Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/p899xjI75a9w5wEsdACSK5_oKSk.roa
File:                     p899xjI75a9w5wEsdACSK5_oKSk.roa (raw, json)
Hash identifier:          JEICr8TZVGK7iYtAyuZqcQueZ8A8fQ8nR5lpIHxA+IY=
Subject key identifier:   A7:CF:7D:C6:32:3B:E5:AF:70:E7:01:2C:74:00:92:2B:9F:E8:29:29
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F6C1953F7DFB0B926D3705D8BC1A6D53
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/p899xjI75a9w5wEsdACSK5_oKSk.roa
Signing time:             Sat 18 Mar 2023 22:05:27 +0000
ROA not before:           Sat 18 Mar 2023 22:05:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:f6c0:a870/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f6:c1:95:3f:7d:fb:0b:92:6d:37:05:d8:bc:1a:6d:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 18 22:05:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a7cf7dc6323be5af70e7012c7400922b9fe82929
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:26:31:26:eb:9a:41:18:02:a4:8e:0c:a6:62:
                    6c:be:fa:1e:04:b4:83:37:20:c2:4a:89:c3:b7:ec:
                    4e:36:d6:39:f4:28:ae:82:a4:9d:6b:67:70:e7:ab:
                    0f:39:12:eb:da:9e:79:cc:1b:29:63:1b:1b:0a:dc:
                    66:b5:0c:d4:8a:f7:c2:60:f1:2c:ff:b3:6d:c1:ee:
                    dd:99:37:ba:3b:1e:aa:bc:89:4e:5f:11:d7:5f:a1:
                    e4:bc:3a:4f:cb:af:6a:6d:3a:da:cf:d1:3f:3c:e6:
                    b2:28:1d:f2:ee:0a:14:44:fc:ce:5c:08:9e:08:e2:
                    23:63:60:e1:1d:cf:7e:e2:0b:f8:fa:a5:98:d7:5f:
                    cb:e3:d1:76:5f:70:ae:14:28:eb:97:84:27:87:40:
                    eb:59:19:4e:d3:21:b8:6b:d5:dd:ca:f8:f8:04:aa:
                    e3:3a:b4:e5:a9:81:d3:4d:07:32:e1:7c:ef:20:95:
                    66:ed:9c:d2:16:b3:64:a7:5b:a0:c3:57:38:5c:00:
                    35:1e:0e:73:99:74:b0:0d:9f:4d:e6:95:76:54:8d:
                    49:cf:cc:e3:ee:e7:fc:1d:28:c1:3a:fc:0e:73:c9:
                    64:c5:61:c9:11:0d:9a:96:a0:14:78:cc:09:59:2b:
                    99:96:89:0e:c4:1d:58:1e:36:fb:ee:33:fe:29:9a:
                    52:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:CF:7D:C6:32:3B:E5:AF:70:E7:01:2C:74:00:92:2B:9F:E8:29:29
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/p899xjI75a9w5wEsdACSK5_oKSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:e6:58:d0:e3:a9:df:a1:f6:d8:d8:2b:a1:96:40:a2:8f:33:
         64:36:12:e3:26:68:7a:eb:3b:ec:b1:f7:e6:53:93:40:ed:e6:
         ce:be:03:da:d5:46:03:f0:08:3e:35:27:bf:2c:39:d2:c5:cd:
         29:ab:a9:e6:8a:6d:ef:ed:cd:57:da:47:c1:31:fc:57:f8:2e:
         d8:db:c9:67:1d:86:65:a9:84:c4:c3:0d:df:96:92:4f:cc:65:
         e0:ed:b2:fa:23:06:76:3f:84:c5:9c:d2:df:54:8a:9c:6b:f2:
         c9:f1:99:5a:70:1c:b7:d7:66:03:54:fd:8f:58:5a:c0:41:19:
         0a:76:e4:f5:55:1b:33:cd:98:90:0a:0e:22:d9:fb:14:72:f2:
         6e:3a:68:9f:09:08:06:42:99:b8:69:10:85:ea:55:b6:3a:6f:
         59:55:e3:a9:bc:8d:75:fa:50:7e:54:c8:03:c9:ca:e3:a5:3a:
         41:96:c6:06:e3:3d:38:5d:bb:76:f9:4a:4e:32:d5:31:de:7b:
         e2:1b:48:33:18:45:50:07:87:b3:ea:0d:81:7c:4f:8c:b0:55:
         2c:1e:c1:c7:03:05:ea:46:74:69:ac:73:65:2c:21:8a:fe:8f:
         3c:94:45:c6:50:41:8b:f5:d8:a7:e6:32:25:28:ea:79:f0:87:
         11:68:21:19
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb2wZU/ffsLkm03Bdi8Gm1TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE4MjIwNTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2NmN2RjNjMyM2JlNWFmNzBlNzAxMmM3NDAwOTIyYjlmZTgyOTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyYxJuuaQRgCpI4MpmJsvvoeBLSD
NyDCSonDt+xONtY59CiugqSda2dw56sPORLr2p55zBspYxsbCtxmtQzUivfCYPEs
/7Ntwe7dmTe6Ox6qvIlOXxHXX6HkvDpPy69qbTraz9E/POayKB3y7goURPzOXAie
COIjY2DhHc9+4gv4+qWY11/L49F2X3CuFCjrl4Qnh0DrWRlO0yG4a9Xdyvj4BKrj
OrTlqYHTTQcy4XzvIJVm7ZzSFrNkp1ugw1c4XAA1Hg5zmXSwDZ9N5pV2VI1Jz8zj
7uf8HSjBOvwOc8lkxWHJEQ2alqAUeMwJWSuZlokOxB1YHjb77jP+KZpSTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKfPfcYyO+WvcOcBLHQAkiuf6CkpMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcDg5OXhqSTc1YTl3NXdFc2RBQ1NLNV9vS1NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAADmWNDjqd+h9tjYK6GW
QKKPM2Q2EuMmaHrrO+yx9+ZTk0Dt5s6+A9rVRgPwCD41J78sOdLFzSmrqeaKbe/t
zVfaR8Ex/Ff4LtjbyWcdhmWphMTDDd+Wkk/MZeDtsvojBnY/hMWc0t9Uipxr8snx
mVpwHLfXZgNU/Y9YWsBBGQp25PVVGzPNmJAKDiLZ+xRy8m46aJ8JCAZCmbhpEIXq
VbY6b1lV46m8jXX6UH5UyAPJyuOlOkGWxgbjPThdu3b5Sk4y1THee+IbSDMYRVAH
h7PqDYF8T4ywVSwewccDBepGdGmsc2UsIYr+jzyURcZQQYv12KfmMiUo6nnwhxFo
IRk=
-----END CERTIFICATE-----