Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ZC77ryhR0OELTs3BHSx3aZnYDec.roa
File:                     ZC77ryhR0OELTs3BHSx3aZnYDec.roa (raw, json)
Hash identifier:          HqqWuY9heqNilbujui6XQpw9WrwYhU6p2oMKjQgpws8=
Subject key identifier:   64:2E:FB:AF:28:51:D0:E1:0B:4E:CD:C1:1D:2C:77:69:99:D8:0D:E7
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01894AA2363B41D3DABCFDBA1B66BD04BC88
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ZC77ryhR0OELTs3BHSx3aZnYDec.roa
Signing time:             Wed 12 Jul 2023 15:04:51 +0000
ROA not before:           Wed 12 Jul 2023 15:04:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:189:4aa1:c71c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4a:a2:36:3b:41:d3:da:bc:fd:ba:1b:66:bd:04:bc:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 12 15:04:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=642efbaf2851d0e10b4ecdc11d2c776999d80de7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:cb:6c:f6:68:04:ea:a7:d3:ed:54:2c:d3:0e:
                    55:f4:46:c0:24:61:80:e1:13:d9:c8:7b:01:3d:d6:
                    ef:75:24:9c:15:b0:98:ca:ca:77:fa:01:1d:65:e5:
                    cc:b7:15:c9:d0:6f:28:d6:87:d3:62:98:a3:e1:31:
                    b8:6e:b3:74:1c:b2:67:86:09:10:90:18:a1:a0:89:
                    72:31:54:fc:a2:92:fe:09:89:8a:5c:11:77:45:4d:
                    2d:30:3b:de:38:83:9e:b9:53:20:d4:a6:7c:3a:f9:
                    56:93:d3:7a:41:ef:39:63:f7:82:14:68:f5:b1:f9:
                    fb:93:84:68:20:85:9e:8c:8d:8c:72:e3:40:5d:5d:
                    86:1d:a5:69:81:a3:d0:3e:ef:58:39:54:e3:5a:a7:
                    2c:6c:a6:c0:ad:22:11:6e:5a:cd:58:cd:b0:6a:34:
                    59:32:2b:ff:a0:4b:39:06:83:3e:00:2b:1f:6f:ca:
                    8e:c3:fd:13:bc:3d:4e:aa:c4:a7:f2:ca:1b:45:b3:
                    77:ef:73:85:2f:38:8c:9b:2a:8d:03:9b:54:c9:d1:
                    1d:45:88:c4:46:a3:e1:0a:80:d5:4d:57:27:d0:a1:
                    07:eb:54:4a:62:1c:a7:4e:a6:af:87:c7:a3:65:b1:
                    c0:ab:6f:4f:ef:83:68:df:b4:a1:52:a9:80:e0:76:
                    21:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2E:FB:AF:28:51:D0:E1:0B:4E:CD:C1:1D:2C:77:69:99:D8:0D:E7
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ZC77ryhR0OELTs3BHSx3aZnYDec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:80:a2:07:83:67:d7:ac:a9:f9:76:50:0c:84:5f:76:f8:d7:
         e2:68:6b:bf:3b:f7:95:1d:3b:36:97:34:11:dd:bb:7a:d8:e5:
         8d:76:0d:ac:fd:ec:73:10:7b:f2:1b:55:a6:a3:e7:55:c4:96:
         93:dd:42:7f:81:96:11:80:4a:58:9a:56:83:4c:13:7f:83:cf:
         2c:34:a2:eb:b2:57:57:0d:20:91:dd:ce:ed:2f:c7:27:57:50:
         8e:51:a7:16:c2:1b:63:a0:f5:7c:94:c5:e1:50:65:6b:e0:41:
         45:b5:81:18:90:bf:b3:da:6d:2e:e3:20:00:e7:cc:49:80:70:
         c5:73:22:7a:3e:f6:b5:4d:3e:c7:b0:1c:b2:43:d2:8f:46:9e:
         bc:3e:68:a3:2d:d0:b0:c9:7b:5b:8b:ab:b1:83:a4:41:8f:58:
         38:bd:be:d8:a9:04:f3:4c:6c:00:38:a4:68:a1:e5:db:d4:86:
         a8:00:1d:11:42:d5:92:d0:da:9c:6c:a3:fb:1d:da:72:19:32:
         84:82:b8:9e:42:ac:8d:f0:ce:9e:97:06:ec:58:97:00:71:59:
         7d:27:6f:e5:83:37:57:47:75:af:fd:ed:e0:75:b8:5a:d9:e3:
         5b:f3:69:d5:4b:61:a7:fd:d0:5e:71:1b:b4:8d:a0:98:fa:b4:
         8c:bb:d0:d3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlKojY7QdPavP26G2a9BLyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEyMTUwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJlZmJhZjI4NTFkMGUxMGI0ZWNkYzExZDJjNzc2OTk5ZDgwZGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Mts9mgE6qfT7VQs0w5V9EbAJGGA
4RPZyHsBPdbvdSScFbCYysp3+gEdZeXMtxXJ0G8o1ofTYpij4TG4brN0HLJnhgkQ
kBihoIlyMVT8opL+CYmKXBF3RU0tMDveOIOeuVMg1KZ8OvlWk9N6Qe85Y/eCFGj1
sfn7k4RoIIWejI2McuNAXV2GHaVpgaPQPu9YOVTjWqcsbKbArSIRblrNWM2wajRZ
Miv/oEs5BoM+ACsfb8qOw/0TvD1OqsSn8sobRbN373OFLziMmyqNA5tUydEdRYjE
RqPhCoDVTVcn0KEH61RKYhynTqavh8ejZbHAq29P74No37ShUqmA4HYhPwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGQu+68oUdDhC07NwR0sd2mZ2A3nMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWkM3N3J5aFIwT0VMVHMzQkhTeDNhWm5ZRGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIuAogeDZ9esqfl2UAyE
X3b41+Joa78795UdOzaXNBHdu3rY5Y12Daz97HMQe/IbVaaj51XElpPdQn+BlhGA
SliaVoNME3+Dzyw0ouuyV1cNIJHdzu0vxydXUI5RpxbCG2Og9XyUxeFQZWvgQUW1
gRiQv7PabS7jIADnzEmAcMVzIno+9rVNPsewHLJD0o9Gnrw+aKMt0LDJe1uLq7GD
pEGPWDi9vtipBPNMbAA4pGih5dvUhqgAHRFC1ZLQ2pxso/sd2nIZMoSCuJ5CrI3w
zp6XBuxYlwBxWX0nb+WDN1dHda/97eB1uFrZ41vzadVLYaf90F5xG7SNoJj6tIy7
0NM=
-----END CERTIFICATE-----