Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qBVvp6Sc8btZOoWrtJCrMIpsDUo.roa
File:                     qBVvp6Sc8btZOoWrtJCrMIpsDUo.roa (raw, json)
Hash identifier:          4KkGYHXesle/0UWw+58lvEaVPDEsN7URKHTEzREJwwY=
Subject key identifier:   A8:15:6F:A7:A4:9C:F1:BB:59:3A:85:AB:B4:90:AB:30:8A:6C:0D:4A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187FB7AEC29E00215F7DE2803A2D9EAD714
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qBVvp6Sc8btZOoWrtJCrMIpsDUo.roa
Signing time:             Mon 08 May 2023 13:09:09 +0000
ROA not before:           Mon 08 May 2023 13:09:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:187:fa9a:b088/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:fb:7a:ec:29:e0:02:15:f7:de:28:03:a2:d9:ea:d7:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: May  8 13:09:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8156fa7a49cf1bb593a85abb490ab308a6c0d4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b5:06:d5:f9:b7:f8:aa:72:7a:fb:3f:ed:b0:
                    4c:7c:3a:4e:42:79:b7:86:06:36:b1:ba:af:7e:8f:
                    e6:ee:ac:07:3f:07:86:00:6d:d4:d5:83:dd:03:2e:
                    fe:0b:7b:6c:ee:9c:a5:e8:4c:c4:6e:1d:c1:ea:4e:
                    47:45:50:ac:32:c3:da:36:1e:e6:55:aa:cf:ad:5f:
                    77:f2:09:d3:1a:6d:cc:86:0b:50:35:74:9b:f1:0d:
                    19:af:9f:9f:a6:4f:71:bb:95:09:b5:81:9a:9b:53:
                    72:03:93:ec:55:f2:e4:20:d5:6f:d0:d4:f2:8b:dd:
                    13:22:01:85:e9:df:75:99:d2:f4:ec:ec:d4:3e:d9:
                    c4:65:6e:f1:23:a8:3c:56:58:72:d5:15:e2:22:a3:
                    e2:d1:49:6d:0a:b0:cf:60:8e:4e:b1:03:b2:da:fa:
                    8b:52:9a:a1:28:5a:38:18:a9:21:3c:7a:ae:4a:a7:
                    5d:31:35:00:58:72:90:9f:d9:61:9d:5b:c9:f0:3f:
                    5e:07:9b:fe:c5:3d:8c:8b:9c:42:d8:5e:51:15:dd:
                    24:e4:1d:f9:65:86:60:76:b0:57:5c:85:89:eb:44:
                    14:25:24:7e:66:3d:86:65:14:7d:aa:b6:5f:59:6c:
                    9e:49:1e:94:9b:60:1d:49:7e:a9:1f:11:d9:db:84:
                    30:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:15:6F:A7:A4:9C:F1:BB:59:3A:85:AB:B4:90:AB:30:8A:6C:0D:4A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qBVvp6Sc8btZOoWrtJCrMIpsDUo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:fa:c3:0b:ac:9f:c5:c7:f1:43:b3:14:a2:08:65:71:a7:22:
         dd:3c:56:c3:52:69:35:f7:38:49:8e:a3:d3:9f:30:0e:f0:2a:
         9b:0b:78:0a:8e:cb:a9:5f:b4:1d:4e:cb:90:a1:e5:96:0f:99:
         30:a5:6a:0c:ec:c9:44:0c:da:23:68:3a:7f:fd:d9:87:3e:5f:
         6d:94:5e:61:9c:ed:64:f6:9b:6c:cd:f9:12:c9:55:d7:19:65:
         ec:f0:28:64:b7:32:09:f8:f5:cb:9b:42:e0:4f:86:74:16:59:
         ea:94:7d:2f:e9:0f:78:a4:4a:ed:7c:25:14:6d:42:c6:79:f7:
         c3:93:e7:6e:ee:9e:99:fe:eb:b1:c5:d1:c7:3d:83:23:bb:dc:
         22:32:41:9f:e3:08:76:6a:43:ba:cf:9d:ea:50:55:02:bd:c1:
         37:f5:6c:9f:68:13:46:60:0e:94:99:9c:64:f0:e1:a7:e1:01:
         6d:af:4b:cc:9f:27:ef:29:5b:d2:f6:34:a1:9b:7c:48:12:62:
         66:f6:f5:a5:18:25:32:4b:34:58:7f:29:02:d6:f9:a1:c0:45:
         8c:34:f6:29:61:f1:96:84:d7:4f:86:a6:15:62:13:5f:22:f6:
         50:39:19:cc:74:a3:b5:54:e9:f7:3f:2e:3e:60:9b:69:6e:3b:
         d3:71:65:10
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYf7euwp4AIV994oA6LZ6tcUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNTA4MTMwOTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODE1NmZhN2E0OWNmMWJiNTkzYTg1YWJiNDkwYWIzMDhhNmMwZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLUG1fm3+Kpyevs/7bBMfDpOQnm3
hgY2sbqvfo/m7qwHPweGAG3U1YPdAy7+C3ts7pyl6EzEbh3B6k5HRVCsMsPaNh7m
VarPrV938gnTGm3MhgtQNXSb8Q0Zr5+fpk9xu5UJtYGam1NyA5PsVfLkINVv0NTy
i90TIgGF6d91mdL07OzUPtnEZW7xI6g8Vlhy1RXiIqPi0UltCrDPYI5OsQOy2vqL
UpqhKFo4GKkhPHquSqddMTUAWHKQn9lhnVvJ8D9eB5v+xT2Mi5xC2F5RFd0k5B35
ZYZgdrBXXIWJ60QUJSR+Zj2GZRR9qrZfWWyeSR6Um2AdSX6pHxHZ24QwOQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKgVb6eknPG7WTqFq7SQqzCKbA1KMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcUJWdnA2U2M4YnRaT29XcnRKQ3JNSXBzRFVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHj6wwusn8XH8UOzFKII
ZXGnIt08VsNSaTX3OEmOo9OfMA7wKpsLeAqOy6lftB1Oy5Ch5ZYPmTClagzsyUQM
2iNoOn/92Yc+X22UXmGc7WT2m2zN+RLJVdcZZezwKGS3Mgn49cubQuBPhnQWWeqU
fS/pD3ikSu18JRRtQsZ598OT527unpn+67HF0cc9gyO73CIyQZ/jCHZqQ7rPnepQ
VQK9wTf1bJ9oE0ZgDpSZnGTw4afhAW2vS8yfJ+8pW9L2NKGbfEgSYmb29aUYJTJL
NFh/KQLW+aHARYw09ilh8ZaE10+GphViE18i9lA5Gcx0o7VU6fc/Lj5gm2luO9Nx
ZRA=
-----END CERTIFICATE-----