Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hGyVa5afGBsRrLoyaWNCjCifpqM.roa
File:                     hGyVa5afGBsRrLoyaWNCjCifpqM.roa (raw, json)
Hash identifier:          Yzh0WX3fuE2EyLnXLgHhdSAmVN4QKPqCbM5aXNluB9k=
Subject key identifier:   84:6C:95:6B:96:9F:18:1B:11:AC:BA:32:69:63:42:8C:28:9F:A6:A3
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018828BDF3BA17F63B6CDD50950B1568EA13
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hGyVa5afGBsRrLoyaWNCjCifpqM.roa
Signing time:             Wed 17 May 2023 08:05:17 +0000
ROA not before:           Wed 17 May 2023 08:05:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:188:28bd:9749/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:28:bd:f3:ba:17:f6:3b:6c:dd:50:95:0b:15:68:ea:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May 17 08:05:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=846c956b969f181b11acba326963428c289fa6a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fc:9b:ad:19:24:9a:5c:67:fb:07:68:31:39:
                    cc:a7:9b:cc:75:43:20:08:75:e2:63:2e:b6:f8:ba:
                    0b:03:68:d2:5f:96:4e:c2:ba:5d:d6:e7:48:53:bc:
                    92:12:59:31:9a:c0:fd:ae:56:99:53:5b:74:29:f5:
                    6c:47:17:a6:ad:4a:05:09:cf:24:96:8a:58:c6:96:
                    4d:3c:84:b6:db:17:61:c5:dd:8d:9a:d0:3d:b2:c7:
                    1d:1b:ed:9a:c8:28:31:4c:14:c1:06:be:89:9a:16:
                    fc:b8:9c:c9:be:64:63:f5:20:a2:7e:7f:74:21:4e:
                    9e:e4:a7:0d:74:84:d6:4d:80:23:e9:7d:da:f7:ff:
                    a3:5b:20:9d:c8:ae:78:f9:b9:0f:ae:31:8a:f5:63:
                    ce:28:f9:2e:af:44:e2:e9:60:7f:e4:6e:cd:d4:16:
                    67:71:41:bf:05:91:04:ac:71:79:5a:64:24:25:56:
                    bb:8a:af:a6:f9:38:2e:01:8e:73:4a:b7:36:90:03:
                    f2:81:62:07:2e:3e:1c:69:d1:43:fd:d7:be:8b:72:
                    9f:42:d6:83:ac:1d:83:51:e3:e4:30:4a:43:69:54:
                    05:e0:df:c7:3c:bb:45:8e:90:86:f5:00:fe:e0:c7:
                    4e:60:2d:7d:0e:b6:2d:90:d1:70:c4:79:72:c7:f4:
                    ff:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:6C:95:6B:96:9F:18:1B:11:AC:BA:32:69:63:42:8C:28:9F:A6:A3
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hGyVa5afGBsRrLoyaWNCjCifpqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         88:3a:ff:00:c7:d3:ca:74:e8:40:07:8f:d4:45:83:48:cc:9a:
         ea:69:11:68:cd:bb:03:8c:91:89:74:17:ae:60:b4:dd:f5:a0:
         5a:19:db:66:4a:ad:b9:79:a7:68:74:97:2b:c1:63:45:b3:bc:
         01:92:7c:61:ba:4c:52:47:74:e5:94:af:8f:68:ff:16:82:b9:
         02:d2:5a:61:ac:a1:ee:3a:dc:a0:30:22:b1:20:33:bd:83:77:
         9f:d3:15:a6:12:d2:e8:21:bb:e2:c7:e4:0c:63:77:90:aa:c9:
         ec:92:fa:0e:bf:96:8f:8f:5f:c9:96:81:ac:b4:e1:39:07:48:
         78:86:2a:00:a7:ab:8e:c1:b0:4d:d5:6d:4a:8b:55:16:2e:5b:
         0e:6d:8f:00:fc:9a:c1:f7:10:a4:1a:b1:34:8c:0a:43:42:35:
         b6:dd:80:0e:83:f6:03:71:20:1c:43:51:69:e6:c2:62:09:c3:
         c3:bc:51:8b:0f:d4:ec:61:c4:0e:71:42:bc:51:67:62:10:dd:
         1e:7b:40:13:6f:77:bb:ca:a0:b3:d8:3f:b6:9c:2b:a7:a3:2e:
         89:00:a1:ad:13:03:a1:0c:26:e4:0e:36:06:f1:fd:f7:09:4e:
         3b:8e:e1:c8:93:9b:26:8d:d4:a6:19:75:c0:c2:ee:09:4e:be:
         58:43:5a:fe
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYgovfO6F/Y7bN1QlQsVaOoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTE3MDgwNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDZjOTU2Yjk2OWYxODFiMTFhY2JhMzI2OTYzNDI4YzI4OWZhNmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvybrRkkmlxn+wdoMTnMp5vMdUMg
CHXiYy62+LoLA2jSX5ZOwrpd1udIU7ySElkxmsD9rlaZU1t0KfVsRxemrUoFCc8k
lopYxpZNPIS22xdhxd2NmtA9sscdG+2ayCgxTBTBBr6Jmhb8uJzJvmRj9SCifn90
IU6e5KcNdITWTYAj6X3a9/+jWyCdyK54+bkPrjGK9WPOKPkur0Ti6WB/5G7N1BZn
cUG/BZEErHF5WmQkJVa7iq+m+TguAY5zSrc2kAPygWIHLj4cadFD/de+i3KfQtaD
rB2DUePkMEpDaVQF4N/HPLtFjpCG9QD+4MdOYC19DrYtkNFwxHlyx/T/5wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIRslWuWnxgbEay6MmljQowon6ajMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaEd5VmE1YWZHQnNSckxveWFXTkNqQ2lmcHFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIg6/wDH08p06EAHj9RF
g0jMmuppEWjNuwOMkYl0F65gtN31oFoZ22ZKrbl5p2h0lyvBY0WzvAGSfGG6TFJH
dOWUr49o/xaCuQLSWmGsoe463KAwIrEgM72Dd5/TFaYS0ughu+LH5Axjd5CqyeyS
+g6/lo+PX8mWgay04TkHSHiGKgCnq47BsE3VbUqLVRYuWw5tjwD8msH3EKQasTSM
CkNCNbbdgA6D9gNxIBxDUWnmwmIJw8O8UYsP1OxhxA5xQrxRZ2IQ3R57QBNvd7vK
oLPYP7acK6ejLokAoa0TA6EMJuQONgbx/fcJTjuO4ciTmyaN1KYZdcDC7glOvlhD
Wv4=
-----END CERTIFICATE-----