Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aqUokKrT4jkakz5Y-qh2T5KxM6U.roa
File:                     aqUokKrT4jkakz5Y-qh2T5KxM6U.roa (raw, json)
Hash identifier:          UY8hgwfUTGpAsYMpdsFFNNRjNlCugoLP7gYsA39oID8=
Subject key identifier:   6A:A5:28:90:AA:D3:E2:39:1A:93:3E:58:FA:A8:76:4F:92:B1:33:A5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187FD6B2296CB80E599C764C1C5194B1BEB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aqUokKrT4jkakz5Y-qh2T5KxM6U.roa
Signing time:             Mon 08 May 2023 22:11:09 +0000
ROA not before:           Mon 08 May 2023 22:11:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:fd:6b:22:96:cb:80:e5:99:c7:64:c1:c5:19:4b:1b:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  8 22:11:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6aa52890aad3e2391a933e58faa8764f92b133a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:bf:e8:5b:9d:2b:e8:b0:04:2b:d8:0d:45:23:
                    5f:76:62:e0:aa:6b:69:a1:7c:8d:47:ab:6e:2a:70:
                    df:74:55:d3:e6:b9:aa:17:42:66:0f:94:80:5e:4c:
                    26:51:24:fc:24:7f:fb:dd:1c:d1:53:8f:02:c1:52:
                    e7:46:dd:2b:9a:10:82:27:bf:dd:92:06:6a:89:58:
                    8b:e2:2b:c8:f5:0e:f5:78:ca:3d:f4:17:d8:ed:ac:
                    fe:cc:97:f4:6f:1a:9c:40:56:94:18:08:36:c9:88:
                    15:d5:b5:a7:d0:49:b2:0b:6e:41:93:70:d2:ca:e0:
                    c3:aa:de:f4:69:1a:24:3b:88:9e:47:37:0c:c1:3b:
                    a9:34:8e:de:4f:f2:db:7a:aa:c2:81:bc:90:47:23:
                    9c:8d:e3:4e:7d:8a:8a:3a:ad:f7:e2:20:07:c6:4d:
                    b5:1e:81:1d:92:95:ab:83:ba:9c:1d:f8:c8:36:a7:
                    d3:e8:e1:7d:18:dd:72:bf:ac:bb:60:4b:b2:95:a4:
                    99:5c:f6:15:a7:4b:60:d0:0d:20:ea:6d:e2:33:48:
                    9e:b1:34:4e:14:39:6b:ca:f9:1e:9f:66:97:9d:3e:
                    5f:3d:29:f0:c3:37:49:75:43:ab:ed:aa:03:05:ec:
                    1b:68:fb:cf:8d:70:3e:0d:e2:52:6a:df:75:c5:90:
                    2a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A5:28:90:AA:D3:E2:39:1A:93:3E:58:FA:A8:76:4F:92:B1:33:A5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/aqUokKrT4jkakz5Y-qh2T5KxM6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:c9:4f:9b:07:2a:13:31:c8:37:55:4b:3b:51:f7:ef:4c:78:
         3e:be:0e:8e:04:25:e3:c6:c9:5e:7c:29:39:e6:78:45:f5:95:
         b9:32:8e:a8:9e:5e:5f:a8:2d:18:05:e1:43:78:32:4d:fa:77:
         63:75:d0:5d:19:9f:03:3e:d9:d7:cf:bf:c9:1c:db:a5:20:38:
         db:91:31:19:46:5c:90:33:ff:2c:aa:37:a0:35:ea:e9:23:e4:
         45:ec:18:7f:8c:73:b0:33:6e:2d:aa:f3:e0:4f:fa:13:ff:a8:
         41:d5:18:e4:2f:42:0a:4e:67:a9:d4:16:3a:a0:10:57:68:28:
         c1:c6:0e:d2:1d:3b:4c:78:89:7f:bc:bf:8c:11:c5:8e:c6:c4:
         30:57:20:a0:0d:6f:43:fc:91:14:f4:20:3e:67:6c:73:bc:53:
         ec:39:fe:25:95:d0:c1:d5:de:58:54:57:21:93:90:e0:b7:80:
         7e:65:0c:07:87:0a:53:ca:bb:ba:55:a5:74:f9:b8:4f:52:a3:
         ab:ed:bf:20:94:26:b4:58:3b:52:96:c0:bc:e2:73:85:f2:65:
         b6:5e:81:20:83:75:70:09:8c:dd:4b:77:d2:34:d2:b2:d9:db:
         9d:4a:64:e4:17:5a:0e:e5:9d:2a:c2:86:89:4d:71:e3:df:d6:
         8f:66:9c:22
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf9ayKWy4DlmcdkwcUZSxvrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA4MjIxMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWE1Mjg5MGFhZDNlMjM5MWE5MzNlNThmYWE4NzY0ZjkyYjEzM2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApb/oW50r6LAEK9gNRSNfdmLgqmtp
oXyNR6tuKnDfdFXT5rmqF0JmD5SAXkwmUST8JH/73RzRU48CwVLnRt0rmhCCJ7/d
kgZqiViL4ivI9Q71eMo99BfY7az+zJf0bxqcQFaUGAg2yYgV1bWn0EmyC25Bk3DS
yuDDqt70aRokO4ieRzcMwTupNI7eT/LbeqrCgbyQRyOcjeNOfYqKOq334iAHxk21
HoEdkpWrg7qcHfjINqfT6OF9GN1yv6y7YEuylaSZXPYVp0tg0A0g6m3iM0iesTRO
FDlryvken2aXnT5fPSnwwzdJdUOr7aoDBewbaPvPjXA+DeJSat91xZAq/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGqlKJCq0+I5GpM+WPqodk+SsTOlMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYXFVb2tLclQ0amtha3o1WS1xaDJUNUt4TTZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKbJT5sHKhMxyDdVSztR
9+9MeD6+Do4EJePGyV58KTnmeEX1lbkyjqieXl+oLRgF4UN4Mk36d2N10F0ZnwM+
2dfPv8kc26UgONuRMRlGXJAz/yyqN6A16ukj5EXsGH+Mc7Azbi2q8+BP+hP/qEHV
GOQvQgpOZ6nUFjqgEFdoKMHGDtIdO0x4iX+8v4wRxY7GxDBXIKANb0P8kRT0ID5n
bHO8U+w5/iWV0MHV3lhUVyGTkOC3gH5lDAeHClPKu7pVpXT5uE9So6vtvyCUJrRY
O1KWwLzic4XyZbZegSCDdXAJjN1Ld9I00rLZ251KZOQXWg7lnSrCholNcePf1o9m
nCI=
-----END CERTIFICATE-----