Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QFO1pTEaUw1eX94S3rJy4MZ_Dss.roa
File:                     QFO1pTEaUw1eX94S3rJy4MZ_Dss.roa (raw, json)
Hash identifier:          832EOxGbRuE8/zli9sPhRYTCCvSrKJfZ6eFGThc76u8=
Subject key identifier:   40:53:B5:A5:31:1A:53:0D:5E:5F:DE:12:DE:B2:72:E0:C6:7F:0E:CB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01888EAE10C523B925582446893674877955
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QFO1pTEaUw1eX94S3rJy4MZ_Dss.roa
Signing time:             Tue 06 Jun 2023 03:09:12 +0000
ROA not before:           Tue 06 Jun 2023 03:09:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:8e:ae:10:c5:23:b9:25:58:24:46:89:36:74:87:79:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  6 03:09:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4053b5a5311a530d5e5fde12deb272e0c67f0ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:34:d5:2c:4d:b1:b2:87:de:d5:86:e8:b6:9a:
                    d0:c6:1e:f7:22:5f:31:cd:f8:3b:be:98:28:25:af:
                    0f:3e:81:8d:ec:92:4d:58:7d:ec:e4:9c:eb:7a:9e:
                    c8:49:a7:19:6c:65:09:55:38:c9:36:bc:05:29:1c:
                    0d:91:18:86:af:1e:aa:d8:6a:4c:20:57:57:f2:c2:
                    5a:9f:76:6b:11:99:63:38:ec:f6:5f:af:e3:22:7b:
                    0a:06:ec:4e:d7:cd:c3:fc:e4:f4:4e:96:1b:14:3d:
                    89:33:03:4b:1f:c4:5e:9e:1b:07:c8:0d:1d:0f:9e:
                    03:0a:8c:98:ac:8c:07:5e:6c:eb:1b:d3:42:f9:6e:
                    98:53:a6:54:b7:12:ca:e4:5d:05:d3:9e:0b:86:21:
                    68:99:25:ca:4e:9f:ce:ad:bb:07:ce:c6:aa:82:80:
                    fb:d1:5d:cc:f7:40:8c:09:73:21:c4:00:d3:65:76:
                    d9:fa:b6:7e:5e:ed:15:f5:c9:53:26:dd:20:7b:81:
                    ec:78:5c:c6:2e:71:0b:dc:10:69:64:61:45:3d:77:
                    f1:1b:61:e8:77:c9:a4:09:9e:bc:3b:91:2f:33:6c:
                    8a:5f:40:a0:70:02:ca:8d:b8:8c:91:52:a6:87:10:
                    8d:7a:2d:90:df:6e:d8:5b:0c:5d:a9:68:ec:26:51:
                    6e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:53:B5:A5:31:1A:53:0D:5E:5F:DE:12:DE:B2:72:E0:C6:7F:0E:CB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QFO1pTEaUw1eX94S3rJy4MZ_Dss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:88:ba:88:7e:0c:9a:06:9e:f5:3d:ec:c9:01:0b:58:0f:d7:
         d9:fe:a9:c3:3e:bc:f1:2e:46:f8:92:1e:ed:79:a2:85:44:60:
         93:4b:70:29:c6:4e:0a:03:f5:f9:8a:95:41:e5:ac:e0:f1:b1:
         0f:23:3d:e1:04:4e:21:ad:f4:98:1c:31:c1:e0:6d:3a:cd:47:
         75:3f:f8:93:c0:9b:46:fa:26:61:e7:b2:29:94:d3:aa:76:dc:
         34:bd:5e:c8:09:bc:fc:54:1a:0d:59:26:fe:9b:dc:be:32:40:
         e0:b2:b7:9d:2c:a9:a2:8d:cb:92:28:3d:1a:46:ab:62:66:3a:
         e7:bf:ae:f6:b4:fb:32:03:da:58:9f:b1:5d:19:e9:85:8a:04:
         fb:81:fb:a0:cd:16:a1:98:60:20:5e:b0:84:92:33:04:51:53:
         7a:4f:98:65:1d:68:9a:b6:f2:27:58:68:0d:fb:5d:16:5f:9c:
         7d:ec:0c:aa:59:b4:95:2d:72:92:35:b4:6e:8d:d3:05:a0:02:
         d0:52:3d:73:92:dd:83:30:c2:05:52:5a:9c:b8:68:e6:bd:b9:
         83:ff:3f:39:e4:a0:7f:4c:68:3a:c1:64:de:5a:fd:bc:11:36:
         ee:94:c3:b5:7e:67:8a:3f:09:a4:a0:6b:28:ee:9d:71:5a:3d:
         df:0a:5a:48
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiOrhDFI7klWCRGiTZ0h3lVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjA2MDMwOTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDUzYjVhNTMxMWE1MzBkNWU1ZmRlMTJkZWIyNzJlMGM2N2YwZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzTVLE2xsofe1YbotprQxh73Il8x
zfg7vpgoJa8PPoGN7JJNWH3s5Jzrep7ISacZbGUJVTjJNrwFKRwNkRiGrx6q2GpM
IFdX8sJan3ZrEZljOOz2X6/jInsKBuxO183D/OT0TpYbFD2JMwNLH8RenhsHyA0d
D54DCoyYrIwHXmzrG9NC+W6YU6ZUtxLK5F0F054LhiFomSXKTp/OrbsHzsaqgoD7
0V3M90CMCXMhxADTZXbZ+rZ+Xu0V9clTJt0ge4HseFzGLnEL3BBpZGFFPXfxG2Ho
d8mkCZ68O5EvM2yKX0CgcALKjbiMkVKmhxCNei2Q327YWwxdqWjsJlFuFQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEBTtaUxGlMNXl/eEt6ycuDGfw7LMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUUZPMXBURWFVdzFlWDk0UzNySnk0TVpfRHNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGeIuoh+DJoGnvU97MkB
C1gP19n+qcM+vPEuRviSHu15ooVEYJNLcCnGTgoD9fmKlUHlrODxsQ8jPeEETiGt
9JgcMcHgbTrNR3U/+JPAm0b6JmHnsimU06p23DS9XsgJvPxUGg1ZJv6b3L4yQOCy
t50sqaKNy5IoPRpGq2JmOue/rva0+zID2lifsV0Z6YWKBPuB+6DNFqGYYCBesISS
MwRRU3pPmGUdaJq28idYaA37XRZfnH3sDKpZtJUtcpI1tG6N0wWgAtBSPXOS3YMw
wgVSWpy4aOa9uYP/PznkoH9MaDrBZN5a/bwRNu6Uw7V+Z4o/CaSgayjunXFaPd8K
Wkg=
-----END CERTIFICATE-----