Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dO7fyRJFAyJ3vuSA8I2qZ9G5dgc.roa
File:                     dO7fyRJFAyJ3vuSA8I2qZ9G5dgc.roa (raw, json)
Hash identifier:          rFzfi9bk5bts+TpLi8vfAI75/bGOhU3XmPodPuFvQSc=
Subject key identifier:   74:EE:DF:C9:12:45:03:22:77:BE:E4:80:F0:8D:AA:67:D1:B9:76:07
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188DD39EB2432C0F770A09ECC9D90F0155D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dO7fyRJFAyJ3vuSA8I2qZ9G5dgc.roa
Signing time:             Wed 21 Jun 2023 09:12:20 +0000
ROA not before:           Wed 21 Jun 2023 09:12:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:dd:39:eb:24:32:c0:f7:70:a0:9e:cc:9d:90:f0:15:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun 21 09:12:20 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=74eedfc91245032277bee480f08daa67d1b97607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:7f:71:04:53:ca:f8:4b:56:d5:b3:8c:09:cf:
                    6d:4c:8a:e1:f8:d2:12:f2:f8:d0:e3:4f:18:a6:4b:
                    98:48:26:da:b5:0d:69:9e:cd:fd:d6:98:98:3e:a2:
                    46:c4:b4:46:ca:74:56:04:03:e2:9d:32:e8:23:43:
                    d5:74:69:63:c0:7a:0c:25:26:6f:cf:5a:86:f3:16:
                    14:95:b5:7d:82:99:8f:33:5d:09:9d:75:52:ec:b7:
                    9d:6e:74:9a:33:fa:8e:27:25:aa:a2:38:91:1f:37:
                    13:52:c5:a1:5d:ea:11:89:96:c3:1b:25:68:13:c4:
                    e5:b1:aa:76:e7:8c:4f:43:e9:5e:7e:21:5f:e9:d9:
                    0a:d3:e0:b5:91:bc:21:db:68:6b:7a:d9:c2:a9:1f:
                    06:aa:60:83:be:dd:b3:c1:3c:7b:3c:b6:27:1d:1b:
                    b4:00:75:8e:09:24:69:e2:7a:97:78:f2:66:26:b4:
                    3c:ac:bc:5d:df:71:ea:8f:cf:38:4f:f9:30:0d:0d:
                    41:df:ec:2c:f1:c7:49:8b:86:3a:14:bf:c2:c3:41:
                    69:ea:69:94:10:93:d0:d7:32:c9:a3:d6:5b:39:03:
                    61:a0:18:ad:23:03:23:4a:48:38:61:8f:bb:f1:03:
                    4e:ed:34:ae:fd:e2:84:3b:de:f7:7f:be:22:4a:5b:
                    ee:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:EE:DF:C9:12:45:03:22:77:BE:E4:80:F0:8D:AA:67:D1:B9:76:07
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dO7fyRJFAyJ3vuSA8I2qZ9G5dgc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:00:d1:7a:b8:9f:d2:8e:1c:cc:6c:cc:df:44:9d:35:80:68:
         4f:e0:26:03:c0:e3:d1:e9:38:f6:2a:53:91:f4:fc:f2:45:15:
         60:8f:2e:92:99:59:10:55:22:e1:2d:06:8e:98:7c:5f:6f:65:
         c4:5d:4b:55:a4:34:65:9a:7a:56:dc:f1:ea:07:8d:97:8e:cf:
         4e:39:b3:67:16:b4:60:36:c3:85:71:66:ce:b3:f0:b3:33:a6:
         f9:93:3c:28:1c:64:a9:79:21:82:aa:11:10:df:03:e3:6d:cc:
         f0:55:9d:39:c2:3b:9e:b7:2f:f5:58:5b:4b:66:f4:d5:7a:83:
         17:4c:ab:dd:fd:03:3b:e2:19:a8:3a:05:42:08:71:96:d6:15:
         79:f2:62:f7:2a:09:78:8f:ba:ca:85:b9:6f:ff:2f:ee:e4:e6:
         9c:64:29:9b:d2:f7:32:ef:9e:74:a6:b5:29:13:a6:7b:e2:d5:
         53:bd:7c:68:93:68:f1:9c:da:b6:81:c9:ce:83:a2:f3:a6:c4:
         b9:dd:22:da:4b:97:b8:1c:bb:c6:d1:4c:20:a3:b1:35:28:bd:
         63:59:ee:4a:a7:d7:1f:24:72:55:48:76:ae:73:01:0f:34:ca:
         02:c5:8d:df:2c:1c:85:f7:75:72:da:07:ba:67:f2:fb:5a:65:
         ed:68:7c:f3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYjdOeskMsD3cKCezJ2Q8BVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjIxMDkxMjIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVlZGZjOTEyNDUwMzIyNzdiZWU0ODBmMDhkYWE2N2QxYjk3NjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlX9xBFPK+EtW1bOMCc9tTIrh+NIS
8vjQ408YpkuYSCbatQ1pns391piYPqJGxLRGynRWBAPinTLoI0PVdGljwHoMJSZv
z1qG8xYUlbV9gpmPM10JnXVS7LedbnSaM/qOJyWqojiRHzcTUsWhXeoRiZbDGyVo
E8Tlsap254xPQ+lefiFf6dkK0+C1kbwh22hretnCqR8GqmCDvt2zwTx7PLYnHRu0
AHWOCSRp4nqXePJmJrQ8rLxd33Hqj884T/kwDQ1B3+ws8cdJi4Y6FL/Cw0Fp6mmU
EJPQ1zLJo9ZbOQNhoBitIwMjSkg4YY+78QNO7TSu/eKEO973f74iSlvuLQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHTu38kSRQMid77kgPCNqmfRuXYHMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZE83ZnlSSkZBeUozdnVTQThJMnFaOUc1ZGdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAcA0Xq4n9KOHMxszN9E
nTWAaE/gJgPA49HpOPYqU5H0/PJFFWCPLpKZWRBVIuEtBo6YfF9vZcRdS1WkNGWa
elbc8eoHjZeOz045s2cWtGA2w4VxZs6z8LMzpvmTPCgcZKl5IYKqERDfA+NtzPBV
nTnCO563L/VYW0tm9NV6gxdMq939AzviGag6BUIIcZbWFXnyYvcqCXiPusqFuW//
L+7k5pxkKZvS9zLvnnSmtSkTpnvi1VO9fGiTaPGc2raByc6DovOmxLndItpLl7gc
u8bRTCCjsTUovWNZ7kqn1x8kclVIdq5zAQ80ygLFjd8sHIX3dXLaB7pn8vtaZe1o
fPM=
-----END CERTIFICATE-----