Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aHvieOvfdc9xfwgmL4xj5syWTO8.roa
File:                     aHvieOvfdc9xfwgmL4xj5syWTO8.roa (raw, json)
Hash identifier:          iopqFz7Git/F+ItFI+ZU8JxwJVmAF2OlbnXsLxmpkAM=
Subject key identifier:   68:7B:E2:78:EB:DF:75:CF:71:7F:08:26:2F:8C:63:E6:CC:96:4C:EF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186E6E7F86400330F673D1FF3F9DDE5A2F4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aHvieOvfdc9xfwgmL4xj5syWTO8.roa
Signing time:             Wed 15 Mar 2023 20:13:27 +0000
ROA not before:           Wed 15 Mar 2023 20:13:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e6:e7:f8:64:00:33:0f:67:3d:1f:f3:f9:dd:e5:a2:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 15 20:13:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=687be278ebdf75cf717f08262f8c63e6cc964cef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:26:78:71:b2:c2:b2:11:60:58:7a:86:12:35:
                    a3:f3:cc:f5:8e:63:0b:56:45:b6:0b:ce:da:ee:89:
                    e6:d7:22:32:c2:80:a0:9e:77:e1:7d:f6:6c:e1:3e:
                    14:12:46:00:28:b1:1e:99:bc:08:9a:32:92:72:36:
                    df:aa:28:fe:b1:48:12:5d:04:a4:65:00:e4:66:2a:
                    72:d8:92:c8:f1:c3:f6:a3:fc:41:1b:a8:50:2d:b7:
                    a7:d4:24:e4:6f:97:ec:85:93:c7:64:8e:e8:ad:b9:
                    a6:3d:28:14:fa:19:54:04:f4:98:38:1a:37:42:9f:
                    c0:69:7b:03:ff:4b:43:fe:0f:71:82:5b:13:ed:a8:
                    89:54:e6:11:c1:d1:bc:f8:8a:92:54:a6:b6:54:af:
                    03:45:54:d0:2b:ff:d1:ce:32:44:e1:18:c3:31:0a:
                    b5:d9:1e:f6:e0:7d:f3:36:6e:5a:a0:52:ff:4d:2c:
                    81:73:e0:51:1f:b1:c7:70:8e:d1:6e:7f:7d:19:20:
                    79:bd:7a:55:10:f7:02:c2:1e:c9:26:4d:45:d5:4b:
                    5d:ec:d4:24:9c:90:4a:be:92:f1:a6:87:07:36:9c:
                    47:61:51:fa:ca:da:b2:ab:80:95:85:97:2a:18:ca:
                    fd:75:dd:6d:0a:61:a2:0c:3e:58:f3:9c:09:bd:32:
                    0b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:7B:E2:78:EB:DF:75:CF:71:7F:08:26:2F:8C:63:E6:CC:96:4C:EF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aHvieOvfdc9xfwgmL4xj5syWTO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:1f:56:d8:35:5f:e7:b2:c1:5e:e0:a0:9d:47:ea:aa:89:86:
         ce:67:ac:5c:93:27:13:1b:91:f9:ac:62:6f:45:a2:03:bb:e6:
         c9:13:80:d0:1d:be:4e:fb:15:e9:f1:1e:1d:09:3c:de:e6:55:
         ca:97:7d:ea:f5:c6:bb:f8:39:8e:fe:f3:4e:8a:16:1a:f9:20:
         89:d3:e4:43:65:18:b1:cd:49:05:c2:a2:16:54:a7:b9:a6:2b:
         1c:b7:75:94:dc:1d:a5:c0:f2:60:30:39:fa:f0:dc:0a:a7:ee:
         b9:68:d1:b4:af:89:76:ab:25:7a:c7:61:c7:86:f4:10:b0:42:
         1e:84:fa:3d:2b:56:73:8f:8e:93:23:f4:d7:46:cf:ba:06:88:
         10:24:20:5b:4e:29:8a:3d:3e:f9:b0:06:52:63:d4:a0:66:6a:
         8f:09:bb:ca:91:55:3b:0b:dc:c8:26:da:8a:70:ee:e7:00:ac:
         89:31:c2:3a:be:c0:c8:15:a4:ea:a4:dd:76:3d:aa:68:6e:39:
         bc:06:1a:b9:63:29:07:d8:ae:82:12:7f:73:8b:40:eb:28:54:
         e9:86:84:63:76:12:12:7d:74:6f:73:9a:45:7f:7e:60:13:21:
         2d:34:a2:16:e8:87:a6:d0:31:73:e6:51:ca:a8:84:a1:32:6b:
         b5:f0:b1:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbm5/hkADMPZz0f8/nd5aL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE1MjAxMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODdiZTI3OGViZGY3NWNmNzE3ZjA4MjYyZjhjNjNlNmNjOTY0Y2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmiZ4cbLCshFgWHqGEjWj88z1jmML
VkW2C87a7onm1yIywoCgnnfhffZs4T4UEkYAKLEembwImjKScjbfqij+sUgSXQSk
ZQDkZipy2JLI8cP2o/xBG6hQLben1CTkb5fshZPHZI7orbmmPSgU+hlUBPSYOBo3
Qp/AaXsD/0tD/g9xglsT7aiJVOYRwdG8+IqSVKa2VK8DRVTQK//RzjJE4RjDMQq1
2R724H3zNm5aoFL/TSyBc+BRH7HHcI7Rbn99GSB5vXpVEPcCwh7JJk1F1Utd7NQk
nJBKvpLxpocHNpxHYVH6ytqyq4CVhZcqGMr9dd1tCmGiDD5Y85wJvTILSQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGh74njr33XPcX8IJi+MY+bMlkzvMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYUh2aWVPdmZkYzl4ZndnbUw0eGo1c3lXVE84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAI4fVtg1X+eywV7goJ1H
6qqJhs5nrFyTJxMbkfmsYm9FogO75skTgNAdvk77FenxHh0JPN7mVcqXfer1xrv4
OY7+806KFhr5IInT5ENlGLHNSQXCohZUp7mmKxy3dZTcHaXA8mAwOfrw3Aqn7rlo
0bSviXarJXrHYceG9BCwQh6E+j0rVnOPjpMj9NdGz7oGiBAkIFtOKYo9PvmwBlJj
1KBmao8Ju8qRVTsL3Mgm2opw7ucArIkxwjq+wMgVpOqk3XY9qmhuObwGGrljKQfY
roISf3OLQOsoVOmGhGN2EhJ9dG9zmkV/fmATIS00ohboh6bQMXPmUcqohKEya7Xw
sYU=
-----END CERTIFICATE-----