Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bDoMAcm0fsEqaWIZ3mTAOXw6sxk.roa
File:                     bDoMAcm0fsEqaWIZ3mTAOXw6sxk.roa (raw, json)
Hash identifier:          h0WHG8M+8gtl6/pqDPbOJN6j9kqpn1Vkz2VJpD2Wp6M=
Subject key identifier:   6C:3A:0C:01:C9:B4:7E:C1:2A:69:62:19:DE:64:C0:39:7C:3A:B3:19
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F5E4F138C4B5EB45CAC2F6F08B6F22DB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bDoMAcm0fsEqaWIZ3mTAOXw6sxk.roa
Signing time:             Sat 18 Mar 2023 18:04:27 +0000
ROA not before:           Sat 18 Mar 2023 18:04:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:f5e4:e602/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f5:e4:f1:38:c4:b5:eb:45:ca:c2:f6:f0:8b:6f:22:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 18 18:04:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6c3a0c01c9b47ec12a696219de64c0397c3ab319
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:26:34:33:e4:a0:35:c8:cf:d8:38:0b:10:f7:
                    12:1c:35:cf:b8:2a:d0:b3:e8:90:57:64:a6:4f:ec:
                    da:18:80:79:25:47:71:12:fc:ba:8f:81:1e:b7:e5:
                    cd:f1:f9:9f:25:90:d4:56:27:6d:60:27:9c:75:2c:
                    16:44:38:30:a5:57:69:09:95:ae:59:5d:61:30:bb:
                    58:63:35:91:7f:23:72:0a:d4:e5:c8:33:b9:d6:3a:
                    5c:4b:30:44:9b:28:f2:01:72:65:ab:12:a4:db:c5:
                    3f:6e:05:76:50:e3:84:29:c9:6f:69:97:73:69:2e:
                    bc:ef:e1:d0:cf:13:9f:99:f2:55:fd:31:05:bc:52:
                    b5:56:79:d6:c5:0a:90:62:6b:0e:12:e6:49:3c:22:
                    2d:29:5b:89:8c:35:ce:9e:09:0e:08:9f:21:f5:3e:
                    97:9a:a8:66:d2:57:ec:0a:7f:15:3e:35:43:66:bd:
                    ca:cd:88:86:5c:d0:01:33:ec:ee:14:6f:63:95:03:
                    80:b3:60:e1:1a:b6:47:c0:6a:c6:ac:e9:f7:7d:a9:
                    99:72:55:b7:db:b6:47:af:36:ca:5b:fd:5f:f0:cf:
                    58:67:cc:84:aa:8f:46:61:6b:2d:73:5d:cc:7b:76:
                    57:35:28:e5:7d:ea:2a:97:9e:16:b1:f6:fa:32:d5:
                    f2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:3A:0C:01:C9:B4:7E:C1:2A:69:62:19:DE:64:C0:39:7C:3A:B3:19
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bDoMAcm0fsEqaWIZ3mTAOXw6sxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:d9:e4:13:bc:e4:d0:e0:fe:a8:f2:34:a1:ed:37:eb:cc:46:
         c2:00:a0:2e:ce:2b:73:3a:fd:e1:5c:c9:99:8c:09:45:df:4c:
         32:d2:17:60:18:0c:da:b4:1e:8f:8d:85:28:87:cb:9c:ac:1c:
         d7:64:db:a1:ba:80:cf:77:99:7c:42:9d:d6:72:20:d7:72:84:
         dc:ea:37:0f:c2:6f:e7:76:ba:6a:d1:e6:6b:98:03:53:73:3d:
         f2:b5:3c:57:5d:d9:29:5a:86:f6:a7:8d:e1:dc:b9:82:46:da:
         6e:32:01:9b:3c:3c:f3:f0:63:39:a0:64:47:b8:8e:0e:c6:2f:
         57:a2:39:88:7d:99:5b:de:c1:b2:8c:31:47:19:86:eb:37:2d:
         50:88:bb:79:90:c4:05:88:69:ca:99:35:a0:7c:7a:b4:5f:d7:
         64:06:26:3c:e6:df:e5:c7:cd:2e:65:a1:e1:33:66:4a:40:51:
         e2:2e:d6:d0:50:61:c5:45:9d:ce:04:fa:94:22:ed:d7:28:43:
         a5:bc:69:98:47:f8:31:c6:aa:b0:b8:b6:82:1a:64:c7:ed:82:
         cc:f5:9a:93:25:5b:98:ef:af:0d:2d:bb:a0:5a:88:34:fb:ad:
         68:7c:2e:57:a9:e6:d8:f0:61:78:db:3d:c5:5f:ec:51:ce:f1:
         b0:81:bd:49
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYb15PE4xLXrRcrC9vCLbyLbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE4MTgwNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzNhMGMwMWM5YjQ3ZWMxMmE2OTYyMTlkZTY0YzAzOTdjM2FiMzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCY0M+SgNcjP2DgLEPcSHDXPuCrQ
s+iQV2SmT+zaGIB5JUdxEvy6j4Eet+XN8fmfJZDUVidtYCecdSwWRDgwpVdpCZWu
WV1hMLtYYzWRfyNyCtTlyDO51jpcSzBEmyjyAXJlqxKk28U/bgV2UOOEKclvaZdz
aS687+HQzxOfmfJV/TEFvFK1VnnWxQqQYmsOEuZJPCItKVuJjDXOngkOCJ8h9T6X
mqhm0lfsCn8VPjVDZr3KzYiGXNABM+zuFG9jlQOAs2DhGrZHwGrGrOn3famZclW3
27ZHrzbKW/1f8M9YZ8yEqo9GYWstc13Me3ZXNSjlfeoql54Wsfb6MtXyXwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGw6DAHJtH7BKmliGd5kwDl8OrMZMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYkRvTUFjbTBmc0VxYVdJWjNtVEFPWHc2c3hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIHZ5BO85NDg/qjyNKHt
N+vMRsIAoC7OK3M6/eFcyZmMCUXfTDLSF2AYDNq0Ho+NhSiHy5ysHNdk26G6gM93
mXxCndZyINdyhNzqNw/Cb+d2umrR5muYA1NzPfK1PFdd2SlahvanjeHcuYJG2m4y
AZs8PPPwYzmgZEe4jg7GL1eiOYh9mVvewbKMMUcZhus3LVCIu3mQxAWIacqZNaB8
erRf12QGJjzm3+XHzS5loeEzZkpAUeIu1tBQYcVFnc4E+pQi7dcoQ6W8aZhH+DHG
qrC4toIaZMftgsz1mpMlW5jvrw0tu6BaiDT7rWh8Llep5tjwYXjbPcVf7FHO8bCB
vUk=
-----END CERTIFICATE-----