Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/onWptZikWRg1eU1s23a5nrppAX8.roa
File:                     onWptZikWRg1eU1s23a5nrppAX8.roa (raw, json)
Hash identifier:          di9WV9ZJgT/WSb1EdD2/nmKNzaWMBsNPyM/S8OojD0w=
Subject key identifier:   A2:75:A9:B5:98:A4:59:18:35:79:4D:6C:DB:76:B9:9E:BA:69:01:7F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187752801CCE4C965DFD40437E238DB2A6E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/onWptZikWRg1eU1s23a5nrppAX8.roa
Signing time:             Wed 12 Apr 2023 11:09:28 +0000
ROA not before:           Wed 12 Apr 2023 11:09:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:75:28:01:cc:e4:c9:65:df:d4:04:37:e2:38:db:2a:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 12 11:09:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a275a9b598a4591835794d6cdb76b99eba69017f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:29:a2:19:c3:bb:c7:8e:6b:e0:62:44:42:db:
                    46:91:1c:3f:c3:c4:3e:98:7e:dc:f1:69:7e:44:64:
                    78:fa:3c:9a:29:1f:a7:7e:18:05:e5:89:51:9e:62:
                    20:3b:13:99:a6:50:b2:92:92:ec:4a:21:94:bb:b8:
                    82:d8:94:3d:5d:6b:68:72:05:4c:66:8e:e9:dd:ab:
                    b3:8f:cd:bf:8b:15:24:ed:bc:a5:5d:f4:7b:bb:1d:
                    2b:9a:1b:d5:52:ae:fa:a2:f3:8e:d5:68:54:71:8c:
                    b3:bf:ab:5f:93:65:dc:fc:f3:55:c4:98:80:52:b7:
                    ee:b0:9f:71:96:a2:28:a2:6c:46:06:ee:36:9b:a8:
                    cf:fc:84:e0:e3:d3:e4:9a:57:f3:2e:91:7e:af:97:
                    13:43:02:82:04:d8:55:72:4b:7f:68:42:65:d1:35:
                    64:44:04:28:81:ec:25:b5:a6:73:0b:ae:f0:52:35:
                    df:37:1c:e3:5e:06:25:79:73:93:c4:c3:3a:3b:aa:
                    09:94:07:3a:1c:e9:cf:ea:52:c9:2e:1a:fb:d7:ea:
                    cf:91:cb:c7:8b:b6:8f:d1:1f:cb:b0:fb:a0:64:ed:
                    ad:33:1c:21:56:86:68:4a:34:fa:f5:ac:e8:d1:ba:
                    8a:47:fb:4f:be:41:64:c5:73:5f:ab:ad:32:e8:79:
                    8b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:75:A9:B5:98:A4:59:18:35:79:4D:6C:DB:76:B9:9E:BA:69:01:7F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/onWptZikWRg1eU1s23a5nrppAX8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:ff:20:6c:a3:aa:59:5a:5f:75:75:18:d2:95:7a:00:69:06:
         e9:ee:96:32:b5:7e:90:b3:a5:54:92:a4:c9:9e:50:96:b3:f7:
         c3:47:b7:9d:1a:3b:d7:66:01:96:97:e2:c4:1a:31:a1:a7:ff:
         54:c2:f9:6d:2c:e8:6f:db:a8:75:a0:38:a5:38:a8:8d:ad:ac:
         50:ee:b6:84:b6:36:c2:4c:f7:6f:c4:1e:5a:66:13:2d:b5:e8:
         b4:e4:e3:e5:72:58:a1:ea:eb:e1:e0:b7:80:4b:a1:1b:52:f2:
         88:66:0a:cd:b1:16:7d:ed:f1:a6:e3:66:72:27:b5:9b:11:22:
         71:7d:70:9b:a2:f8:c2:1e:c0:41:b8:f6:b7:f1:88:cf:8a:32:
         1b:7e:2d:0b:eb:6d:0f:18:09:e6:ae:9d:c0:d1:03:a4:a7:72:
         cf:0b:33:6b:1a:a7:c0:74:08:08:f9:f8:44:69:50:17:32:84:
         f0:52:2c:4d:bf:a3:fd:8b:8d:44:86:91:7b:98:a1:b3:71:85:
         b7:94:ea:1e:ed:a7:d4:87:b3:42:62:bd:06:1c:d6:d7:a1:70:
         c6:ec:98:d6:83:15:71:14:50:cb:5f:b4:aa:3e:33:44:8b:d0:
         b4:19:00:42:ed:8e:24:ca:3e:6e:a4:3e:26:1e:3e:f9:56:4d:
         c6:53:6b:77
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYd1KAHM5Mll39QEN+I42ypuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEyMTEwOTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjc1YTliNTk4YTQ1OTE4MzU3OTRkNmNkYjc2Yjk5ZWJhNjkwMTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkymiGcO7x45r4GJEQttGkRw/w8Q+
mH7c8Wl+RGR4+jyaKR+nfhgF5YlRnmIgOxOZplCykpLsSiGUu7iC2JQ9XWtocgVM
Zo7p3auzj82/ixUk7bylXfR7ux0rmhvVUq76ovOO1WhUcYyzv6tfk2Xc/PNVxJiA
UrfusJ9xlqIoomxGBu42m6jP/ITg49PkmlfzLpF+r5cTQwKCBNhVckt/aEJl0TVk
RAQogewltaZzC67wUjXfNxzjXgYleXOTxMM6O6oJlAc6HOnP6lLJLhr71+rPkcvH
i7aP0R/LsPugZO2tMxwhVoZoSjT69azo0bqKR/tPvkFkxXNfq60y6HmLCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKJ1qbWYpFkYNXlNbNt2uZ66aQF/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb25XcHRaaWtXUmcxZVUxczIzYTVucnBwQVg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFz/IGyjqllaX3V1GNKV
egBpBunuljK1fpCzpVSSpMmeUJaz98NHt50aO9dmAZaX4sQaMaGn/1TC+W0s6G/b
qHWgOKU4qI2trFDutoS2NsJM92/EHlpmEy216LTk4+VyWKHq6+Hgt4BLoRtS8ohm
Cs2xFn3t8abjZnIntZsRInF9cJui+MIewEG49rfxiM+KMht+LQvrbQ8YCeauncDR
A6Sncs8LM2sap8B0CAj5+ERpUBcyhPBSLE2/o/2LjUSGkXuYobNxhbeU6h7tp9SH
s0JivQYc1tehcMbsmNaDFXEUUMtftKo+M0SL0LQZAELtjiTKPm6kPiYePvlWTcZT
a3c=
-----END CERTIFICATE-----