Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rWA43VILmK352u-U63mn6UBYJ0Y.roa
File:                     rWA43VILmK352u-U63mn6UBYJ0Y.roa (raw, json)
Hash identifier:          hBfL3R3tTQEPMDo9GevcW8NZg1DE7bfaHmhI+2VXaYI=
Subject key identifier:   AD:60:38:DD:52:0B:98:AD:F9:DA:EF:94:EB:79:A7:E9:40:58:27:46
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01878540174E5397269A4A6AA9D18535A774
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rWA43VILmK352u-U63mn6UBYJ0Y.roa
Signing time:             Sat 15 Apr 2023 14:09:42 +0000
ROA not before:           Sat 15 Apr 2023 14:09:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:85:40:17:4e:53:97:26:9a:4a:6a:a9:d1:85:35:a7:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 15 14:09:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad6038dd520b98adf9daef94eb79a7e940582746
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f8:df:d3:d1:b8:31:46:46:bf:4f:97:2e:45:
                    40:0d:55:a0:1b:df:92:c9:b4:fb:5b:bc:73:51:9e:
                    10:0c:5c:81:38:0d:7c:d8:24:c5:cd:87:d1:a9:27:
                    0b:4e:96:c0:45:4f:52:55:6e:a7:a8:ee:61:49:46:
                    bd:78:52:b7:3e:2b:bf:c0:dd:7e:96:9e:de:62:c1:
                    4a:fd:03:df:fa:fe:08:cc:91:13:44:bf:cb:f3:5e:
                    7a:76:1e:7f:73:ee:01:78:7c:1c:03:5e:f5:de:73:
                    79:0f:16:8a:e8:42:fc:89:5a:60:8d:41:26:7b:8d:
                    c7:33:48:65:85:c7:a2:6d:0a:c6:36:65:c4:b9:65:
                    7a:be:da:48:84:1d:b6:b7:e1:f6:7d:62:18:64:23:
                    e4:e9:7a:0d:84:a2:64:ac:51:47:ef:9d:53:13:30:
                    ad:2e:09:c3:20:75:06:6d:65:40:b1:69:9f:1c:dd:
                    e9:4e:27:18:4e:f5:ff:ee:cd:e2:97:3d:7d:60:03:
                    35:e0:8b:bb:01:54:1b:b2:ae:b5:04:1b:3c:98:f2:
                    2e:10:07:49:42:18:e0:8d:4c:f0:67:2a:ea:99:be:
                    12:e9:20:1d:9e:1f:fe:86:ea:14:25:50:5b:e5:54:
                    46:47:0d:b0:ff:bf:e4:e8:03:ca:dc:69:77:ef:5a:
                    8e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:60:38:DD:52:0B:98:AD:F9:DA:EF:94:EB:79:A7:E9:40:58:27:46
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rWA43VILmK352u-U63mn6UBYJ0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:75:57:fe:67:8c:63:5a:d8:15:43:d1:14:f9:5e:da:15:1a:
         47:74:74:c7:57:e4:fa:0b:67:05:66:b5:ba:bd:7d:7d:db:fa:
         32:7e:09:0b:42:33:32:35:14:62:64:92:bb:f4:61:d1:7f:db:
         f0:28:f4:e0:18:5f:f8:89:03:e1:92:6d:e1:c6:de:98:18:54:
         16:83:eb:f2:43:0d:95:8f:64:30:97:26:7c:6d:35:6a:8e:0b:
         a2:f8:d6:ad:32:d0:4e:74:5c:be:79:24:f3:33:c1:54:e4:80:
         94:21:1f:ac:30:71:9a:d6:f6:b1:ea:a9:27:18:cd:38:ed:97:
         b2:19:2a:80:02:fb:de:17:03:5f:79:bd:0b:2a:ac:91:eb:d8:
         5b:17:ec:5b:28:96:64:5c:9e:d6:5a:36:b2:4b:78:b8:49:09:
         d2:65:10:7e:25:66:8f:a8:bd:0a:3b:65:07:03:1f:45:1e:c1:
         e2:1d:dd:f2:5c:6b:3d:5a:6e:c6:c8:14:e9:ab:8d:d4:1f:8b:
         bb:a5:5f:72:fa:2e:fd:82:9a:b6:ce:73:0d:f1:3e:1c:b7:c6:
         d7:f3:1e:5b:eb:f5:36:35:b7:cc:de:c4:1b:69:0f:0e:7c:b4:
         40:fa:95:d7:7b:73:d3:09:06:44:20:50:c6:7e:5f:1d:ca:c5:
         7e:b0:54:68
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYeFQBdOU5cmmkpqqdGFNad0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDE1MTQwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDYwMzhkZDUyMGI5OGFkZjlkYWVmOTRlYjc5YTdlOTQwNTgyNzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/jf09G4MUZGv0+XLkVADVWgG9+S
ybT7W7xzUZ4QDFyBOA182CTFzYfRqScLTpbARU9SVW6nqO5hSUa9eFK3Piu/wN1+
lp7eYsFK/QPf+v4IzJETRL/L8156dh5/c+4BeHwcA1713nN5DxaK6EL8iVpgjUEm
e43HM0hlhceibQrGNmXEuWV6vtpIhB22t+H2fWIYZCPk6XoNhKJkrFFH751TEzCt
LgnDIHUGbWVAsWmfHN3pTicYTvX/7s3ilz19YAM14Iu7AVQbsq61BBs8mPIuEAdJ
QhjgjUzwZyrqmb4S6SAdnh/+huoUJVBb5VRGRw2w/7/k6APK3Gl371qOAQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK1gON1SC5it+drvlOt5p+lAWCdGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcldBNDNWSUxtSzM1MnUtVTYzbW42VUJZSjBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIN1V/5njGNa2BVD0RT5
XtoVGkd0dMdX5PoLZwVmtbq9fX3b+jJ+CQtCMzI1FGJkkrv0YdF/2/Ao9OAYX/iJ
A+GSbeHG3pgYVBaD6/JDDZWPZDCXJnxtNWqOC6L41q0y0E50XL55JPMzwVTkgJQh
H6wwcZrW9rHqqScYzTjtl7IZKoAC+94XA195vQsqrJHr2FsX7FsolmRcntZaNrJL
eLhJCdJlEH4lZo+ovQo7ZQcDH0UeweId3fJcaz1absbIFOmrjdQfi7ulX3L6Lv2C
mrbOcw3xPhy3xtfzHlvr9TY1t8zexBtpDw58tED6ldd7c9MJBkQgUMZ+Xx3KxX6w
VGg=
-----END CERTIFICATE-----