Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KVr5YLVKXN-JizTBWpjoQ5cknp0.roa
File:                     KVr5YLVKXN-JizTBWpjoQ5cknp0.roa (raw, json)
Hash identifier:          ux6by2SkQb+Mybjy+oKpA5QR4UDHyuZ5QlLpBhSHp6A=
Subject key identifier:   29:5A:F9:60:B5:4A:5C:DF:89:8B:34:C1:5A:98:E8:43:97:24:9E:9D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01876E497C26191E4BAB87E4F76A2E2F7BD6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KVr5YLVKXN-JizTBWpjoQ5cknp0.roa
Signing time:             Tue 11 Apr 2023 03:08:42 +0000
ROA not before:           Tue 11 Apr 2023 03:08:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:6e48:ceb9/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6e:49:7c:26:19:1e:4b:ab:87:e4:f7:6a:2e:2f:7b:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 11 03:08:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=295af960b54a5cdf898b34c15a98e84397249e9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:4f:76:ac:5a:58:c0:37:56:05:6b:d0:62:8c:
                    87:95:86:16:56:ed:82:3d:6c:55:08:8b:f4:77:18:
                    a4:82:80:c3:0a:41:ae:99:a3:7d:5d:5d:4b:e6:b9:
                    d4:1b:ff:2d:68:fb:cc:8c:7c:35:2a:ba:11:a7:e1:
                    a4:6b:bc:20:21:c8:12:81:fd:6f:f8:29:22:80:e3:
                    20:ea:b0:84:1d:1b:dc:14:a4:ff:21:c9:93:f1:3e:
                    72:70:ff:60:51:bd:c3:90:2f:d6:7e:90:ce:3f:87:
                    d7:a2:85:16:28:7a:af:f6:e1:4c:10:f2:d2:08:4a:
                    e6:16:6d:d9:50:bd:74:52:4d:c3:91:eb:f3:b8:af:
                    ad:dd:f9:3d:28:d7:ee:0f:ae:06:22:0d:9c:df:50:
                    ba:fe:85:7a:3d:e3:d9:d6:02:2a:92:21:4c:58:87:
                    91:56:e9:81:be:dd:ac:8c:7e:44:17:4b:f8:36:00:
                    8d:c4:0d:ee:ea:de:9c:36:22:d6:29:78:61:85:98:
                    40:a7:98:46:c2:e5:4a:d6:a5:a9:74:26:e7:36:58:
                    a2:4e:01:69:bf:49:6f:d9:b3:e9:de:fd:e2:1f:4b:
                    d7:3a:8d:75:f5:3e:0c:25:f3:1d:cc:ae:50:48:5a:
                    ef:a9:90:56:25:27:cb:13:fe:79:c1:4f:3b:ac:34:
                    98:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:5A:F9:60:B5:4A:5C:DF:89:8B:34:C1:5A:98:E8:43:97:24:9E:9D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/KVr5YLVKXN-JizTBWpjoQ5cknp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:1c:41:ae:e7:a9:5d:26:d3:f4:72:3d:f4:3a:bb:a5:87:17:
         77:c1:c8:a2:5f:65:26:17:a4:cc:15:e4:aa:c4:51:16:0f:8a:
         f2:90:7e:dc:05:56:63:e4:4f:63:53:cb:86:59:b9:47:0b:25:
         8d:29:2c:50:18:06:6f:a5:f2:fd:5b:8e:06:0f:4e:0a:5c:c1:
         76:df:6d:fa:c0:dd:4d:f6:25:92:b2:d1:13:cd:90:28:53:58:
         27:5c:ac:17:06:6e:a6:fb:5a:c7:24:ec:5a:d6:3a:15:04:98:
         f3:df:e4:96:45:e8:5d:81:11:1e:4d:80:00:57:6c:3e:ec:3e:
         cf:01:ec:5f:b2:27:7c:5d:38:f8:c3:6d:1e:43:8c:92:6c:4c:
         8d:82:b1:f5:1c:6a:f1:1e:2c:fb:05:2b:e2:db:3a:cf:a8:0a:
         12:f9:a4:c9:f5:c4:54:63:ac:78:28:c4:e4:39:5d:34:92:6b:
         68:06:6e:f8:f5:04:1e:05:d6:3b:b3:c7:5e:fd:5a:4b:17:89:
         58:63:37:b3:7b:01:1d:89:92:7b:6e:34:c4:7c:06:66:37:02:
         8b:74:25:0e:2d:34:5e:c7:1c:96:a2:69:28:80:af:2d:a3:55:
         c0:7a:b2:68:07:5a:14:3b:18:ee:7b:f5:28:8d:5f:39:fb:69:
         e7:10:37:32
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYduSXwmGR5Lq4fk92ouL3vWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDExMDMwODQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTVhZjk2MGI1NGE1Y2RmODk4YjM0YzE1YTk4ZTg0Mzk3MjQ5ZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyk92rFpYwDdWBWvQYoyHlYYWVu2C
PWxVCIv0dxikgoDDCkGumaN9XV1L5rnUG/8taPvMjHw1KroRp+Gka7wgIcgSgf1v
+CkigOMg6rCEHRvcFKT/IcmT8T5ycP9gUb3DkC/WfpDOP4fXooUWKHqv9uFMEPLS
CErmFm3ZUL10Uk3DkevzuK+t3fk9KNfuD64GIg2c31C6/oV6PePZ1gIqkiFMWIeR
VumBvt2sjH5EF0v4NgCNxA3u6t6cNiLWKXhhhZhAp5hGwuVK1qWpdCbnNliiTgFp
v0lv2bPp3v3iH0vXOo119T4MJfMdzK5QSFrvqZBWJSfLE/55wU87rDSYcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCla+WC1SlzfiYs0wVqY6EOXJJ6dMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS1ZyNVlMVktYTi1KaXpUQldwam9RNWNrbnAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC0cQa7nqV0m0/RyPfQ6
u6WHF3fByKJfZSYXpMwV5KrEURYPivKQftwFVmPkT2NTy4ZZuUcLJY0pLFAYBm+l
8v1bjgYPTgpcwXbfbfrA3U32JZKy0RPNkChTWCdcrBcGbqb7Wsck7FrWOhUEmPPf
5JZF6F2BER5NgABXbD7sPs8B7F+yJ3xdOPjDbR5DjJJsTI2CsfUcavEeLPsFK+Lb
Os+oChL5pMn1xFRjrHgoxOQ5XTSSa2gGbvj1BB4F1juzx179WksXiVhjN7N7AR2J
kntuNMR8BmY3Aot0JQ4tNF7HHJaiaSiAry2jVcB6smgHWhQ7GO579SiNXzn7aecQ
NzI=
-----END CERTIFICATE-----