Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bOoGTD6Hh9wyyfM6fTucUfFajFw.roa
File:                     bOoGTD6Hh9wyyfM6fTucUfFajFw.roa (raw, json)
Hash identifier:          X8w3qsr0YfIZJ69SMXUNsnH5noyfvhpGsGY1x4sGvtI=
Subject key identifier:   6C:EA:06:4C:3E:87:87:DC:32:C9:F3:3A:7D:3B:9C:51:F1:5A:8C:5C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888C1AE29595FF079C9D6024DECEE17A2C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bOoGTD6Hh9wyyfM6fTucUfFajFw.roa
Signing time:             Mon 05 Jun 2023 15:09:12 +0000
ROA not before:           Mon 05 Jun 2023 15:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8c:1a:e2:95:95:ff:07:9c:9d:60:24:de:ce:e1:7a:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  5 15:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6cea064c3e8787dc32c9f33a7d3b9c51f15a8c5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d6:26:6b:fa:8e:57:78:b8:6b:22:ce:f7:a3:
                    87:bd:31:e2:fa:97:3d:e6:03:85:6c:bf:16:73:5b:
                    6e:f5:03:f5:0d:f7:54:93:02:3c:34:cc:33:3d:9d:
                    c9:ce:d6:b6:97:24:09:fd:ab:ff:e5:91:06:40:d6:
                    1b:9a:f4:ab:9c:f6:1a:ce:4e:be:1e:7e:50:38:c9:
                    a2:70:d4:54:a0:ce:99:0e:f5:42:41:90:01:d8:f9:
                    0d:35:d3:b2:55:21:38:05:ad:ee:3a:cf:f3:a0:45:
                    59:15:c1:2a:39:d0:e3:a4:05:c7:27:a4:19:5e:8b:
                    fb:6c:43:c9:a4:eb:10:63:6f:59:c3:ca:a5:47:e9:
                    e4:27:c8:d3:30:2c:fa:e4:b3:22:6c:6e:79:67:a6:
                    78:96:7b:6f:52:bb:59:87:ae:d4:c6:b7:e0:cf:1d:
                    14:46:bd:3a:d3:77:b1:e9:5e:2f:f2:66:a2:62:53:
                    ad:95:a4:c0:1b:8c:d4:ce:97:ab:f1:be:24:89:e0:
                    92:96:38:dc:42:83:25:b0:a6:8e:87:09:6f:66:b9:
                    48:5a:be:85:09:fb:ba:a4:13:71:03:8f:9d:63:10:
                    01:92:54:f2:37:f3:97:1e:e9:19:dd:5b:aa:51:ea:
                    a3:2d:ef:48:14:2b:43:80:ef:65:f9:31:57:6b:06:
                    e9:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:EA:06:4C:3E:87:87:DC:32:C9:F3:3A:7D:3B:9C:51:F1:5A:8C:5C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bOoGTD6Hh9wyyfM6fTucUfFajFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:6d:67:af:f5:bb:0a:b7:61:60:5b:81:d6:37:a2:66:1e:39:
         dc:ce:98:95:6f:ce:4d:d3:13:29:94:eb:d8:45:7f:12:55:5d:
         e3:c3:7a:9c:76:9c:5e:0c:e4:47:90:76:5d:d1:a5:ed:53:10:
         65:7d:0f:c5:fe:3d:8e:aa:36:39:38:c6:21:58:7c:ee:11:7d:
         aa:1f:86:1a:8e:96:3e:af:30:8b:58:bf:90:9c:2f:ab:21:0f:
         f3:9f:e7:0b:d5:e8:de:03:29:0c:c0:a9:36:15:50:73:5f:54:
         37:ad:42:e5:bf:9e:3d:58:56:e7:d3:b4:d8:d7:4c:f4:32:46:
         e5:9a:a8:e4:94:8f:0e:58:32:74:aa:8e:19:16:4e:fc:66:cc:
         77:4f:bd:e5:14:19:2d:da:4c:15:6a:9b:f2:02:e0:66:42:b8:
         29:c2:f9:2d:45:d0:a3:44:ec:e3:09:7d:70:22:3b:34:16:99:
         fc:04:df:93:4c:be:c2:7a:92:82:f1:a2:fe:fa:1b:5b:6a:02:
         04:3c:cc:8d:c4:6a:6d:22:3f:8f:96:17:35:cf:e3:bf:e9:f9:
         e8:ad:21:f0:32:b5:7a:c4:2f:41:52:ae:57:fe:39:15:6a:51:
         cc:5a:5a:71:77:b4:cb:62:84:e2:8e:8e:96:fd:37:82:40:7a:
         0c:b2:f4:78
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiMGuKVlf8HnJ1gJN7O4XosMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA1MTUwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2VhMDY0YzNlODc4N2RjMzJjOWYzM2E3ZDNiOWM1MWYxNWE4YzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidYma/qOV3i4ayLO96OHvTHi+pc9
5gOFbL8Wc1tu9QP1DfdUkwI8NMwzPZ3Jzta2lyQJ/av/5ZEGQNYbmvSrnPYazk6+
Hn5QOMmicNRUoM6ZDvVCQZAB2PkNNdOyVSE4Ba3uOs/zoEVZFcEqOdDjpAXHJ6QZ
Xov7bEPJpOsQY29Zw8qlR+nkJ8jTMCz65LMibG55Z6Z4lntvUrtZh67Uxrfgzx0U
Rr0603ex6V4v8maiYlOtlaTAG4zUzper8b4kieCSljjcQoMlsKaOhwlvZrlIWr6F
Cfu6pBNxA4+dYxABklTyN/OXHukZ3VuqUeqjLe9IFCtDgO9l+TFXawbp7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGzqBkw+h4fcMsnzOn07nFHxWoxcMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYk9vR1RENkhoOXd5eWZNNmZUdWNVZkZhakZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJBtZ6/1uwq3YWBbgdY3
omYeOdzOmJVvzk3TEymU69hFfxJVXePDepx2nF4M5EeQdl3Rpe1TEGV9D8X+PY6q
Njk4xiFYfO4RfaofhhqOlj6vMItYv5CcL6shD/Of5wvV6N4DKQzAqTYVUHNfVDet
QuW/nj1YVufTtNjXTPQyRuWaqOSUjw5YMnSqjhkWTvxmzHdPveUUGS3aTBVqm/IC
4GZCuCnC+S1F0KNE7OMJfXAiOzQWmfwE35NMvsJ6koLxov76G1tqAgQ8zI3Eam0i
P4+WFzXP47/p+eitIfAytXrEL0FSrlf+ORVqUcxaWnF3tMtihOKOjpb9N4JAegyy
9Hg=
-----END CERTIFICATE-----