Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uhqobrM18m4HHfm_MXmWIm8rJ8U.roa
File:                     uhqobrM18m4HHfm_MXmWIm8rJ8U.roa (raw, json)
Hash identifier:          NUI4DghSlfLvgxzB31OvVot0Nd+4tk/4mzwP2sWXirY=
Subject key identifier:   BA:1A:A8:6E:B3:35:F2:6E:07:1D:F9:BF:31:79:96:22:6F:2B:27:C5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187033AF29655874A29EE6E13BB42E10939
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uhqobrM18m4HHfm_MXmWIm8rJ8U.roa
Signing time:             Tue 21 Mar 2023 08:13:27 +0000
ROA not before:           Tue 21 Mar 2023 08:13:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:03:3a:f2:96:55:87:4a:29:ee:6e:13:bb:42:e1:09:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 21 08:13:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ba1aa86eb335f26e071df9bf317996226f2b27c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ef:99:f0:3e:33:e0:5b:3e:17:d5:6b:97:db:
                    d4:f9:da:a5:19:18:c7:5d:79:3f:71:8e:7c:9f:ce:
                    e2:96:17:f6:19:48:cd:e5:9d:75:26:67:9e:33:c3:
                    a0:8f:c7:d2:d8:23:1e:14:07:89:c2:b2:d8:de:cd:
                    e9:48:0d:46:fb:78:98:cc:34:a5:68:01:ec:50:87:
                    d8:9a:5c:6a:23:97:dc:86:92:ae:ec:9b:51:98:ce:
                    72:96:83:04:b1:15:e0:a4:2e:cc:bc:7c:76:d3:e5:
                    56:41:0b:1e:9d:9a:3a:03:ce:02:cf:f0:49:ea:53:
                    f4:d3:37:ba:17:9f:ef:df:3e:fb:02:db:b6:f7:12:
                    ec:97:45:e2:a7:07:14:bb:dc:e5:2b:9f:44:42:cb:
                    27:f9:48:c4:50:b7:4f:8d:15:b2:76:90:f9:a0:81:
                    92:c4:2d:02:50:b3:bd:1b:5e:b8:f3:26:e5:08:cc:
                    7c:d2:fd:9c:fe:e0:5b:77:10:fa:26:a4:17:81:91:
                    ca:55:86:73:39:a7:45:d5:20:6b:3a:89:82:33:bd:
                    ca:9a:aa:0c:f3:19:8b:89:e3:94:33:2c:66:59:67:
                    de:57:25:56:35:5a:98:74:58:9b:fb:63:87:06:c0:
                    4a:30:71:8f:b5:69:e7:19:2b:3d:5a:b7:26:2b:18:
                    a1:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:1A:A8:6E:B3:35:F2:6E:07:1D:F9:BF:31:79:96:22:6F:2B:27:C5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uhqobrM18m4HHfm_MXmWIm8rJ8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:a6:95:45:2c:f8:af:94:f6:93:61:5d:bd:fa:51:63:55:15:
         14:8a:30:d8:eb:90:dc:e2:f8:38:7e:d5:aa:d9:f9:62:01:7f:
         2d:6d:e3:2d:ec:8c:77:9d:fd:4a:aa:b4:f9:9f:64:d5:31:92:
         3a:a8:20:a2:c5:c2:0a:83:69:20:ef:f6:8d:4f:34:04:4e:8a:
         49:c1:7a:da:d4:99:02:cb:aa:ea:a0:c3:7c:87:53:52:e5:47:
         72:ae:20:c3:c3:68:4e:74:cd:a4:fb:c6:f0:18:6a:f6:69:76:
         16:a3:4c:66:25:d1:83:3d:59:76:27:ee:84:41:cc:b5:6e:a2:
         a3:48:a0:1f:e9:5e:76:35:ba:b9:af:a4:34:e7:6d:60:de:93:
         f2:c9:43:95:34:f2:5c:6e:42:ca:01:f9:7e:b8:6d:c0:33:a3:
         e8:5c:2c:90:75:cd:cb:63:69:33:a1:92:b0:81:9d:21:cd:2a:
         10:ab:ec:cd:51:f3:33:4c:74:3e:e1:89:a8:7d:ab:44:db:33:
         98:f4:dc:25:6d:6d:2c:18:8a:30:ea:c9:3f:4e:ed:fb:2f:d0:
         95:6f:6e:7d:44:84:dd:bd:99:16:16:44:45:39:01:36:2f:d5:
         de:a3:78:bb:9e:2f:6f:6a:a7:e3:6f:af:87:8d:98:87:e3:ef:
         fe:3e:27:77
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcDOvKWVYdKKe5uE7tC4Qk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIxMDgxMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTFhYTg2ZWIzMzVmMjZlMDcxZGY5YmYzMTc5OTYyMjZmMmIyN2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq++Z8D4z4Fs+F9Vrl9vU+dqlGRjH
XXk/cY58n87ilhf2GUjN5Z11JmeeM8Ogj8fS2CMeFAeJwrLY3s3pSA1G+3iYzDSl
aAHsUIfYmlxqI5fchpKu7JtRmM5yloMEsRXgpC7MvHx20+VWQQsenZo6A84Cz/BJ
6lP00ze6F5/v3z77Atu29xLsl0XipwcUu9zlK59EQssn+UjEULdPjRWydpD5oIGS
xC0CULO9G1648yblCMx80v2c/uBbdxD6JqQXgZHKVYZzOadF1SBrOomCM73KmqoM
8xmLieOUMyxmWWfeVyVWNVqYdFib+2OHBsBKMHGPtWnnGSs9WrcmKxihtQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLoaqG6zNfJuBx35vzF5liJvKyfFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdWhxb2JyTTE4bTRISGZtX01YbVdJbThySjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABWmlUUs+K+U9pNhXb36
UWNVFRSKMNjrkNzi+Dh+1arZ+WIBfy1t4y3sjHed/UqqtPmfZNUxkjqoIKLFwgqD
aSDv9o1PNAROiknBetrUmQLLquqgw3yHU1LlR3KuIMPDaE50zaT7xvAYavZpdhaj
TGYl0YM9WXYn7oRBzLVuoqNIoB/pXnY1urmvpDTnbWDek/LJQ5U08lxuQsoB+X64
bcAzo+hcLJB1zctjaTOhkrCBnSHNKhCr7M1R8zNMdD7hiah9q0TbM5j03CVtbSwY
ijDqyT9O7fsv0JVvbn1EhN29mRYWREU5ATYv1d6jeLueL29qp+Nvr4eNmIfj7/4+
J3c=
-----END CERTIFICATE-----