Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/pPEclRt7ch9pJSiSQ4Q8e2OPKfw.roa
File:                     pPEclRt7ch9pJSiSQ4Q8e2OPKfw.roa (raw, json)
Hash identifier:          1Q4mtaJZMtw3l3Y6jwIYeHPwL3rScKHmCDMbnfTkCoY=
Subject key identifier:   A4:F1:1C:95:1B:7B:72:1F:69:25:28:92:43:84:3C:7B:63:8F:29:FC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01876622FFCA32D901E1020779551DE96CB3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/pPEclRt7ch9pJSiSQ4Q8e2OPKfw.roa
Signing time:             Sun 09 Apr 2023 13:09:42 +0000
ROA not before:           Sun 09 Apr 2023 13:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:66:22:ff:ca:32:d9:01:e1:02:07:79:55:1d:e9:6c:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  9 13:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a4f11c951b7b721f6925289243843c7b638f29fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:19:54:16:79:4d:6d:5c:2d:63:31:b5:2e:2a:
                    05:88:fc:d4:93:98:64:67:b6:fe:71:94:d4:e0:0b:
                    5b:3c:c9:5d:ca:7c:25:c0:a5:9e:4f:21:18:87:a9:
                    2c:45:2d:29:3a:46:7d:ae:fb:51:c8:79:b9:16:d9:
                    bf:41:f7:1e:96:c5:dc:42:fb:ce:eb:17:27:ad:95:
                    b2:1a:b5:f8:99:cc:89:d0:96:68:3f:a1:3a:68:7d:
                    c5:1a:bb:e0:e9:07:88:a4:e4:bb:60:ff:75:42:7b:
                    e2:8b:8a:05:59:f2:44:db:e3:37:6b:b1:43:c6:a3:
                    3e:22:9f:7e:c7:ac:5e:09:2d:b6:fc:e0:6b:36:a1:
                    a1:0c:ac:6d:e2:22:10:b9:3c:cd:45:7e:30:46:fd:
                    a4:52:4f:06:62:e4:09:62:45:0d:52:ba:26:2f:16:
                    16:fb:a0:a6:3e:47:60:d7:5d:e8:98:4f:7d:3c:76:
                    2c:a4:01:a8:3f:b6:82:e9:6b:61:b1:47:3b:02:75:
                    c0:ee:d4:94:83:4f:d3:26:71:5f:44:9f:bd:d2:0f:
                    02:3a:d9:4c:ae:ea:26:ee:e2:8d:8e:db:cd:b5:06:
                    31:a3:6e:aa:d4:d1:f6:c5:15:6e:04:44:a6:5c:0d:
                    2e:7c:1f:c5:bd:fc:ee:9a:9e:1b:17:36:1f:19:6c:
                    f7:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F1:1C:95:1B:7B:72:1F:69:25:28:92:43:84:3C:7B:63:8F:29:FC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/pPEclRt7ch9pJSiSQ4Q8e2OPKfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:8b:f0:11:2d:cb:fd:c0:c9:f7:16:76:05:35:11:5f:66:92:
         02:34:71:da:00:d3:18:84:47:15:4f:a8:10:b7:69:4f:9d:51:
         2b:39:ea:12:34:0c:36:c1:64:4a:42:28:87:2a:17:2e:b8:5b:
         a0:91:65:04:0d:6e:66:04:4f:6a:64:b5:a8:54:21:5f:3c:97:
         f7:b6:01:49:30:ef:d5:24:fb:be:50:6e:6c:ea:3c:2e:a4:32:
         b0:6b:0f:b9:51:91:71:6e:6a:76:0e:55:37:e6:bf:83:27:be:
         ba:0b:74:cf:df:7a:d3:26:fc:06:14:da:23:e9:2a:c2:c3:15:
         68:e2:b7:60:77:51:54:68:d5:83:ab:dc:b4:f2:0c:56:cc:3d:
         cd:d9:19:49:c0:59:22:39:be:a6:f5:79:86:8f:63:d8:67:33:
         a4:ec:01:a0:d1:9e:d5:1c:70:3c:24:24:db:9b:d1:07:4a:1b:
         61:4b:30:a0:64:37:9a:15:d6:f1:77:66:1c:64:4e:3d:7e:97:
         59:95:9e:ad:99:b3:2d:41:5a:09:36:e6:57:7a:12:e5:8b:4f:
         25:6c:6a:a3:91:56:32:8f:a6:5b:6f:3f:46:33:5d:7c:98:cb:
         06:64:06:1b:2f:e4:9a:2c:bc:0a:7d:e9:ac:75:60:95:17:bf:
         af:c3:68:81
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdmIv/KMtkB4QIHeVUd6WyzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA5MTMwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGYxMWM5NTFiN2I3MjFmNjkyNTI4OTI0Mzg0M2M3YjYzOGYyOWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRlUFnlNbVwtYzG1LioFiPzUk5hk
Z7b+cZTU4AtbPMldynwlwKWeTyEYh6ksRS0pOkZ9rvtRyHm5Ftm/QfcelsXcQvvO
6xcnrZWyGrX4mcyJ0JZoP6E6aH3FGrvg6QeIpOS7YP91Qnvii4oFWfJE2+M3a7FD
xqM+Ip9+x6xeCS22/OBrNqGhDKxt4iIQuTzNRX4wRv2kUk8GYuQJYkUNUromLxYW
+6CmPkdg113omE99PHYspAGoP7aC6WthsUc7AnXA7tSUg0/TJnFfRJ+90g8COtlM
ruom7uKNjtvNtQYxo26q1NH2xRVuBESmXA0ufB/Fvfzump4bFzYfGWz3GQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKTxHJUbe3IfaSUokkOEPHtjjyn8MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcFBFY2xSdDdjaDlwSlNpU1E0UThlMk9QS2Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA+L8BEty/3AyfcWdgU1
EV9mkgI0cdoA0xiERxVPqBC3aU+dUSs56hI0DDbBZEpCKIcqFy64W6CRZQQNbmYE
T2pktahUIV88l/e2AUkw79Uk+75QbmzqPC6kMrBrD7lRkXFuanYOVTfmv4MnvroL
dM/fetMm/AYU2iPpKsLDFWjit2B3UVRo1YOr3LTyDFbMPc3ZGUnAWSI5vqb1eYaP
Y9hnM6TsAaDRntUccDwkJNub0QdKG2FLMKBkN5oV1vF3ZhxkTj1+l1mVnq2Zsy1B
Wgk25ld6EuWLTyVsaqORVjKPpltvP0YzXXyYywZkBhsv5JosvAp96ax1YJUXv6/D
aIE=
-----END CERTIFICATE-----