Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/epYpRBbJa3pTfZrqY2h-HjbzzN0.roa
File:                     epYpRBbJa3pTfZrqY2h-HjbzzN0.roa (raw, json)
Hash identifier:          bP9/9qdZnydypFspRSb0UBccEVTbBGwiTFE1gdia8fM=
Subject key identifier:   7A:96:29:44:16:C9:6B:7A:53:7D:9A:EA:63:68:7E:1E:36:F3:CC:DD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A0EBCA42016210BCD3FFE62556EE436B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/epYpRBbJa3pTfZrqY2h-HjbzzN0.roa
Signing time:             Thu 02 Mar 2023 06:04:12 +0000
ROA not before:           Thu 02 Mar 2023 06:04:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:a0eb:c12d/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a0:eb:ca:42:01:62:10:bc:d3:ff:e6:25:56:ee:43:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  2 06:04:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7a96294416c96b7a537d9aea63687e1e36f3ccdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:e4:27:cd:80:7a:fb:49:91:fd:46:20:14:aa:
                    a5:e4:eb:c6:b3:98:8f:af:7a:46:be:e2:cf:d3:0d:
                    e9:89:e5:a0:bb:af:89:e6:52:92:f9:0a:d9:b9:29:
                    d5:59:75:21:ee:93:db:ca:36:8d:87:2a:74:b0:2a:
                    d6:b7:3f:47:ea:7a:a5:7e:c2:4a:e8:81:8d:a5:0d:
                    64:d1:4d:e7:70:e0:93:36:f1:4f:04:39:9d:e2:2a:
                    e7:95:70:06:ff:f1:f0:ae:68:62:d9:69:46:0c:06:
                    7c:89:51:43:2c:db:f1:80:48:dd:fd:64:4d:7e:26:
                    a8:1b:27:8f:35:8e:e9:45:80:34:0b:77:21:48:a5:
                    52:fa:42:77:48:6e:13:48:5b:85:58:c1:fb:bc:cd:
                    a6:5e:48:45:d8:93:82:ed:5c:26:58:aa:14:76:f1:
                    a0:db:00:15:7e:b3:d1:95:d9:23:08:95:c4:a9:96:
                    83:e0:ef:1e:93:22:de:97:f2:08:0e:ad:7b:3c:0e:
                    35:e3:b2:bf:31:32:92:1c:c2:10:ff:67:aa:e3:a2:
                    97:f4:57:84:bd:9b:17:f2:47:18:a8:15:f2:aa:72:
                    13:c1:08:01:ac:28:e1:0b:53:87:7f:86:c5:49:c9:
                    af:b9:62:9a:13:d9:c8:32:d1:b1:4e:94:0b:4c:6f:
                    a5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:96:29:44:16:C9:6B:7A:53:7D:9A:EA:63:68:7E:1E:36:F3:CC:DD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/epYpRBbJa3pTfZrqY2h-HjbzzN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:70:a1:43:9b:65:e0:ea:dc:de:f5:b6:44:6e:4e:72:3b:76:
         2f:dc:64:87:3f:eb:2c:2a:b9:71:0a:cd:02:f6:a3:23:da:22:
         8a:ac:aa:0d:5c:da:e2:5c:bf:c2:2a:93:33:91:e0:74:b3:b0:
         cd:ca:17:2b:2a:80:a2:0b:7b:d8:e6:30:5e:76:a5:7c:8b:0c:
         52:b0:38:73:c4:81:5c:e5:f3:a4:44:e2:52:92:39:71:21:cd:
         4b:2e:09:0d:41:f2:7d:8e:d2:8a:71:03:f9:ad:31:c7:3f:d8:
         37:50:1e:d7:fc:9f:4c:09:c7:93:b2:2a:61:73:54:39:66:91:
         26:a4:c0:45:10:c3:b5:d6:95:83:00:35:21:2f:98:6a:3f:76:
         89:7f:b3:9c:e4:7c:de:97:34:0f:3b:0e:bc:fc:92:70:36:2c:
         c6:20:6b:4f:59:1a:c9:12:df:89:69:b5:f9:1c:7d:94:6a:95:
         1d:f1:09:b0:7e:fa:89:d4:c3:ed:a4:a6:b7:4f:65:1c:fb:6b:
         da:21:a7:e9:53:d4:61:e5:a0:b0:7d:90:4b:42:e6:9d:53:b1:
         52:9c:ad:34:85:e8:b9:e6:7d:0d:05:af:ec:7a:8b:e1:bc:ed:
         66:4a:db:d9:a2:ee:50:25:c7:2b:30:7a:16:aa:9b:e0:6b:49:
         d3:4f:57:56
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYag68pCAWIQvNP/5iVW7kNrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAyMDYwNDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTk2Mjk0NDE2Yzk2YjdhNTM3ZDlhZWE2MzY4N2UxZTM2ZjNjY2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgOQnzYB6+0mR/UYgFKql5OvGs5iP
r3pGvuLP0w3pieWgu6+J5lKS+QrZuSnVWXUh7pPbyjaNhyp0sCrWtz9H6nqlfsJK
6IGNpQ1k0U3ncOCTNvFPBDmd4irnlXAG//Hwrmhi2WlGDAZ8iVFDLNvxgEjd/WRN
fiaoGyePNY7pRYA0C3chSKVS+kJ3SG4TSFuFWMH7vM2mXkhF2JOC7VwmWKoUdvGg
2wAVfrPRldkjCJXEqZaD4O8ekyLel/IIDq17PA4147K/MTKSHMIQ/2eq46KX9FeE
vZsX8kcYqBXyqnITwQgBrCjhC1OHf4bFScmvuWKaE9nIMtGxTpQLTG+l2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHqWKUQWyWt6U32a6mNofh4288zdMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZXBZcFJCYkphM3BUZlpycVkyaC1IamJ6ek4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABJwoUObZeDq3N71tkRu
TnI7di/cZIc/6ywquXEKzQL2oyPaIoqsqg1c2uJcv8IqkzOR4HSzsM3KFysqgKIL
e9jmMF52pXyLDFKwOHPEgVzl86RE4lKSOXEhzUsuCQ1B8n2O0opxA/mtMcc/2DdQ
Htf8n0wJx5OyKmFzVDlmkSakwEUQw7XWlYMANSEvmGo/dol/s5zkfN6XNA87Drz8
knA2LMYga09ZGskS34lptfkcfZRqlR3xCbB++onUw+2kprdPZRz7a9ohp+lT1GHl
oLB9kEtC5p1TsVKcrTSF6LnmfQ0Fr+x6i+G87WZK29mi7lAlxyswehaqm+BrSdNP
V1Y=
-----END CERTIFICATE-----