Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-ltN9DkoxKpFcJtjuErSI8DXAeQ.roa
File:                     1-ltN9DkoxKpFcJtjuErSI8DXAeQ.roa (raw, json)
Hash identifier:          GcVt0awow/HWPP0lCm0KZXCGCD8BAj2rQzo3PqXuGTs=
Subject key identifier:   FA:5B:4D:F4:39:28:C4:AA:45:70:9B:63:B8:4A:D2:23:C0:D7:01:E4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187D6CA1AC7E0CFD93FBE61075E034A0B6C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-ltN9DkoxKpFcJtjuErSI8DXAeQ.roa
Signing time:             Mon 01 May 2023 10:09:41 +0000
ROA not before:           Mon 01 May 2023 10:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:d6:ca:1a:c7:e0:cf:d9:3f:be:61:07:5e:03:4a:0b:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  1 10:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fa5b4df43928c4aa45709b63b84ad223c0d701e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:28:73:79:7b:2c:49:38:51:b9:f3:dd:12:4f:
                    3d:99:e8:f8:d7:04:77:95:c7:e8:4f:c7:19:70:b2:
                    02:85:35:6f:77:63:37:7b:17:72:89:63:24:33:a0:
                    e5:9e:ea:4f:58:ce:f3:8f:0f:8b:6a:ee:18:21:04:
                    f5:f8:69:fc:ac:84:e9:95:4f:54:a7:1c:fe:e1:e3:
                    34:67:73:08:34:2b:12:8d:e7:23:81:46:b1:10:af:
                    d8:22:e5:53:ff:4e:37:65:3f:81:96:dc:c1:77:09:
                    02:3a:5a:61:e8:76:f9:08:95:ac:9f:a4:a9:58:b2:
                    24:46:ba:9d:12:1e:5b:2f:4a:82:e5:d6:a7:fd:62:
                    b7:27:83:a6:cf:ab:1f:ec:f8:6c:44:36:16:a8:9f:
                    18:b8:32:50:74:5a:0e:20:0e:99:36:c2:7a:71:2f:
                    7a:eb:0d:4d:2c:55:a4:93:86:e7:3c:68:1c:a6:b4:
                    13:0f:e0:ba:ec:2c:d0:ec:88:ac:d1:36:36:76:d2:
                    b9:0f:23:8c:18:7b:cf:13:71:9c:20:95:fd:7e:78:
                    f5:09:50:7d:bc:7a:4e:6a:0c:e6:33:11:fa:3c:ca:
                    95:be:da:28:01:aa:f5:9a:6a:3f:3e:67:cd:3a:57:
                    66:7a:c4:e3:78:0b:28:9c:2b:5a:9d:59:73:91:3c:
                    71:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:5B:4D:F4:39:28:C4:AA:45:70:9B:63:B8:4A:D2:23:C0:D7:01:E4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-ltN9DkoxKpFcJtjuErSI8DXAeQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:e6:cb:b1:e2:ad:53:c3:48:d8:2a:aa:42:7b:fd:87:ea:e9:
         ef:cb:82:1a:b9:c3:78:49:f1:2e:41:cc:1f:30:44:c7:27:01:
         ee:03:fa:dd:a8:40:91:c1:6d:d2:08:c2:2c:15:9f:d8:de:4c:
         2e:8e:30:25:fe:9a:89:3e:a8:ef:22:f6:66:e5:d1:20:80:60:
         4a:47:aa:20:49:29:47:0d:09:42:d7:45:bf:58:86:7e:f1:5c:
         17:7e:7b:23:40:a7:c7:0e:12:0d:ea:3b:49:7f:ff:f0:60:c9:
         d8:08:c4:d4:1a:e0:47:41:c5:f1:45:de:f5:49:ae:1d:5d:ac:
         a0:af:90:49:3d:41:d7:9d:6c:c8:e8:9b:b1:ff:5b:0d:15:fb:
         4e:72:a5:bd:21:24:82:1a:1f:b6:48:77:b5:cf:12:17:14:f2:
         d0:da:97:6f:9e:0f:7c:13:2b:0d:45:04:ad:f9:35:11:93:51:
         ca:f4:72:78:c2:6d:a3:9f:a3:20:a9:23:41:09:51:bb:a7:2a:
         36:ae:f0:de:29:66:bf:20:84:b5:ab:af:43:b3:f5:fd:34:b5:
         c1:41:11:1d:29:2f:91:11:31:6c:a6:1c:47:78:2a:29:33:05:
         cd:92:50:d3:27:3a:a0:7b:f3:33:5e:85:2f:96:10:fb:e6:2b:
         28:5a:40:4d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYfWyhrH4M/ZP75hB14DSgtsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTAxMTAwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTViNGRmNDM5MjhjNGFhNDU3MDliNjNiODRhZDIyM2MwZDcwMWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyhzeXssSThRufPdEk89mej41wR3
lcfoT8cZcLIChTVvd2M3exdyiWMkM6DlnupPWM7zjw+Lau4YIQT1+Gn8rITplU9U
pxz+4eM0Z3MINCsSjecjgUaxEK/YIuVT/043ZT+BltzBdwkCOlph6Hb5CJWsn6Sp
WLIkRrqdEh5bL0qC5dan/WK3J4Omz6sf7PhsRDYWqJ8YuDJQdFoOIA6ZNsJ6cS96
6w1NLFWkk4bnPGgcprQTD+C67CzQ7Iis0TY2dtK5DyOMGHvPE3GcIJX9fnj1CVB9
vHpOagzmMxH6PMqVvtooAar1mmo/PmfNOldmesTjeAsonCtanVlzkTxxSQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPpbTfQ5KMSqRXCbY7hK0iPA1wHkMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1sdE45RGtveEtwRmNKdGp1RXJTSThEWEFlUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQAW5sux4q1Tw0jYKqpC
e/2H6unvy4IaucN4SfEuQcwfMETHJwHuA/rdqECRwW3SCMIsFZ/Y3kwujjAl/pqJ
PqjvIvZm5dEggGBKR6ogSSlHDQlC10W/WIZ+8VwXfnsjQKfHDhIN6jtJf//wYMnY
CMTUGuBHQcXxRd71Sa4dXaygr5BJPUHXnWzI6Jux/1sNFftOcqW9ISSCGh+2SHe1
zxIXFPLQ2pdvng98EysNRQSt+TURk1HK9HJ4wm2jn6MgqSNBCVG7pyo2rvDeKWa/
IIS1q69Ds/X9NLXBQREdKS+RETFsphxHeCopMwXNklDTJzqge/MzXoUvlhD75iso
WkBN
-----END CERTIFICATE-----