Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r5cFSujh8r2CHkQyxvuYPtGOyjw.roa
File:                     r5cFSujh8r2CHkQyxvuYPtGOyjw.roa (raw, json)
Hash identifier:          bGL2uoyMlZ/lS/6POghPfVeqNVSW7w+myZcnVjgxzmw=
Subject key identifier:   AF:97:05:4A:E8:E1:F2:BD:82:1E:44:32:C6:FB:98:3E:D1:8E:CA:3C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187C71B83A18A8E311C3BF8EC362D70FE46
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r5cFSujh8r2CHkQyxvuYPtGOyjw.roa
Signing time:             Fri 28 Apr 2023 09:04:41 +0000
ROA not before:           Fri 28 Apr 2023 09:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:187:4695:a68a/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:187:c71b:e46/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:187:b2b8:a7dd/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:c7:1b:83:a1:8a:8e:31:1c:3b:f8:ec:36:2d:70:fe:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr 28 09:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=af97054ae8e1f2bd821e4432c6fb983ed18eca3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2e:0f:1e:54:03:9a:92:c5:57:3b:a0:9c:7d:
                    92:d8:46:79:d8:20:d9:75:83:40:08:e4:10:8e:d1:
                    67:e6:17:5b:63:6f:42:38:68:ef:fb:99:30:3e:e8:
                    8a:2c:90:39:7c:62:1a:86:63:ba:a6:39:16:87:44:
                    37:5a:0d:34:6c:e8:6c:1b:15:ae:98:4e:3f:0a:14:
                    6a:57:33:03:c7:4f:1f:6f:9a:70:f2:ff:a9:9e:e3:
                    44:be:5a:40:9b:dd:fc:9c:f4:92:ce:e2:f2:bd:93:
                    90:40:f9:62:a9:f1:f9:b0:b8:92:7e:11:d7:27:fb:
                    9f:3c:7c:cd:79:ce:ee:02:68:18:ed:c4:5e:96:8e:
                    17:e0:1a:18:c2:bb:f9:1b:2c:f2:e3:dd:e7:f8:5a:
                    19:a6:38:52:dc:1a:79:42:36:86:ba:4e:2b:9d:84:
                    ed:ba:be:7c:d2:41:66:9a:16:df:c0:a5:17:21:10:
                    cd:4b:18:08:c3:c6:79:f3:3b:f0:4e:96:7e:4f:22:
                    90:fc:c5:8b:96:0e:fc:47:46:2e:45:3b:14:89:de:
                    46:41:eb:07:76:57:6e:8f:67:9d:4c:5d:0b:26:b6:
                    37:f2:d9:6b:68:dd:f8:98:ab:13:c2:d5:fa:dd:ba:
                    89:c1:95:4d:44:8d:f7:cd:1f:df:8e:2a:7d:c1:f3:
                    d2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:97:05:4A:E8:E1:F2:BD:82:1E:44:32:C6:FB:98:3E:D1:8E:CA:3C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r5cFSujh8r2CHkQyxvuYPtGOyjw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:f1:de:dc:47:34:fe:5c:b9:33:83:25:17:61:02:67:e9:45:
         06:dd:dd:13:45:da:17:9d:44:79:74:ec:aa:7f:af:d1:d3:12:
         4a:5a:d0:65:04:2d:cb:05:32:60:85:31:1b:f1:8f:00:33:27:
         be:ca:98:4c:5a:e4:9a:26:17:7c:01:d5:c9:cb:04:27:f9:43:
         01:6a:04:ba:36:8e:e8:4b:9b:1b:29:95:31:e3:ec:76:37:0a:
         84:ab:ce:26:98:31:61:d3:7b:0e:1e:dc:86:cf:ab:21:07:c9:
         9b:6b:15:0f:79:fd:6e:03:e3:e7:cb:1a:64:e3:cb:08:3b:e4:
         86:75:e8:12:c5:22:67:16:1b:84:40:3a:a6:b6:bd:8a:c9:22:
         83:1a:d6:1a:53:e9:ca:63:65:3a:28:a5:42:07:96:a8:38:d5:
         01:7b:6c:cb:82:c7:a4:3f:e1:1e:88:ab:9d:f6:1b:2e:75:9a:
         e9:9c:f3:56:63:8e:8e:af:3d:15:4e:b8:ce:c5:18:e0:a4:00:
         ed:80:7b:d2:a4:fc:78:60:7e:b4:08:09:81:ae:7a:e4:3a:1f:
         b3:cc:a1:02:49:44:60:6e:04:10:2f:29:48:6e:fe:84:bd:81:
         a3:d9:47:0f:d0:21:3a:62:ad:69:7b:02:e2:82:37:29:49:3b:
         16:bc:c5:e1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYfHG4Ohio4xHDv47DYtcP5GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDI4MDkwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjk3MDU0YWU4ZTFmMmJkODIxZTQ0MzJjNmZiOTgzZWQxOGVjYTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAui4PHlQDmpLFVzugnH2S2EZ52CDZ
dYNACOQQjtFn5hdbY29COGjv+5kwPuiKLJA5fGIahmO6pjkWh0Q3Wg00bOhsGxWu
mE4/ChRqVzMDx08fb5pw8v+pnuNEvlpAm938nPSSzuLyvZOQQPliqfH5sLiSfhHX
J/ufPHzNec7uAmgY7cRelo4X4BoYwrv5Gyzy493n+FoZpjhS3Bp5QjaGuk4rnYTt
ur580kFmmhbfwKUXIRDNSxgIw8Z58zvwTpZ+TyKQ/MWLlg78R0YuRTsUid5GQesH
dlduj2edTF0LJrY38tlraN34mKsTwtX63bqJwZVNRI33zR/fjip9wfPSnwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK+XBUro4fK9gh5EMsb7mD7Rjso8MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcjVjRlN1amg4cjJDSGtReXh2dVlQdEdPeWp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHjx3txHNP5cuTODJRdh
AmfpRQbd3RNF2hedRHl07Kp/r9HTEkpa0GUELcsFMmCFMRvxjwAzJ77KmExa5Jom
F3wB1cnLBCf5QwFqBLo2juhLmxsplTHj7HY3CoSrziaYMWHTew4e3IbPqyEHyZtr
FQ95/W4D4+fLGmTjywg75IZ16BLFImcWG4RAOqa2vYrJIoMa1hpT6cpjZToopUIH
lqg41QF7bMuCx6Q/4R6Iq532Gy51mumc81Zjjo6vPRVOuM7FGOCkAO2Ae9Kk/Hhg
frQICYGueuQ6H7PMoQJJRGBuBBAvKUhu/oS9gaPZRw/QITpirWl7AuKCNylJOxa8
xeE=
-----END CERTIFICATE-----