Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xAldWglqvoKp09Xl22bUOgOzW84.roa
File:                     xAldWglqvoKp09Xl22bUOgOzW84.roa (raw, json)
Hash identifier:          qOZlm8YDcxUaRM9jEsZOX+G/8mc47Pjz9dnS7G0dslg=
Subject key identifier:   C4:09:5D:5A:09:6A:BE:82:A9:D3:D5:E5:DB:66:D4:3A:03:B3:5B:CE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01889B8EE0DFE87708C8946CDA5634821F58
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xAldWglqvoKp09Xl22bUOgOzW84.roa
Signing time:             Thu 08 Jun 2023 15:10:12 +0000
ROA not before:           Thu 08 Jun 2023 15:10:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:9b:8e:e0:df:e8:77:08:c8:94:6c:da:56:34:82:1f:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  8 15:10:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c4095d5a096abe82a9d3d5e5db66d43a03b35bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:08:f8:9a:ec:02:db:09:c1:f2:df:40:39:08:
                    ec:de:d7:7f:d3:52:39:6b:f8:76:75:26:9d:8e:85:
                    c6:86:3a:77:90:e8:d4:58:b9:f1:46:86:67:4e:69:
                    4b:6c:5f:52:af:a6:dd:86:bc:16:77:66:60:d2:16:
                    c4:8a:60:90:b4:c4:74:d5:96:e1:3c:de:0e:7c:cb:
                    0e:fb:da:75:7f:46:e9:9b:62:45:5e:3e:f5:2e:1c:
                    e3:e1:8f:2a:40:6e:80:55:60:d5:99:a0:ec:ca:67:
                    55:e8:ad:ef:7d:4e:7a:02:d7:bb:35:24:59:31:58:
                    e9:ab:82:3b:fa:3c:29:8c:07:01:5f:ac:cd:b1:0f:
                    58:66:82:69:aa:d1:a9:e4:60:63:3d:9f:75:c8:86:
                    bc:43:2c:ad:11:21:13:f6:f2:d5:76:33:6d:31:81:
                    8e:2f:01:d0:b4:e2:36:4b:cc:45:88:c0:90:e1:9a:
                    be:d4:80:e8:2e:2f:81:61:68:c3:0a:cb:e3:cc:f5:
                    f9:17:f3:79:dc:7b:49:34:7f:67:e5:55:20:26:ac:
                    04:8b:b0:9e:9e:56:c3:0d:24:8a:13:bd:7b:97:03:
                    a8:47:b9:23:31:0e:f3:12:07:37:c1:af:44:fb:dd:
                    4f:ee:d1:79:9f:c5:36:99:ba:ff:d7:e0:48:6f:37:
                    df:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:09:5D:5A:09:6A:BE:82:A9:D3:D5:E5:DB:66:D4:3A:03:B3:5B:CE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xAldWglqvoKp09Xl22bUOgOzW84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:86:cf:bd:a9:f6:8f:39:cb:20:2c:dc:ea:a0:b3:59:39:5d:
         c6:70:99:e9:24:62:20:83:05:6d:a3:4f:bc:4d:81:5a:d7:af:
         54:bf:00:01:6d:96:16:2f:68:00:ae:40:df:b7:56:44:9d:ea:
         ce:ae:a5:1a:55:e5:af:e2:b6:a3:7c:1a:20:73:65:f5:a4:15:
         90:d7:f1:c2:ac:a2:a2:12:6c:e9:92:bd:f3:f4:87:59:29:e9:
         70:2e:04:69:e3:2c:91:0d:69:49:6d:dc:26:5d:da:b6:0c:2c:
         f6:61:73:e4:6e:6d:75:ae:82:7c:f7:76:4e:d0:dd:60:4a:f3:
         cf:b7:51:5f:99:0b:6e:f8:d3:9d:1c:f7:3a:13:8e:88:5e:78:
         ef:a8:51:da:18:d1:17:ca:50:25:7b:40:05:1c:d2:0d:ce:91:
         9b:36:bc:b2:41:47:58:d4:73:1b:55:ee:0c:a8:c9:6b:34:63:
         ad:c1:1f:8a:6f:2f:7a:31:73:50:ed:e0:49:35:f4:d9:90:2e:
         65:c5:c0:76:e5:f0:88:40:37:9d:3f:cd:f0:0f:2c:df:8d:5f:
         c2:f0:89:9b:d6:dc:d1:f4:a4:a7:65:88:73:ef:b0:c6:be:c8:
         db:99:59:cd:06:fa:62:cd:4d:3d:e7:8a:a3:fc:e8:a1:df:56:
         ee:c0:62:13
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYibjuDf6HcIyJRs2lY0gh9YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA4MTUxMDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDA5NWQ1YTA5NmFiZTgyYTlkM2Q1ZTVkYjY2ZDQzYTAzYjM1YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgj4muwC2wnB8t9AOQjs3td/01I5
a/h2dSadjoXGhjp3kOjUWLnxRoZnTmlLbF9Sr6bdhrwWd2Zg0hbEimCQtMR01Zbh
PN4OfMsO+9p1f0bpm2JFXj71Lhzj4Y8qQG6AVWDVmaDsymdV6K3vfU56Ate7NSRZ
MVjpq4I7+jwpjAcBX6zNsQ9YZoJpqtGp5GBjPZ91yIa8QyytESET9vLVdjNtMYGO
LwHQtOI2S8xFiMCQ4Zq+1IDoLi+BYWjDCsvjzPX5F/N53HtJNH9n5VUgJqwEi7Ce
nlbDDSSKE717lwOoR7kjMQ7zEgc3wa9E+91P7tF5n8U2mbr/1+BIbzffJwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMQJXVoJar6CqdPV5dtm1DoDs1vOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveEFsZFdnbHF2b0twMDlYbDIyYlVPZ096Vzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH6Gz72p9o85yyAs3Oqg
s1k5XcZwmekkYiCDBW2jT7xNgVrXr1S/AAFtlhYvaACuQN+3VkSd6s6upRpV5a/i
tqN8GiBzZfWkFZDX8cKsoqISbOmSvfP0h1kp6XAuBGnjLJENaUlt3CZd2rYMLPZh
c+RubXWugnz3dk7Q3WBK88+3UV+ZC274050c9zoTjoheeO+oUdoY0RfKUCV7QAUc
0g3OkZs2vLJBR1jUcxtV7gyoyWs0Y63BH4pvL3oxc1Dt4Ek19NmQLmXFwHbl8IhA
N50/zfAPLN+NX8LwiZvW3NH0pKdliHPvsMa+yNuZWc0G+mLNTT3niqP86KHfVu7A
YhM=
-----END CERTIFICATE-----