Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dknigI9pPyhegG_S2UCyRFATeXI.roa
File:                     dknigI9pPyhegG_S2UCyRFATeXI.roa (raw, json)
Hash identifier:          Qbt4gIB5gkKzwRTgV+kRmxSD/4Va+24t6a7EDuiM+vY=
Subject key identifier:   76:49:E2:80:8F:69:3F:28:5E:80:6F:D2:D9:40:B2:44:50:13:79:72
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018838A39573837C4D87860DC31FC0BC9F39
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dknigI9pPyhegG_S2UCyRFATeXI.roa
Signing time:             Sat 20 May 2023 10:10:24 +0000
ROA not before:           Sat 20 May 2023 10:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:38:a3:95:73:83:7c:4d:87:86:0d:c3:1f:c0:bc:9f:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 20 10:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7649e2808f693f285e806fd2d940b24450137972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:28:94:36:f5:8d:41:0e:bf:72:69:c0:db:b8:
                    52:37:df:24:1b:41:2e:49:f8:6b:5f:3a:2c:f2:7a:
                    38:e0:ec:15:ef:a3:c8:54:12:5f:5a:69:2a:6d:e0:
                    8c:f4:4a:71:cc:22:7d:67:3e:fc:2e:51:82:77:19:
                    f5:70:89:d9:7a:6b:5c:26:22:c2:68:f0:4a:1e:25:
                    f4:93:eb:ec:15:7f:de:81:0f:d2:e9:1f:03:d6:09:
                    5e:d5:a3:aa:d0:33:06:71:bc:88:d2:43:7c:54:89:
                    71:fa:e4:79:f2:a3:fa:45:f6:75:70:5a:6a:75:d8:
                    91:d7:76:51:b7:0b:74:85:b5:cc:89:b2:5a:c1:3d:
                    81:b0:23:63:60:a1:cf:1b:ab:6b:53:c1:0b:88:33:
                    01:d6:8b:1d:94:39:d4:fd:ba:9a:10:4b:e9:10:e5:
                    73:f2:fd:1f:28:3a:e9:8c:5c:aa:29:ce:0f:d2:d7:
                    e8:13:25:5e:ba:75:c9:b6:e8:e9:35:d2:cc:e0:51:
                    ea:2f:ba:f8:e5:df:89:f4:7d:d3:94:91:ff:c8:2a:
                    28:32:8e:31:34:43:24:4c:c0:fa:1c:6a:4e:83:c3:
                    8d:c0:78:41:af:f8:96:cf:c2:c1:6b:4e:04:26:d1:
                    b7:50:8c:49:5a:14:9c:63:32:be:1a:db:49:74:a4:
                    6a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:49:E2:80:8F:69:3F:28:5E:80:6F:D2:D9:40:B2:44:50:13:79:72
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dknigI9pPyhegG_S2UCyRFATeXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:ae:12:a7:75:67:ee:b2:bd:f3:f9:e7:98:c4:f5:d9:c3:0f:
         d1:97:aa:7f:ca:7c:93:7e:60:c9:5d:47:a5:83:4e:76:8a:e1:
         53:e0:4d:31:9e:bc:d2:ee:de:2f:6f:1c:39:11:4b:48:f6:86:
         1b:c9:1f:15:2e:ab:96:8c:8e:51:af:76:94:7a:68:cc:32:e5:
         f7:49:d2:bf:8e:94:fd:70:97:1a:43:84:a3:2a:a5:96:bb:73:
         3c:6c:83:9a:33:6c:2f:4b:69:46:60:86:3a:de:ff:ef:9d:5f:
         12:c3:9a:d8:06:a6:d0:ac:ad:1e:7e:d1:2d:10:be:43:64:fc:
         c9:9c:e8:81:df:11:b8:bc:3f:25:ba:6f:8b:e4:dc:46:7d:22:
         eb:52:96:9f:73:9c:e7:60:88:92:9e:28:44:e6:6d:bd:a2:94:
         4c:8e:ff:47:f0:6f:80:ba:4a:c0:67:dc:e0:2b:2c:11:47:e4:
         58:88:f0:4a:bd:c2:83:d5:c2:ae:9b:c4:c7:cf:3b:2f:2b:60:
         93:c4:72:97:5c:70:57:b8:4a:23:a2:e9:24:20:d6:f5:d0:90:
         35:07:97:21:e3:a9:6e:29:b7:87:27:30:1c:53:48:70:de:02:
         4e:00:b5:7f:a3:69:65:5e:d6:59:77:ed:89:89:eb:84:f6:bd:
         a4:2f:b4:e8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg4o5Vzg3xNh4YNwx/AvJ85MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIwMTAxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjQ5ZTI4MDhmNjkzZjI4NWU4MDZmZDJkOTQwYjI0NDUwMTM3OTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSiUNvWNQQ6/cmnA27hSN98kG0Eu
SfhrXzos8no44OwV76PIVBJfWmkqbeCM9EpxzCJ9Zz78LlGCdxn1cInZemtcJiLC
aPBKHiX0k+vsFX/egQ/S6R8D1gle1aOq0DMGcbyI0kN8VIlx+uR58qP6RfZ1cFpq
ddiR13ZRtwt0hbXMibJawT2BsCNjYKHPG6trU8ELiDMB1osdlDnU/bqaEEvpEOVz
8v0fKDrpjFyqKc4P0tfoEyVeunXJtujpNdLM4FHqL7r45d+J9H3TlJH/yCooMo4x
NEMkTMD6HGpOg8ONwHhBr/iWz8LBa04EJtG3UIxJWhScYzK+GttJdKRqyQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHZJ4oCPaT8oXoBv0tlAskRQE3lyMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZGtuaWdJOXBQeWhlZ0dfUzJVQ3lSRkFUZVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEKuEqd1Z+6yvfP555jE
9dnDD9GXqn/KfJN+YMldR6WDTnaK4VPgTTGevNLu3i9vHDkRS0j2hhvJHxUuq5aM
jlGvdpR6aMwy5fdJ0r+OlP1wlxpDhKMqpZa7czxsg5ozbC9LaUZghjre/++dXxLD
mtgGptCsrR5+0S0QvkNk/Mmc6IHfEbi8PyW6b4vk3EZ9IutSlp9znOdgiJKeKETm
bb2ilEyO/0fwb4C6SsBn3OArLBFH5FiI8Eq9woPVwq6bxMfPOy8rYJPEcpdccFe4
SiOi6SQg1vXQkDUHlyHjqW4pt4cnMBxTSHDeAk4AtX+jaWVe1ll37YmJ64T2vaQv
tOg=
-----END CERTIFICATE-----