Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ZG7SzLQ4PI2bzx72XBtiK4X5GOs.roa
File:                     ZG7SzLQ4PI2bzx72XBtiK4X5GOs.roa (raw, json)
Hash identifier:          4SohADez0AcM56dxuQjJvIYGvzPaHMZzB+g6L+OXqbo=
Subject key identifier:   64:6E:D2:CC:B4:38:3C:8D:9B:CF:1E:F6:5C:1B:62:2B:85:F9:18:EB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188695826AA6567AAE6E56D4BB58F902686
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ZG7SzLQ4PI2bzx72XBtiK4X5GOs.roa
Signing time:             Mon 29 May 2023 21:09:24 +0000
ROA not before:           Mon 29 May 2023 21:09:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:69:58:26:aa:65:67:aa:e6:e5:6d:4b:b5:8f:90:26:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 29 21:09:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=646ed2ccb4383c8d9bcf1ef65c1b622b85f918eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:cb:96:a1:99:87:61:57:7f:30:18:a8:2e:b9:
                    05:1d:d0:ba:19:db:63:f2:f8:d6:52:6c:48:59:45:
                    b0:93:29:51:8a:13:02:0c:1d:d9:b8:3a:91:ae:6e:
                    25:6d:a1:e3:1c:30:37:11:f7:8d:7b:0d:37:ef:3b:
                    e3:f1:73:81:14:d5:68:5c:32:51:c4:4d:0f:d5:9b:
                    ae:8a:8d:a0:b6:3d:72:61:65:3f:07:9d:e8:41:39:
                    90:58:a2:de:dd:0b:14:e1:f0:d3:61:cb:ae:f5:88:
                    06:67:8e:a6:73:df:83:33:8b:b2:6a:06:3f:70:47:
                    6d:3a:19:4c:ed:f3:f5:85:b6:7d:e5:1f:5e:a2:0f:
                    e2:a1:08:29:f1:6a:12:a1:29:2c:78:59:be:70:f8:
                    2c:df:19:4b:b1:9d:f0:57:fe:84:a4:b9:95:e5:e3:
                    63:67:9a:f2:d2:51:7a:ed:c3:96:9e:6a:6b:34:11:
                    03:98:ba:ca:78:f0:42:53:1f:bd:25:33:cd:5a:dd:
                    2e:30:fe:a4:a1:cf:ab:b2:65:67:a8:17:af:95:f8:
                    8d:bb:26:39:bb:9c:52:8f:5d:01:b8:60:7b:44:65:
                    70:2d:45:0d:46:09:dc:92:36:7b:a0:25:c1:7f:0d:
                    b1:8c:f3:da:74:db:51:41:48:24:f2:2c:97:24:a7:
                    ba:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:6E:D2:CC:B4:38:3C:8D:9B:CF:1E:F6:5C:1B:62:2B:85:F9:18:EB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ZG7SzLQ4PI2bzx72XBtiK4X5GOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:8f:57:cb:da:d4:67:bb:39:37:6e:11:1d:9e:f9:77:19:54:
         e3:9d:e5:ba:e8:a0:b9:e3:72:9e:2b:40:ae:b9:46:a0:01:89:
         7b:c0:f0:35:82:5d:52:28:06:ad:6e:8e:40:5a:5d:bd:96:7a:
         dc:be:ef:e2:4d:a2:13:ac:64:68:85:bc:f5:51:82:5c:52:e2:
         2f:49:89:8b:1c:c5:7b:ac:c3:e0:23:f1:c7:37:3c:8c:68:35:
         57:8d:14:21:0f:17:c2:87:3a:cb:61:b9:7d:c9:7c:7c:99:a5:
         1d:88:11:6b:eb:21:05:d2:99:f8:cd:9e:ca:39:f9:72:0a:bf:
         a3:a9:26:1e:74:8d:5c:41:4b:4a:54:cc:9c:cc:74:60:2a:08:
         e5:44:4e:d4:d4:40:1a:57:e5:59:8b:e5:2e:8c:6f:8a:42:71:
         d0:37:85:da:9d:64:25:58:21:e4:80:c0:1f:77:bb:07:ab:c7:
         73:e2:80:32:8c:fd:2b:5a:86:1b:9f:d1:06:0a:5e:9a:73:6c:
         0d:2c:cb:59:c1:df:d6:74:ff:dd:04:d0:79:e6:4c:55:86:6d:
         fa:f2:10:66:40:07:b7:64:e8:b3:2f:88:85:65:1a:1d:ce:6b:
         86:8c:83:78:53:e1:40:53:19:28:7b:bf:7e:6d:b0:74:13:8a:
         d1:70:f6:89
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhpWCaqZWeq5uVtS7WPkCaGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI5MjEwOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDZlZDJjY2I0MzgzYzhkOWJjZjFlZjY1YzFiNjIyYjg1ZjkxOGViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsuWoZmHYVd/MBioLrkFHdC6Gdtj
8vjWUmxIWUWwkylRihMCDB3ZuDqRrm4lbaHjHDA3EfeNew037zvj8XOBFNVoXDJR
xE0P1Zuuio2gtj1yYWU/B53oQTmQWKLe3QsU4fDTYcuu9YgGZ46mc9+DM4uyagY/
cEdtOhlM7fP1hbZ95R9eog/ioQgp8WoSoSkseFm+cPgs3xlLsZ3wV/6EpLmV5eNj
Z5ry0lF67cOWnmprNBEDmLrKePBCUx+9JTPNWt0uMP6koc+rsmVnqBevlfiNuyY5
u5xSj10BuGB7RGVwLUUNRgnckjZ7oCXBfw2xjPPadNtRQUgk8iyXJKe6rQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGRu0sy0ODyNm88e9lwbYiuF+RjrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWkc3U3pMUTRQSTJieng3MlhCdGlLNFg1R09zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFqPV8va1Ge7OTduER2e
+XcZVOOd5brooLnjcp4rQK65RqABiXvA8DWCXVIoBq1ujkBaXb2Wety+7+JNohOs
ZGiFvPVRglxS4i9JiYscxXusw+Aj8cc3PIxoNVeNFCEPF8KHOsthuX3JfHyZpR2I
EWvrIQXSmfjNnso5+XIKv6OpJh50jVxBS0pUzJzMdGAqCOVETtTUQBpX5VmL5S6M
b4pCcdA3hdqdZCVYIeSAwB93uwerx3PigDKM/Stahhuf0QYKXppzbA0sy1nB39Z0
/90E0HnmTFWGbfryEGZAB7dk6LMviIVlGh3Oa4aMg3hT4UBTGSh7v35tsHQTitFw
9ok=
-----END CERTIFICATE-----