Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/m77rn9I8nAkiAJHuDqES6PryuN0.roa
File:                     m77rn9I8nAkiAJHuDqES6PryuN0.roa (raw, json)
Hash identifier:          N1TP9ebQoojDlnhK80CSvWuGHIMA+hc+1EFt/XXQFi4=
Subject key identifier:   9B:BE:EB:9F:D2:3C:9C:09:22:00:91:EE:0E:A1:12:E8:FA:F2:B8:DD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0188812B3458C121E331DBA76B08BEB27F3E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/m77rn9I8nAkiAJHuDqES6PryuN0.roa
Signing time:             Sat 03 Jun 2023 12:11:12 +0000
ROA not before:           Sat 03 Jun 2023 12:11:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:188:5fe2:b396/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:188:7858:a003/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:81:2b:34:58:c1:21:e3:31:db:a7:6b:08:be:b2:7f:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Jun  3 12:11:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9bbeeb9fd23c9c09220091ee0ea112e8faf2b8dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:e8:6d:eb:98:22:3c:ce:24:ae:38:2c:dd:5f:
                    49:cd:3c:94:65:9a:49:3e:b4:d0:97:56:a3:20:08:
                    c3:70:21:29:70:73:6a:ca:bc:9d:09:39:f8:48:44:
                    61:ae:b5:c5:cc:28:16:a8:b1:06:f1:6c:61:32:41:
                    9b:07:b6:59:83:b3:04:37:4c:8f:55:23:34:10:00:
                    d0:6d:01:95:96:87:af:df:5e:9f:69:99:a6:d1:8e:
                    a1:ac:70:63:b7:98:c8:cd:fa:1a:93:07:a3:4b:1c:
                    2b:05:39:a5:cf:1e:78:57:07:4e:56:c1:6d:ac:fc:
                    7a:49:3e:29:08:e0:5e:24:a6:bb:05:a9:81:4f:52:
                    8f:00:a3:6e:b6:28:f5:cf:d5:7d:09:ae:60:a8:55:
                    4a:fa:cf:07:77:07:9c:44:b4:c9:68:2e:38:d9:f2:
                    f0:dd:3c:92:2e:98:43:88:78:91:f1:49:ca:d4:05:
                    c5:04:27:d9:cf:2e:7f:fc:7d:79:3d:96:7f:7f:fd:
                    ef:35:7b:be:9a:ad:19:93:d7:ba:0d:60:36:c6:8d:
                    e9:a2:1e:0d:4e:a2:fc:be:d2:48:a6:4f:bf:d1:d0:
                    8b:63:cd:33:9c:48:68:06:63:2e:24:a6:09:52:53:
                    a1:ea:40:5f:13:ca:e7:36:43:9f:8a:36:cd:6b:34:
                    d4:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:BE:EB:9F:D2:3C:9C:09:22:00:91:EE:0E:A1:12:E8:FA:F2:B8:DD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/m77rn9I8nAkiAJHuDqES6PryuN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:dc:03:0a:58:c1:86:73:58:9f:4e:ec:f8:38:c2:8b:35:d8:
         22:be:4a:af:03:79:17:7b:48:2d:11:0e:1c:46:19:19:d0:9f:
         70:5d:f5:f2:b0:b4:f2:77:d8:58:7a:63:87:f1:c9:5c:fb:60:
         3e:45:79:11:af:40:00:f8:7b:77:cd:a3:b0:62:c0:8d:50:37:
         59:01:b5:f6:80:c0:4f:72:cb:d2:36:6e:c7:38:29:3f:80:31:
         33:aa:ec:c4:b0:10:3e:f0:1d:a2:64:62:74:81:3e:11:d6:56:
         28:9e:79:81:94:0e:68:ed:6a:cf:ad:13:4c:f6:41:72:29:c5:
         e3:25:1b:8e:d2:a2:b2:b5:ec:15:a8:41:3a:15:63:a6:26:77:
         7a:80:7f:90:37:d8:31:51:36:36:2d:2a:13:a3:6f:c2:58:f8:
         74:7d:3c:49:18:d8:99:e4:a6:48:57:f7:12:c1:a6:fc:11:21:
         4d:ca:0a:3e:30:fc:e0:a0:df:4d:b3:e4:d1:91:9c:42:8e:fd:
         fc:5d:19:96:9e:09:54:ff:a9:67:29:56:93:03:e2:82:fb:fc:
         ba:12:b5:1d:9b:8a:07:86:ec:6a:2a:42:50:7a:c2:26:9c:7d:
         43:42:ac:cc:f6:06:7a:73:29:95:ee:21:98:6f:8c:d2:a7:f9:
         39:73:e7:ae
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYiBKzRYwSHjMdunawi+sn8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNjAzMTIxMTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmJlZWI5ZmQyM2M5YzA5MjIwMDkxZWUwZWExMTJlOGZhZjJiOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp+ht65giPM4krjgs3V9JzTyUZZpJ
PrTQl1ajIAjDcCEpcHNqyrydCTn4SERhrrXFzCgWqLEG8WxhMkGbB7ZZg7MEN0yP
VSM0EADQbQGVloev316faZmm0Y6hrHBjt5jIzfoakwejSxwrBTmlzx54VwdOVsFt
rPx6ST4pCOBeJKa7BamBT1KPAKNutij1z9V9Ca5gqFVK+s8HdwecRLTJaC442fLw
3TySLphDiHiR8UnK1AXFBCfZzy5//H15PZZ/f/3vNXu+mq0Zk9e6DWA2xo3poh4N
TqL8vtJIpk+/0dCLY80znEhoBmMuJKYJUlOh6kBfE8rnNkOfijbNazTU7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJu+65/SPJwJIgCR7g6hEuj68rjdMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbTc3cm45SThuQWtpQUpIdURxRVM2UHJ5dU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHfcAwpYwYZzWJ9O7Pg4
wos12CK+Sq8DeRd7SC0RDhxGGRnQn3Bd9fKwtPJ32Fh6Y4fxyVz7YD5FeRGvQAD4
e3fNo7BiwI1QN1kBtfaAwE9yy9I2bsc4KT+AMTOq7MSwED7wHaJkYnSBPhHWViie
eYGUDmjtas+tE0z2QXIpxeMlG47SorK17BWoQToVY6Ymd3qAf5A32DFRNjYtKhOj
b8JY+HR9PEkY2JnkpkhX9xLBpvwRIU3KCj4w/OCg302z5NGRnEKO/fxdGZaeCVT/
qWcpVpMD4oL7/LoStR2bigeG7GoqQlB6wiacfUNCrMz2BnpzKZXuIZhvjNKn+Tlz
564=
-----END CERTIFICATE-----