Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/n1SfK9UidAEPqdykZhkhIOvxx-8.roa
File:                     n1SfK9UidAEPqdykZhkhIOvxx-8.roa (raw, json)
Hash identifier:          fPrS1lX3b2MsdMXUtn+tTztVa3HT7fT6rOfQ+iAFCQc=
Subject key identifier:   9F:54:9F:2B:D5:22:74:01:0F:A9:DC:A4:66:19:21:20:EB:F1:C7:EF
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186E97C58CA7A32607F72DEA0D1609E88A8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/n1SfK9UidAEPqdykZhkhIOvxx-8.roa
Signing time:             Thu 16 Mar 2023 08:14:45 +0000
ROA not before:           Thu 16 Mar 2023 08:14:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e9:7c:58:ca:7a:32:60:7f:72:de:a0:d1:60:9e:88:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 16 08:14:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9f549f2bd52274010fa9dca466192120ebf1c7ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:98:bb:83:8a:ea:d3:57:54:dd:9c:1f:47:b2:
                    86:bf:e9:e2:b7:7d:cb:43:80:67:67:cf:b0:76:de:
                    09:12:b3:a7:16:a3:f2:47:c1:b8:4c:25:61:90:27:
                    4b:34:e7:77:f8:01:46:bc:b4:09:a0:f7:91:60:9a:
                    39:55:fe:cc:e8:bf:45:23:0c:d8:79:fa:62:e2:33:
                    fd:52:50:5f:6f:cf:cb:c8:fb:81:9c:dd:86:0d:a1:
                    f4:8e:b4:18:17:09:bc:72:57:7d:0e:2c:52:1c:d8:
                    62:5d:53:b4:6e:1a:1c:df:e5:aa:61:f7:ec:05:dd:
                    db:ba:f4:93:15:cb:8b:37:6b:2a:9d:da:98:02:9f:
                    40:5c:ef:b3:b6:61:c2:94:3e:7b:9c:d7:6b:4f:a0:
                    02:50:e2:3a:2a:8e:d2:0a:42:47:89:17:dd:8f:76:
                    ea:cd:4e:ed:bd:2f:e4:14:e3:08:d9:2d:1e:89:b4:
                    73:c2:52:c9:32:79:c5:02:5e:fd:b8:c4:de:d6:a1:
                    0e:13:13:32:c8:1c:27:cf:fb:5a:d7:1d:7c:f3:cb:
                    02:8e:56:ce:e2:7f:11:57:62:d5:88:ca:8b:40:19:
                    c8:23:4f:60:35:da:78:2b:4e:e9:3a:bb:50:8c:e8:
                    f0:7d:0b:76:c7:49:a6:a2:a3:95:8c:02:a7:4d:20:
                    d4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:54:9F:2B:D5:22:74:01:0F:A9:DC:A4:66:19:21:20:EB:F1:C7:EF
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/n1SfK9UidAEPqdykZhkhIOvxx-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:45:d2:be:52:c4:89:07:31:be:fe:54:ba:c6:4f:c3:0c:9d:
         16:b2:05:4c:8f:42:10:12:b6:a3:81:ed:ee:23:81:ad:e9:7e:
         be:7d:3f:3b:10:77:9c:13:0b:e6:23:3b:6f:83:5e:db:d0:e5:
         dd:4e:14:ea:8e:38:15:bd:7a:b9:5c:44:5d:5c:cc:75:11:3d:
         48:3c:5e:e6:93:3f:d2:f4:09:2a:a7:b9:23:7c:ad:b5:b2:31:
         12:fd:31:b7:87:94:20:b0:83:9b:15:d6:87:05:a6:46:7b:49:
         f9:f9:89:a0:ff:c5:46:d2:c7:4c:50:88:e8:c1:2b:de:e5:d6:
         2e:1b:58:22:90:c3:37:d9:90:f8:55:1b:28:77:e2:6a:d3:e3:
         18:46:3d:27:2e:76:32:df:eb:78:c0:fb:b7:26:95:39:3e:5f:
         52:e9:6f:d5:a8:7a:bd:59:7a:7e:75:45:2f:0a:f5:b9:e1:1a:
         93:b9:39:77:de:9c:fd:57:09:4f:43:87:d5:ea:42:0e:b2:c4:
         0a:c4:61:d0:0a:ad:de:c8:2b:83:4a:48:e8:8e:39:f8:5e:37:
         0e:3b:ce:f4:00:e2:95:91:b4:ab:0e:85:a7:a9:96:b9:76:b2:
         20:44:c7:ea:d1:dd:59:e7:e3:98:df:1d:6e:f5:21:84:62:79:
         30:6b:34:bd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbpfFjKejJgf3LeoNFgnoioMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE2MDgxNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjU0OWYyYmQ1MjI3NDAxMGZhOWRjYTQ2NjE5MjEyMGViZjFjN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpi7g4rq01dU3ZwfR7KGv+nit33L
Q4BnZ8+wdt4JErOnFqPyR8G4TCVhkCdLNOd3+AFGvLQJoPeRYJo5Vf7M6L9FIwzY
efpi4jP9UlBfb8/LyPuBnN2GDaH0jrQYFwm8cld9DixSHNhiXVO0bhoc3+WqYffs
Bd3buvSTFcuLN2sqndqYAp9AXO+ztmHClD57nNdrT6ACUOI6Ko7SCkJHiRfdj3bq
zU7tvS/kFOMI2S0eibRzwlLJMnnFAl79uMTe1qEOExMyyBwnz/ta1x1888sCjlbO
4n8RV2LViMqLQBnII09gNdp4K07pOrtQjOjwfQt2x0mmoqOVjAKnTSDUiQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ9UnyvVInQBD6ncpGYZISDr8cfvMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbjFTZks5VWlkQUVQcWR5a1poa2hJT3Z4eC04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFxF0r5SxIkHMb7+VLrG
T8MMnRayBUyPQhAStqOB7e4jga3pfr59PzsQd5wTC+YjO2+DXtvQ5d1OFOqOOBW9
erlcRF1czHURPUg8XuaTP9L0CSqnuSN8rbWyMRL9MbeHlCCwg5sV1ocFpkZ7Sfn5
iaD/xUbSx0xQiOjBK97l1i4bWCKQwzfZkPhVGyh34mrT4xhGPScudjLf63jA+7cm
lTk+X1Lpb9Woer1Zen51RS8K9bnhGpO5OXfenP1XCU9Dh9XqQg6yxArEYdAKrd7I
K4NKSOiOOfheNw47zvQA4pWRtKsOhaeplrl2siBEx+rR3Vnn45jfHW71IYRieTBr
NL0=
-----END CERTIFICATE-----