Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TAP7csJ68HSQgHPJcJ5st3KZ5z8.roa
File:                     TAP7csJ68HSQgHPJcJ5st3KZ5z8.roa (raw, json)
Hash identifier:          XPVBE9YaXN6LyCYBV5dXeBgQytJjqyKVwHvmMzYyne4=
Subject key identifier:   4C:03:FB:72:C2:7A:F0:74:90:80:73:C9:70:9E:6C:B7:72:99:E7:3F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018721117CFD0E10065B6C54FBDF1E7346AB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TAP7csJ68HSQgHPJcJ5st3KZ5z8.roa
Signing time:             Mon 27 Mar 2023 03:16:46 +0000
ROA not before:           Mon 27 Mar 2023 03:16:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:21:11:7c:fd:0e:10:06:5b:6c:54:fb:df:1e:73:46:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 27 03:16:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c03fb72c27af074908073c9709e6cb77299e73f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:52:e0:fb:31:0d:ce:2e:3c:20:96:59:3a:8c:
                    e9:21:89:2c:34:ea:c7:9e:b6:8f:4c:1a:87:f5:92:
                    56:1d:0c:7c:3a:1b:96:0d:39:dc:89:c4:14:4b:2f:
                    e3:5a:0c:be:03:95:30:73:03:12:4a:d5:15:b9:45:
                    aa:3d:93:69:1e:44:02:54:9d:d2:a0:28:35:47:74:
                    87:01:6d:d7:87:5c:9f:24:c7:ef:d1:b8:d8:5e:5f:
                    f0:ce:1e:b7:2b:f3:a1:28:06:3a:76:46:57:f4:84:
                    71:5b:ef:d4:1c:56:c9:3f:49:61:c1:9a:85:43:dd:
                    6d:28:6c:a6:cd:01:ba:59:3c:60:97:06:63:a3:8e:
                    dd:74:c5:db:2c:bb:04:7a:a2:f6:8c:d2:68:cf:15:
                    bc:96:83:0b:f7:93:10:af:1c:9c:96:9c:a5:c0:17:
                    a4:33:e4:e3:08:23:f0:55:11:6d:bd:6b:fa:d5:42:
                    cc:4b:3d:60:6f:d2:fc:5c:a2:a5:d0:21:df:82:50:
                    cd:52:e3:bd:c8:39:d7:79:13:69:f2:2a:95:36:5c:
                    9f:38:34:75:87:52:aa:aa:de:0c:e9:87:d8:3b:be:
                    57:92:c2:42:e6:6a:cb:9f:f4:69:05:8d:34:e2:c0:
                    a2:07:08:24:80:07:de:cd:7c:27:72:38:77:b2:07:
                    6f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:03:FB:72:C2:7A:F0:74:90:80:73:C9:70:9E:6C:B7:72:99:E7:3F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TAP7csJ68HSQgHPJcJ5st3KZ5z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:cc:f8:72:9b:8f:78:c4:52:27:bd:bd:03:3c:0d:58:8f:63:
         b5:07:ba:37:de:99:32:6a:39:12:68:48:b4:da:c1:0a:41:59:
         fb:eb:a7:9b:41:bb:f0:ea:6a:d0:28:10:48:4c:30:b1:5a:cb:
         ba:cf:09:80:74:00:0d:8f:fc:eb:5a:cc:85:84:e3:b4:45:d6:
         2e:d8:b9:56:60:96:f3:73:1d:0b:f3:23:fa:fa:c0:ac:55:08:
         b7:d3:dd:d3:ac:87:5e:5f:8d:5e:89:08:78:a6:41:28:a0:f2:
         d8:d5:5d:fd:a1:12:4e:a9:a5:f4:80:56:4a:1d:f7:6a:f5:c1:
         8a:e6:1a:3f:6d:8f:e0:b0:8c:82:6b:c7:89:e2:ed:b6:ac:42:
         bd:d0:2d:de:c6:e6:41:ff:dd:10:7c:53:37:7e:07:be:2d:c5:
         fa:32:d1:11:d7:7b:0c:dc:e8:6f:1f:31:74:9f:95:24:b5:87:
         22:44:9d:75:70:e4:80:e8:a2:ae:5b:3b:91:0c:8b:36:97:10:
         5f:82:a7:26:e8:ea:aa:e6:ef:87:b0:63:9a:d3:48:4a:3b:af:
         0f:a2:14:a9:98:36:f9:7b:70:91:2f:96:2a:a5:e2:2c:0e:b6:
         c8:bf:00:12:76:62:39:94:ee:8a:f1:d2:63:71:b5:c4:58:ea:
         3d:7f:47:d6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYchEXz9DhAGW2xU+98ec0arMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI3MDMxNjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzAzZmI3MmMyN2FmMDc0OTA4MDczYzk3MDllNmNiNzcyOTllNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFLg+zENzi48IJZZOozpIYksNOrH
nraPTBqH9ZJWHQx8OhuWDTncicQUSy/jWgy+A5UwcwMSStUVuUWqPZNpHkQCVJ3S
oCg1R3SHAW3Xh1yfJMfv0bjYXl/wzh63K/OhKAY6dkZX9IRxW+/UHFbJP0lhwZqF
Q91tKGymzQG6WTxglwZjo47ddMXbLLsEeqL2jNJozxW8loML95MQrxyclpylwBek
M+TjCCPwVRFtvWv61ULMSz1gb9L8XKKl0CHfglDNUuO9yDnXeRNp8iqVNlyfODR1
h1Kqqt4M6YfYO75XksJC5mrLn/RpBY004sCiBwgkgAfezXwncjh3sgdvnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEwD+3LCevB0kIBzyXCebLdymec/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVEFQN2NzSjY4SFNRZ0hQSmNKNXN0M0taNXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAErM+HKbj3jEUie9vQM8
DViPY7UHujfemTJqORJoSLTawQpBWfvrp5tBu/DqatAoEEhMMLFay7rPCYB0AA2P
/OtazIWE47RF1i7YuVZglvNzHQvzI/r6wKxVCLfT3dOsh15fjV6JCHimQSig8tjV
Xf2hEk6ppfSAVkod92r1wYrmGj9tj+CwjIJrx4ni7basQr3QLd7G5kH/3RB8Uzd+
B74txfoy0RHXewzc6G8fMXSflSS1hyJEnXVw5IDooq5bO5EMizaXEF+Cpybo6qrm
74ewY5rTSEo7rw+iFKmYNvl7cJEvliql4iwOtsi/ABJ2YjmU7orx0mNxtcRY6j1/
R9Y=
-----END CERTIFICATE-----