Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jNn1W2oqocp0qiYR9FgBoKlg-R8.roa
File:                     jNn1W2oqocp0qiYR9FgBoKlg-R8.roa (raw, json)
Hash identifier:          7N3jMkv3rRbtyQw/j5hQEdm6HOvETnSXL8VuzE37HgE=
Subject key identifier:   8C:D9:F5:5B:6A:2A:A1:CA:74:AA:26:11:F4:58:01:A0:A9:60:F9:1F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01883759FF428A3179C7BA4F9EEA9F171C27
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jNn1W2oqocp0qiYR9FgBoKlg-R8.roa
Signing time:             Sat 20 May 2023 04:10:24 +0000
ROA not before:           Sat 20 May 2023 04:10:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:37:59:ff:42:8a:31:79:c7:ba:4f:9e:ea:9f:17:1c:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 20 04:10:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8cd9f55b6a2aa1ca74aa2611f45801a0a960f91f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:22:b2:5c:d7:32:ce:c7:aa:b8:81:88:53:65:
                    70:0a:ab:7b:b0:3d:35:66:5e:02:2b:3c:4a:62:f2:
                    3e:ee:16:00:06:c4:09:7c:26:e7:0c:7c:a9:4e:c7:
                    4c:e1:52:78:69:91:4b:63:06:35:09:b8:83:c7:2a:
                    9e:5b:c3:4f:34:94:e9:bd:7a:05:ee:e2:ed:a8:0a:
                    69:d3:90:d7:74:2f:d1:1d:a8:0b:54:8e:3b:4b:1f:
                    73:ef:96:33:9b:dd:59:41:88:e8:f1:72:bf:da:05:
                    fc:3c:06:14:ab:3d:72:cd:42:c6:3b:53:fa:0b:ae:
                    67:9b:db:67:65:63:52:c2:3b:2c:a8:47:09:33:5f:
                    d2:37:2f:e3:d0:c6:0f:54:e1:27:12:30:af:81:a2:
                    b5:00:3c:20:a7:78:81:68:f2:8d:4e:dd:70:c8:be:
                    b8:7f:87:c1:af:90:a2:0b:17:a9:d4:93:c5:90:ef:
                    42:d3:6b:62:3b:9d:ab:4d:ea:51:1f:8c:1a:e8:77:
                    1b:d0:e6:e7:84:e7:40:ba:40:31:8a:ac:ad:8c:35:
                    00:46:e1:a2:42:ca:10:45:7e:b4:3c:3d:09:35:fd:
                    b7:b6:5a:62:7a:90:8f:ad:02:d5:73:4e:2c:aa:bb:
                    dc:a6:5f:57:ac:53:4b:91:9c:27:66:55:6c:e8:f0:
                    e8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:D9:F5:5B:6A:2A:A1:CA:74:AA:26:11:F4:58:01:A0:A9:60:F9:1F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jNn1W2oqocp0qiYR9FgBoKlg-R8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:08:0a:02:c0:10:e5:8f:6d:29:aa:fa:35:f8:24:5f:bf:f2:
         25:0f:9f:e7:0d:60:8b:ea:4f:5d:00:b6:cf:21:c3:53:64:d3:
         c8:d3:40:e5:21:33:63:10:98:7d:b6:45:56:cb:d7:87:b2:2f:
         4e:3f:32:1f:9e:30:b0:46:22:e5:0d:7a:3c:7b:67:5b:75:d6:
         cd:02:a0:87:ea:55:fa:83:cc:c8:96:3d:ad:39:2c:aa:d4:20:
         91:99:55:dc:b5:c2:66:17:42:ec:0a:9b:84:08:a2:1e:2e:96:
         89:c6:4a:70:d6:42:5b:57:c6:27:7f:98:80:5e:eb:16:85:87:
         d4:71:53:7c:51:fe:69:d4:bc:f1:58:8d:0f:dd:a4:bc:bf:76:
         e3:35:72:15:2d:1f:b0:c2:ba:b0:9d:da:33:08:2e:10:73:cc:
         57:e2:c6:5e:fe:91:42:14:73:9c:d8:04:b5:ac:93:5b:16:95:
         bf:e6:e7:e7:24:66:fd:8b:63:63:8f:ce:cd:6e:9f:1b:87:9e:
         e0:2a:5e:22:b4:42:02:a8:7a:d8:ef:1f:9f:69:37:20:df:7b:
         9b:c5:b2:cc:1c:1d:4e:b5:32:0e:90:bb:6c:3f:fa:83:94:cc:
         e0:b6:78:cd:bb:9e:ac:b5:da:15:8a:68:ee:c8:8f:27:66:49:
         69:8f:52:3f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg3Wf9CijF5x7pPnuqfFxwnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIwMDQxMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2Q5ZjU1YjZhMmFhMWNhNzRhYTI2MTFmNDU4MDFhMGE5NjBmOTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlCKyXNcyzsequIGIU2VwCqt7sD01
Zl4CKzxKYvI+7hYABsQJfCbnDHypTsdM4VJ4aZFLYwY1CbiDxyqeW8NPNJTpvXoF
7uLtqApp05DXdC/RHagLVI47Sx9z75Yzm91ZQYjo8XK/2gX8PAYUqz1yzULGO1P6
C65nm9tnZWNSwjssqEcJM1/SNy/j0MYPVOEnEjCvgaK1ADwgp3iBaPKNTt1wyL64
f4fBr5CiCxep1JPFkO9C02tiO52rTepRH4wa6Hcb0ObnhOdAukAxiqytjDUARuGi
QsoQRX60PD0JNf23tlpiepCPrQLVc04sqrvcpl9XrFNLkZwnZlVs6PDofwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIzZ9VtqKqHKdKomEfRYAaCpYPkfMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvak5uMVcyb3FvY3AwcWlZUjlGZ0JvS2xnLVI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFUICgLAEOWPbSmq+jX4
JF+/8iUPn+cNYIvqT10Ats8hw1Nk08jTQOUhM2MQmH22RVbL14eyL04/Mh+eMLBG
IuUNejx7Z1t11s0CoIfqVfqDzMiWPa05LKrUIJGZVdy1wmYXQuwKm4QIoh4ulonG
SnDWQltXxid/mIBe6xaFh9RxU3xR/mnUvPFYjQ/dpLy/duM1chUtH7DCurCd2jMI
LhBzzFfixl7+kUIUc5zYBLWsk1sWlb/m5+ckZv2LY2OPzs1unxuHnuAqXiK0QgKo
etjvH59pNyDfe5vFsswcHU61Mg6Qu2w/+oOUzOC2eM27nqy12hWKaO7IjydmSWmP
Uj8=
-----END CERTIFICATE-----