Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/omH5Wx7gw8r-wJ_i9NwufABLu8U.roa
File:                     omH5Wx7gw8r-wJ_i9NwufABLu8U.roa (raw, json)
Hash identifier:          BFddxABxWzVplxZEAZHzs566mQRxw1wgErDvkT0dWvc=
Subject key identifier:   A2:61:F9:5B:1E:E0:C3:CA:FE:C0:9F:E2:F4:DC:2E:7C:00:4B:BB:C5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187EA4FD11FFE683D3B325A9E2F8AE2168D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/omH5Wx7gw8r-wJ_i9NwufABLu8U.roa
Signing time:             Fri 05 May 2023 05:08:32 +0000
ROA not before:           Fri 05 May 2023 05:08:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:ea:4f:d1:1f:fe:68:3d:3b:32:5a:9e:2f:8a:e2:16:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  5 05:08:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a261f95b1ee0c3cafec09fe2f4dc2e7c004bbbc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:8d:d2:33:05:13:35:40:92:7f:1e:19:c0:ef:
                    6f:77:52:76:91:65:8c:e0:49:5e:2b:82:91:85:ee:
                    d8:f3:9b:e6:10:87:3d:e3:c1:95:11:49:e8:79:bb:
                    87:4f:09:a3:8a:e8:78:93:09:b3:fb:ed:ff:bb:90:
                    11:16:bc:63:34:79:7c:69:c5:49:f4:5e:81:bb:e5:
                    60:86:a8:ac:f8:f6:ba:4d:14:4b:e9:33:84:29:3a:
                    0e:06:d5:e0:1b:fa:ae:19:3e:65:f6:6f:71:af:64:
                    54:e0:f9:da:f7:87:bb:67:5a:ed:a5:16:89:40:38:
                    5d:9c:74:72:18:bc:ca:8d:75:db:a1:e9:40:ac:01:
                    cb:6b:49:46:31:d1:84:6b:cd:ca:2b:62:79:e9:f8:
                    ff:4f:3f:ab:cf:33:eb:7b:eb:fe:4c:be:cc:30:35:
                    5f:66:37:05:87:b0:67:b7:fb:83:41:7b:7f:69:1e:
                    a2:77:9c:2f:e0:63:f6:d0:75:a4:4c:a8:80:0f:df:
                    69:30:21:2b:5e:a6:6c:9a:e2:86:0d:33:cf:44:2d:
                    fe:c7:4e:59:99:bb:db:f2:a1:63:02:4b:13:2e:9c:
                    9c:61:0c:f2:a9:2b:0b:3c:12:05:16:0c:35:9b:87:
                    3c:7a:c5:aa:a4:be:a4:19:97:1a:cd:cf:a2:47:7e:
                    4d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:61:F9:5B:1E:E0:C3:CA:FE:C0:9F:E2:F4:DC:2E:7C:00:4B:BB:C5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/omH5Wx7gw8r-wJ_i9NwufABLu8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:94:de:03:e4:8f:ca:1a:d5:6f:d8:89:97:77:c7:c3:c2:c9:
         a7:69:6b:e2:2f:f8:2b:2c:06:ca:12:f9:c6:f4:6b:26:08:95:
         09:54:ec:f2:4e:26:e5:ff:ff:3e:a1:b3:e9:fb:46:57:a3:c2:
         bd:83:91:51:5b:7d:4c:3a:1e:b7:4b:57:ba:5a:7f:76:08:16:
         10:74:06:3f:2b:0e:c4:d9:83:21:1f:bd:b1:12:36:d1:64:aa:
         e7:01:8b:e3:ba:81:0d:25:c7:cb:65:31:e7:58:bc:c8:f5:ab:
         58:27:3d:49:e7:e9:4d:7b:f8:2b:79:ac:c1:cd:ce:3b:27:70:
         a2:dc:55:70:56:eb:c3:a0:0f:5a:88:51:97:41:32:25:e3:f4:
         e9:9b:81:e6:44:cd:c3:c3:0e:db:b6:eb:a3:38:2d:1b:c8:f6:
         9f:5b:2f:6a:89:46:3f:43:18:e5:d8:59:e9:9a:5d:20:8c:d5:
         3b:eb:a1:44:b2:39:1c:50:13:bf:c9:51:2e:5b:78:41:3c:a1:
         60:88:56:41:d2:b9:ba:d4:a0:cb:e7:e8:72:b4:4d:6e:80:a5:
         dd:f4:f8:b6:0e:17:b1:81:5a:f9:f3:6d:8f:6a:57:a0:a0:33:
         8d:57:9a:89:d5:d3:33:22:50:99:d2:cd:74:7c:1e:1c:92:4c:
         c4:c1:cc:f2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfqT9Ef/mg9OzJani+K4haNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA1MDUwODMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjYxZjk1YjFlZTBjM2NhZmVjMDlmZTJmNGRjMmU3YzAwNGJiYmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjY3SMwUTNUCSfx4ZwO9vd1J2kWWM
4EleK4KRhe7Y85vmEIc948GVEUnoebuHTwmjiuh4kwmz++3/u5ARFrxjNHl8acVJ
9F6Bu+Vghqis+Pa6TRRL6TOEKToOBtXgG/quGT5l9m9xr2RU4Pna94e7Z1rtpRaJ
QDhdnHRyGLzKjXXboelArAHLa0lGMdGEa83KK2J56fj/Tz+rzzPre+v+TL7MMDVf
ZjcFh7Bnt/uDQXt/aR6id5wv4GP20HWkTKiAD99pMCErXqZsmuKGDTPPRC3+x05Z
mbvb8qFjAksTLpycYQzyqSsLPBIFFgw1m4c8esWqpL6kGZcazc+iR35NRwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKJh+Vse4MPK/sCf4vTcLnwAS7vFMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb21INVd4N2d3OHItd0pfaTlOd3VmQUJMdThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALCU3gPkj8oa1W/YiZd3
x8PCyadpa+Iv+CssBsoS+cb0ayYIlQlU7PJOJuX//z6hs+n7Rlejwr2DkVFbfUw6
HrdLV7paf3YIFhB0Bj8rDsTZgyEfvbESNtFkqucBi+O6gQ0lx8tlMedYvMj1q1gn
PUnn6U17+Ct5rMHNzjsncKLcVXBW68OgD1qIUZdBMiXj9OmbgeZEzcPDDtu266M4
LRvI9p9bL2qJRj9DGOXYWemaXSCM1TvroUSyORxQE7/JUS5beEE8oWCIVkHSubrU
oMvn6HK0TW6Apd30+LYOF7GBWvnzbY9qV6CgM41XmonV0zMiUJnSzXR8HhySTMTB
zPI=
-----END CERTIFICATE-----