Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/luln591-108alCOdDAEndOHLHJM.roa
File:                     luln591-108alCOdDAEndOHLHJM.roa (raw, json)
Hash identifier:          uLXsm+ORlEWhNE+0gqXW/j2DXNNIEvhuBMo6EiztkeQ=
Subject key identifier:   96:E9:67:E7:DD:7E:D7:4F:1A:94:23:9D:0C:01:27:74:E1:CB:1C:93
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188A26D9ACF430F4E5650CDBFDD859C11D6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/luln591-108alCOdDAEndOHLHJM.roa
Signing time:             Fri 09 Jun 2023 23:11:11 +0000
ROA not before:           Fri 09 Jun 2023 23:11:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:a2:6d:9a:cf:43:0f:4e:56:50:cd:bf:dd:85:9c:11:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  9 23:11:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=96e967e7dd7ed74f1a94239d0c012774e1cb1c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:52:2e:a3:78:bf:63:7d:45:b4:62:f6:21:4c:
                    40:2d:88:a5:65:65:7e:d9:7f:e2:40:41:f9:eb:9f:
                    40:c7:cf:cf:a0:df:04:e4:2d:51:97:c8:75:a4:13:
                    54:a6:14:f8:6d:71:fd:bd:c0:47:42:57:ec:62:95:
                    48:b1:29:5a:53:ab:50:97:55:ac:82:28:48:53:15:
                    5d:31:b0:28:a2:60:79:0d:a7:bd:f3:71:12:f9:86:
                    5d:a4:e2:9d:39:4d:1d:42:c0:cd:93:c2:5d:f3:a0:
                    c3:ae:05:41:f2:06:0e:ad:80:fa:d2:ba:0e:5c:06:
                    de:23:8b:8e:38:37:b8:12:0a:10:23:75:7d:2e:a5:
                    d3:aa:b0:53:d2:91:1e:e6:99:da:cb:98:cd:82:ef:
                    19:3d:02:7b:16:38:5a:c6:b2:40:38:d9:01:13:42:
                    3b:37:b4:c8:f0:14:80:f8:50:df:ee:b0:73:56:46:
                    26:c3:f2:0c:9f:a2:90:98:fe:d8:46:3d:7e:b6:ac:
                    7e:c4:a3:b4:d4:b1:44:55:7c:74:8a:c3:68:e8:1a:
                    33:3c:e2:a9:0e:44:6e:13:e6:28:56:5c:73:a9:d7:
                    6c:6b:87:68:51:58:09:57:70:7b:76:c2:dc:bd:98:
                    13:96:9a:1e:c4:44:f5:61:61:f2:17:a2:77:f8:33:
                    62:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:E9:67:E7:DD:7E:D7:4F:1A:94:23:9D:0C:01:27:74:E1:CB:1C:93
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/luln591-108alCOdDAEndOHLHJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:a7:25:5f:40:c5:f4:3e:1c:9e:f3:4c:f9:fe:ff:dd:da:5d:
         90:34:d7:47:73:00:9c:e4:38:83:55:46:09:2f:20:f9:68:19:
         83:18:5c:34:75:1e:b0:9f:9a:8e:27:fd:f2:76:e8:4b:59:ad:
         5a:e2:19:ef:85:eb:94:31:27:d7:f8:64:0a:d2:0b:4f:3c:76:
         e9:f5:70:d5:13:f2:51:b0:58:14:67:77:6d:15:02:a2:14:48:
         d4:55:2a:8f:95:29:5b:3a:9d:7f:9a:36:7b:de:ca:05:83:57:
         b2:da:b5:2c:57:34:24:53:b8:17:9f:a4:98:2d:e2:b1:bb:fe:
         9f:ae:df:0a:4b:92:0c:5e:d8:1b:2e:78:c8:5d:e4:ad:f7:47:
         b4:d4:3a:52:d0:a7:98:a8:49:f4:12:ad:68:b1:a1:c1:af:ca:
         49:c1:97:0a:92:ae:5f:fb:8a:ed:b9:f9:d4:5e:d8:51:d8:64:
         eb:f5:9d:73:df:6e:cf:f3:ac:2c:3e:95:ae:da:ad:0a:da:75:
         a3:39:9b:8a:61:56:c9:fc:e8:d7:e8:70:35:93:fc:14:3a:0e:
         13:1e:86:b0:e3:17:50:69:a7:02:56:40:9d:b5:0e:87:8b:32:
         9f:66:ac:25:3f:05:1f:b1:bd:3e:0a:ff:8f:34:7e:c0:a7:bc:
         54:bb:a4:bf
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiibZrPQw9OVlDNv92FnBHWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA5MjMxMTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmU5NjdlN2RkN2VkNzRmMWE5NDIzOWQwYzAxMjc3NGUxY2IxYzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVIuo3i/Y31FtGL2IUxALYilZWV+
2X/iQEH5659Ax8/PoN8E5C1Rl8h1pBNUphT4bXH9vcBHQlfsYpVIsSlaU6tQl1Ws
gihIUxVdMbAoomB5Dae983ES+YZdpOKdOU0dQsDNk8Jd86DDrgVB8gYOrYD60roO
XAbeI4uOODe4EgoQI3V9LqXTqrBT0pEe5pnay5jNgu8ZPQJ7FjhaxrJAONkBE0I7
N7TI8BSA+FDf7rBzVkYmw/IMn6KQmP7YRj1+tqx+xKO01LFEVXx0isNo6BozPOKp
DkRuE+YoVlxzqddsa4doUVgJV3B7dsLcvZgTlpoexET1YWHyF6J3+DNiRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJbpZ+fdftdPGpQjnQwBJ3ThyxyTMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbHVsbjU5MS0xMDhhbENPZERBRW5kT0hMSEpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADmnJV9AxfQ+HJ7zTPn+
/93aXZA010dzAJzkOINVRgkvIPloGYMYXDR1HrCfmo4n/fJ26EtZrVriGe+F65Qx
J9f4ZArSC088dun1cNUT8lGwWBRnd20VAqIUSNRVKo+VKVs6nX+aNnveygWDV7La
tSxXNCRTuBefpJgt4rG7/p+u3wpLkgxe2BsueMhd5K33R7TUOlLQp5ioSfQSrWix
ocGvyknBlwqSrl/7iu25+dRe2FHYZOv1nXPfbs/zrCw+la7arQradaM5m4phVsn8
6NfocDWT/BQ6DhMehrDjF1BppwJWQJ21DoeLMp9mrCU/BR+xvT4K/480fsCnvFS7
pL8=
-----END CERTIFICATE-----