Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/47aSzIaRcr7a9G8Mj0zDCjUusAE.roa
File:                     47aSzIaRcr7a9G8Mj0zDCjUusAE.roa (raw, json)
Hash identifier:          ScZIBACV8Ubly4VbxjNWbGp1DgE9mRpyIrET2dfyLjQ=
Subject key identifier:   E3:B6:92:CC:86:91:72:BE:DA:F4:6F:0C:8F:4C:C3:0A:35:2E:B0:01
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888162221E35E0EB3D94C0D09523C354FF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/47aSzIaRcr7a9G8Mj0zDCjUusAE.roa
Signing time:             Sat 03 Jun 2023 13:11:12 +0000
ROA not before:           Sat 03 Jun 2023 13:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:81:62:22:1e:35:e0:eb:3d:94:c0:d0:95:23:c3:54:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  3 13:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e3b692cc869172bedaf46f0c8f4cc30a352eb001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c2:72:2c:a8:8b:87:aa:14:5d:e2:e1:4d:b5:
                    48:ea:dd:f5:18:e9:78:30:61:db:7c:78:1c:bd:ab:
                    62:1a:0f:d4:49:ee:30:60:b5:2c:c3:bb:de:de:92:
                    2a:87:db:23:3a:8e:53:ab:56:71:16:32:97:31:4b:
                    19:e2:84:08:be:49:dc:8c:4b:ec:ee:0b:41:e4:e2:
                    d8:33:c6:d1:45:0d:b6:50:f6:61:93:8e:e3:85:a8:
                    5c:cc:e9:a2:3f:b8:f5:af:dc:98:26:45:0b:e9:0d:
                    06:f2:49:42:62:10:b8:c7:49:79:41:ca:6b:ab:17:
                    f9:8a:23:78:08:05:0f:75:31:e3:12:10:e6:93:51:
                    e7:e9:d3:30:e2:8e:44:cd:de:ea:f9:2f:ee:d1:9e:
                    c3:26:b7:12:6c:b8:d5:77:75:39:71:26:0e:d7:63:
                    1d:30:2d:be:fb:15:c8:fe:6a:0e:8b:31:66:b4:e3:
                    71:b8:b7:ba:77:3d:6d:f8:f3:06:4d:bc:ca:82:30:
                    06:5d:31:db:23:ff:a9:d5:4e:55:23:5f:8a:d7:62:
                    12:f2:61:a4:5d:06:22:e4:9b:3c:f4:b4:6d:a6:b1:
                    85:e0:58:d0:1a:37:45:48:bc:ba:d5:10:ef:36:5b:
                    e2:0d:44:b5:77:96:6d:e7:10:f9:da:58:ad:e5:26:
                    34:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B6:92:CC:86:91:72:BE:DA:F4:6F:0C:8F:4C:C3:0A:35:2E:B0:01
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/47aSzIaRcr7a9G8Mj0zDCjUusAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:03:7f:e3:2c:08:e5:03:fd:14:40:d6:a7:18:50:17:aa:97:
         16:54:02:55:52:64:3b:80:a3:3a:b1:3c:3f:9c:39:81:f2:cf:
         00:57:bd:79:67:31:f8:99:98:00:21:42:7d:8e:9c:9a:e1:73:
         fb:5b:5c:d1:45:85:a4:ed:86:c9:aa:f5:97:1a:bc:df:9f:0a:
         2d:7e:16:05:2e:f6:67:a1:e3:70:9d:17:c7:29:8c:d7:70:2b:
         b5:d6:33:0f:d2:07:5f:20:26:6a:f8:fb:c2:60:b5:0d:db:bd:
         c2:c6:ec:66:32:a0:81:00:82:51:8f:ac:17:b4:ce:b4:fc:43:
         f8:65:97:0a:13:d5:95:45:ce:cc:8b:1a:6d:6d:9f:b3:74:0a:
         ed:2e:38:8e:61:bc:8d:88:dc:2f:37:11:f6:90:7e:17:c2:fc:
         8d:83:4b:70:57:06:6d:58:dc:dc:2a:c3:cf:cf:cd:e8:a5:29:
         29:23:1b:9a:f3:4d:fb:0f:38:dc:11:78:2d:ae:fd:ed:f8:3f:
         55:a2:68:c3:34:8c:41:3f:19:31:46:bf:4f:af:2a:2c:d0:6e:
         44:0b:82:7f:0f:b0:3b:26:8e:bc:74:27:a5:cd:f0:b2:8f:ef:
         8e:9d:a7:b1:b9:53:cb:a1:85:d7:63:eb:91:ac:f9:f6:75:f3:
         fd:0a:31:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiBYiIeNeDrPZTA0JUjw1T/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAzMTMxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2I2OTJjYzg2OTE3MmJlZGFmNDZmMGM4ZjRjYzMwYTM1MmViMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8JyLKiLh6oUXeLhTbVI6t31GOl4
MGHbfHgcvatiGg/USe4wYLUsw7ve3pIqh9sjOo5Tq1ZxFjKXMUsZ4oQIvkncjEvs
7gtB5OLYM8bRRQ22UPZhk47jhahczOmiP7j1r9yYJkUL6Q0G8klCYhC4x0l5Qcpr
qxf5iiN4CAUPdTHjEhDmk1Hn6dMw4o5Ezd7q+S/u0Z7DJrcSbLjVd3U5cSYO12Md
MC2++xXI/moOizFmtONxuLe6dz1t+PMGTbzKgjAGXTHbI/+p1U5VI1+K12IS8mGk
XQYi5Js89LRtprGF4FjQGjdFSLy61RDvNlviDUS1d5Zt5xD52lit5SY0MQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOO2ksyGkXK+2vRvDI9Mwwo1LrABMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNDdhU3pJYVJjcjdhOUc4TWowekRDalV1c0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAG0Df+MsCOUD/RRA1qcY
UBeqlxZUAlVSZDuAozqxPD+cOYHyzwBXvXlnMfiZmAAhQn2OnJrhc/tbXNFFhaTt
hsmq9ZcavN+fCi1+FgUu9meh43CdF8cpjNdwK7XWMw/SB18gJmr4+8JgtQ3bvcLG
7GYyoIEAglGPrBe0zrT8Q/hllwoT1ZVFzsyLGm1tn7N0Cu0uOI5hvI2I3C83EfaQ
fhfC/I2DS3BXBm1Y3Nwqw8/PzeilKSkjG5rzTfsPONwReC2u/e34P1WiaMM0jEE/
GTFGv0+vKizQbkQLgn8PsDsmjrx0J6XN8LKP746dp7G5U8uhhddj65Gs+fZ18/0K
Me8=
-----END CERTIFICATE-----