Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tsf53NoolfaDBB5BRSuIRV7JKHc.roa
File:                     tsf53NoolfaDBB5BRSuIRV7JKHc.roa (raw, json)
Hash identifier:          uBQSI+k8iWgyroxvkRMGs9VjOgrG7Ds3IiTR+0GKMnc=
Subject key identifier:   B6:C7:F9:DC:DA:28:95:F6:83:04:1E:41:45:2B:88:45:5E:C9:28:77
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01894D079E121E19A11EB0426DCDEBC21548
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tsf53NoolfaDBB5BRSuIRV7JKHc.roa
Signing time:             Thu 13 Jul 2023 02:14:52 +0000
ROA not before:           Thu 13 Jul 2023 02:14:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4d:07:9e:12:1e:19:a1:1e:b0:42:6d:cd:eb:c2:15:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 13 02:14:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b6c7f9dcda2895f683041e41452b88455ec92877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f2:01:34:ed:d2:6f:a3:80:67:1a:52:82:16:
                    a0:11:79:0b:86:3c:f4:7b:43:fa:9d:ee:02:c8:c0:
                    c3:80:be:29:1a:0f:41:95:a6:d4:15:af:24:af:6b:
                    56:cb:04:e5:49:1d:77:f3:a7:6a:1f:f9:36:83:95:
                    ca:77:90:8b:b8:1b:c3:fd:c2:8d:03:43:16:5f:4d:
                    26:5d:fa:d1:de:46:e5:88:3e:67:96:02:b0:f7:75:
                    8f:61:9a:05:b8:48:1e:c6:67:2b:32:3e:1f:4e:8e:
                    9f:97:25:5e:35:48:1b:f3:62:98:b3:91:e0:75:cd:
                    f2:0e:33:a8:c5:cd:aa:f8:4a:d7:d2:88:d3:3f:0e:
                    d8:4b:0d:2e:1a:72:90:60:0e:0c:a2:eb:df:f5:35:
                    08:d2:5f:f1:bd:0d:ab:a1:40:11:cf:b5:6c:0b:42:
                    05:63:19:d2:36:28:4e:97:ca:cf:e9:6f:f8:45:28:
                    38:2e:b9:48:d6:fa:ef:f1:64:ac:09:67:17:71:b5:
                    3e:e0:f5:93:dc:b7:72:e2:c2:c7:6c:da:c9:ce:2d:
                    b3:f7:28:ee:42:7a:2e:7b:f8:89:09:93:0b:d2:af:
                    3b:10:11:40:49:87:55:ef:6a:b5:9b:7c:7a:ce:87:
                    ee:cd:20:75:9e:55:cc:ff:f8:2f:4b:d1:a5:5e:c6:
                    b0:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:C7:F9:DC:DA:28:95:F6:83:04:1E:41:45:2B:88:45:5E:C9:28:77
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/tsf53NoolfaDBB5BRSuIRV7JKHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:24:7a:89:ab:5b:23:57:19:a7:20:a5:6e:d2:07:5b:4d:9e:
         3e:84:29:41:88:f5:0e:bb:50:79:55:e8:20:e4:dd:05:e8:f0:
         16:18:36:e9:30:e0:ab:49:34:e4:2c:96:6c:47:54:f6:15:1b:
         56:b2:44:95:4f:7c:d8:6e:2c:8e:7e:e9:ec:79:00:f9:62:c2:
         7e:57:8c:b0:d5:2e:51:e1:a9:ea:b3:b0:3f:cf:63:a7:5a:13:
         14:34:c9:08:cf:1a:0a:de:26:2e:fc:d9:8f:ef:eb:ba:5b:32:
         ce:b6:b8:22:d2:d5:2c:75:ec:7c:31:de:50:f6:e0:68:ba:7f:
         6b:6e:26:06:50:93:69:74:1a:c2:a1:ab:32:6d:bc:57:ed:c1:
         bf:7c:5d:81:da:4e:b9:8e:8b:99:69:31:7c:35:26:45:f0:de:
         98:dc:6a:83:80:d7:61:d6:ce:b4:06:7d:0e:31:ce:a7:6a:c6:
         6b:1e:56:5f:69:17:19:be:96:c9:c6:2a:db:8c:d2:6a:7e:fb:
         87:ea:b5:d5:93:3d:46:a7:1e:56:8d:a9:ca:73:52:f3:a3:e5:
         a6:fc:a1:a9:e5:14:37:dd:0f:1e:8a:da:ad:74:51:25:de:c3:
         d7:4d:d5:2f:89:c8:f0:f5:8d:a9:e0:0d:53:ae:85:47:0c:fc:
         06:eb:b7:ab
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlNB54SHhmhHrBCbc3rwhVIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEzMDIxNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmM3ZjlkY2RhMjg5NWY2ODMwNDFlNDE0NTJiODg0NTVlYzkyODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvIBNO3Sb6OAZxpSghagEXkLhjz0
e0P6ne4CyMDDgL4pGg9BlabUFa8kr2tWywTlSR1386dqH/k2g5XKd5CLuBvD/cKN
A0MWX00mXfrR3kbliD5nlgKw93WPYZoFuEgexmcrMj4fTo6flyVeNUgb82KYs5Hg
dc3yDjOoxc2q+ErX0ojTPw7YSw0uGnKQYA4Mouvf9TUI0l/xvQ2roUARz7VsC0IF
YxnSNihOl8rP6W/4RSg4LrlI1vrv8WSsCWcXcbU+4PWT3Ldy4sLHbNrJzi2z9yju
Qnoue/iJCZML0q87EBFASYdV72q1m3x6zofuzSB1nlXM//gvS9GlXsawqQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLbH+dzaKJX2gwQeQUUriEVeySh3MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdHNmNTNOb29sZmFEQkI1QlJTdUlSVjdKS0hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACkkeomrWyNXGacgpW7S
B1tNnj6EKUGI9Q67UHlV6CDk3QXo8BYYNukw4KtJNOQslmxHVPYVG1ayRJVPfNhu
LI5+6ex5APliwn5XjLDVLlHhqeqzsD/PY6daExQ0yQjPGgreJi782Y/v67pbMs62
uCLS1Sx17Hwx3lD24Gi6f2tuJgZQk2l0GsKhqzJtvFftwb98XYHaTrmOi5lpMXw1
JkXw3pjcaoOA12HWzrQGfQ4xzqdqxmseVl9pFxm+lsnGKtuM0mp++4fqtdWTPUan
HlaNqcpzUvOj5ab8oanlFDfdDx6K2q10USXew9dN1S+JyPD1jangDVOuhUcM/Abr
t6s=
-----END CERTIFICATE-----