Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yTSiau09wR1xqmVYcgYsYmA_I7A.roa
File:                     yTSiau09wR1xqmVYcgYsYmA_I7A.roa (raw, json)
Hash identifier:          5Kkg8SK4aQeSaon3UAtoAuzm8FIPNrbpajpUbtJX9gM=
Subject key identifier:   C9:34:A2:6A:ED:3D:C1:1D:71:AA:65:58:72:06:2C:62:60:3F:23:B0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187F3C4FB65C0A4DBB0108B17F9647F157C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yTSiau09wR1xqmVYcgYsYmA_I7A.roa
Signing time:             Sun 07 May 2023 01:13:05 +0000
ROA not before:           Sun 07 May 2023 01:13:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:f3:c4:fb:65:c0:a4:db:b0:10:8b:17:f9:64:7f:15:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  7 01:13:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c934a26aed3dc11d71aa655872062c62603f23b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:c1:d1:9c:af:27:12:f4:74:cb:1b:8c:1f:49:
                    cd:b3:4c:18:bd:54:8d:03:2c:da:ae:5d:79:b1:0d:
                    e7:41:1c:28:9d:fb:64:85:25:1e:ae:cb:6e:dd:4a:
                    ef:18:19:85:4e:79:01:04:1a:73:e7:c3:53:bf:aa:
                    d1:45:15:3f:d5:21:e6:d3:aa:82:a9:d2:b1:e1:7f:
                    bd:fc:29:14:5f:0a:6f:79:78:f6:6e:86:54:1f:63:
                    0f:a4:2d:d8:e8:5b:be:64:78:84:01:ae:f4:e5:52:
                    ca:df:04:20:0c:59:78:af:dd:3f:9e:71:2a:2a:ab:
                    35:90:4e:ab:fd:f1:6a:12:08:74:27:d6:a1:f3:8d:
                    22:7b:4f:02:20:20:3a:91:fa:f3:4e:8a:cd:eb:c4:
                    fd:27:0d:b9:e3:0d:8f:ac:38:54:3c:de:7a:aa:51:
                    50:4a:44:7b:60:77:6b:10:0d:59:12:61:81:a5:7f:
                    5b:d0:61:2e:4f:0d:e2:aa:76:9b:2f:45:7e:a4:97:
                    02:24:ab:59:27:3b:1b:e3:83:a5:39:52:d5:6e:81:
                    78:81:a1:58:e3:9a:b8:d9:d8:4f:05:80:83:1b:ac:
                    7f:a7:f3:f9:de:f3:37:7d:68:c3:eb:93:a8:47:90:
                    68:6f:a6:6f:68:04:43:79:a4:c9:83:ae:44:3d:8f:
                    d8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:34:A2:6A:ED:3D:C1:1D:71:AA:65:58:72:06:2C:62:60:3F:23:B0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/yTSiau09wR1xqmVYcgYsYmA_I7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:d3:c5:31:a9:7e:5c:f2:7f:af:c5:f0:dc:22:cc:16:77:31:
         6e:c7:59:02:fa:b6:6d:bc:e1:cf:ff:d7:a3:85:7b:2e:99:e6:
         13:75:f3:ff:6b:18:e6:6f:60:2a:db:38:73:bd:50:a3:2b:39:
         f2:1b:86:66:37:8b:2b:43:21:32:b5:93:e4:1c:3a:83:b2:e8:
         d5:3e:a5:eb:06:4e:27:0a:49:68:21:d6:dc:98:83:28:5c:4a:
         78:8b:5b:f9:31:27:4d:87:44:ca:eb:f3:80:6e:80:75:1a:2a:
         6d:11:1f:a2:47:2e:38:0c:56:7d:60:43:c8:4c:89:73:19:e4:
         0f:38:b8:00:7a:ca:35:c5:c1:55:09:49:83:68:d9:4e:74:f1:
         de:50:92:e5:03:c4:45:12:01:02:4c:05:f2:f3:38:96:2e:ef:
         ef:ec:17:aa:48:69:dd:c0:4b:ef:c3:27:e2:56:0a:bd:98:06:
         80:5f:32:08:f4:ba:b6:0c:60:9d:78:72:28:01:e3:a7:aa:61:
         13:8a:24:09:bd:93:e7:17:81:ae:89:89:6c:63:54:1d:2b:22:
         f2:7f:53:60:3c:35:f2:cb:f6:05:ff:ad:4a:ce:ec:83:55:46:
         94:b9:ac:37:45:73:fc:95:d2:24:6f:83:70:60:c8:0e:11:d9:
         eb:ce:c2:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfzxPtlwKTbsBCLF/lkfxV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA3MDExMzA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTM0YTI2YWVkM2RjMTFkNzFhYTY1NTg3MjA2MmM2MjYwM2YyM2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh8HRnK8nEvR0yxuMH0nNs0wYvVSN
Ayzarl15sQ3nQRwonftkhSUerstu3UrvGBmFTnkBBBpz58NTv6rRRRU/1SHm06qC
qdKx4X+9/CkUXwpveXj2boZUH2MPpC3Y6Fu+ZHiEAa705VLK3wQgDFl4r90/nnEq
Kqs1kE6r/fFqEgh0J9ah840ie08CICA6kfrzTorN68T9Jw254w2PrDhUPN56qlFQ
SkR7YHdrEA1ZEmGBpX9b0GEuTw3iqnabL0V+pJcCJKtZJzsb44OlOVLVboF4gaFY
45q42dhPBYCDG6x/p/P53vM3fWjD65OoR5Bob6ZvaARDeaTJg65EPY/Y7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMk0omrtPcEdcaplWHIGLGJgPyOwMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveVRTaWF1MDl3UjF4cW1WWWNnWXNZbUFfSTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACDTxTGpflzyf6/F8Nwi
zBZ3MW7HWQL6tm284c//16OFey6Z5hN18/9rGOZvYCrbOHO9UKMrOfIbhmY3iytD
ITK1k+QcOoOy6NU+pesGTicKSWgh1tyYgyhcSniLW/kxJ02HRMrr84BugHUaKm0R
H6JHLjgMVn1gQ8hMiXMZ5A84uAB6yjXFwVUJSYNo2U508d5QkuUDxEUSAQJMBfLz
OJYu7+/sF6pIad3AS+/DJ+JWCr2YBoBfMgj0urYMYJ14cigB46eqYROKJAm9k+cX
ga6JiWxjVB0rIvJ/U2A8NfLL9gX/rUrO7INVRpS5rDdFc/yV0iRvg3BgyA4R2evO
wsM=
-----END CERTIFICATE-----