Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-k9n9dQBSoES4bZIQhqM28CxfZc.roa
File:                     1-k9n9dQBSoES4bZIQhqM28CxfZc.roa (raw, json)
Hash identifier:          18Ff1D/WCnGG5L0a7OWcxOMpcT1gczMZtUL+YjU5BLg=
Subject key identifier:   FA:4F:67:F5:D4:01:4A:81:12:E1:B6:48:42:1A:8C:DB:C0:B1:7D:97
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186AF5619ECA51ACF50B35BF34CB4F9DF35
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-k9n9dQBSoES4bZIQhqM28CxfZc.roa
Signing time:             Sun 05 Mar 2023 01:15:00 +0000
ROA not before:           Sun 05 Mar 2023 01:15:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:af:56:19:ec:a5:1a:cf:50:b3:5b:f3:4c:b4:f9:df:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  5 01:15:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fa4f67f5d4014a8112e1b648421a8cdbc0b17d97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0f:93:7d:14:0a:cc:37:7a:cd:f4:a3:02:92:
                    9e:e9:9f:68:d5:69:42:a8:6d:eb:17:c4:76:0b:6d:
                    7d:b2:83:14:49:38:c2:24:f4:d5:92:28:01:98:11:
                    fc:28:8b:fa:b0:4c:88:72:a1:d7:b6:6a:b4:73:6c:
                    8e:ba:84:25:88:eb:1f:e3:b7:ce:2f:71:03:df:54:
                    54:98:0d:89:cb:31:f0:f7:eb:6d:f6:bd:95:2f:67:
                    11:a7:20:d6:88:2c:c1:9e:28:2f:e0:6b:18:8b:94:
                    da:01:73:7c:ee:cd:d1:52:06:ab:06:50:dd:6f:90:
                    65:52:fe:c1:fd:f0:33:c1:17:91:cb:fc:e5:4f:7a:
                    34:14:ce:cc:16:f8:95:83:5a:c3:00:0f:20:d5:23:
                    17:74:c8:c1:5d:18:56:5f:75:3b:00:99:3d:7a:ac:
                    6a:79:49:49:7b:f3:16:a9:b0:91:d6:36:5a:65:08:
                    1b:99:ba:d5:1f:8e:ae:8f:a7:74:db:2d:ab:8d:2b:
                    b3:70:a4:0e:1e:cc:68:af:b9:82:88:84:1f:9f:ba:
                    56:5a:39:ba:68:4b:56:8f:2f:d3:f4:37:65:d6:e5:
                    0f:38:08:b6:18:ed:02:c6:db:c9:0d:e2:db:cd:35:
                    6d:e8:84:51:86:3d:27:e6:bb:ea:f8:ca:a8:c4:86:
                    37:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:4F:67:F5:D4:01:4A:81:12:E1:B6:48:42:1A:8C:DB:C0:B1:7D:97
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/1-k9n9dQBSoES4bZIQhqM28CxfZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:d3:a1:49:77:f1:b7:17:16:ac:24:34:fb:4f:83:27:57:02:
         2e:31:88:72:fc:4c:57:b4:e3:19:bc:54:37:63:b8:00:be:6e:
         50:d4:05:f3:eb:3c:5e:34:7c:bf:eb:22:cd:4f:32:84:5a:29:
         bd:28:17:62:bd:c4:d7:89:f8:33:88:d9:f7:55:e8:60:96:3f:
         fc:91:5c:60:d8:80:71:86:96:9a:e2:fa:0e:e6:a1:5f:6a:4a:
         85:56:19:60:d6:f6:a0:5e:ff:33:cd:59:67:bb:e9:9b:0d:c5:
         d1:93:d5:53:62:aa:3b:db:80:00:36:17:41:23:45:3c:b2:ea:
         41:03:83:1f:67:86:e8:9a:23:d0:ef:7e:ea:4c:0e:15:61:13:
         d9:a9:0c:a2:50:29:e6:8b:e1:e5:31:6b:1a:68:29:d2:86:ba:
         fa:b3:0c:3b:13:80:2a:ea:8d:8b:f2:c4:ea:d9:89:37:e0:6e:
         1e:4f:8a:75:1b:7c:7e:d5:cf:63:b7:18:37:62:59:b4:de:41:
         c0:9d:93:08:b1:87:a5:39:b6:11:d9:48:41:36:86:73:d5:f9:
         f9:1c:0c:4f:e3:fc:b8:c2:72:14:b4:e9:60:35:84:74:23:b0:
         31:d3:00:86:ca:b2:98:a4:a1:f2:cf:73:3f:41:62:4e:b9:62:
         42:39:5f:63
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYavVhnspRrPULNb80y0+d81MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA1MDExNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTRmNjdmNWQ0MDE0YTgxMTJlMWI2NDg0MjFhOGNkYmMwYjE3ZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA+TfRQKzDd6zfSjApKe6Z9o1WlC
qG3rF8R2C219soMUSTjCJPTVkigBmBH8KIv6sEyIcqHXtmq0c2yOuoQliOsf47fO
L3ED31RUmA2JyzHw9+tt9r2VL2cRpyDWiCzBnigv4GsYi5TaAXN87s3RUgarBlDd
b5BlUv7B/fAzwReRy/zlT3o0FM7MFviVg1rDAA8g1SMXdMjBXRhWX3U7AJk9eqxq
eUlJe/MWqbCR1jZaZQgbmbrVH46uj6d02y2rjSuzcKQOHsxor7mCiIQfn7pWWjm6
aEtWjy/T9Ddl1uUPOAi2GO0CxtvJDeLbzTVt6IRRhj0n5rvq+MqoxIY3TQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPpPZ/XUAUqBEuG2SEIajNvAsX2XMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMS1rOW45ZFFCU29FUzRiWklRaHFNMjhDeGZaYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWUvNzk4NDQ3LTIxZjQtNDVhYi05OWRjLTFhYmUzYWMxMGFh
Ni8xL2NnUjc0VnNuV1FMYzloZmNQUTRXM0I4d2dDSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQhMB8wDAQCAAEwBgMEA8EAGDAP
BAIAAjAJAwcAIAEGfABkMA0GCSqGSIb3DQEBCwUAA4IBAQAe06FJd/G3FxasJDT7
T4MnVwIuMYhy/ExXtOMZvFQ3Y7gAvm5Q1AXz6zxeNHy/6yLNTzKEWim9KBdivcTX
ifgziNn3Vehglj/8kVxg2IBxhpaa4voO5qFfakqFVhlg1vagXv8zzVlnu+mbDcXR
k9VTYqo724AANhdBI0U8supBA4MfZ4bomiPQ737qTA4VYRPZqQyiUCnmi+HlMWsa
aCnShrr6sww7E4Aq6o2L8sTq2Yk34G4eT4p1G3x+1c9jtxg3Ylm03kHAnZMIsYel
ObYR2UhBNoZz1fn5HAxP4/y4wnIUtOlgNYR0I7Ax0wCGyrKYpKHyz3M/QWJOuWJC
OV9j
-----END CERTIFICATE-----