Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KOnaIpgZvAUWCZYXs89Z0xEoL_o.roa
File:                     KOnaIpgZvAUWCZYXs89Z0xEoL_o.roa (raw, json)
Hash identifier:          U8wkq8+d6lDo5hVRDVLQ1P79XI//eO6Rs474PH1sFbY=
Subject key identifier:   28:E9:DA:22:98:19:BC:05:16:09:96:17:B3:CF:59:D3:11:28:2F:FA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01896F22A06ED8443AC6D7309CBD63DAF007
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KOnaIpgZvAUWCZYXs89Z0xEoL_o.roa
Signing time:             Wed 19 Jul 2023 17:11:27 +0000
ROA not before:           Wed 19 Jul 2023 17:11:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:6f:22:a0:6e:d8:44:3a:c6:d7:30:9c:bd:63:da:f0:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jul 19 17:11:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=28e9da229819bc0516099617b3cf59d311282ffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bd:02:f5:47:ca:46:cd:50:39:91:6d:e6:92:
                    62:fa:e1:67:3c:8b:9e:f1:42:bc:58:e8:d7:5a:79:
                    95:8d:91:17:3d:5c:08:00:60:76:02:0a:9e:23:23:
                    6a:07:39:b4:88:7b:f1:a6:55:65:6d:49:ba:e8:a8:
                    71:13:dd:67:38:4e:bf:cc:94:10:62:e0:25:3e:ac:
                    79:64:05:78:cc:d1:1e:11:34:36:17:a2:18:53:69:
                    81:3f:b0:2c:fc:38:39:b6:e6:dc:3b:c5:48:0a:f9:
                    35:1d:51:48:9b:c1:d4:2e:a4:27:8b:0e:40:12:b7:
                    f4:8a:93:9b:2c:6b:1f:66:84:b7:41:54:9f:a7:31:
                    29:19:67:7e:6b:53:1f:d9:45:83:ca:fc:fa:02:11:
                    3a:42:58:48:f0:24:32:16:de:57:e5:52:b3:27:63:
                    46:8d:2e:37:53:f6:8c:8e:93:6c:04:9a:6a:24:f1:
                    65:81:92:29:05:7d:eb:6b:aa:7a:f7:c5:81:85:84:
                    01:4b:08:b0:16:2f:9d:8a:d9:0e:74:02:64:b1:cb:
                    45:8f:ea:58:d1:35:18:46:67:3e:c8:c9:a9:6c:75:
                    33:d4:76:15:10:3a:f6:fa:b7:7c:a6:af:84:2d:c2:
                    07:09:ec:16:7e:45:96:5f:9c:35:e6:f7:4c:35:2c:
                    9f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:E9:DA:22:98:19:BC:05:16:09:96:17:B3:CF:59:D3:11:28:2F:FA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KOnaIpgZvAUWCZYXs89Z0xEoL_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:3e:89:8b:a1:8f:84:73:1d:6c:99:35:81:42:51:e0:c4:2f:
         b8:d7:bf:e2:fa:d2:a7:24:1d:60:70:28:23:a6:e1:da:f5:8d:
         e5:b0:8b:73:ff:1d:6d:aa:be:c3:95:c7:44:f8:e0:e7:20:d7:
         b9:7a:2a:43:1b:e1:c4:0b:a8:62:88:51:60:a9:33:b3:ea:90:
         cf:29:94:38:cf:fd:35:5f:21:22:02:1d:76:d6:f9:c0:a0:65:
         4d:61:af:b6:b1:a2:9e:90:d3:1b:ae:11:1a:fd:7e:7d:88:42:
         d7:92:71:9b:7b:ff:6d:d0:d7:6a:53:eb:b7:6c:08:58:73:09:
         7d:1c:2f:59:b5:42:cf:69:2b:2d:c3:62:9f:01:b9:3b:52:94:
         3d:fa:af:ec:e9:11:71:d0:ff:c4:34:c4:e7:12:0c:22:a8:09:
         35:f5:9b:b2:61:ba:6b:13:50:5f:12:d9:a0:9d:7f:e8:35:34:
         77:f5:0c:00:d2:e3:5b:79:af:5c:79:54:20:0f:7a:f7:f0:8f:
         65:1c:85:0d:ea:e0:29:bf:09:9c:5b:8e:be:66:c1:ca:3f:b6:
         d3:7f:a2:14:0e:5c:b1:0b:4f:0b:7a:29:68:d5:ea:15:7a:96:
         47:82:9c:7e:23:4b:7d:5d:40:61:9e:02:05:d9:62:48:dd:22:
         82:01:0d:6a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYlvIqBu2EQ6xtcwnL1j2vAHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNzE5MTcxMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGU5ZGEyMjk4MTliYzA1MTYwOTk2MTdiM2NmNTlkMzExMjgyZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg70C9UfKRs1QOZFt5pJi+uFnPIue
8UK8WOjXWnmVjZEXPVwIAGB2AgqeIyNqBzm0iHvxplVlbUm66KhxE91nOE6/zJQQ
YuAlPqx5ZAV4zNEeETQ2F6IYU2mBP7As/Dg5tubcO8VICvk1HVFIm8HULqQniw5A
Erf0ipObLGsfZoS3QVSfpzEpGWd+a1Mf2UWDyvz6AhE6QlhI8CQyFt5X5VKzJ2NG
jS43U/aMjpNsBJpqJPFlgZIpBX3ra6p698WBhYQBSwiwFi+ditkOdAJksctFj+pY
0TUYRmc+yMmpbHUz1HYVEDr2+rd8pq+ELcIHCewWfkWWX5w15vdMNSyfRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCjp2iKYGbwFFgmWF7PPWdMRKC/6MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS09uYUlwZ1p2QVVXQ1pZWHM4OVoweEVvTF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAA8+iYuhj4RzHWyZNYFC
UeDEL7jXv+L60qckHWBwKCOm4dr1jeWwi3P/HW2qvsOVx0T44Ocg17l6KkMb4cQL
qGKIUWCpM7PqkM8plDjP/TVfISICHXbW+cCgZU1hr7axop6Q0xuuERr9fn2IQteS
cZt7/23Q12pT67dsCFhzCX0cL1m1Qs9pKy3DYp8BuTtSlD36r+zpEXHQ/8Q0xOcS
DCKoCTX1m7JhumsTUF8S2aCdf+g1NHf1DADS41t5r1x5VCAPevfwj2UchQ3q4Cm/
CZxbjr5mwco/ttN/ohQOXLELTwt6KWjV6hV6lkeCnH4jS31dQGGeAgXZYkjdIoIB
DWo=
-----END CERTIFICATE-----