Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QmUt1r_Mz94fPrSDBnwUzkvpgAU.roa
File:                     QmUt1r_Mz94fPrSDBnwUzkvpgAU.roa (raw, json)
Hash identifier:          UF+nPy4yyInQ0W0OMV0vtwGl52oxb+GVNlf13UemQ1A=
Subject key identifier:   42:65:2D:D6:BF:CC:CF:DE:1F:3E:B4:83:06:7C:14:CE:4B:E9:80:05
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187330CE146DA4DE8075D3207904708C3AE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QmUt1r_Mz94fPrSDBnwUzkvpgAU.roa
Signing time:             Thu 30 Mar 2023 15:04:54 +0000
ROA not before:           Thu 30 Mar 2023 15:04:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:330c:2ad5/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:33:0c:e1:46:da:4d:e8:07:5d:32:07:90:47:08:c3:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 30 15:04:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=42652dd6bfcccfde1f3eb483067c14ce4be98005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:6b:91:a6:76:9d:90:fc:cc:69:a9:ef:5b:29:
                    ab:c5:a9:85:c4:40:41:89:d8:ca:1c:0c:dc:dc:6d:
                    52:a3:13:c0:e5:eb:3b:8f:f6:5b:78:98:1d:10:27:
                    f4:5b:b4:32:61:0d:2c:19:5e:3b:6d:61:bd:2a:79:
                    22:fc:d1:3d:cc:ab:1c:17:3a:b8:d9:9d:9d:92:9a:
                    63:cf:d4:ee:52:39:51:ae:46:f9:a8:de:32:c4:bd:
                    cc:4e:bd:53:49:76:11:0e:f9:f1:d2:16:3c:29:02:
                    5b:07:d7:1e:0a:19:99:7d:f5:6d:af:44:00:36:ad:
                    3d:1b:32:29:33:9e:18:b5:1e:fe:45:0e:c1:12:ef:
                    02:22:6b:ba:f8:72:d9:32:7a:18:5b:44:10:3a:5b:
                    5b:13:e2:8d:df:56:13:65:86:b3:0d:3e:b4:62:d2:
                    b5:b3:79:91:e1:92:cb:4e:f8:34:c8:66:08:d6:15:
                    91:87:ee:d3:63:70:6b:de:10:f5:06:6d:b5:60:8e:
                    26:e8:5b:5c:05:cf:e3:67:21:51:13:a4:97:38:14:
                    fc:c0:2c:fc:02:2c:85:56:a7:74:34:57:ba:69:82:
                    77:79:5f:1b:06:b6:16:7c:3e:85:bd:a9:b3:63:c1:
                    95:d8:70:f3:8d:80:69:8f:9f:47:82:de:97:a7:b2:
                    95:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:65:2D:D6:BF:CC:CF:DE:1F:3E:B4:83:06:7C:14:CE:4B:E9:80:05
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QmUt1r_Mz94fPrSDBnwUzkvpgAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:57:32:e2:29:e7:1f:23:b6:08:48:e2:bc:7e:63:13:60:e1:
         f2:85:43:fa:16:16:93:fb:95:f9:e8:98:2b:38:23:04:b9:de:
         cf:db:ba:f8:50:47:fe:ab:da:0b:95:ef:dd:2c:58:5c:d0:26:
         9f:18:48:8a:b3:0b:89:a1:bb:d7:a8:2f:c3:90:20:48:d6:aa:
         df:5d:65:f3:f7:8e:38:3c:b3:33:c7:1a:e9:cd:42:04:27:2b:
         fa:19:69:5a:93:84:bf:d9:a2:62:4d:a3:13:2d:33:d3:34:da:
         fb:40:62:bb:1c:cd:dc:84:30:8c:e0:97:ca:b1:f8:00:52:f1:
         85:69:f8:72:64:0b:23:c1:2c:49:79:a3:bc:ec:a2:06:66:3c:
         5c:f1:c9:ae:85:b4:93:ec:69:19:bb:08:6a:e0:2f:38:82:69:
         9a:64:0d:a7:60:b0:dc:9e:77:2e:51:1b:56:f2:98:df:6a:fa:
         c9:a7:0d:b4:77:1e:0f:67:05:b6:79:15:59:fb:5c:9b:42:42:
         0a:9a:ad:81:92:0c:df:04:8e:90:52:e7:f7:4c:c2:83:45:85:
         9d:31:78:47:d9:87:e6:82:18:ea:06:53:ef:db:44:38:fe:74:
         5e:a3:c0:d9:0d:e2:f0:34:f1:76:2f:08:aa:fb:8a:5d:1a:bc:
         d6:1b:75:60
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYczDOFG2k3oB10yB5BHCMOuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzMwMTUwNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjY1MmRkNmJmY2NjZmRlMWYzZWI0ODMwNjdjMTRjZTRiZTk4MDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGuRpnadkPzMaanvWymrxamFxEBB
idjKHAzc3G1SoxPA5es7j/ZbeJgdECf0W7QyYQ0sGV47bWG9Knki/NE9zKscFzq4
2Z2dkppjz9TuUjlRrkb5qN4yxL3MTr1TSXYRDvnx0hY8KQJbB9ceChmZffVtr0QA
Nq09GzIpM54YtR7+RQ7BEu8CImu6+HLZMnoYW0QQOltbE+KN31YTZYazDT60YtK1
s3mR4ZLLTvg0yGYI1hWRh+7TY3Br3hD1Bm21YI4m6FtcBc/jZyFRE6SXOBT8wCz8
AiyFVqd0NFe6aYJ3eV8bBrYWfD6FvamzY8GV2HDzjYBpj59Hgt6Xp7KVxwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEJlLda/zM/eHz60gwZ8FM5L6YAFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUW1VdDFyX016OTRmUHJTREJud1V6a3ZwZ0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEtXMuIp5x8jtghI4rx+
YxNg4fKFQ/oWFpP7lfnomCs4IwS53s/buvhQR/6r2guV790sWFzQJp8YSIqzC4mh
u9eoL8OQIEjWqt9dZfP3jjg8szPHGunNQgQnK/oZaVqThL/ZomJNoxMtM9M02vtA
YrsczdyEMIzgl8qx+ABS8YVp+HJkCyPBLEl5o7zsogZmPFzxya6FtJPsaRm7CGrg
LziCaZpkDadgsNyedy5RG1bymN9q+smnDbR3Hg9nBbZ5FVn7XJtCQgqarYGSDN8E
jpBS5/dMwoNFhZ0xeEfZh+aCGOoGU+/bRDj+dF6jwNkN4vA08XYvCKr7il0avNYb
dWA=
-----END CERTIFICATE-----