Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rO1dZOz-kRIBILVWfq49-0PMmwQ.roa
File:                     rO1dZOz-kRIBILVWfq49-0PMmwQ.roa (raw, json)
Hash identifier:          /OmGjQmj649aFLaTAhRTQaPIC0jrJt0JI0bp+AmPXK4=
Subject key identifier:   AC:ED:5D:64:EC:FE:91:12:01:20:B5:56:7E:AE:3D:FB:43:CC:9B:04
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187356A0A050089BDFC8A3457B8B04914D8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rO1dZOz-kRIBILVWfq49-0PMmwQ.roa
Signing time:             Fri 31 Mar 2023 02:05:54 +0000
ROA not before:           Fri 31 Mar 2023 02:05:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:187:3569:3702/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:35:6a:0a:05:00:89:bd:fc:8a:34:57:b8:b0:49:14:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 31 02:05:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aced5d64ecfe91120120b5567eae3dfb43cc9b04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:1b:c7:fa:78:52:cb:c5:35:a1:9b:79:17:40:
                    d1:ee:e3:0b:70:be:80:b2:c8:04:f9:f4:64:6f:59:
                    c0:f8:50:8a:de:cf:ed:a2:c5:5b:4c:9f:a1:75:f9:
                    4e:0a:ed:b9:0b:95:6d:d2:f6:1b:55:e7:c0:00:03:
                    ad:94:a2:fa:a8:56:9b:1a:64:ab:44:da:4b:50:fa:
                    6b:4a:f6:ba:98:58:cf:5a:78:56:57:2f:b9:f5:36:
                    fd:0b:8c:db:88:98:b2:55:63:a4:3f:af:07:99:7f:
                    e5:f2:05:37:d3:51:6c:03:f0:ac:0b:b8:02:9f:7a:
                    c5:42:0e:bb:f6:0b:0c:67:cb:8e:71:e7:7d:bc:a9:
                    61:30:6d:26:2c:7c:b1:50:ed:a7:50:f3:48:35:bd:
                    b1:f7:8e:7c:ea:84:96:26:3e:cd:85:be:55:f8:ba:
                    4f:cf:4f:a9:98:7b:20:83:ed:55:4f:90:83:28:4d:
                    94:99:ee:1c:db:ed:28:de:6a:ce:ab:bc:57:70:19:
                    11:59:77:39:10:32:51:b3:93:05:28:59:a4:fc:c3:
                    c0:28:aa:44:1c:5a:55:78:2f:ca:42:75:5b:0b:44:
                    63:f5:2a:ae:90:4c:d7:dc:e4:e1:e4:cf:df:48:ad:
                    26:90:25:5c:47:a8:55:fe:77:37:12:03:eb:e0:ac:
                    d8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:ED:5D:64:EC:FE:91:12:01:20:B5:56:7E:AE:3D:FB:43:CC:9B:04
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rO1dZOz-kRIBILVWfq49-0PMmwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:fc:64:f8:11:f0:1e:c1:e4:1c:12:0a:ea:c2:29:2e:98:72:
         7b:87:85:44:f7:f3:2d:aa:79:ef:77:36:fd:ea:bf:34:4c:ab:
         73:03:a9:00:7c:a6:00:98:07:4f:5d:b7:59:ee:61:5b:cc:2e:
         4e:39:f6:65:62:a5:30:79:39:4e:b1:78:3b:23:2f:19:b2:7c:
         dc:da:5c:51:02:1a:32:b1:e2:fc:8b:36:86:86:f1:e0:b0:a8:
         69:6c:cc:73:ec:1a:30:12:1a:11:b7:d7:cf:97:c7:0b:10:2c:
         50:c7:8b:c3:58:44:95:e7:9c:11:40:99:5c:67:da:d7:d6:f5:
         14:47:a2:ff:19:b3:8c:ab:ad:f2:c2:2a:dc:4a:ae:c0:65:6b:
         43:fd:19:52:bf:b1:34:0c:03:d8:3d:e9:9b:f0:da:e5:d3:93:
         00:07:49:56:92:70:5d:ec:56:b9:80:75:3c:30:24:10:81:9d:
         9a:82:76:42:71:8c:49:ac:76:40:21:3a:fe:67:a3:a9:65:5a:
         11:a7:01:47:15:d0:ed:ce:c1:50:43:e9:8f:51:76:5d:7a:17:
         bf:d1:51:36:12:da:f4:12:14:95:47:87:c9:90:57:51:a7:4a:
         17:f0:98:21:64:00:62:a7:04:c4:bc:31:5d:f1:b6:fa:e7:a4:
         85:61:75:f9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc1agoFAIm9/Io0V7iwSRTYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMxMDIwNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2VkNWQ2NGVjZmU5MTEyMDEyMGI1NTY3ZWFlM2RmYjQzY2M5YjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRvH+nhSy8U1oZt5F0DR7uMLcL6A
ssgE+fRkb1nA+FCK3s/tosVbTJ+hdflOCu25C5Vt0vYbVefAAAOtlKL6qFabGmSr
RNpLUPprSva6mFjPWnhWVy+59Tb9C4zbiJiyVWOkP68HmX/l8gU301FsA/CsC7gC
n3rFQg679gsMZ8uOced9vKlhMG0mLHyxUO2nUPNINb2x94586oSWJj7Nhb5V+LpP
z0+pmHsgg+1VT5CDKE2Ume4c2+0o3mrOq7xXcBkRWXc5EDJRs5MFKFmk/MPAKKpE
HFpVeC/KQnVbC0Rj9SqukEzX3OTh5M/fSK0mkCVcR6hV/nc3EgPr4KzY7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKztXWTs/pESASC1Vn6uPftDzJsEMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvck8xZFpPei1rUklCSUxWV2ZxNDktMFBNbXdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK78ZPgR8B7B5BwSCurC
KS6YcnuHhUT38y2qee93Nv3qvzRMq3MDqQB8pgCYB09dt1nuYVvMLk459mVipTB5
OU6xeDsjLxmyfNzaXFECGjKx4vyLNoaG8eCwqGlszHPsGjASGhG318+XxwsQLFDH
i8NYRJXnnBFAmVxn2tfW9RRHov8Zs4yrrfLCKtxKrsBla0P9GVK/sTQMA9g96Zvw
2uXTkwAHSVaScF3sVrmAdTwwJBCBnZqCdkJxjEmsdkAhOv5no6llWhGnAUcV0O3O
wVBD6Y9Rdl16F7/RUTYS2vQSFJVHh8mQV1GnShfwmCFkAGKnBMS8MV3xtvrnpIVh
dfk=
-----END CERTIFICATE-----