Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qS3nFIpXRcXJjW_X45Tzyhkjk6I.roa
File:                     qS3nFIpXRcXJjW_X45Tzyhkjk6I.roa (raw, json)
Hash identifier:          srgHHXsXlAvtFXQ0PQXEDrUBHxSlFktvh/KqhZvyT3U=
Subject key identifier:   A9:2D:E7:14:8A:57:45:C5:C9:8D:6F:D7:E3:94:F3:CA:19:23:93:A2
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189785AD8B44E18996F2C878A13A7178C7A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qS3nFIpXRcXJjW_X45Tzyhkjk6I.roa
Signing time:             Fri 21 Jul 2023 12:09:26 +0000
ROA not before:           Fri 21 Jul 2023 12:09:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:78:5a:d8:b4:4e:18:99:6f:2c:87:8a:13:a7:17:8c:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 21 12:09:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a92de7148a5745c5c98d6fd7e394f3ca192393a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:de:11:c2:38:0c:67:82:41:27:98:ea:1f:f4:
                    15:e7:4b:e0:54:36:07:fb:0e:6a:0e:a1:b6:dd:6a:
                    4d:98:59:fe:d1:1e:09:b5:d9:96:da:be:60:60:a4:
                    35:ec:5f:c6:ff:49:5e:ff:55:09:60:00:9a:c7:da:
                    a3:e8:fb:13:39:54:97:4e:30:03:d6:8e:33:97:51:
                    23:1a:be:e1:8a:08:7c:93:24:dc:a8:40:b7:41:35:
                    92:6a:c3:b8:dc:a1:f6:67:85:0f:7e:16:2d:94:3c:
                    16:fa:fc:73:e1:b2:83:1b:5b:32:72:55:3d:c1:0c:
                    69:53:84:1d:e9:32:52:c0:56:fb:fa:94:4a:16:ce:
                    84:06:21:5e:3d:a4:13:84:98:f0:e1:ca:4b:5b:74:
                    11:f2:18:67:10:fe:ef:e5:2c:af:41:1c:53:5e:cd:
                    50:d9:d7:0f:fe:53:bd:3e:26:3b:7f:79:87:67:02:
                    e8:74:26:64:ab:53:ff:e9:1c:d2:09:23:10:f3:7f:
                    c6:bb:9c:99:bb:42:45:c5:9b:42:48:bb:69:dc:1a:
                    22:f1:ed:17:30:83:f0:07:a1:eb:92:4c:ae:99:2a:
                    85:24:e2:37:6a:bb:92:62:30:08:67:7c:97:8a:45:
                    b5:f5:3c:6b:4f:b9:f9:ed:90:54:9e:59:89:aa:be:
                    cb:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:2D:E7:14:8A:57:45:C5:C9:8D:6F:D7:E3:94:F3:CA:19:23:93:A2
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qS3nFIpXRcXJjW_X45Tzyhkjk6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:95:88:2b:5c:b2:10:11:5f:fd:cf:01:8e:2e:70:c3:a0:dc:
         7a:a6:54:e5:31:e0:23:a3:93:7c:9a:5e:f1:9f:85:20:17:47:
         fa:6f:1b:53:c7:59:ad:c1:08:51:08:38:48:9d:59:17:e9:3b:
         8e:ba:6a:93:98:1c:c4:76:d5:39:5d:10:83:cd:c1:68:4c:a7:
         ea:85:c4:bd:0c:91:18:a4:fb:c1:65:f3:95:fc:00:55:f2:f7:
         dc:f5:52:f6:a0:2e:ab:93:81:b1:5d:4b:c9:d6:59:d0:d4:3c:
         b9:71:82:c0:1c:a4:e3:30:ae:4e:36:9e:ac:af:0a:35:ba:e3:
         e2:ec:b4:46:c1:e7:15:9b:37:19:4e:33:52:9f:9f:77:56:ae:
         71:74:5a:b4:ea:94:68:90:be:a7:2d:df:28:ae:8b:6d:fb:3e:
         61:3d:b1:34:04:d6:8e:f7:fd:1e:5f:db:2a:9a:a4:cf:f7:32:
         67:0f:07:b0:72:e3:56:ba:2c:cd:c5:69:28:80:6f:fb:aa:be:
         98:7a:79:35:69:f7:a5:12:96:1a:1b:39:e5:8c:e5:84:d1:83:
         8a:28:f6:38:a8:67:15:66:22:1a:18:d6:73:33:d1:6d:0a:e5:
         e2:66:b2:3a:d4:fd:cd:8b:09:aa:16:8d:24:24:93:3f:b2:e0:
         16:c6:8c:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYl4Wti0ThiZbyyHihOnF4x6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzIxMTIwOTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTJkZTcxNDhhNTc0NWM1Yzk4ZDZmZDdlMzk0ZjNjYTE5MjM5M2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp94RwjgMZ4JBJ5jqH/QV50vgVDYH
+w5qDqG23WpNmFn+0R4JtdmW2r5gYKQ17F/G/0le/1UJYACax9qj6PsTOVSXTjAD
1o4zl1EjGr7high8kyTcqEC3QTWSasO43KH2Z4UPfhYtlDwW+vxz4bKDG1syclU9
wQxpU4Qd6TJSwFb7+pRKFs6EBiFePaQThJjw4cpLW3QR8hhnEP7v5SyvQRxTXs1Q
2dcP/lO9PiY7f3mHZwLodCZkq1P/6RzSCSMQ83/Gu5yZu0JFxZtCSLtp3Boi8e0X
MIPwB6HrkkyumSqFJOI3aruSYjAIZ3yXikW19TxrT7n57ZBUnlmJqr7LbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKkt5xSKV0XFyY1v1+OU88oZI5OiMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcVMzbkZJcFhSY1hKaldfWDQ1VHp5aGtqazZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABGViCtcshARX/3PAY4u
cMOg3HqmVOUx4COjk3yaXvGfhSAXR/pvG1PHWa3BCFEIOEidWRfpO466apOYHMR2
1TldEIPNwWhMp+qFxL0MkRik+8Fl85X8AFXy99z1UvagLquTgbFdS8nWWdDUPLlx
gsAcpOMwrk42nqyvCjW64+LstEbB5xWbNxlOM1Kfn3dWrnF0WrTqlGiQvqct3yiu
i237PmE9sTQE1o73/R5f2yqapM/3MmcPB7By41a6LM3FaSiAb/uqvph6eTVp96US
lhobOeWM5YTRg4oo9jioZxVmIhoY1nMz0W0K5eJmsjrU/c2LCaoWjSQkkz+y4BbG
jMM=
-----END CERTIFICATE-----