Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/u7LSdk_bobhkCJcJGUA9um3x7hw.roa
File:                     u7LSdk_bobhkCJcJGUA9um3x7hw.roa (raw, json)
Hash identifier:          GvVXo5X9Yq19HeI/rMkNOeTG/IWI2ew6hqn23S/k9HI=
Subject key identifier:   BB:B2:D2:76:4F:DB:A1:B8:64:08:97:09:19:40:3D:BA:6D:F1:EE:1C
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186D1AF0527A81464FA6FC8857EA4504E70
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/u7LSdk_bobhkCJcJGUA9um3x7hw.roa
Signing time:             Sat 11 Mar 2023 17:19:13 +0000
ROA not before:           Sat 11 Mar 2023 17:19:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d1:af:05:27:a8:14:64:fa:6f:c8:85:7e:a4:50:4e:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 11 17:19:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bbb2d2764fdba1b86408970919403dba6df1ee1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6b:11:96:83:5f:72:7c:a4:59:0d:30:7a:74:
                    df:a0:33:74:2e:fa:62:ed:91:33:69:c1:3f:26:96:
                    81:bc:27:ed:5c:ba:7b:77:a8:f3:ab:1f:66:03:b9:
                    ae:6d:2a:49:55:70:a7:26:96:ae:07:44:01:5e:dc:
                    0f:e6:17:6f:b4:28:76:de:c7:75:3e:a8:99:05:cd:
                    4f:8a:89:e6:f7:60:45:e0:e9:3f:7e:c1:a5:21:70:
                    18:67:3f:81:66:17:ca:9a:3e:69:dd:a0:b0:fd:6e:
                    c1:85:e5:71:dd:56:f9:98:19:6d:e3:63:d8:7b:b3:
                    df:17:d2:ff:72:9d:9d:55:5d:6e:7b:68:e7:26:dc:
                    9a:c5:a3:5b:e2:2c:18:b0:45:29:d7:6a:69:e7:87:
                    2f:c3:ed:1c:48:8e:da:ee:76:96:55:dc:85:cc:e2:
                    e5:5f:37:ea:37:b4:41:95:f8:02:87:52:e3:2a:cd:
                    ba:c4:15:cd:75:e7:a5:3f:85:10:e7:06:69:9d:ab:
                    a7:5a:30:b8:a0:61:3c:9f:5d:58:82:e3:9e:5a:3f:
                    02:f9:c0:39:0a:9b:73:71:a6:97:4c:19:75:c2:62:
                    ca:bf:65:67:f2:1c:a3:cc:99:80:09:1c:99:7c:4d:
                    06:0b:4d:29:73:8b:e8:c2:47:2d:b3:56:24:ce:9d:
                    1e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B2:D2:76:4F:DB:A1:B8:64:08:97:09:19:40:3D:BA:6D:F1:EE:1C
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/u7LSdk_bobhkCJcJGUA9um3x7hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:de:01:8f:32:3b:d6:a2:17:f8:58:e7:8c:78:8d:3a:94:7e:
         7c:6e:c1:9e:5a:71:be:93:c6:01:76:11:85:71:c7:c6:e3:5e:
         72:56:a8:dc:09:33:4e:ed:23:ac:e9:e3:2c:9e:0f:b4:cf:30:
         03:0e:37:9d:92:8d:30:b4:7a:b2:c1:ad:af:03:ce:3a:d2:ae:
         58:02:fa:e8:df:4e:b4:d5:83:7f:fe:62:15:42:de:d0:1f:2a:
         eb:fb:aa:d6:41:e6:d0:93:cd:96:48:ad:35:23:eb:df:09:1e:
         4c:bc:90:fc:69:80:b6:b9:c9:44:0f:5b:cc:7d:12:1d:10:78:
         4a:bc:71:b7:19:79:1e:aa:1f:46:44:01:35:bd:b7:4b:63:e8:
         62:b5:c5:28:7d:a3:f0:c7:29:5e:4f:84:3a:23:5a:a8:d1:75:
         ed:a7:4a:08:70:d3:67:b7:43:45:cc:23:68:4b:bc:f0:a2:85:
         60:f9:88:b4:d9:9a:fa:22:89:c2:50:0f:1a:81:83:bd:a3:6e:
         38:bc:64:88:7f:a1:97:3a:39:d1:2a:51:17:b1:b2:96:0b:61:
         07:6b:90:7d:81:e0:d0:cd:28:f8:92:56:4f:38:b0:15:89:3a:
         fb:06:0c:6c:ea:dc:39:3c:31:a8:56:06:b6:25:12:2d:d5:5e:
         f0:61:32:a1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbRrwUnqBRk+m/IhX6kUE5wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzExMTcxOTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmIyZDI3NjRmZGJhMWI4NjQwODk3MDkxOTQwM2RiYTZkZjFlZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGsRloNfcnykWQ0wenTfoDN0Lvpi
7ZEzacE/JpaBvCftXLp7d6jzqx9mA7mubSpJVXCnJpauB0QBXtwP5hdvtCh23sd1
PqiZBc1Pionm92BF4Ok/fsGlIXAYZz+BZhfKmj5p3aCw/W7BheVx3Vb5mBlt42PY
e7PfF9L/cp2dVV1ue2jnJtyaxaNb4iwYsEUp12pp54cvw+0cSI7a7naWVdyFzOLl
XzfqN7RBlfgCh1LjKs26xBXNdeelP4UQ5wZpnaunWjC4oGE8n11YguOeWj8C+cA5
CptzcaaXTBl1wmLKv2Vn8hyjzJmACRyZfE0GC00pc4vowkcts1Ykzp0euwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLuy0nZP26G4ZAiXCRlAPbpt8e4cMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdTdMU2RrX2JvYmhrQ0pjSkdVQTl1bTN4N2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALDeAY8yO9aiF/hY54x4
jTqUfnxuwZ5acb6TxgF2EYVxx8bjXnJWqNwJM07tI6zp4yyeD7TPMAMON52SjTC0
erLBra8DzjrSrlgC+ujfTrTVg3/+YhVC3tAfKuv7qtZB5tCTzZZIrTUj698JHky8
kPxpgLa5yUQPW8x9Eh0QeEq8cbcZeR6qH0ZEATW9t0tj6GK1xSh9o/DHKV5PhDoj
WqjRde2nSghw02e3Q0XMI2hLvPCihWD5iLTZmvoiicJQDxqBg72jbji8ZIh/oZc6
OdEqURexspYLYQdrkH2B4NDNKPiSVk84sBWJOvsGDGzq3Dk8MahWBrYlEi3VXvBh
MqE=
-----END CERTIFICATE-----