Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/j7Q_JEFz2MfpO2WBdHGi7_4bYH8.roa
File:                     j7Q_JEFz2MfpO2WBdHGi7_4bYH8.roa (raw, json)
Hash identifier:          mpNVVYMY7/MrDQV7rHUCcIXdxdWVv1uSWG7l+O70W2g=
Subject key identifier:   8F:B4:3F:24:41:73:D8:C7:E9:3B:65:81:74:71:A2:EF:FE:1B:60:7F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018740D0BF2FD5BFD2AE2F3130726DA99851
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/j7Q_JEFz2MfpO2WBdHGi7_4bYH8.roa
Signing time:             Sun 02 Apr 2023 07:13:54 +0000
ROA not before:           Sun 02 Apr 2023 07:13:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:40:d0:bf:2f:d5:bf:d2:ae:2f:31:30:72:6d:a9:98:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  2 07:13:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8fb43f244173d8c7e93b65817471a2effe1b607f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ad:d1:de:b2:d0:c9:ae:78:b4:ac:d4:ff:b2:
                    87:a4:54:90:3a:ee:21:dc:e5:0d:4a:7f:2f:40:51:
                    11:99:91:24:54:99:1a:5d:eb:73:43:80:d6:85:fd:
                    dd:2a:43:10:31:71:54:a0:ba:3f:e8:38:61:ad:79:
                    a2:54:c5:23:cc:c0:f9:b3:1d:e1:b6:de:88:c2:f4:
                    be:02:da:dd:fd:8b:0c:ee:ff:30:3e:32:81:cc:b1:
                    7c:6d:c4:8d:92:0a:51:eb:2c:05:1c:7f:26:23:11:
                    c8:75:a7:d1:1b:b1:bc:80:47:1b:dd:6a:b1:3b:ff:
                    7a:71:2e:ba:5f:7e:5d:b3:68:41:b4:89:46:e7:04:
                    ba:cf:eb:2b:49:ae:86:15:ff:52:e7:8c:ff:f8:97:
                    66:d3:c7:80:89:e9:76:90:01:cf:53:02:4d:e3:74:
                    bd:e9:a9:08:60:ca:c6:9c:86:5b:5c:66:c3:3c:29:
                    eb:15:66:6a:a8:d4:f4:e0:39:55:ad:b5:fb:91:6c:
                    b6:93:43:a1:d0:f0:c7:02:ca:0b:ef:89:85:e8:fe:
                    af:6e:bd:f2:ee:fa:98:76:f8:61:cc:36:34:0d:cb:
                    cc:30:16:1e:64:ba:35:d7:0f:20:2f:8b:18:f5:31:
                    f1:dd:31:de:94:23:fe:70:a8:43:03:3b:03:52:c8:
                    49:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B4:3F:24:41:73:D8:C7:E9:3B:65:81:74:71:A2:EF:FE:1B:60:7F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/j7Q_JEFz2MfpO2WBdHGi7_4bYH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:eb:a1:4e:50:ca:77:c3:c1:09:fe:28:25:f2:48:ee:fc:24:
         a6:f6:9d:88:f7:b4:39:fd:77:60:65:a2:12:d8:1c:38:24:1e:
         d9:9f:5c:45:87:0f:4a:fc:58:f1:e6:8e:26:b2:db:6c:b7:bc:
         c3:fa:54:48:2e:d1:bd:a3:7d:f6:80:19:b2:b2:ab:8f:be:27:
         e0:e3:19:3c:d7:0b:7d:20:9a:12:02:8f:02:d0:4e:a4:18:52:
         55:06:3e:52:5e:ab:8c:95:5b:e1:03:53:eb:df:3d:02:45:89:
         ac:45:6f:7b:e9:e6:a8:45:b6:31:23:e2:3d:ca:bd:39:f7:c0:
         e1:42:3f:61:6c:43:7c:5a:db:bc:fe:0b:22:a2:4a:57:78:9d:
         e9:bd:da:32:e8:de:3b:8d:ee:10:c6:1d:16:00:04:b0:e4:41:
         29:aa:6a:bc:9d:60:42:08:00:b3:72:95:e6:11:ad:54:7a:80:
         cb:9e:42:3a:15:39:5e:49:61:88:3f:a3:e4:31:21:49:42:a9:
         56:cf:b9:04:ac:52:7d:9f:7e:a4:85:30:53:a1:ad:08:99:50:
         da:be:61:f6:cc:39:22:44:55:7e:a4:22:d6:ad:b8:ad:35:bd:
         e1:9f:34:76:c7:fe:d0:ee:4e:4e:a0:e0:8b:1d:ea:12:5a:2f:
         22:a2:77:cf
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdA0L8v1b/Sri8xMHJtqZhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAyMDcxMzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmI0M2YyNDQxNzNkOGM3ZTkzYjY1ODE3NDcxYTJlZmZlMWI2MDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAla3R3rLQya54tKzU/7KHpFSQOu4h
3OUNSn8vQFERmZEkVJkaXetzQ4DWhf3dKkMQMXFUoLo/6DhhrXmiVMUjzMD5sx3h
tt6IwvS+Atrd/YsM7v8wPjKBzLF8bcSNkgpR6ywFHH8mIxHIdafRG7G8gEcb3Wqx
O/96cS66X35ds2hBtIlG5wS6z+srSa6GFf9S54z/+Jdm08eAiel2kAHPUwJN43S9
6akIYMrGnIZbXGbDPCnrFWZqqNT04DlVrbX7kWy2k0Oh0PDHAsoL74mF6P6vbr3y
7vqYdvhhzDY0DcvMMBYeZLo11w8gL4sY9THx3THelCP+cKhDAzsDUshJCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI+0PyRBc9jH6TtlgXRxou/+G2B/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvajdRX0pFRnoyTWZwTzJXQmRIR2k3XzRiWUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAHroU5QynfDwQn+KCXy
SO78JKb2nYj3tDn9d2BlohLYHDgkHtmfXEWHD0r8WPHmjiay22y3vMP6VEgu0b2j
ffaAGbKyq4++J+DjGTzXC30gmhICjwLQTqQYUlUGPlJeq4yVW+EDU+vfPQJFiaxF
b3vp5qhFtjEj4j3KvTn3wOFCP2FsQ3xa27z+CyKiSld4nem92jLo3juN7hDGHRYA
BLDkQSmqarydYEIIALNyleYRrVR6gMueQjoVOV5JYYg/o+QxIUlCqVbPuQSsUn2f
fqSFMFOhrQiZUNq+YfbMOSJEVX6kItatuK01veGfNHbH/tDuTk6g4Isd6hJaLyKi
d88=
-----END CERTIFICATE-----