Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gK-ntOWQKFyZ_d98UYOLoxrGjno.roa
File:                     gK-ntOWQKFyZ_d98UYOLoxrGjno.roa (raw, json)
Hash identifier:          h0Z90mJtyocIiADtdkBm4dlBojbfkK6ioHnSTDoly6A=
Subject key identifier:   80:AF:A7:B4:E5:90:28:5C:99:FD:DF:7C:51:83:8B:A3:1A:C6:8E:7A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186D8EDE0427E119B6C4742F8BF570EDD6E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gK-ntOWQKFyZ_d98UYOLoxrGjno.roa
Signing time:             Mon 13 Mar 2023 03:05:13 +0000
ROA not before:           Mon 13 Mar 2023 03:05:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:186:d8ed:429a/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d8:ed:e0:42:7e:11:9b:6c:47:42:f8:bf:57:0e:dd:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 13 03:05:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=80afa7b4e590285c99fddf7c51838ba31ac68e7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:79:99:05:8d:e2:0e:27:cf:ae:54:a3:e8:da:
                    c0:4b:53:7f:09:59:f6:7f:91:98:4f:6a:04:d8:bc:
                    44:9c:cd:c0:fb:c5:3c:29:82:a1:0c:66:b5:90:2b:
                    c2:ac:0c:18:6d:73:00:f9:69:b1:db:78:d0:a8:f8:
                    ed:b9:a8:5c:95:12:7d:3c:f2:83:3d:23:10:55:9d:
                    8c:ba:5d:7c:b0:3f:2b:19:12:08:68:68:2c:98:26:
                    8a:b0:cc:bf:96:c2:11:73:1f:98:3a:ef:48:eb:63:
                    7d:13:21:23:9a:75:73:9c:26:f0:58:48:cd:4d:55:
                    b7:c2:3a:5d:b9:c1:c8:da:4d:d3:10:18:ae:da:a9:
                    b8:dc:d7:19:1b:7b:89:f4:02:7d:31:0c:45:66:54:
                    8c:25:80:8a:47:6d:14:e7:a2:5b:29:ff:f3:03:02:
                    3f:95:27:74:82:3f:f8:cb:b8:6e:c1:9b:ac:b9:f8:
                    9a:54:ed:37:c3:2c:9e:11:60:a1:d4:f5:e3:8b:61:
                    64:73:57:bf:3b:a2:0c:99:c6:72:04:14:b4:c2:7a:
                    82:48:f5:14:1e:b9:96:b0:ed:f9:d9:ad:bf:5d:f0:
                    f0:9b:4f:f6:0f:55:9b:fc:0d:5b:bd:f9:87:1b:e5:
                    e4:82:b7:1a:35:cd:88:c1:29:99:8e:71:53:ef:5d:
                    de:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:AF:A7:B4:E5:90:28:5C:99:FD:DF:7C:51:83:8B:A3:1A:C6:8E:7A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gK-ntOWQKFyZ_d98UYOLoxrGjno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:0c:15:56:80:14:d5:dc:60:83:1b:2f:99:77:b9:41:f2:19:
         55:2f:0e:26:20:5e:81:ab:d1:06:6a:c5:28:4d:a4:a6:b7:f9:
         bf:97:39:2d:d0:8c:88:1f:2a:fa:47:9c:70:b1:6e:76:c0:dc:
         a5:0d:fa:22:65:04:aa:1b:0a:85:3d:82:ae:3b:bc:a5:68:b4:
         ff:34:52:8a:41:f3:4f:a4:87:5b:35:d7:98:36:39:17:fb:ff:
         4e:8d:51:e4:18:89:06:34:c6:77:0d:08:c0:fb:2a:f3:26:55:
         d2:6c:e9:f8:64:c5:b4:5e:0b:7a:e2:fd:c1:94:84:4f:bb:a0:
         be:c3:78:73:4f:3b:4b:26:0b:98:92:50:56:ed:12:42:57:20:
         51:84:2f:7d:52:36:5e:d2:10:b6:7b:28:a6:f9:83:dc:58:d7:
         b9:15:4c:06:d3:4b:02:b8:08:ee:ad:bb:59:c7:84:b6:30:6b:
         ed:ff:5c:29:b4:3f:4e:04:2a:f3:05:ed:9d:40:ec:59:58:83:
         ba:6c:e8:b5:71:a1:6e:19:d9:5e:ce:0a:e8:00:58:39:3d:8b:
         47:b4:ee:95:13:6c:1f:21:49:f8:64:f7:c9:c1:d8:81:16:63:
         e0:a6:65:6b:3e:13:2e:91:50:54:b1:67:1c:b4:db:f2:0d:c9:
         50:74:10:3f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbY7eBCfhGbbEdC+L9XDt1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEzMDMwNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGFmYTdiNGU1OTAyODVjOTlmZGRmN2M1MTgzOGJhMzFhYzY4ZTdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHmZBY3iDifPrlSj6NrAS1N/CVn2
f5GYT2oE2LxEnM3A+8U8KYKhDGa1kCvCrAwYbXMA+Wmx23jQqPjtuahclRJ9PPKD
PSMQVZ2Mul18sD8rGRIIaGgsmCaKsMy/lsIRcx+YOu9I62N9EyEjmnVznCbwWEjN
TVW3wjpducHI2k3TEBiu2qm43NcZG3uJ9AJ9MQxFZlSMJYCKR20U56JbKf/zAwI/
lSd0gj/4y7huwZusufiaVO03wyyeEWCh1PXji2Fkc1e/O6IMmcZyBBS0wnqCSPUU
HrmWsO352a2/XfDwm0/2D1Wb/A1bvfmHG+XkgrcaNc2IwSmZjnFT713egwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFICvp7TlkChcmf3ffFGDi6Maxo56MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZ0stbnRPV1FLRnlaX2Q5OFVZT0xveHJHam5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKAMFVaAFNXcYIMbL5l3
uUHyGVUvDiYgXoGr0QZqxShNpKa3+b+XOS3QjIgfKvpHnHCxbnbA3KUN+iJlBKob
CoU9gq47vKVotP80UopB80+kh1s115g2ORf7/06NUeQYiQY0xncNCMD7KvMmVdJs
6fhkxbReC3ri/cGUhE+7oL7DeHNPO0smC5iSUFbtEkJXIFGEL31SNl7SELZ7KKb5
g9xY17kVTAbTSwK4CO6tu1nHhLYwa+3/XCm0P04EKvMF7Z1A7FlYg7ps6LVxoW4Z
2V7OCugAWDk9i0e07pUTbB8hSfhk98nB2IEWY+CmZWs+Ey6RUFSxZxy02/INyVB0
ED8=
-----END CERTIFICATE-----