Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vDG59WtzzaOguvc1LDU-AsXeJa4.roa
File:                     vDG59WtzzaOguvc1LDU-AsXeJa4.roa (raw, json)
Hash identifier:          8Le4I8XQ37D0sdpDVFlpfLtMurvThOVcf/qYjEgZSVc=
Subject key identifier:   BC:31:B9:F5:6B:73:CD:A3:A0:BA:F7:35:2C:35:3E:02:C5:DE:25:AE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188594048DF974A1478DD6A0AF897D05FB8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vDG59WtzzaOguvc1LDU-AsXeJa4.roa
Signing time:             Fri 26 May 2023 18:09:25 +0000
ROA not before:           Fri 26 May 2023 18:09:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:59:40:48:df:97:4a:14:78:dd:6a:0a:f8:97:d0:5f:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 26 18:09:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bc31b9f56b73cda3a0baf7352c353e02c5de25ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:dc:d5:35:fa:e1:36:1a:df:1f:06:dc:f4:1c:
                    0f:22:a2:e3:c5:f0:9c:00:b3:7e:7c:31:30:35:3e:
                    ec:c3:a9:44:18:e4:6a:de:bc:53:a3:2b:ea:d8:fd:
                    bd:d8:b6:0f:bd:c9:34:e3:f4:5a:7f:48:c5:12:df:
                    21:18:c9:d2:87:2e:d8:bc:7e:1e:bf:ae:df:8d:42:
                    c5:bd:e3:3e:65:90:d3:fb:e4:e8:89:1d:17:2e:55:
                    ec:c9:4c:15:b3:73:56:e3:7c:fe:06:a7:90:68:3d:
                    d5:63:a5:7e:35:48:5b:2e:ee:47:ef:94:7e:72:ac:
                    bc:61:ad:65:ba:82:67:94:4c:27:04:9a:41:0e:bd:
                    34:2f:00:b1:3a:f0:19:e6:16:90:7b:94:f1:3e:aa:
                    5e:68:b0:30:36:cb:0f:28:2d:bd:28:b6:05:8c:2d:
                    82:b4:2d:68:9b:7a:d9:b2:6a:fd:65:f2:6f:e7:79:
                    c8:dc:19:d7:78:f5:29:4e:08:29:62:22:6b:2f:95:
                    74:d0:26:dd:d9:5f:36:5a:02:ba:37:7e:ed:6c:e2:
                    52:21:24:f4:05:6f:5b:c1:ab:4f:38:af:5c:77:d0:
                    c5:6b:33:a3:4b:da:04:64:52:ab:4c:28:a8:24:14:
                    98:05:47:f2:b5:f2:09:fa:b6:95:db:b9:c7:00:bc:
                    52:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:31:B9:F5:6B:73:CD:A3:A0:BA:F7:35:2C:35:3E:02:C5:DE:25:AE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vDG59WtzzaOguvc1LDU-AsXeJa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:52:88:d7:99:2c:e2:77:de:3f:78:ba:dc:34:47:b3:9c:9c:
         e8:31:8f:8c:2f:9c:f1:f5:d8:ec:fe:f8:cd:89:e5:1d:69:fc:
         94:61:93:5b:0a:fd:18:fd:a9:04:03:24:06:4a:33:b1:e0:1c:
         7d:c7:18:49:d2:9c:d3:6c:ee:65:d5:d7:52:5e:81:d6:c5:20:
         cb:bf:96:2a:65:3d:10:7c:e0:20:87:9f:ae:f5:88:13:70:68:
         5d:9e:31:27:db:67:8a:ad:11:9c:70:8a:c7:81:55:03:7c:48:
         a4:a3:6d:cd:4d:48:20:98:5a:32:ec:8e:0c:f7:39:ae:1c:aa:
         9f:b2:24:23:01:26:f8:af:42:65:0d:71:75:eb:d3:18:d0:a6:
         64:53:e7:2b:1a:a4:20:7b:f6:3a:c5:d3:be:68:4d:1f:44:40:
         6a:18:72:6b:85:1c:75:f3:a6:79:3c:6e:5a:ac:42:bb:46:57:
         58:66:c7:ae:37:e0:7c:82:04:fb:0c:8b:bc:c9:2e:4e:b7:0d:
         3b:30:05:f6:dd:14:e8:50:c9:0d:1f:4b:4c:f1:5b:d2:76:b8:
         80:76:01:a9:ad:a8:fd:7b:66:0e:d5:ca:c3:d0:6b:54:9c:4e:
         57:96:4a:01:0b:d7:7e:d0:16:f0:c0:ae:61:c0:67:8e:de:1b:
         cc:a2:a2:6c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYhZQEjfl0oUeN1qCviX0F+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTI2MTgwOTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzMxYjlmNTZiNzNjZGEzYTBiYWY3MzUyYzM1M2UwMmM1ZGUyNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9zVNfrhNhrfHwbc9BwPIqLjxfCc
ALN+fDEwNT7sw6lEGORq3rxToyvq2P292LYPvck04/Raf0jFEt8hGMnShy7YvH4e
v67fjULFveM+ZZDT++ToiR0XLlXsyUwVs3NW43z+BqeQaD3VY6V+NUhbLu5H75R+
cqy8Ya1luoJnlEwnBJpBDr00LwCxOvAZ5haQe5TxPqpeaLAwNssPKC29KLYFjC2C
tC1om3rZsmr9ZfJv53nI3BnXePUpTggpYiJrL5V00Cbd2V82WgK6N37tbOJSIST0
BW9bwatPOK9cd9DFazOjS9oEZFKrTCioJBSYBUfytfIJ+raV27nHALxSmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLwxufVrc82joLr3NSw1PgLF3iWuMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdkRHNTlXdHp6YU9ndXZjMUxEVS1Bc1hlSmE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIhSiNeZLOJ33j94utw0
R7OcnOgxj4wvnPH12Oz++M2J5R1p/JRhk1sK/Rj9qQQDJAZKM7HgHH3HGEnSnNNs
7mXV11JegdbFIMu/liplPRB84CCHn671iBNwaF2eMSfbZ4qtEZxwiseBVQN8SKSj
bc1NSCCYWjLsjgz3Oa4cqp+yJCMBJvivQmUNcXXr0xjQpmRT5ysapCB79jrF075o
TR9EQGoYcmuFHHXzpnk8blqsQrtGV1hmx6434HyCBPsMi7zJLk63DTswBfbdFOhQ
yQ0fS0zxW9J2uIB2AamtqP17Zg7VysPQa1ScTleWSgEL137QFvDArmHAZ47eG8yi
omw=
-----END CERTIFICATE-----