Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qtMh9z9tCq_qSUTPJgH74ezmyYg.roa
File:                     qtMh9z9tCq_qSUTPJgH74ezmyYg.roa (raw, json)
Hash identifier:          A8lEyZwP/m3jRNG0L9bSo/hEzqdTMm9FJ65heYfmAYw=
Subject key identifier:   AA:D3:21:F7:3F:6D:0A:AF:EA:49:44:CF:26:01:FB:E1:EC:E6:C9:88
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189454A68CE95B3267503EAFE430AD99ECC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qtMh9z9tCq_qSUTPJgH74ezmyYg.roa
Signing time:             Tue 11 Jul 2023 14:10:51 +0000
ROA not before:           Tue 11 Jul 2023 14:10:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:45:4a:68:ce:95:b3:26:75:03:ea:fe:43:0a:d9:9e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 11 14:10:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aad321f73f6d0aafea4944cf2601fbe1ece6c988
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:5b:d5:3c:32:83:05:e8:4c:c3:77:f5:f8:fb:
                    94:bd:0b:7e:69:6f:8a:71:e3:4f:42:90:de:cc:95:
                    81:9d:bb:00:ad:36:8c:aa:a1:06:5e:81:21:4f:89:
                    ac:55:a6:d5:01:f6:f5:33:48:ee:aa:bb:18:58:3b:
                    12:7d:a3:53:78:78:c3:ce:22:e2:4e:3d:b9:21:a8:
                    32:dc:40:17:1b:14:d2:0a:9a:f0:84:b5:19:a0:96:
                    36:f6:78:e8:32:b9:a7:34:2d:27:a0:39:a6:69:43:
                    63:3d:80:6a:99:88:f9:0e:8c:3b:9f:7c:e6:b9:ff:
                    d1:7e:46:55:86:d0:74:bd:c6:e4:1c:35:1d:0b:65:
                    34:b9:31:49:77:bf:19:ae:b9:47:2c:23:76:17:64:
                    d1:d4:60:07:59:0d:4b:40:c4:c0:37:ad:03:7f:34:
                    a2:6e:d5:94:74:12:51:0d:3e:28:2f:87:e2:e9:2f:
                    7f:5c:a7:a1:06:11:6d:ee:01:5d:d0:a3:b3:e0:d7:
                    99:ee:87:2a:fa:ec:3c:af:64:cb:7e:c8:7e:b2:64:
                    56:6b:65:22:49:71:80:f8:00:00:cd:e9:bd:dd:44:
                    71:3f:a7:3a:2b:9b:f4:cf:23:2a:f5:b6:c4:43:57:
                    cc:ed:6c:fd:24:d4:65:43:74:79:a9:f1:00:97:d3:
                    44:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:D3:21:F7:3F:6D:0A:AF:EA:49:44:CF:26:01:FB:E1:EC:E6:C9:88
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qtMh9z9tCq_qSUTPJgH74ezmyYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:b0:e3:4e:fe:9a:c1:5f:f3:7f:2c:13:2b:6a:33:4e:44:8a:
         5b:5e:0d:8e:22:b9:dc:61:dd:ed:05:d1:1c:d1:72:8e:e8:5e:
         2b:d1:10:94:70:9b:dc:da:0d:17:77:ba:1b:2d:f6:a0:27:39:
         05:cd:f1:98:79:6e:c3:81:68:c0:f2:11:15:23:d7:46:e2:10:
         e0:ab:54:2a:76:37:ad:11:fc:d3:c5:4c:bd:8e:e9:cf:e7:20:
         8b:33:34:b4:c5:ad:9e:f6:48:60:ad:20:d0:bc:eb:05:58:5b:
         da:1b:b1:32:06:9c:0e:17:82:5b:96:df:ca:ca:18:b1:ee:ae:
         c8:b8:22:4b:d0:a5:f6:39:f8:d9:03:99:f6:a3:0e:b4:0f:18:
         d4:11:e1:ee:a1:67:a7:90:d5:ed:1e:0c:e5:02:52:9a:16:e4:
         9d:a2:77:1c:4d:a1:df:e5:cf:fe:97:66:3f:e1:b4:d4:4e:e0:
         3f:46:6e:80:b4:2d:c7:fc:b0:aa:b3:a6:28:92:24:43:59:71:
         a3:8a:e0:f8:13:0a:f4:db:68:f9:fd:1c:9e:a4:86:78:87:63:
         75:18:97:8a:cb:d4:51:01:9d:5b:01:2d:a8:21:81:33:ca:07:
         3f:a9:9b:7f:97:49:76:9c:e4:3f:38:e6:04:33:bd:61:3b:b8:
         90:91:03:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlFSmjOlbMmdQPq/kMK2Z7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzExMTQxMDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWQzMjFmNzNmNmQwYWFmZWE0OTQ0Y2YyNjAxZmJlMWVjZTZjOTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllvVPDKDBehMw3f1+PuUvQt+aW+K
ceNPQpDezJWBnbsArTaMqqEGXoEhT4msVabVAfb1M0juqrsYWDsSfaNTeHjDziLi
Tj25Iagy3EAXGxTSCprwhLUZoJY29njoMrmnNC0noDmmaUNjPYBqmYj5Dow7n3zm
uf/RfkZVhtB0vcbkHDUdC2U0uTFJd78ZrrlHLCN2F2TR1GAHWQ1LQMTAN60DfzSi
btWUdBJRDT4oL4fi6S9/XKehBhFt7gFd0KOz4NeZ7ocq+uw8r2TLfsh+smRWa2Ui
SXGA+AAAzem93URxP6c6K5v0zyMq9bbEQ1fM7Wz9JNRlQ3R5qfEAl9NEUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKrTIfc/bQqv6klEzyYB++Hs5smIMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcXRNaDl6OXRDcV9xU1VUUEpnSDc0ZXpteVlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJGw407+msFf838sEytq
M05EilteDY4iudxh3e0F0RzRco7oXivREJRwm9zaDRd3uhst9qAnOQXN8Zh5bsOB
aMDyERUj10biEOCrVCp2N60R/NPFTL2O6c/nIIszNLTFrZ72SGCtINC86wVYW9ob
sTIGnA4XgluW38rKGLHursi4IkvQpfY5+NkDmfajDrQPGNQR4e6hZ6eQ1e0eDOUC
UpoW5J2idxxNod/lz/6XZj/htNRO4D9GboC0Lcf8sKqzpiiSJENZcaOK4PgTCvTb
aPn9HJ6khniHY3UYl4rL1FEBnVsBLaghgTPKBz+pm3+XSXac5D845gQzvWE7uJCR
A94=
-----END CERTIFICATE-----