Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y4fZcuXu9qATFf84Z-M92z5HBf4.roa
File:                     y4fZcuXu9qATFf84Z-M92z5HBf4.roa (raw, json)
Hash identifier:          HVfDOA2Du319u9MjvsCMqnQScoVgzKncU+DbtD8VnK0=
Subject key identifier:   CB:87:D9:72:E5:EE:F6:A0:13:15:FF:38:67:E3:3D:DB:3E:47:05:FE
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872E28F7093052003B00313E62BAFFF566
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y4fZcuXu9qATFf84Z-M92z5HBf4.roa
Signing time:             Wed 29 Mar 2023 16:17:29 +0000
ROA not before:           Wed 29 Mar 2023 16:17:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2e:28:f7:09:30:52:00:3b:00:31:3e:62:ba:ff:f5:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 29 16:17:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb87d972e5eef6a01315ff3867e33ddb3e4705fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9e:51:79:b5:b8:58:14:bc:ff:4a:14:e8:5b:
                    c2:a0:a6:84:99:06:41:17:96:1b:b5:a3:26:1f:f8:
                    2c:45:8e:42:5e:d1:c9:5f:2c:6f:c2:c1:52:35:ea:
                    01:aa:d2:9f:5e:0f:36:41:b9:98:d8:3b:aa:8c:ba:
                    41:21:57:dd:f8:fb:c1:63:af:5f:76:a8:bb:5e:c3:
                    af:b9:af:cd:e0:ae:2e:8f:6a:2d:70:c6:fb:e4:69:
                    46:2d:68:c9:b3:ba:9f:cd:24:6c:0b:9f:5e:d8:91:
                    0c:57:30:ae:db:ad:5f:55:fa:e7:f5:e8:1c:35:70:
                    c8:f7:f6:26:3b:a5:5c:dd:a2:a4:d2:55:8b:e2:0f:
                    a4:a1:c3:81:3f:3c:39:97:75:bd:d0:30:d8:09:6a:
                    a4:fe:79:f4:b3:7b:ad:29:33:95:9d:17:51:bf:4d:
                    db:70:66:20:4e:91:87:1e:bf:99:40:4a:5f:77:d8:
                    55:3d:62:c7:69:45:8a:08:c1:0d:0d:cf:f1:2a:4d:
                    0b:20:e3:91:c0:9f:0a:80:99:8d:12:eb:03:fa:08:
                    35:c4:3b:78:89:41:95:60:5d:c9:b1:53:e3:84:c2:
                    59:d3:10:08:d5:55:d1:08:a0:4f:e4:56:ed:42:0d:
                    96:60:2e:27:94:1d:99:6d:5f:61:90:4b:23:4b:4e:
                    d9:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:87:D9:72:E5:EE:F6:A0:13:15:FF:38:67:E3:3D:DB:3E:47:05:FE
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/y4fZcuXu9qATFf84Z-M92z5HBf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:27:72:e9:57:79:2b:df:7d:84:a2:0e:a7:0f:cd:07:a6:fd:
         79:6c:25:82:73:d7:1d:0a:55:d6:a2:9f:e7:59:d4:cd:72:17:
         aa:96:97:4c:96:eb:9e:6b:13:f9:01:02:d7:e7:d8:a9:d2:8b:
         ac:cb:c8:e9:9f:18:1c:cb:28:b0:48:49:7b:5e:05:80:3a:e7:
         b4:74:f7:2b:19:a2:9a:cd:15:42:20:09:25:d7:9d:b9:75:a2:
         b1:d5:6d:fb:50:6e:e7:90:a8:2f:f0:da:66:42:07:6e:79:0f:
         1e:ea:90:e0:43:84:aa:b6:5b:21:91:51:12:45:41:c2:63:60:
         3b:f8:d9:e2:df:fc:3f:7f:3b:cf:26:34:34:85:9d:f4:5e:9d:
         c6:04:9a:84:dd:7a:8e:ad:04:62:f9:68:df:08:b0:bc:b3:d5:
         d2:f6:dd:44:7e:e6:59:0e:b7:2d:d5:0d:ae:a8:e7:c8:3d:60:
         aa:d2:ff:72:e9:46:3d:ca:07:de:c1:5d:b5:67:d3:93:88:6b:
         b8:a6:82:d9:bd:12:c5:fa:e0:41:d6:71:49:78:02:05:3b:d6:
         c0:10:c2:d6:60:16:0c:65:b3:50:10:ce:db:ef:0c:04:0f:8b:
         31:08:da:31:10:84:80:08:c7:70:70:36:cb:fa:a3:57:be:e6:
         54:3e:0b:6f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcuKPcJMFIAOwAxPmK6//VmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI5MTYxNzI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjg3ZDk3MmU1ZWVmNmEwMTMxNWZmMzg2N2UzM2RkYjNlNDcwNWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZ5RebW4WBS8/0oU6FvCoKaEmQZB
F5YbtaMmH/gsRY5CXtHJXyxvwsFSNeoBqtKfXg82QbmY2DuqjLpBIVfd+PvBY69f
dqi7XsOvua/N4K4uj2otcMb75GlGLWjJs7qfzSRsC59e2JEMVzCu261fVfrn9egc
NXDI9/YmO6Vc3aKk0lWL4g+kocOBPzw5l3W90DDYCWqk/nn0s3utKTOVnRdRv03b
cGYgTpGHHr+ZQEpfd9hVPWLHaUWKCMENDc/xKk0LIOORwJ8KgJmNEusD+gg1xDt4
iUGVYF3JsVPjhMJZ0xAI1VXRCKBP5FbtQg2WYC4nlB2ZbV9hkEsjS07Z8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMuH2XLl7vagExX/OGfjPds+RwX+MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEveTRmWmN1WHU5cUFURmY4NFotTTkyejVIQmY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ8nculXeSvffYSiDqcP
zQem/XlsJYJz1x0KVdain+dZ1M1yF6qWl0yW655rE/kBAtfn2KnSi6zLyOmfGBzL
KLBISXteBYA657R09ysZoprNFUIgCSXXnbl1orHVbftQbueQqC/w2mZCB255Dx7q
kOBDhKq2WyGRURJFQcJjYDv42eLf/D9/O88mNDSFnfRencYEmoTdeo6tBGL5aN8I
sLyz1dL23UR+5lkOty3VDa6o58g9YKrS/3LpRj3KB97BXbVn05OIa7imgtm9EsX6
4EHWcUl4AgU71sAQwtZgFgxls1AQztvvDAQPizEI2jEQhIAIx3BwNsv6o1e+5lQ+
C28=
-----END CERTIFICATE-----