Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/prkV4wBJmP534cwt53AxoFu5fNg.roa
File:                     prkV4wBJmP534cwt53AxoFu5fNg.roa (raw, json)
Hash identifier:          PFotMNSv4bCsqKF1KXNX9zpQq5oWQ8yz9cAaIQvQNvU=
Subject key identifier:   A6:B9:15:E3:00:49:98:FE:77:E1:CC:2D:E7:70:31:A0:5B:B9:7C:D8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01875455B19232CBF999CA2A4DEBFB50222B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/prkV4wBJmP534cwt53AxoFu5fNg.roa
Signing time:             Thu 06 Apr 2023 02:11:54 +0000
ROA not before:           Thu 06 Apr 2023 02:11:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:54:55:b1:92:32:cb:f9:99:ca:2a:4d:eb:fb:50:22:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  6 02:11:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a6b915e3004998fe77e1cc2de77031a05bb97cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:21:cd:3f:dd:f9:e9:96:76:cc:04:a1:79:cb:
                    6c:98:50:0b:f5:9c:d6:4c:88:22:dd:7f:81:9b:0f:
                    b9:b6:b2:1b:37:08:d8:c9:80:ad:e7:28:56:78:ec:
                    3a:cf:57:5f:00:c7:22:28:59:18:ad:b5:be:b9:3d:
                    bf:f3:e8:68:08:f6:ab:39:0c:c1:f5:47:2f:02:06:
                    05:a2:ee:da:2f:ed:85:73:0b:8c:62:5b:77:6c:74:
                    7b:56:f1:be:01:b3:2a:7c:33:30:c2:e7:83:21:c3:
                    2e:84:c5:47:10:e7:84:50:08:2b:3e:fc:5f:45:61:
                    a5:40:15:8b:d6:94:4a:2e:ee:8c:cf:c2:d9:86:40:
                    9e:f6:cf:4d:16:95:62:75:29:17:f7:c5:68:c1:70:
                    94:a2:50:71:7a:4c:08:29:a4:0b:8e:bb:ad:52:eb:
                    45:06:2e:25:ab:d9:83:2c:7f:84:be:ae:76:b8:de:
                    d4:08:ce:67:58:2d:65:01:f7:ce:e2:50:b0:6d:a7:
                    20:60:91:1c:23:a5:4c:aa:31:54:f0:01:c8:58:df:
                    c0:5f:88:7c:d8:4f:3f:90:cb:c4:16:97:87:dc:ba:
                    88:79:7f:59:81:92:5b:a4:84:94:eb:07:71:63:63:
                    54:9b:71:da:33:f4:8f:20:e2:b1:72:6f:3d:f1:6d:
                    74:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B9:15:E3:00:49:98:FE:77:E1:CC:2D:E7:70:31:A0:5B:B9:7C:D8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/prkV4wBJmP534cwt53AxoFu5fNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:06:da:c1:63:c7:9e:c7:1c:71:1d:52:c5:a8:86:d9:f2:5d:
         42:f3:e8:1a:b3:a5:ef:7e:67:22:f3:2f:ea:b1:20:1c:7a:97:
         b4:6f:2b:28:37:7b:e2:15:e5:ec:e9:de:93:64:75:9e:61:5e:
         28:1f:36:c0:6b:a2:80:0e:22:2d:ad:cc:88:70:77:1c:2f:ee:
         ae:4f:02:83:d7:af:26:a6:98:96:f2:f6:b7:0b:8b:96:02:89:
         3b:ca:f4:5b:77:af:3b:05:d4:dd:6f:f6:72:7b:ba:45:97:7b:
         f0:1c:06:41:cd:dc:80:ff:81:ac:9e:48:ab:1c:54:70:02:9c:
         7e:72:3d:46:a9:ef:bc:a4:bc:8c:0f:61:6c:8d:f3:3b:a9:a8:
         ae:ff:49:74:39:6a:06:ee:88:7c:18:3e:0c:da:58:1c:e0:18:
         6f:b5:6f:4f:62:a9:8f:42:78:29:79:da:ec:77:b5:e6:f0:61:
         d0:be:3a:2c:b2:7f:d9:06:44:59:f7:b8:0f:a2:63:20:f3:d8:
         aa:6b:3c:65:51:aa:8f:0e:89:e0:db:50:2f:e3:b7:7a:a9:7c:
         b1:0c:af:b2:ca:83:77:8c:3e:a2:c2:fb:53:f7:12:40:19:3d:
         ff:d1:34:d7:26:10:8c:d7:2d:33:93:3e:37:c7:d8:80:d7:82:
         8d:2d:be:90
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdUVbGSMsv5mcoqTev7UCIrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDA2MDIxMTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmI5MTVlMzAwNDk5OGZlNzdlMWNjMmRlNzcwMzFhMDViYjk3Y2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriHNP9356ZZ2zAShectsmFAL9ZzW
TIgi3X+Bmw+5trIbNwjYyYCt5yhWeOw6z1dfAMciKFkYrbW+uT2/8+hoCParOQzB
9UcvAgYFou7aL+2FcwuMYlt3bHR7VvG+AbMqfDMwwueDIcMuhMVHEOeEUAgrPvxf
RWGlQBWL1pRKLu6Mz8LZhkCe9s9NFpVidSkX98VowXCUolBxekwIKaQLjrutUutF
Bi4lq9mDLH+Evq52uN7UCM5nWC1lAffO4lCwbacgYJEcI6VMqjFU8AHIWN/AX4h8
2E8/kMvEFpeH3LqIeX9ZgZJbpISU6wdxY2NUm3HaM/SPIOKxcm898W10nQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKa5FeMASZj+d+HMLedwMaBbuXzYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcHJrVjR3QkptUDUzNGN3dDUzQXhvRnU1Zk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACYG2sFjx57HHHEdUsWo
htnyXULz6Bqzpe9+ZyLzL+qxIBx6l7RvKyg3e+IV5ezp3pNkdZ5hXigfNsBrooAO
Ii2tzIhwdxwv7q5PAoPXryammJby9rcLi5YCiTvK9Ft3rzsF1N1v9nJ7ukWXe/Ac
BkHN3ID/gayeSKscVHACnH5yPUap77ykvIwPYWyN8zupqK7/SXQ5agbuiHwYPgza
WBzgGG+1b09iqY9CeCl52ux3tebwYdC+Oiyyf9kGRFn3uA+iYyDz2KprPGVRqo8O
ieDbUC/jt3qpfLEMr7LKg3eMPqLC+1P3EkAZPf/RNNcmEIzXLTOTPjfH2IDXgo0t
vpA=
-----END CERTIFICATE-----