Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/H3I19dQY7tA0yLK-KmOG-bKh52w.roa
File:                     H3I19dQY7tA0yLK-KmOG-bKh52w.roa (raw, json)
Hash identifier:          gGj5gcObKPQneh/J/+CeHLr8HKUtDXohWm6HZVuyfwY=
Subject key identifier:   1F:72:35:F5:D4:18:EE:D0:34:C8:B2:BE:2A:63:86:F9:B2:A1:E7:6C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01894024F5E4F9E2FFA1BA2FE301E7C27154
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/H3I19dQY7tA0yLK-KmOG-bKh52w.roa
Signing time:             Mon 10 Jul 2023 14:11:51 +0000
ROA not before:           Mon 10 Jul 2023 14:11:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:40:24:f5:e4:f9:e2:ff:a1:ba:2f:e3:01:e7:c2:71:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 10 14:11:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1f7235f5d418eed034c8b2be2a6386f9b2a1e76c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a0:d0:6c:7b:ad:78:c1:95:52:2d:c0:75:af:
                    cd:69:8d:db:f4:56:fa:92:4f:f6:b1:6b:44:66:59:
                    a9:85:bc:21:5d:b5:13:c5:36:90:97:b8:83:43:a2:
                    0a:bc:42:62:7e:88:60:6c:e0:f2:7f:48:55:4e:a0:
                    30:fb:8e:43:04:fe:bd:20:83:01:43:21:db:2e:2c:
                    c5:72:3b:59:6b:1d:81:eb:40:c2:3f:f7:fe:66:a5:
                    e4:16:c2:b9:d4:e0:40:ba:e9:61:bb:9a:4f:aa:e5:
                    20:c2:32:bc:b8:90:df:1c:62:6a:fa:8f:ab:25:32:
                    b7:8d:97:d9:9d:63:4a:c2:c3:ed:0d:bd:4a:25:52:
                    78:74:23:f9:05:d5:56:05:d3:93:5d:b0:fa:5a:e3:
                    04:6d:0a:6a:46:6c:5e:d9:de:9f:10:00:43:ad:f3:
                    d8:34:01:45:39:c9:ee:3c:35:70:96:0e:19:97:2b:
                    e5:5a:4d:27:16:44:90:8e:e2:6f:a2:0f:8d:1b:97:
                    aa:a2:23:52:ab:a2:8a:4c:c9:bf:8e:cb:7c:c4:ae:
                    15:43:35:10:d8:59:0e:0d:65:9f:d0:df:bd:34:f6:
                    31:3c:0d:db:ba:1f:67:c5:5c:03:8e:a1:97:0d:98:
                    ef:4e:e4:0e:18:a1:8d:5c:0e:60:cd:01:8b:9b:8d:
                    e3:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:72:35:F5:D4:18:EE:D0:34:C8:B2:BE:2A:63:86:F9:B2:A1:E7:6C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/H3I19dQY7tA0yLK-KmOG-bKh52w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:76:f5:18:bc:20:47:3b:89:6b:b0:76:0d:e7:85:56:7c:67:
         38:9a:b6:15:cb:60:39:5c:66:b5:f4:aa:ab:95:46:aa:72:59:
         72:b1:ac:c1:d0:69:44:cc:b5:54:51:d8:ba:81:08:f0:a1:ce:
         26:75:c0:d9:49:2b:a1:b0:f8:6d:c6:fc:01:62:20:2a:3d:30:
         f1:6f:4f:b7:76:80:62:36:a3:e0:e7:54:0a:34:bf:69:58:bc:
         78:f1:07:fb:a1:2b:42:61:fe:88:e7:9a:11:cd:b9:97:03:bc:
         ff:51:94:fa:96:b8:0c:6a:f3:34:4c:db:61:0c:51:bd:31:c9:
         77:0a:df:59:e2:a3:0b:dc:d7:78:03:43:88:1f:6c:48:0a:a5:
         24:4e:cc:d4:97:48:73:2b:3c:17:5b:75:4e:0b:af:f1:3c:84:
         ae:76:43:cd:73:d3:af:37:58:a9:96:cc:8f:51:74:e2:5e:2c:
         27:5d:d7:28:01:9a:3f:a5:08:04:a3:72:98:93:dc:a5:6d:30:
         36:b2:7f:b5:76:cc:fe:33:98:b4:ce:6d:ee:4d:d5:83:e7:1f:
         df:85:79:70:28:d3:b7:c0:70:49:44:43:60:01:c9:d3:65:e9:
         1b:df:3b:54:7f:d2:8b:92:96:5d:58:02:35:21:95:92:80:8f:
         fa:57:e7:8a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlAJPXk+eL/obov4wHnwnFUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzEwMTQxMTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjcyMzVmNWQ0MThlZWQwMzRjOGIyYmUyYTYzODZmOWIyYTFlNzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6DQbHuteMGVUi3Ada/NaY3b9Fb6
kk/2sWtEZlmphbwhXbUTxTaQl7iDQ6IKvEJifohgbODyf0hVTqAw+45DBP69IIMB
QyHbLizFcjtZax2B60DCP/f+ZqXkFsK51OBAuulhu5pPquUgwjK8uJDfHGJq+o+r
JTK3jZfZnWNKwsPtDb1KJVJ4dCP5BdVWBdOTXbD6WuMEbQpqRmxe2d6fEABDrfPY
NAFFOcnuPDVwlg4ZlyvlWk0nFkSQjuJvog+NG5eqoiNSq6KKTMm/jst8xK4VQzUQ
2FkODWWf0N+9NPYxPA3buh9nxVwDjqGXDZjvTuQOGKGNXA5gzQGLm43jKwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB9yNfXUGO7QNMiyvipjhvmyoedsMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSDNJMTlkUVk3dEEweUxLLUttT0ctYktoNTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKZ29Ri8IEc7iWuwdg3n
hVZ8ZziathXLYDlcZrX0qquVRqpyWXKxrMHQaUTMtVRR2LqBCPChziZ1wNlJK6Gw
+G3G/AFiICo9MPFvT7d2gGI2o+DnVAo0v2lYvHjxB/uhK0Jh/ojnmhHNuZcDvP9R
lPqWuAxq8zRM22EMUb0xyXcK31niowvc13gDQ4gfbEgKpSROzNSXSHMrPBdbdU4L
r/E8hK52Q81z0683WKmWzI9RdOJeLCdd1ygBmj+lCASjcpiT3KVtMDayf7V2zP4z
mLTObe5N1YPnH9+FeXAo07fAcElEQ2ABydNl6RvfO1R/0ouSll1YAjUhlZKAj/pX
54o=
-----END CERTIFICATE-----