Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vcbsQ8HWabddpwDHeWsZjnth5P4.roa
File:                     vcbsQ8HWabddpwDHeWsZjnth5P4.roa (raw, json)
Hash identifier:          cwB+hlXxVdaYF40LPnMvCdLlMCESJRHKofuxsZOWWqg=
Subject key identifier:   BD:C6:EC:43:C1:D6:69:B7:5D:A7:00:C7:79:6B:19:8E:7B:61:E4:FE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01881F516C736BB50251D35D60B519950269
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vcbsQ8HWabddpwDHeWsZjnth5P4.roa
Signing time:             Mon 15 May 2023 12:10:09 +0000
ROA not before:           Mon 15 May 2023 12:10:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:1f:51:6c:73:6b:b5:02:51:d3:5d:60:b5:19:95:02:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 15 12:10:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bdc6ec43c1d669b75da700c7796b198e7b61e4fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d2:ad:6e:16:7a:b1:55:dc:f2:60:b1:d1:48:
                    cd:77:54:20:ca:80:1d:2a:65:06:2c:2b:25:1a:04:
                    e9:55:d0:36:b3:45:c3:1f:f8:17:28:f5:25:ba:1a:
                    ad:96:58:19:30:36:34:f4:18:16:22:0e:77:60:61:
                    6b:a8:3f:9b:3a:de:12:02:eb:51:b5:77:cd:6c:cc:
                    a1:0e:1e:df:90:58:08:ab:3b:d4:ef:ce:c7:13:1b:
                    ce:69:fd:00:b5:98:d4:44:bb:b7:51:14:f7:4f:95:
                    14:c5:0a:2a:85:e8:11:c7:d9:08:1c:5b:b1:23:49:
                    0a:eb:0e:40:5c:ae:8a:7a:67:5c:75:81:29:ab:0c:
                    f3:d8:e7:2d:41:c2:77:56:c2:4a:75:83:69:50:04:
                    c1:a0:62:56:e6:ae:1d:bc:d4:bc:20:f8:73:9f:38:
                    9c:f6:a2:c3:23:a8:5c:96:76:b9:24:95:e3:ae:99:
                    bb:e6:33:a2:f9:d5:c6:d9:87:f7:d9:1c:92:5d:f7:
                    24:68:50:db:7d:bf:97:0d:2e:02:c9:a6:b7:05:51:
                    cd:9c:e2:1a:bf:49:7c:2f:be:72:18:a8:dd:f3:26:
                    7f:f7:39:9f:18:5e:1c:bd:37:c8:8b:26:73:cb:ce:
                    39:47:98:38:49:ad:fe:c9:a5:df:b5:9e:b3:5a:8b:
                    bc:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:C6:EC:43:C1:D6:69:B7:5D:A7:00:C7:79:6B:19:8E:7B:61:E4:FE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vcbsQ8HWabddpwDHeWsZjnth5P4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:ed:6d:ea:ad:2f:75:96:fc:b8:ba:77:f6:42:52:a8:10:7d:
         9a:36:d8:6a:76:7e:71:b8:5d:c3:76:0c:2d:c5:44:5b:4b:1b:
         36:c6:57:dc:ba:8c:bf:a8:23:c5:55:54:f7:64:5d:4f:bf:4b:
         70:54:d4:1a:ee:83:94:04:b9:18:e8:f3:f6:30:7e:6e:78:f4:
         4f:b0:91:9b:85:4b:4c:e0:61:de:5d:98:0b:65:59:92:19:d5:
         53:e5:cb:d7:5a:f0:16:30:91:73:e2:42:36:4b:db:61:f6:b1:
         21:8e:ac:76:2f:71:04:62:ad:f9:76:4c:8e:a2:9a:d0:ee:29:
         ec:fd:db:59:9e:a7:92:0d:cf:f6:b6:80:b6:c6:72:a8:50:78:
         83:ea:8e:5c:1f:43:00:b5:76:2b:85:28:40:e8:d6:ce:fc:b8:
         44:53:ab:83:f0:c8:58:ba:eb:b5:95:69:bf:aa:dd:48:94:b5:
         8c:66:d3:89:cd:c1:1e:7a:d9:19:a8:ab:8c:39:ba:09:ed:be:
         93:74:1f:45:58:7b:76:e7:68:3f:32:f5:6e:b0:16:ca:ef:78:
         b7:92:f9:9a:1e:ab:ff:03:93:5a:5c:8f:96:1e:07:20:6c:cf:
         01:b1:46:65:70:cd:e3:60:df:de:78:77:d2:d2:10:ce:34:62:
         b4:ff:10:46
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgfUWxza7UCUdNdYLUZlQJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE1MTIxMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGM2ZWM0M2MxZDY2OWI3NWRhNzAwYzc3OTZiMTk4ZTdiNjFlNGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtKtbhZ6sVXc8mCx0UjNd1QgyoAd
KmUGLCslGgTpVdA2s0XDH/gXKPUluhqtllgZMDY09BgWIg53YGFrqD+bOt4SAutR
tXfNbMyhDh7fkFgIqzvU787HExvOaf0AtZjURLu3URT3T5UUxQoqhegRx9kIHFux
I0kK6w5AXK6KemdcdYEpqwzz2OctQcJ3VsJKdYNpUATBoGJW5q4dvNS8IPhznzic
9qLDI6hclna5JJXjrpm75jOi+dXG2Yf32RySXfckaFDbfb+XDS4Cyaa3BVHNnOIa
v0l8L75yGKjd8yZ/9zmfGF4cvTfIiyZzy845R5g4Sa3+yaXftZ6zWou8HwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL3G7EPB1mm3XacAx3lrGY57YeT+MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdmNic1E4SFdhYmRkcHdESGVXc1pqbnRoNVA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADXtbeqtL3WW/Li6d/ZC
UqgQfZo22Gp2fnG4XcN2DC3FRFtLGzbGV9y6jL+oI8VVVPdkXU+/S3BU1Brug5QE
uRjo8/Ywfm549E+wkZuFS0zgYd5dmAtlWZIZ1VPly9da8BYwkXPiQjZL22H2sSGO
rHYvcQRirfl2TI6imtDuKez921mep5INz/a2gLbGcqhQeIPqjlwfQwC1diuFKEDo
1s78uERTq4PwyFi667WVab+q3UiUtYxm04nNwR562Rmoq4w5ugntvpN0H0VYe3bn
aD8y9W6wFsrveLeS+Zoeq/8Dk1pcj5YeByBszwGxRmVwzeNg3954d9LSEM40YrT/
EEY=
-----END CERTIFICATE-----