Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/DDn5dwSwCXz5fUZlx46-KBMTX54.roa
File:                     DDn5dwSwCXz5fUZlx46-KBMTX54.roa (raw, json)
Hash identifier:          Rp1Z2gRebPRUpZzOcKjEcJBAxaSNRyQHcT8El56PZYk=
Subject key identifier:   0C:39:F9:77:04:B0:09:7C:F9:7D:46:65:C7:8E:BE:28:13:13:5F:9E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01895DFB359F825189B6C5F592503729AFFA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/DDn5dwSwCXz5fUZlx46-KBMTX54.roa
Signing time:             Sun 16 Jul 2023 09:14:51 +0000
ROA not before:           Sun 16 Jul 2023 09:14:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5d:fb:35:9f:82:51:89:b6:c5:f5:92:50:37:29:af:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 16 09:14:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0c39f97704b0097cf97d4665c78ebe2813135f9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1d:96:7a:5b:6c:2a:91:ae:e5:a9:42:e7:50:
                    00:21:8b:50:01:54:d3:e0:41:ed:1e:de:89:3d:c5:
                    77:94:98:d9:67:2f:ad:00:db:68:2b:5d:36:9c:43:
                    82:b5:5a:b9:ba:5f:01:c0:0e:af:2b:14:1b:8b:c3:
                    ad:4a:8b:8d:bc:c5:92:cd:99:a5:dc:49:7b:e4:04:
                    90:35:1a:aa:55:87:11:c7:4e:f4:e1:60:d6:96:f2:
                    1f:c6:bd:9d:37:58:24:09:8c:80:15:5f:4d:dc:98:
                    37:2c:d1:61:c6:86:38:c2:a5:a5:8c:99:a9:b1:72:
                    43:90:d6:cf:c8:21:ea:a5:9a:e1:5d:c6:11:aa:89:
                    e8:50:5d:c0:fe:80:66:46:80:83:6a:4e:25:b0:26:
                    51:1a:11:f7:09:e6:30:e9:9c:12:cf:05:cb:8e:de:
                    53:d2:87:6e:10:67:3c:15:3b:fc:0f:72:80:86:95:
                    7f:bd:4a:63:80:5e:1f:72:27:a3:6a:b3:27:33:35:
                    2c:56:8b:bb:36:41:e1:52:e3:e9:d1:1e:be:f8:e7:
                    46:20:d4:fa:dd:53:aa:3a:ee:e5:7f:f0:08:90:36:
                    09:c7:27:ff:2f:be:97:e2:ca:87:50:70:ab:6b:f3:
                    02:8b:57:27:c7:5d:e8:bc:3b:26:93:db:63:fc:fd:
                    13:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:39:F9:77:04:B0:09:7C:F9:7D:46:65:C7:8E:BE:28:13:13:5F:9E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/DDn5dwSwCXz5fUZlx46-KBMTX54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:eb:16:a5:f2:0a:1f:5a:b2:b2:bd:d7:e6:b2:cc:4b:5b:08:
         d0:b3:e1:2c:68:ab:f3:3f:a1:96:d1:aa:14:ed:29:1e:96:e7:
         80:49:7c:cd:71:3c:52:77:7c:92:e6:52:d0:f3:98:e6:19:ce:
         cb:0a:d4:fd:e4:d8:ec:ba:07:e7:b1:61:1c:b0:d3:38:a1:c3:
         44:d9:4e:4a:03:0f:61:02:8b:5c:de:3a:89:63:6c:3c:2a:4c:
         50:4e:b9:22:c3:23:c6:33:83:24:f8:17:65:22:2f:13:bc:a4:
         55:8c:18:7b:60:59:95:77:7f:3a:cb:e0:6a:77:92:ab:77:eb:
         55:1c:91:c7:3d:a6:92:3b:fb:25:06:04:b1:c1:2b:a0:fb:66:
         1f:e7:a1:8c:b0:49:38:d1:03:4b:62:2f:df:9c:1d:61:53:91:
         7a:62:90:d2:00:7a:c5:b3:60:be:42:63:e6:e0:16:41:16:6e:
         db:45:41:7f:26:7a:13:a3:af:da:61:9c:3c:9c:7f:19:02:27:
         ab:5f:8c:55:65:a6:6b:80:31:be:d3:1b:5e:18:47:35:dc:67:
         1a:27:e6:51:01:2f:01:49:f5:c7:eb:d1:91:da:cb:9f:f7:3b:
         aa:b9:60:69:9e:30:14:03:d1:26:fa:fd:90:53:49:15:34:8d:
         a7:91:b5:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYld+zWfglGJtsX1klA3Ka/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE2MDkxNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzM5Zjk3NzA0YjAwOTdjZjk3ZDQ2NjVjNzhlYmUyODEzMTM1ZjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkR2WeltsKpGu5alC51AAIYtQAVTT
4EHtHt6JPcV3lJjZZy+tANtoK102nEOCtVq5ul8BwA6vKxQbi8OtSouNvMWSzZml
3El75ASQNRqqVYcRx0704WDWlvIfxr2dN1gkCYyAFV9N3Jg3LNFhxoY4wqWljJmp
sXJDkNbPyCHqpZrhXcYRqonoUF3A/oBmRoCDak4lsCZRGhH3CeYw6ZwSzwXLjt5T
0oduEGc8FTv8D3KAhpV/vUpjgF4fciejarMnMzUsVou7NkHhUuPp0R6++OdGINT6
3VOqOu7lf/AIkDYJxyf/L76X4sqHUHCra/MCi1cnx13ovDsmk9tj/P0TEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAw5+XcEsAl8+X1GZceOvigTE1+eMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRERuNWR3U3dDWHo1ZlVabHg0Ni1LQk1UWDU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACDrFqXyCh9asrK91+ay
zEtbCNCz4Sxoq/M/oZbRqhTtKR6W54BJfM1xPFJ3fJLmUtDzmOYZzssK1P3k2Oy6
B+exYRyw0zihw0TZTkoDD2ECi1zeOoljbDwqTFBOuSLDI8YzgyT4F2UiLxO8pFWM
GHtgWZV3fzrL4Gp3kqt361Uckcc9ppI7+yUGBLHBK6D7Zh/noYywSTjRA0tiL9+c
HWFTkXpikNIAesWzYL5CY+bgFkEWbttFQX8mehOjr9phnDycfxkCJ6tfjFVlpmuA
Mb7TG14YRzXcZxon5lEBLwFJ9cfr0ZHay5/3O6q5YGmeMBQD0Sb6/ZBTSRU0jaeR
tbc=
-----END CERTIFICATE-----