Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aAwM-F2mv1BO1z17GazJ_qO7iZo.roa
File:                     aAwM-F2mv1BO1z17GazJ_qO7iZo.roa (raw, json)
Hash identifier:          GIbv1PmDwil2bwZ1mymWa88mtmPC4EOzwu7y/KYUaYg=
Subject key identifier:   68:0C:0C:F8:5D:A6:BF:50:4E:D7:3D:7B:19:AC:C9:FE:A3:BB:89:9A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187D926FAE5F96367806E437A2E92657335
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aAwM-F2mv1BO1z17GazJ_qO7iZo.roa
Signing time:             Mon 01 May 2023 21:10:23 +0000
ROA not before:           Mon 01 May 2023 21:10:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d9:26:fa:e5:f9:63:67:80:6e:43:7a:2e:92:65:73:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  1 21:10:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=680c0cf85da6bf504ed73d7b19acc9fea3bb899a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:97:4d:8a:92:82:d9:13:ee:1f:32:eb:15:f2:
                    bf:ba:75:e3:bc:4f:f0:7c:f0:ea:31:50:6f:c6:2c:
                    44:6b:7f:db:3d:4d:95:d7:e1:0b:56:e6:f2:7d:20:
                    26:06:ea:c7:29:a0:34:23:9f:56:3e:b5:db:17:2b:
                    e5:68:a3:cb:98:80:bd:75:63:d3:60:9f:ae:a0:f6:
                    33:98:04:c8:3b:00:41:03:90:ed:1b:4a:aa:42:0e:
                    20:6f:da:23:bf:06:85:10:eb:14:57:14:81:ee:8b:
                    a2:4f:7e:aa:c3:a8:9f:46:c9:93:ee:c3:8f:96:a7:
                    c2:e1:56:40:1e:8c:42:f1:7c:bb:b7:2b:83:07:f7:
                    7b:5f:97:5f:ed:64:67:e0:3e:96:7b:91:fd:15:3e:
                    8b:11:43:ec:b9:b3:4e:e0:97:1f:83:77:ad:4f:b8:
                    d6:f0:41:af:bf:27:08:e2:76:d5:7d:71:65:db:bb:
                    79:d7:55:95:ea:5b:72:b5:1a:c0:67:d5:e5:a5:f7:
                    99:dd:73:20:46:64:b9:06:93:e4:69:45:5c:7f:51:
                    f0:f9:fa:d2:3b:98:c9:1e:d9:18:c1:d6:44:c2:e1:
                    27:7e:bb:5d:c3:6c:66:af:b6:6c:23:92:08:bd:6e:
                    b4:aa:6f:18:cb:38:6d:9c:79:50:41:91:d8:f2:19:
                    a8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:0C:0C:F8:5D:A6:BF:50:4E:D7:3D:7B:19:AC:C9:FE:A3:BB:89:9A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aAwM-F2mv1BO1z17GazJ_qO7iZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:9a:7a:cb:10:68:cd:f9:55:88:56:39:27:38:9e:69:28:4c:
         9c:99:3b:51:bf:9d:cc:eb:be:04:d0:6f:40:e9:49:25:53:c9:
         03:84:95:f6:b3:74:f5:cb:80:88:a4:8f:e7:b9:3b:db:4c:ec:
         a9:16:6d:21:66:37:5c:b5:b6:f4:05:c2:ac:85:ed:9b:63:e9:
         ad:ff:ba:ed:35:74:36:b9:f3:c2:4e:93:00:d0:ba:24:d3:72:
         37:b5:cb:e8:2d:63:11:90:81:b6:6e:ac:30:66:39:bd:c5:4b:
         f0:4e:2e:b6:aa:40:20:ef:bc:cd:2b:20:ad:dc:1a:bc:72:9f:
         24:d6:6f:96:c2:76:60:82:fa:c1:f7:ed:68:39:b5:78:e7:a8:
         39:64:f6:32:52:eb:39:31:8b:92:36:f7:6f:ff:23:c6:c5:f6:
         6b:d7:83:8f:f3:22:08:d4:c0:9c:38:63:32:c1:7d:6f:bb:6d:
         e9:42:c1:10:4d:49:70:83:56:5b:02:64:61:fd:59:a7:63:2c:
         dc:57:27:7c:0d:7e:b1:95:52:91:16:cd:82:e7:36:3f:8f:2f:
         05:e0:0c:24:a5:fe:05:6f:7a:36:e4:95:bc:e6:b5:3a:2c:e4:
         f6:51:17:b7:6a:eb:0a:d8:b5:53:af:f1:86:b1:7f:ea:83:14:
         72:cb:36:bd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfZJvrl+WNngG5Dei6SZXM1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAxMjExMDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODBjMGNmODVkYTZiZjUwNGVkNzNkN2IxOWFjYzlmZWEzYmI4OTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pdNipKC2RPuHzLrFfK/unXjvE/w
fPDqMVBvxixEa3/bPU2V1+ELVubyfSAmBurHKaA0I59WPrXbFyvlaKPLmIC9dWPT
YJ+uoPYzmATIOwBBA5DtG0qqQg4gb9ojvwaFEOsUVxSB7ouiT36qw6ifRsmT7sOP
lqfC4VZAHoxC8Xy7tyuDB/d7X5df7WRn4D6We5H9FT6LEUPsubNO4Jcfg3etT7jW
8EGvvycI4nbVfXFl27t511WV6ltytRrAZ9XlpfeZ3XMgRmS5BpPkaUVcf1Hw+frS
O5jJHtkYwdZEwuEnfrtdw2xmr7ZsI5IIvW60qm8YyzhtnHlQQZHY8hmo3wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGgMDPhdpr9QTtc9exmsyf6ju4maMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYUF3TS1GMm12MUJPMXoxN0dhekpfcU83aVpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFqaessQaM35VYhWOSc4
nmkoTJyZO1G/nczrvgTQb0DpSSVTyQOElfazdPXLgIikj+e5O9tM7KkWbSFmN1y1
tvQFwqyF7Ztj6a3/uu01dDa588JOkwDQuiTTcje1y+gtYxGQgbZurDBmOb3FS/BO
LraqQCDvvM0rIK3cGrxynyTWb5bCdmCC+sH37Wg5tXjnqDlk9jJS6zkxi5I292//
I8bF9mvXg4/zIgjUwJw4YzLBfW+7belCwRBNSXCDVlsCZGH9WadjLNxXJ3wNfrGV
UpEWzYLnNj+PLwXgDCSl/gVvejbklbzmtTos5PZRF7dq6wrYtVOv8Yaxf+qDFHLL
Nr0=
-----END CERTIFICATE-----