Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cIcELtTH2g3ZnnlSmxBqMRMHLOA.roa
File:                     cIcELtTH2g3ZnnlSmxBqMRMHLOA.roa (raw, json)
Hash identifier:          RTRmHtsHM7jOmr8QpG6PBbwgw6dMcOHUZbDkJ7oRcls=
Subject key identifier:   70:87:04:2E:D4:C7:DA:0D:D9:9E:79:52:9B:10:6A:31:13:07:2C:E0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018876DE7BC461911655F9D3FA3C70B2978C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cIcELtTH2g3ZnnlSmxBqMRMHLOA.roa
Signing time:             Thu 01 Jun 2023 12:11:12 +0000
ROA not before:           Thu 01 Jun 2023 12:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:76:de:7b:c4:61:91:16:55:f9:d3:fa:3c:70:b2:97:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  1 12:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7087042ed4c7da0dd99e79529b106a3113072ce0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:c2:5f:92:33:8e:5f:60:28:c7:47:61:10:7b:
                    6f:58:60:03:06:96:3b:74:c2:91:0f:07:0d:2c:b8:
                    d0:16:4c:32:ee:85:81:46:23:c8:97:12:ea:fa:9e:
                    aa:ee:09:55:de:a2:2b:bc:06:df:65:d4:b1:3f:64:
                    21:d5:0c:99:63:6b:11:cc:2c:2a:e5:d5:72:63:af:
                    84:63:6b:03:e9:9a:4d:41:43:c0:fd:0a:1c:db:cd:
                    16:66:4c:97:d3:71:e8:fe:ff:65:04:38:d7:3a:34:
                    c3:54:12:d2:ff:2c:70:d4:e9:98:36:b5:fc:cc:5a:
                    41:98:2c:53:dc:26:c4:2f:3b:5c:74:3d:9a:05:9b:
                    61:b6:b5:d6:f3:04:49:6f:b9:de:08:dc:5a:b1:ae:
                    d4:2d:0c:b8:a6:3f:36:7c:65:da:2f:4f:f6:73:a9:
                    20:a1:13:f7:b1:0c:38:c2:41:da:d1:26:25:4e:cf:
                    ad:06:fb:e1:cf:8c:12:38:80:da:68:fb:b0:57:fe:
                    08:f1:d0:8f:4c:db:1e:aa:2d:25:96:b2:3d:15:72:
                    74:72:27:db:fc:25:7c:0a:dd:1b:09:91:65:f9:07:
                    cb:37:50:01:87:87:5b:1b:b8:2b:2a:dd:6f:31:e6:
                    55:5d:c7:52:c4:1d:08:3a:08:b4:56:58:e7:65:5c:
                    43:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:87:04:2E:D4:C7:DA:0D:D9:9E:79:52:9B:10:6A:31:13:07:2C:E0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cIcELtTH2g3ZnnlSmxBqMRMHLOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:03:2d:68:02:58:ce:80:9d:9b:f5:69:f2:fb:e2:77:02:a0:
         e3:45:7d:92:60:63:94:1c:8a:84:87:af:f0:e2:80:c1:8f:21:
         31:7b:a7:8c:96:e9:59:85:00:7a:65:26:74:5d:a6:d2:f3:8f:
         41:37:b9:2d:3b:65:bd:17:f4:6e:fc:74:1c:b5:71:15:38:17:
         f5:58:eb:03:3f:b5:71:19:a3:35:cc:24:9b:4d:94:70:c1:69:
         89:70:0d:b5:3f:3e:62:a3:db:72:92:37:8a:4b:9b:98:c0:12:
         7d:b6:b8:bc:20:b8:34:8a:fa:c0:96:31:98:9d:e9:84:ba:d6:
         bf:22:e8:a6:b6:9d:d4:14:b6:b3:ee:54:20:61:8e:26:c9:68:
         b1:d6:83:08:ba:6f:9f:d8:41:0a:1a:15:d9:76:0d:c3:09:8c:
         11:41:a7:89:17:0a:4b:b9:08:00:14:95:ef:ca:0d:f4:21:a7:
         9f:6e:72:6d:37:a5:a7:0a:5e:c0:01:84:42:66:12:03:9c:dd:
         8e:1b:a7:73:da:86:c3:bf:7b:f9:af:fe:45:4f:c4:8c:c4:29:
         6e:32:0e:4c:6e:d0:9b:30:64:c6:f8:6f:51:c9:db:f5:4c:88:
         09:13:b1:78:20:7c:64:fa:11:8a:33:de:76:e6:19:0f:34:89:
         4f:85:09:d7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYh23nvEYZEWVfnT+jxwspeMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAxMTIxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDg3MDQyZWQ0YzdkYTBkZDk5ZTc5NTI5YjEwNmEzMTEzMDcyY2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cJfkjOOX2Aox0dhEHtvWGADBpY7
dMKRDwcNLLjQFkwy7oWBRiPIlxLq+p6q7glV3qIrvAbfZdSxP2Qh1QyZY2sRzCwq
5dVyY6+EY2sD6ZpNQUPA/Qoc280WZkyX03Ho/v9lBDjXOjTDVBLS/yxw1OmYNrX8
zFpBmCxT3CbELztcdD2aBZthtrXW8wRJb7neCNxasa7ULQy4pj82fGXaL0/2c6kg
oRP3sQw4wkHa0SYlTs+tBvvhz4wSOIDaaPuwV/4I8dCPTNseqi0llrI9FXJ0cifb
/CV8Ct0bCZFl+QfLN1ABh4dbG7grKt1vMeZVXcdSxB0IOgi0VljnZVxDewIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHCHBC7Ux9oN2Z55UpsQajETByzgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY0ljRUx0VEgyZzNabm5sU214QnFNUk1ITE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAkDLWgCWM6AnZv1afL7
4ncCoONFfZJgY5QcioSHr/DigMGPITF7p4yW6VmFAHplJnRdptLzj0E3uS07Zb0X
9G78dBy1cRU4F/VY6wM/tXEZozXMJJtNlHDBaYlwDbU/PmKj23KSN4pLm5jAEn22
uLwguDSK+sCWMZid6YS61r8i6Ka2ndQUtrPuVCBhjibJaLHWgwi6b5/YQQoaFdl2
DcMJjBFBp4kXCku5CAAUle/KDfQhp59ucm03pacKXsABhEJmEgOc3Y4bp3PahsO/
e/mv/kVPxIzEKW4yDkxu0JswZMb4b1HJ2/VMiAkTsXggfGT6EYoz3nbmGQ80iU+F
Cdc=
-----END CERTIFICATE-----