Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fbqxwcdlPrEL3w2o5thDhZi3b-M.roa
File:                     fbqxwcdlPrEL3w2o5thDhZi3b-M.roa (raw, json)
Hash identifier:          000bnyTCSNiWRaeLG4xywd5sw97q05LVu4QHh63OSdA=
Subject key identifier:   7D:BA:B1:C1:C7:65:3E:B1:0B:DF:0D:A8:E6:D8:43:85:98:B7:6F:E3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01878B74832B1DCED9CF3255AFE1C5C4FF1E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fbqxwcdlPrEL3w2o5thDhZi3b-M.roa
Signing time:             Sun 16 Apr 2023 19:04:41 +0000
ROA not before:           Sun 16 Apr 2023 19:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:8b74:2f14/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8b:74:83:2b:1d:ce:d9:cf:32:55:af:e1:c5:c4:ff:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 16 19:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7dbab1c1c7653eb10bdf0da8e6d8438598b76fe3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:1d:52:9e:d2:41:03:fd:ce:77:34:c4:35:d7:
                    b5:f8:f8:b5:6b:b6:d4:0e:c0:9a:ca:c3:07:d7:f4:
                    49:a5:fc:f0:5b:75:84:79:55:e5:7d:cd:e3:76:3a:
                    c7:e9:65:e2:38:7a:f0:64:c3:76:1e:ca:25:97:85:
                    75:36:c0:1e:ac:0b:f0:42:db:75:3d:a9:68:16:9e:
                    05:d9:88:f6:c5:2d:1e:24:cf:aa:15:43:16:7d:c6:
                    e3:b1:47:dd:17:e6:c7:37:25:92:dd:ad:95:21:95:
                    2d:d7:bb:2f:ea:88:87:76:a5:aa:6e:a8:e2:8f:d7:
                    89:46:8c:67:5f:ac:53:85:34:e1:47:11:ab:21:12:
                    24:19:e6:07:2a:ba:bf:a8:9f:60:1c:ef:e1:a2:6b:
                    0a:60:f8:06:1b:78:de:11:7d:d3:8f:85:f4:e2:f9:
                    6d:4d:d8:72:68:83:45:b8:91:64:60:f4:36:39:39:
                    7a:be:71:76:b2:2a:4f:07:10:f8:8a:e1:17:97:79:
                    d8:98:35:42:03:d9:a0:26:21:13:a2:02:5a:fe:c7:
                    00:03:6d:8b:a6:96:ab:88:0b:6f:d4:f6:4a:dc:83:
                    5e:ce:59:fe:c1:24:0b:2d:87:f0:f3:76:05:8a:22:
                    ce:c5:ba:df:9f:ca:a6:88:7b:50:04:4a:cd:4b:f7:
                    88:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:BA:B1:C1:C7:65:3E:B1:0B:DF:0D:A8:E6:D8:43:85:98:B7:6F:E3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fbqxwcdlPrEL3w2o5thDhZi3b-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:e5:32:63:4a:b0:55:7c:77:99:45:fe:8f:54:e8:7b:89:da:
         36:81:40:86:f7:b3:8d:64:31:6b:43:ce:01:4a:f9:9e:a3:70:
         59:79:42:9d:84:d9:fe:05:e8:46:77:6a:b2:03:d1:80:e3:d4:
         db:ee:df:e0:5e:74:a8:a1:f5:18:f3:04:74:e8:76:09:76:ed:
         e7:2c:7f:1f:58:13:39:6b:5b:34:a7:31:cc:e4:f8:e9:12:ed:
         a0:13:fa:fe:50:1f:ce:38:c1:75:12:e4:43:f6:a5:e7:77:17:
         9d:a9:b8:ca:0f:51:62:5b:95:7a:c9:e2:ab:65:a6:b9:07:f5:
         8f:bf:58:00:6d:46:31:32:ee:f4:af:60:62:0b:ae:01:90:65:
         69:06:37:0a:ea:54:62:9e:53:6d:80:d3:45:02:ee:69:d1:b1:
         de:13:97:ac:08:58:c7:36:27:09:9a:1e:27:b1:fe:37:84:99:
         cc:86:39:82:80:75:cb:9c:44:cc:24:19:7f:f5:6e:cc:40:5f:
         79:3e:92:9a:78:91:85:35:5f:66:3e:89:27:ec:f9:00:23:a4:
         45:c3:43:92:46:c6:7f:d7:df:37:85:15:f6:e7:f9:65:0e:bc:
         0d:aa:48:21:5c:47:b6:24:aa:1b:d5:cd:23:07:63:4c:c3:0f:
         eb:7e:ae:39
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeLdIMrHc7ZzzJVr+HFxP8eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE2MTkwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGJhYjFjMWM3NjUzZWIxMGJkZjBkYThlNmQ4NDM4NTk4Yjc2ZmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmR1SntJBA/3OdzTENde1+Pi1a7bU
DsCaysMH1/RJpfzwW3WEeVXlfc3jdjrH6WXiOHrwZMN2Hsoll4V1NsAerAvwQtt1
PaloFp4F2Yj2xS0eJM+qFUMWfcbjsUfdF+bHNyWS3a2VIZUt17sv6oiHdqWqbqji
j9eJRoxnX6xThTThRxGrIRIkGeYHKrq/qJ9gHO/homsKYPgGG3jeEX3Tj4X04vlt
TdhyaINFuJFkYPQ2OTl6vnF2sipPBxD4iuEXl3nYmDVCA9mgJiETogJa/scAA22L
ppariAtv1PZK3INezln+wSQLLYfw83YFiiLOxbrfn8qmiHtQBErNS/eIKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH26scHHZT6xC98NqObYQ4WYt2/jMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZmJxeHdjZGxQckVMM3cybzV0aERoWmkzYi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE3lMmNKsFV8d5lF/o9U
6HuJ2jaBQIb3s41kMWtDzgFK+Z6jcFl5Qp2E2f4F6EZ3arID0YDj1Nvu3+BedKih
9RjzBHTodgl27ecsfx9YEzlrWzSnMczk+OkS7aAT+v5QH844wXUS5EP2ped3F52p
uMoPUWJblXrJ4qtlprkH9Y+/WABtRjEy7vSvYGILrgGQZWkGNwrqVGKeU22A00UC
7mnRsd4Tl6wIWMc2JwmaHiex/jeEmcyGOYKAdcucRMwkGX/1bsxAX3k+kpp4kYU1
X2Y+iSfs+QAjpEXDQ5JGxn/X3zeFFfbn+WUOvA2qSCFcR7YkqhvVzSMHY0zDD+t+
rjk=
-----END CERTIFICATE-----