Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yAN-XXynddh8bBTocz5Kp8AaAPA.roa
File:                     yAN-XXynddh8bBTocz5Kp8AaAPA.roa (raw, json)
Hash identifier:          BlDwx87qdRuV8MOlf18ezbvzzcV4UojhbkmH1a1rUdc=
Subject key identifier:   C8:03:7E:5D:7C:A7:75:D8:7C:6C:14:E8:73:3E:4A:A7:C0:1A:00:F0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01876BB2A55E9E1BF29E5E1E9E5830269AA6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yAN-XXynddh8bBTocz5Kp8AaAPA.roa
Signing time:             Mon 10 Apr 2023 15:04:42 +0000
ROA not before:           Mon 10 Apr 2023 15:04:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:187:6bb2:3107/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6b:b2:a5:5e:9e:1b:f2:9e:5e:1e:9e:58:30:26:9a:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 10 15:04:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c8037e5d7ca775d87c6c14e8733e4aa7c01a00f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f1:24:d2:88:3f:07:a3:77:21:e5:4a:65:1b:
                    61:51:47:6f:7f:c3:97:c4:3a:fb:59:99:66:44:bf:
                    e1:d3:ee:95:87:86:41:e3:16:03:9e:bd:f1:29:75:
                    93:db:21:14:48:36:e2:ed:6b:a6:0c:49:3d:9c:6e:
                    29:bb:72:87:10:55:94:9d:40:b6:82:6d:b6:3c:29:
                    c7:b5:82:92:9e:52:ba:50:62:0f:f9:ce:19:10:c2:
                    7b:8a:02:f6:ed:fb:e2:64:72:65:07:de:86:7a:3c:
                    bc:04:b1:7d:27:7f:59:dd:ac:ef:cf:85:d4:68:7a:
                    f9:29:0c:96:40:30:e6:e1:7c:0a:42:a0:60:9a:e7:
                    78:f1:a2:c5:fe:2c:e9:c1:59:8f:40:f4:f8:e8:3b:
                    c1:41:94:04:2c:70:4e:7f:25:77:91:fe:2e:fa:0f:
                    b7:9d:34:03:3b:90:d6:5e:93:8c:d6:18:94:e1:a7:
                    15:87:6f:19:71:62:99:33:f1:23:df:6a:c6:47:2c:
                    ce:c3:90:6d:94:4f:74:3d:fd:b2:c7:a9:d5:41:0c:
                    03:6e:3f:64:ad:4f:61:90:f7:ec:a1:91:ae:bf:99:
                    3c:ef:72:67:78:5d:3d:35:af:53:74:af:3f:fa:f5:
                    1e:d8:b3:e7:f2:94:c0:88:49:2b:b4:64:bf:f6:64:
                    b8:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:03:7E:5D:7C:A7:75:D8:7C:6C:14:E8:73:3E:4A:A7:C0:1A:00:F0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yAN-XXynddh8bBTocz5Kp8AaAPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:6b:22:28:a7:fd:53:5f:d3:2a:43:53:d2:98:1e:31:37:0e:
         31:8b:fb:20:27:28:52:0f:8d:82:79:81:bd:22:1d:2d:34:c7:
         e9:91:9b:15:ee:4e:60:b6:fa:d9:41:ae:c0:49:6d:20:cb:91:
         3f:56:40:ea:82:0a:6a:b3:d6:c7:ec:d6:84:c3:f8:90:70:cf:
         5e:15:ac:b6:ec:4d:fb:d0:c6:2d:95:e6:47:04:fa:0b:24:7a:
         f7:a2:5b:01:4e:88:4c:03:0c:60:51:2b:56:26:2a:d7:d9:46:
         fc:70:2d:0a:d8:b4:3d:5b:08:c1:3c:c3:1f:fd:b3:ec:86:90:
         f7:85:ef:d0:95:2d:2d:48:e1:d5:cb:42:2b:f1:69:11:eb:76:
         3e:41:9d:ce:0c:96:02:b6:ac:f1:6f:af:65:fc:80:74:76:10:
         29:6b:f8:a8:3c:43:9e:f1:3d:aa:31:82:40:3d:f3:0b:56:d5:
         74:d4:69:59:9d:62:b3:07:88:dc:44:29:b2:2a:b3:b1:82:aa:
         00:0a:e4:82:99:38:2e:dd:92:b0:55:7b:da:ae:12:4d:9d:6d:
         5e:12:2d:34:45:0f:69:78:f8:25:66:15:1e:90:05:70:cb:a6:
         10:e7:a2:4f:a1:53:d3:89:7c:09:5f:c2:c0:a3:5a:bc:e8:b3:
         10:0e:9d:ab
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdrsqVenhvynl4enlgwJpqmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDEwMTUwNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODAzN2U1ZDdjYTc3NWQ4N2M2YzE0ZTg3MzNlNGFhN2MwMWEwMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/Ek0og/B6N3IeVKZRthUUdvf8OX
xDr7WZlmRL/h0+6Vh4ZB4xYDnr3xKXWT2yEUSDbi7WumDEk9nG4pu3KHEFWUnUC2
gm22PCnHtYKSnlK6UGIP+c4ZEMJ7igL27fviZHJlB96Gejy8BLF9J39Z3azvz4XU
aHr5KQyWQDDm4XwKQqBgmud48aLF/izpwVmPQPT46DvBQZQELHBOfyV3kf4u+g+3
nTQDO5DWXpOM1hiU4acVh28ZcWKZM/Ej32rGRyzOw5BtlE90Pf2yx6nVQQwDbj9k
rU9hkPfsoZGuv5k873JneF09Na9TdK8/+vUe2LPn8pTAiEkrtGS/9mS4GQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMgDfl18p3XYfGwU6HM+SqfAGgDwMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveUFOLVhYeW5kZGg4YkJUb2N6NUtwOEFhQVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGBrIiin/VNf0ypDU9KY
HjE3DjGL+yAnKFIPjYJ5gb0iHS00x+mRmxXuTmC2+tlBrsBJbSDLkT9WQOqCCmqz
1sfs1oTD+JBwz14VrLbsTfvQxi2V5kcE+gskeveiWwFOiEwDDGBRK1YmKtfZRvxw
LQrYtD1bCME8wx/9s+yGkPeF79CVLS1I4dXLQivxaRHrdj5Bnc4MlgK2rPFvr2X8
gHR2EClr+Kg8Q57xPaoxgkA98wtW1XTUaVmdYrMHiNxEKbIqs7GCqgAK5IKZOC7d
krBVe9quEk2dbV4SLTRFD2l4+CVmFR6QBXDLphDnok+hU9OJfAlfwsCjWrzosxAO
nas=
-----END CERTIFICATE-----