Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2zlopajWvtNGMfKMTLVIG9t5Bqg.roa
File:                     2zlopajWvtNGMfKMTLVIG9t5Bqg.roa (raw, json)
Hash identifier:          lPCPpCGy0Vhzdo+lbbbui7w1jK9zbIGYp2ffjtqguIg=
Subject key identifier:   DB:39:68:A5:A8:D6:BE:D3:46:31:F2:8C:4C:B5:48:1B:DB:79:06:A8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C34352231F5CB96E3E8F920702284441
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2zlopajWvtNGMfKMTLVIG9t5Bqg.roa
Signing time:             Thu 27 Apr 2023 15:09:41 +0000
ROA not before:           Thu 27 Apr 2023 15:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c3:43:52:23:1f:5c:b9:6e:3e:8f:92:07:02:28:44:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 27 15:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=db3968a5a8d6bed34631f28c4cb5481bdb7906a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:84:10:7a:ce:be:f4:63:27:cd:ae:e0:d3:cc:
                    4a:61:96:03:bd:6a:04:a8:0f:a5:d3:cc:b1:56:8f:
                    c4:a1:ef:c5:c5:91:4c:d0:b8:7c:79:f1:9d:5b:83:
                    e1:79:e1:a2:72:b1:42:af:fc:ba:f1:dc:8f:08:6c:
                    db:ca:54:a6:0c:6c:94:99:71:af:01:5c:54:66:ce:
                    d2:5f:07:5b:b0:12:66:f9:2b:37:a2:b7:7e:c9:58:
                    be:a8:e9:5c:d7:f2:c2:f8:3a:38:b2:ff:3a:3c:c4:
                    62:f3:76:2e:91:60:4f:28:37:68:1a:2d:c2:0a:2c:
                    4b:c6:4b:cd:be:c1:e3:2b:5e:c0:bc:d0:c9:33:9c:
                    86:be:51:02:fd:08:9e:cf:12:7a:8d:50:22:c1:c2:
                    42:e5:24:5b:24:6c:80:15:ee:8e:1f:4a:39:f9:bd:
                    98:62:86:b2:6b:f2:a1:fd:4a:b2:c2:8d:f5:6b:52:
                    4c:96:c3:3e:fc:cf:77:df:aa:ba:48:36:40:c4:2f:
                    d4:d5:89:e4:91:10:44:fc:c0:4f:d4:ea:ba:ca:79:
                    e9:88:1c:89:57:d6:84:0c:05:28:44:5a:99:fd:4d:
                    ad:f3:40:80:8a:a3:10:ea:48:23:e1:ea:24:64:3c:
                    f0:bd:0a:86:f5:07:b5:c0:a2:a7:73:7a:dd:85:6a:
                    9b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:39:68:A5:A8:D6:BE:D3:46:31:F2:8C:4C:B5:48:1B:DB:79:06:A8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2zlopajWvtNGMfKMTLVIG9t5Bqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:da:e6:8a:18:94:6b:b6:a2:a8:5e:23:e4:60:02:3a:1a:52:
         c1:62:5d:ab:65:d1:c1:f3:29:9b:97:7b:71:ac:7f:d2:d2:b9:
         69:c3:9c:3a:8a:e7:6f:ff:0a:76:1c:1d:16:e6:a1:69:b1:46:
         a0:00:53:7c:57:ad:a2:20:76:5a:a2:f1:b0:47:21:19:ee:37:
         13:fb:6a:38:85:e2:cb:43:0a:7c:fe:a7:95:42:60:6a:c2:4e:
         85:7b:a8:bb:ae:f4:6d:c4:c5:e4:55:46:06:e5:eb:73:71:50:
         90:2c:7f:9d:8c:48:29:41:f8:71:73:b7:9d:b3:a0:88:f4:21:
         c8:bd:fb:1c:a0:b0:f4:65:6d:88:cf:7a:0a:5b:40:c4:e0:a5:
         d6:c6:ae:b8:9d:cc:cf:57:21:9f:7f:e8:be:c5:83:2b:2d:6f:
         76:ff:9d:ea:c3:33:f6:ac:c7:59:b8:30:0e:79:28:df:9a:55:
         ee:35:4e:50:25:61:ea:d7:4e:6e:a3:f9:81:f8:c8:68:a1:1b:
         9e:71:60:e1:72:7c:f2:2a:f8:e4:2b:ea:64:e0:8d:c5:2b:da:
         2f:9a:33:43:04:78:65:e5:f5:e9:ae:1b:f9:2d:bf:ad:13:25:
         ba:0b:c0:f2:f9:5c:fd:f1:e4:8e:29:28:ff:46:6d:24:30:bf:
         b2:16:bd:2f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfDQ1IjH1y5bj6PkgcCKERBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI3MTUwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjM5NjhhNWE4ZDZiZWQzNDYzMWYyOGM0Y2I1NDgxYmRiNzkwNmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYQQes6+9GMnza7g08xKYZYDvWoE
qA+l08yxVo/Eoe/FxZFM0Lh8efGdW4PheeGicrFCr/y68dyPCGzbylSmDGyUmXGv
AVxUZs7SXwdbsBJm+Ss3ord+yVi+qOlc1/LC+Do4sv86PMRi83YukWBPKDdoGi3C
CixLxkvNvsHjK17AvNDJM5yGvlEC/QiezxJ6jVAiwcJC5SRbJGyAFe6OH0o5+b2Y
Yoaya/Kh/Uqywo31a1JMlsM+/M9336q6SDZAxC/U1YnkkRBE/MBP1Oq6ynnpiByJ
V9aEDAUoRFqZ/U2t80CAiqMQ6kgj4eokZDzwvQqG9Qe1wKKnc3rdhWqb/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNs5aKWo1r7TRjHyjEy1SBvbeQaoMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMnpsb3Bhald2dE5HTWZLTVRMVklHOXQ1QnFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEPa5ooYlGu2oqheI+Rg
AjoaUsFiXatl0cHzKZuXe3Gsf9LSuWnDnDqK52//CnYcHRbmoWmxRqAAU3xXraIg
dlqi8bBHIRnuNxP7ajiF4stDCnz+p5VCYGrCToV7qLuu9G3ExeRVRgbl63NxUJAs
f52MSClB+HFzt52zoIj0Ici9+xygsPRlbYjPegpbQMTgpdbGrridzM9XIZ9/6L7F
gystb3b/nerDM/asx1m4MA55KN+aVe41TlAlYerXTm6j+YH4yGihG55xYOFyfPIq
+OQr6mTgjcUr2i+aM0MEeGXl9emuG/ktv60TJboLwPL5XP3x5I4pKP9GbSQwv7IW
vS8=
-----END CERTIFICATE-----