Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_NwzASw7hE66UvKssGz38PAQAmQ.roa
File:                     _NwzASw7hE66UvKssGz38PAQAmQ.roa (raw, json)
Hash identifier:          Gs1ewU83oIaJXcSKB33auj4yvmvJnhY6nus6R6prLik=
Subject key identifier:   FC:DC:33:01:2C:3B:84:4E:BA:52:F2:AC:B0:6C:F7:F0:F0:10:02:64
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01883C13682AE96D33FAC6936CA062EE9532
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_NwzASw7hE66UvKssGz38PAQAmQ.roa
Signing time:             Sun 21 May 2023 02:11:24 +0000
ROA not before:           Sun 21 May 2023 02:11:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:3c:13:68:2a:e9:6d:33:fa:c6:93:6c:a0:62:ee:95:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 21 02:11:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fcdc33012c3b844eba52f2acb06cf7f0f0100264
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:97:6b:23:3c:aa:9e:b5:4b:b2:47:a7:4e:00:
                    0a:e7:01:5f:03:c6:3d:78:7b:ab:44:c9:89:67:07:
                    ef:08:11:b9:fc:23:7a:85:b6:0d:b6:87:00:ed:54:
                    66:2e:32:d8:23:01:17:00:85:75:75:35:16:7c:88:
                    2f:4b:49:d6:d9:39:94:65:77:ec:b0:c5:3a:b3:da:
                    7c:cc:fd:df:77:8b:59:58:e6:92:67:bf:de:34:33:
                    ec:96:30:a1:a2:87:55:30:7b:2e:b4:fb:9c:79:de:
                    2e:85:98:68:1c:7a:0c:10:31:81:0d:9e:85:85:ea:
                    0e:69:16:0f:02:84:1d:32:68:41:8c:d2:78:2c:13:
                    79:f1:18:14:c0:6c:69:62:b6:de:a5:4e:42:75:fc:
                    17:15:c2:be:db:9a:5e:47:3a:98:04:29:58:68:32:
                    14:ac:4d:aa:f9:d3:60:44:16:79:20:4b:fd:8d:41:
                    db:ac:68:75:ac:db:fa:af:7d:41:d5:a1:e4:d3:f6:
                    ac:bd:06:1f:de:55:03:86:e1:d1:10:34:91:46:6f:
                    da:f9:95:05:23:38:cd:2d:a2:01:1b:3a:aa:7b:15:
                    06:c9:14:3e:1b:d7:11:60:c1:a4:44:94:40:4f:f5:
                    83:de:83:10:82:84:57:4a:c0:8b:0e:fe:7c:71:5b:
                    60:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:DC:33:01:2C:3B:84:4E:BA:52:F2:AC:B0:6C:F7:F0:F0:10:02:64
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_NwzASw7hE66UvKssGz38PAQAmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:7d:7e:3a:7a:67:4d:a2:81:b9:42:1b:36:c5:76:1b:93:94:
         0f:a1:a3:be:b6:20:d9:51:c2:c6:60:a6:0b:7b:85:8f:e4:f2:
         f5:f6:cb:e3:e5:58:00:00:af:c5:26:82:1f:ea:c8:30:36:24:
         5a:18:3e:1c:ee:c4:d6:40:2f:7e:1c:28:75:fc:6f:2b:96:3a:
         a1:87:7e:2d:43:39:f8:33:8f:e9:3f:57:60:78:c9:07:0d:c1:
         4a:fc:f8:82:42:d4:bf:a4:31:6c:de:e3:72:a8:46:7a:fb:2f:
         ab:d8:cd:49:1e:f4:da:e5:d7:4f:52:3a:36:53:c1:f0:ab:0b:
         c9:0a:7c:68:07:f9:55:b3:54:1d:a8:6f:27:c8:d8:5a:7d:15:
         b6:a6:72:71:c6:df:f3:91:23:70:d4:65:52:b6:6d:92:30:28:
         0b:3f:ef:04:9a:29:a9:95:e1:96:59:79:52:2e:8b:1e:27:88:
         71:97:6f:7b:22:93:94:a3:ae:05:e2:4e:e7:75:d1:78:89:97:
         12:42:85:06:c4:be:cc:3a:52:8c:87:d0:bb:8e:1b:f7:7b:d3:
         71:70:ca:0d:9a:ba:86:9c:00:d9:ff:4a:97:77:3b:01:73:9a:
         02:f2:32:a9:4c:29:c0:ee:e6:42:77:2d:72:5b:4e:f7:16:30:
         0a:5e:b7:e4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYg8E2gq6W0z+saTbKBi7pUyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTIxMDIxMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2RjMzMwMTJjM2I4NDRlYmE1MmYyYWNiMDZjZjdmMGYwMTAwMjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJdrIzyqnrVLskenTgAK5wFfA8Y9
eHurRMmJZwfvCBG5/CN6hbYNtocA7VRmLjLYIwEXAIV1dTUWfIgvS0nW2TmUZXfs
sMU6s9p8zP3fd4tZWOaSZ7/eNDPsljChoodVMHsutPuced4uhZhoHHoMEDGBDZ6F
heoOaRYPAoQdMmhBjNJ4LBN58RgUwGxpYrbepU5CdfwXFcK+25peRzqYBClYaDIU
rE2q+dNgRBZ5IEv9jUHbrGh1rNv6r31B1aHk0/asvQYf3lUDhuHREDSRRm/a+ZUF
IzjNLaIBGzqqexUGyRQ+G9cRYMGkRJRAT/WD3oMQgoRXSsCLDv58cVtgEQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPzcMwEsO4ROulLyrLBs9/DwEAJkMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvX053ekFTdzdoRTY2VXZLc3NHejM4UEFRQW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHd9fjp6Z02igblCGzbF
dhuTlA+ho762INlRwsZgpgt7hY/k8vX2y+PlWAAAr8Umgh/qyDA2JFoYPhzuxNZA
L34cKHX8byuWOqGHfi1DOfgzj+k/V2B4yQcNwUr8+IJC1L+kMWze43KoRnr7L6vY
zUke9Nrl109SOjZTwfCrC8kKfGgH+VWzVB2obyfI2Fp9FbamcnHG3/ORI3DUZVK2
bZIwKAs/7wSaKamV4ZZZeVIuix4niHGXb3sik5SjrgXiTud10XiJlxJChQbEvsw6
UoyH0LuOG/d703Fwyg2auoacANn/Spd3OwFzmgLyMqlMKcDu5kJ3LXJbTvcWMApe
t+Q=
-----END CERTIFICATE-----