Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MVJcYppv2cWseLwnegvjEMqVGn8.roa
File:                     MVJcYppv2cWseLwnegvjEMqVGn8.roa (raw, json)
Hash identifier:          G2B2ZxdqrxWHxvjvLfozeiLlafBnFRheOeaL3SEPe/4=
Subject key identifier:   31:52:5C:62:9A:6F:D9:C5:AC:78:BC:27:7A:0B:E3:10:CA:95:1A:7F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873A98A2F837CE129E37A95E605724AFAE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MVJcYppv2cWseLwnegvjEMqVGn8.roa
Signing time:             Sat 01 Apr 2023 02:14:54 +0000
ROA not before:           Sat 01 Apr 2023 02:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3a:98:a2:f8:37:ce:12:9e:37:a9:5e:60:57:24:af:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  1 02:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=31525c629a6fd9c5ac78bc277a0be310ca951a7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5f:d8:d1:c0:12:77:91:8c:76:c5:bc:af:e7:
                    c9:f7:55:af:0c:6f:48:56:7c:4a:67:3d:7d:19:2f:
                    bb:30:1b:b4:49:6c:74:b8:12:f6:5b:de:fb:4a:4c:
                    0d:1b:84:3b:81:76:72:d6:7e:4a:11:51:26:92:05:
                    f5:bc:18:e0:57:83:f3:dc:92:7f:33:68:d3:a0:e8:
                    d4:d8:70:af:b1:4c:17:2e:43:0b:56:27:0b:8b:66:
                    55:08:81:0a:83:d4:c6:fd:89:da:07:58:ae:e2:1c:
                    79:7b:22:fe:cd:86:62:6f:fa:f3:bf:35:02:9c:91:
                    8f:9e:7f:f9:8f:2b:95:18:23:e0:39:43:3f:9d:00:
                    d3:66:99:56:bd:5e:fd:94:a6:ed:d0:66:98:26:f4:
                    57:dc:38:82:9f:6c:3a:e6:bc:e0:24:e4:05:0c:54:
                    d6:ed:40:52:3d:9b:7d:89:e9:91:29:e6:83:9a:b3:
                    f7:cc:1b:a8:45:29:8d:69:1b:d8:ef:05:ff:ce:f4:
                    65:b0:d6:df:f7:87:49:fb:ea:e2:68:ae:a1:e3:73:
                    62:7e:9d:a7:5e:92:57:6f:72:27:65:96:db:2d:67:
                    90:40:75:c2:52:1a:73:f2:cc:2e:85:e6:59:05:31:
                    31:61:db:dc:cb:87:63:68:37:93:2e:a7:25:5b:c4:
                    2a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:52:5C:62:9A:6F:D9:C5:AC:78:BC:27:7A:0B:E3:10:CA:95:1A:7F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/MVJcYppv2cWseLwnegvjEMqVGn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:4c:fd:7b:79:23:f3:e4:ee:ac:4d:bc:5a:46:fe:bd:7b:ea:
         78:7f:d6:e4:e3:a7:fd:fc:37:4b:55:5d:7d:84:01:00:19:da:
         0e:8a:e6:94:72:41:83:e8:5a:2c:f3:cc:0f:f2:75:bd:27:2b:
         97:57:79:78:de:b3:9d:90:65:c7:1a:4c:a2:cb:d5:b9:eb:fa:
         4e:4c:6c:9a:6c:6a:d8:f3:76:ce:39:5c:92:ea:dc:e0:6d:b8:
         b6:fb:ba:50:c1:ff:30:90:28:a5:0d:6a:e9:26:34:67:50:9b:
         a7:e8:c5:1f:33:c6:ff:a7:a9:17:b8:90:3d:95:2e:c9:de:d1:
         53:7d:2b:ce:56:8f:1c:5e:58:62:9c:44:67:aa:ce:6d:d1:a3:
         f2:b2:7b:3d:48:8d:50:be:6a:04:79:da:3e:19:69:6d:f9:e7:
         97:63:04:f1:5b:fb:bc:70:8b:d5:2c:12:37:8d:13:24:fa:ea:
         03:e4:f5:34:f4:f5:aa:7d:52:5c:15:86:bb:69:8e:df:6a:31:
         be:65:3a:64:9c:c6:22:f1:33:41:06:15:fe:68:2c:08:92:c8:
         7e:60:50:58:21:a1:7d:de:23:09:68:e2:9b:89:7c:ff:28:cb:
         9a:49:8a:6b:16:72:1e:0d:04:6d:01:f7:17:3b:cc:3b:4e:5e:
         a7:4c:59:50
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc6mKL4N84SnjepXmBXJK+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAxMDIxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTUyNWM2MjlhNmZkOWM1YWM3OGJjMjc3YTBiZTMxMGNhOTUxYTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzl/Y0cASd5GMdsW8r+fJ91WvDG9I
VnxKZz19GS+7MBu0SWx0uBL2W977SkwNG4Q7gXZy1n5KEVEmkgX1vBjgV4Pz3JJ/
M2jToOjU2HCvsUwXLkMLVicLi2ZVCIEKg9TG/YnaB1iu4hx5eyL+zYZib/rzvzUC
nJGPnn/5jyuVGCPgOUM/nQDTZplWvV79lKbt0GaYJvRX3DiCn2w65rzgJOQFDFTW
7UBSPZt9iemRKeaDmrP3zBuoRSmNaRvY7wX/zvRlsNbf94dJ++riaK6h43Nifp2n
XpJXb3InZZbbLWeQQHXCUhpz8swuheZZBTExYdvcy4djaDeTLqclW8QqXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDFSXGKab9nFrHi8J3oL4xDKlRp/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTVZKY1lwcHYyY1dzZUx3bmVndmpFTXFWR244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHtM/Xt5I/Pk7qxNvFpG
/r176nh/1uTjp/38N0tVXX2EAQAZ2g6K5pRyQYPoWizzzA/ydb0nK5dXeXjes52Q
ZccaTKLL1bnr+k5MbJpsatjzds45XJLq3OBtuLb7ulDB/zCQKKUNaukmNGdQm6fo
xR8zxv+nqRe4kD2VLsne0VN9K85WjxxeWGKcRGeqzm3Ro/Kyez1IjVC+agR52j4Z
aW3555djBPFb+7xwi9UsEjeNEyT66gPk9TT09ap9UlwVhrtpjt9qMb5lOmScxiLx
M0EGFf5oLAiSyH5gUFghoX3eIwlo4puJfP8oy5pJimsWch4NBG0B9xc7zDtOXqdM
WVA=
-----END CERTIFICATE-----