Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sqxMe8MubOWoV_Nzr1lBKbD_ujk.roa
File:                     sqxMe8MubOWoV_Nzr1lBKbD_ujk.roa (raw, json)
Hash identifier:          AwTuuRHGx90bIdDewi0LI5BQNcHulrHAAZjRCSNROcg=
Subject key identifier:   B2:AC:4C:7B:C3:2E:6C:E5:A8:57:F3:73:AF:59:41:29:B0:FF:BA:39
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CB9FA4B1897AC9520198C90441B96CA6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sqxMe8MubOWoV_Nzr1lBKbD_ujk.roa
Signing time:             Fri 10 Mar 2023 13:04:42 +0000
ROA not before:           Fri 10 Mar 2023 13:04:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cb9f:5e20/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cb:9f:a4:b1:89:7a:c9:52:01:98:c9:04:41:b9:6c:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 10 13:04:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b2ac4c7bc32e6ce5a857f373af594129b0ffba39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d8:31:4b:71:48:58:44:08:fc:28:e1:ed:24:
                    59:06:af:44:b0:b9:08:aa:2e:bd:9a:7f:cd:8b:de:
                    73:25:65:a9:03:77:1a:9c:4c:29:0d:9f:d4:13:7b:
                    ca:62:a9:fa:ba:1f:ae:68:aa:df:b1:16:fc:c4:2c:
                    55:f3:29:33:76:f3:dd:e8:e8:13:ed:4e:c6:37:86:
                    de:59:bd:2a:bd:50:f7:85:f8:c8:48:a2:9c:b1:bf:
                    0a:0c:b7:36:45:ce:37:19:42:7d:42:b4:bf:a2:08:
                    0e:9b:c4:86:6b:7b:37:db:d9:ed:77:9a:b9:69:e9:
                    22:f6:ad:59:26:93:c9:f0:9a:ed:09:a7:aa:65:7e:
                    a9:75:e3:df:57:22:10:ef:a5:7f:dc:e6:9a:c2:7f:
                    f6:eb:3b:35:62:5b:10:c4:a6:66:77:a5:77:6f:02:
                    2d:dd:83:c5:07:e4:1e:60:65:94:e1:b2:13:e3:9e:
                    b2:49:69:1d:22:f4:07:4e:85:34:4a:44:bc:cd:f2:
                    1b:28:37:a2:a2:ec:62:f1:99:84:94:6b:4c:d7:74:
                    d0:14:b9:b2:4b:65:59:38:e8:c4:37:a2:07:45:94:
                    47:d6:25:e4:19:8b:e3:54:01:a1:75:b5:b4:a6:63:
                    24:68:0c:ba:c2:6a:6c:b8:c5:7d:c7:8d:d6:7a:de:
                    d7:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:AC:4C:7B:C3:2E:6C:E5:A8:57:F3:73:AF:59:41:29:B0:FF:BA:39
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sqxMe8MubOWoV_Nzr1lBKbD_ujk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:a5:d6:54:91:1b:0a:f4:a7:e7:bb:67:14:f6:fa:c3:ca:b4:
         e6:2e:4a:61:0e:92:2e:eb:00:08:a3:f9:6e:5f:59:d7:28:46:
         72:b1:5d:24:92:3c:3a:d6:29:e8:a7:68:c2:0f:a0:52:c5:47:
         0e:34:2f:38:52:09:6c:d3:23:ef:39:f6:50:17:0d:31:de:48:
         ef:df:c9:f3:94:b3:d5:33:65:e8:da:80:d0:5a:d3:f5:5d:82:
         50:33:ac:d9:d8:a5:b9:6f:5b:5a:2a:f0:88:ee:48:66:59:31:
         01:86:2f:65:ac:f1:75:64:d1:6a:9a:e8:12:4a:bf:df:50:92:
         ec:50:9d:71:ae:3e:10:cc:31:3d:4f:c6:72:d4:ec:80:39:cc:
         73:ce:1b:c1:62:e5:1b:ac:f9:e7:b4:b9:8d:cc:bd:ad:4b:73:
         2e:a1:62:b0:ca:ee:41:81:b5:17:8f:59:04:88:c4:4b:81:00:
         bf:61:ca:ad:f2:2e:6f:2f:36:9e:f8:8a:86:91:92:74:74:8a:
         17:0a:7f:fe:a8:70:fa:de:b8:10:8f:3f:cd:72:f8:8a:35:a7:
         e1:d3:6c:b1:c0:f5:43:31:97:e9:a9:c7:95:f9:ac:37:97:55:
         e8:76:5d:aa:d0:89:db:5c:0b:d2:ed:9f:ce:89:b9:fc:04:ce:
         25:ec:97:39
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbLn6SxiXrJUgGYyQRBuWymMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEwMTMwNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmFjNGM3YmMzMmU2Y2U1YTg1N2YzNzNhZjU5NDEyOWIwZmZiYTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNgxS3FIWEQI/Cjh7SRZBq9EsLkI
qi69mn/Ni95zJWWpA3canEwpDZ/UE3vKYqn6uh+uaKrfsRb8xCxV8ykzdvPd6OgT
7U7GN4beWb0qvVD3hfjISKKcsb8KDLc2Rc43GUJ9QrS/oggOm8SGa3s329ntd5q5
aeki9q1ZJpPJ8JrtCaeqZX6pdePfVyIQ76V/3Oaawn/26zs1YlsQxKZmd6V3bwIt
3YPFB+QeYGWU4bIT456ySWkdIvQHToU0SkS8zfIbKDeiouxi8ZmElGtM13TQFLmy
S2VZOOjEN6IHRZRH1iXkGYvjVAGhdbW0pmMkaAy6wmpsuMV9x43Wet7X2QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLKsTHvDLmzlqFfzc69ZQSmw/7o5MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc3F4TWU4TXViT1dvVl9OenIxbEJLYkRfdWprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABal1lSRGwr0p+e7ZxT2
+sPKtOYuSmEOki7rAAij+W5fWdcoRnKxXSSSPDrWKeinaMIPoFLFRw40LzhSCWzT
I+859lAXDTHeSO/fyfOUs9UzZejagNBa0/VdglAzrNnYpblvW1oq8IjuSGZZMQGG
L2Ws8XVk0Wqa6BJKv99QkuxQnXGuPhDMMT1PxnLU7IA5zHPOG8Fi5Rus+ee0uY3M
va1Lcy6hYrDK7kGBtRePWQSIxEuBAL9hyq3yLm8vNp74ioaRknR0ihcKf/6ocPre
uBCPP81y+Io1p+HTbLHA9UMxl+mpx5X5rDeXVeh2XarQidtcC9Ltn86JufwEziXs
lzk=
-----END CERTIFICATE-----