:50:27:c7:d2:51:
                    67:17:ed:4c:3f:f5:03:9b:79:36:f3:ce:bb:74:54:
                    cc:89:24:ee:c7:a5:56:e0:e0:34:69:f6:72:3a:4c:
                    41:ae:f7:02:c3:11:33:56:74:41:4a:ee:b6:41:2e:
                    39:14:4e:40:b7:0b:8d:d0:cb:50:62:44:63:ae:4e:
                    8f:cd:89:0e:b8:ce:33:ca:8b:31:e8:56:b4:bd:54:
                    da:68:07:87:1a:90:39:69:94:a3:60:dc:9a:29:31:
                    b2:56:9f:71:fa:8c:18:38:5b:1f:16:28:bd:f5:ae:
                    aa:61:1c:7c:e2:11:3f:45:07:c6:b8:a8:05:c0:d8:
                    0a:b3:c8:4b:00:8e:bd:ce:67:81:05:7f:f0:cb:8c:
                    98:75:91:a9:9f:df:6d:0a:bf:48:6f:7c:68:16:9e:
                    ad:78:97:03:89:96:f4:48:71:34:7f:ee:75:fd:a3:
                    a8:4c:91:f8:67:7b:e1:a7:a3:32:cd:13:37:64:0c:
                    32:34:c1:13:cf:ef:3a:c5:81:ac:6e:0a:15:5d:be:
                    4b:73:3a:1a:22:1f:96:29:21:f6:af:7d:56:5f:4a:
                    7d:25:e4:f2:d3:79:ac:be:6d:0c:7e:ea:c4:2b:45:
                    26:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:DD:67:C1:91:8A:4F:C1:50:FF:41:D3:79:FB:67:07:25:63:7C:9F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Yd1nwZGKT8FQ_0HTeftnByVjfJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:1c:05:14:2a:b1:47:e1:18:00:91:af:56:ce:2a:b6:a4:3c:
         f9:0e:c0:38:15:fa:a0:cb:06:00:4d:1e:0d:2f:7a:c6:e3:2b:
         f8:cb:0a:a2:50:24:8c:42:a5:53:0c:16:3e:e4:13:ec:20:03:
         71:08:23:a7:2a:6a:94:52:08:c6:85:89:87:75:a1:64:d4:df:
         d2:7d:33:df:ef:10:2f:a6:c1:27:b1:ad:15:2b:f3:1e:9e:30:
         61:5f:e8:d6:9e:a0:51:3f:69:17:50:df:c6:94:ab:e2:de:ea:
         37:5f:5e:7d:26:d5:d5:c6:4b:73:66:70:eb:e4:b4:26:54:ea:
         de:46:db:95:13:dd:bf:c1:d3:8b:36:d9:1f:55:e4:b5:11:42:
         bc:91:b1:97:69:84:a4:16:25:fd:e9:6a:98:1b:05:cd:9c:a6:
         08:b4:8d:1a:68:9e:c4:eb:1f:8a:84:9c:4d:5d:53:13:c2:7a:
         98:85:f3:ee:92:f8:bb:df:84:f9:78:fa:4e:1d:e4:18:b8:9a:
         e0:ad:a9:54:b4:03:72:6d:1c:f5:6d:d9:64:a0:b1:1d:84:c4:
         f5:2b:20:59:00:fb:c5:b4:67:ee:f3:f0:3f:7c:6d:02:fd:22:
         8c:2a:3b:5e:0c:24:57:86:3b:a2:dc:7a:89:dd:82:8f:61:5f:
         72:c9:92:ac
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdZ6M9ffnINgDWo/P5xBNBwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA3MDQxMDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWRkNjdjMTkxOGE0ZmMxNTBmZjQxZDM3OWZiNjcwNzI1NjM3YzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhQyN0UbPez9cDG2feBSATuvsx7n
Zw6lUCfH0lFnF+1MP/UDm3k28867dFTMiSTux6VW4OA0afZyOkxBrvcCwxEzVnRB
Su62QS45FE5AtwuN0MtQYkRjrk6PzYkOuM4zyosx6Fa0vVTaaAeHGpA5aZSjYNya
KTGyVp9x+owYOFsfFii99a6qYRx84hE/RQfGuKgFwNgKs8hLAI69zmeBBX/wy4yY
dZGpn99tCr9Ib3xoFp6teJcDiZb0SHE0f+51/aOoTJH4Z3vhp6MyzRM3ZAwyNMET
z+86xYGsbgoVXb5LczoaIh+WKSH2r31WX0p9JeTy03msvm0MfurEK0UmfQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGHdZ8GRik/BUP9B03n7ZwclY3yfMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWWQxbndaR0tUOEZRXzBIVGVmdG5CeVZqZko4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAAcBRQqsUfhGACRr1bO
KrakPPkOwDgV+qDLBgBNHg0vesbjK/jLCqJQJIxCpVMMFj7kE+wgA3EII6cqapRS
CMaFiYd1oWTU39J9M9/vEC+mwSexrRUr8x6eMGFf6NaeoFE/aRdQ38aUq+Le6jdf
Xn0m1dXGS3NmcOvktCZU6t5G25UT3b/B04s22R9V5LURQryRsZdphKQWJf3papgb
Bc2cpgi0jRponsTrH4qEnE1dUxPCepiF8+6S+LvfhPl4+k4d5Bi4muCtqVS0A3Jt
HPVt2WSgsR2ExPUrIFkA+8W0Z+7z8D98bQL9IowqO14MJFeGO6Lceondgo9hX3LJ
kqw=
-----END CERTIFICATE-----