Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xnIs8FkaOFzqfRJmPZL6OO3Fyqw.roa
File:                     xnIs8FkaOFzqfRJmPZL6OO3Fyqw.roa (raw, json)
Hash identifier:          z6J+1FjlECowvuZmOiMfDjI9Bfdl+byDiTzL1NEJEkg=
Subject key identifier:   C6:72:2C:F0:59:1A:38:5C:EA:7D:12:66:3D:92:FA:38:ED:C5:CA:AC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0189518843A164877C8FC749EAE8D55BBA8D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xnIs8FkaOFzqfRJmPZL6OO3Fyqw.roa
Signing time:             Thu 13 Jul 2023 23:13:51 +0000
ROA not before:           Thu 13 Jul 2023 23:13:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:51:88:43:a1:64:87:7c:8f:c7:49:ea:e8:d5:5b:ba:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 13 23:13:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c6722cf0591a385cea7d12663d92fa38edc5caac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:cd:a3:a2:dd:e9:a3:51:79:ce:48:07:bb:54:
                    65:62:14:d8:56:a3:f6:45:ff:c0:e1:f2:dd:76:e4:
                    fb:b1:14:03:97:90:8b:76:29:c8:9e:38:ea:e5:a0:
                    97:ff:98:e5:24:f2:5e:63:36:95:96:18:bd:fc:34:
                    cb:d9:4c:2d:04:6f:b7:4c:96:0b:07:bc:98:26:b2:
                    80:33:2d:dd:d5:f0:1a:3f:39:85:6d:9f:b9:ab:63:
                    e0:a1:9c:68:8d:d3:82:7a:6c:17:6f:b7:b7:bc:9f:
                    6b:fc:06:96:71:d1:b3:f2:07:93:d1:7e:a5:d3:dd:
                    03:5a:bd:e3:a6:59:36:68:69:ab:90:81:b0:4b:6c:
                    5b:c6:da:65:41:b4:75:a5:b4:15:ff:c4:7b:a2:04:
                    b2:bb:2c:0a:94:7f:9a:22:3d:cf:b5:3c:12:b9:e0:
                    70:38:11:bd:2e:ff:e2:ad:96:4b:6d:0d:b4:15:1d:
                    99:5b:1f:26:f2:78:29:6d:e4:17:83:d0:9b:7a:fb:
                    fc:07:20:d8:46:96:94:05:28:b6:cc:b2:bc:07:b0:
                    7a:66:3a:e2:b1:c1:9f:ac:19:f3:cc:97:7f:a1:56:
                    3d:81:03:d0:c4:26:c4:40:2b:bf:74:27:9f:ea:9b:
                    88:0e:5a:f0:2a:70:b2:19:87:9f:2e:82:94:55:7e:
                    c3:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:72:2C:F0:59:1A:38:5C:EA:7D:12:66:3D:92:FA:38:ED:C5:CA:AC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/xnIs8FkaOFzqfRJmPZL6OO3Fyqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:96:da:02:c3:45:41:28:ac:00:ec:33:70:7f:db:6e:21:b7:
         45:99:c7:d8:93:f7:cc:c4:f1:95:ba:52:15:6f:8e:ff:cb:78:
         c6:fc:15:19:f1:5d:42:3c:c4:c0:86:41:02:af:e8:59:0c:dc:
         a3:67:19:05:c3:25:4a:4b:64:c6:49:6a:18:af:f0:dc:50:3f:
         c8:3a:33:d7:f4:1a:49:cf:c8:1b:44:d0:08:c3:cf:55:b2:f0:
         d0:68:db:21:db:fa:c4:e2:e8:94:14:dd:12:ba:c2:db:6c:69:
         ca:b9:f0:23:ee:d3:f7:fc:1a:2a:0b:e9:cb:01:91:36:57:10:
         69:a4:c4:85:09:15:ad:b1:6e:9b:68:df:8d:78:c3:2d:52:5c:
         8d:4e:fc:2b:5c:e4:a6:21:01:f2:5d:ac:8b:c1:63:a8:20:a0:
         b4:6c:f8:af:e7:6b:51:67:27:96:be:b3:a1:e9:77:76:97:29:
         90:8e:f6:e5:4c:34:a3:19:21:47:d5:25:ef:32:95:ef:99:de:
         9a:b0:93:21:85:e8:2d:70:3f:82:49:9d:11:6b:bb:87:00:28:
         ea:80:1f:2e:02:73:ba:0e:d8:84:d3:4d:8a:9d:e2:37:31:11:
         26:df:37:79:28:97:bf:cd:e4:85:8d:60:4f:cc:f1:1c:8b:f1:
         6b:d2:42:81
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlRiEOhZId8j8dJ6ujVW7qNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEzMjMxMzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjcyMmNmMDU5MWEzODVjZWE3ZDEyNjYzZDkyZmEzOGVkYzVjYWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqs2jot3po1F5zkgHu1RlYhTYVqP2
Rf/A4fLdduT7sRQDl5CLdinInjjq5aCX/5jlJPJeYzaVlhi9/DTL2UwtBG+3TJYL
B7yYJrKAMy3d1fAaPzmFbZ+5q2PgoZxojdOCemwXb7e3vJ9r/AaWcdGz8geT0X6l
090DWr3jplk2aGmrkIGwS2xbxtplQbR1pbQV/8R7ogSyuywKlH+aIj3PtTwSueBw
OBG9Lv/irZZLbQ20FR2ZWx8m8ngpbeQXg9Cbevv8ByDYRpaUBSi2zLK8B7B6Zjri
scGfrBnzzJd/oVY9gQPQxCbEQCu/dCef6puIDlrwKnCyGYefLoKUVX7DIQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMZyLPBZGjhc6n0SZj2S+jjtxcqsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveG5JczhGa2FPRnpxZlJKbVBaTDZPTzNGeXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAmW2gLDRUEorADsM3B/
224ht0WZx9iT98zE8ZW6UhVvjv/LeMb8FRnxXUI8xMCGQQKv6FkM3KNnGQXDJUpL
ZMZJahiv8NxQP8g6M9f0GknPyBtE0AjDz1Wy8NBo2yHb+sTi6JQU3RK6wttsacq5
8CPu0/f8GioL6csBkTZXEGmkxIUJFa2xbpto3414wy1SXI1O/Ctc5KYhAfJdrIvB
Y6ggoLRs+K/na1FnJ5a+s6Hpd3aXKZCO9uVMNKMZIUfVJe8yle+Z3pqwkyGF6C1w
P4JJnRFru4cAKOqAHy4Cc7oO2ITTTYqd4jcxESbfN3kol7/N5IWNYE/M8RyL8WvS
QoE=
-----END CERTIFICATE-----