Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2YUlEAtXRQG8VJNSYEJOVowQmZA.roa
File:                     2YUlEAtXRQG8VJNSYEJOVowQmZA.roa (raw, json)
Hash identifier:          OAG4mK3JNieBvrCjISeXRk9WevWpUV+bfDENn3KTM04=
Subject key identifier:   D9:85:25:10:0B:57:45:01:BC:54:93:52:60:42:4E:56:8C:10:99:90
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A6812F161F4EAD54A46748730106BA44
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2YUlEAtXRQG8VJNSYEJOVowQmZA.roa
Signing time:             Fri 03 Mar 2023 08:05:29 +0000
ROA not before:           Fri 03 Mar 2023 08:05:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a680:a756/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a6:81:2f:16:1f:4e:ad:54:a4:67:48:73:01:06:ba:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  3 08:05:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d98525100b574501bc54935260424e568c109990
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:eb:90:fb:1d:c0:00:c5:d4:2c:28:0e:eb:5a:
                    08:69:63:d5:f8:af:4d:24:3e:85:a8:2d:06:6f:89:
                    35:fa:35:7a:ee:92:77:97:97:a4:93:0d:3f:7d:29:
                    6d:fa:a7:ef:ef:fc:2b:e5:96:f6:44:38:5a:34:b3:
                    15:1b:fb:8e:e3:f0:54:49:95:29:85:2f:d1:99:6e:
                    bf:02:a9:f9:e5:1e:c0:0d:5a:dd:9c:6d:b5:76:01:
                    17:2b:3e:d5:d2:50:c3:92:75:bf:31:2a:09:fb:aa:
                    c8:cf:2b:0e:76:4a:df:82:90:52:9f:2e:11:e6:9a:
                    1e:9a:64:15:24:96:9c:b8:e4:a3:c9:d4:a6:b8:92:
                    77:f5:95:1f:6d:11:50:ab:f2:06:b3:cd:7d:e6:15:
                    4d:2d:49:03:22:26:44:f2:74:fc:ac:86:36:e0:da:
                    ce:ee:33:80:df:bd:d3:4f:9f:34:bc:30:94:a1:c4:
                    ea:99:26:30:c4:5d:f6:ce:97:86:55:65:69:c9:4b:
                    c0:b8:4d:f3:b9:33:a6:e0:d9:9f:e4:46:5b:02:ce:
                    c3:e2:6a:df:47:18:a6:09:e0:88:9e:87:77:43:12:
                    db:1a:96:cc:2e:61:6c:0a:a3:83:ae:e1:bf:1b:61:
                    3b:5e:e5:22:28:94:76:b3:40:6c:bd:ce:97:65:ee:
                    f7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:85:25:10:0B:57:45:01:BC:54:93:52:60:42:4E:56:8C:10:99:90
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/2YUlEAtXRQG8VJNSYEJOVowQmZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:2a:86:91:6e:96:60:fb:f8:b5:aa:22:1e:40:67:2e:b4:d2:
         3a:7b:fa:ff:51:7b:e3:7b:99:b5:f3:da:db:3a:a8:67:00:39:
         e7:ed:98:7d:2a:d6:d3:01:21:3e:cf:57:79:01:01:ff:da:e6:
         11:76:af:cb:16:74:b4:c6:08:e3:89:6f:69:01:8d:28:b9:42:
         64:64:f4:ed:b5:26:ee:ab:16:6c:b5:14:90:dc:b7:d6:1b:bb:
         7e:7e:03:e0:ab:48:39:e3:a3:b4:f8:ea:58:9e:1f:f3:be:85:
         6c:95:f5:60:bd:56:16:9b:2f:7a:ff:4a:90:89:ed:72:93:ed:
         c4:a9:0b:f0:b0:2e:47:55:b8:02:53:af:74:18:f2:10:e3:2f:
         1c:89:6c:0c:b9:6b:ac:d2:3a:dc:72:3d:d4:99:22:11:20:1e:
         d2:2b:bb:e2:c3:6b:a5:df:c7:62:8b:a0:82:09:1d:4f:b7:a9:
         63:d6:05:7e:14:4c:ed:ea:69:ff:d4:ec:01:5e:da:0f:07:28:
         52:37:df:90:17:ff:ec:2e:a9:0b:43:f5:83:dd:b7:4d:e6:af:
         d9:b9:da:7f:7b:82:e0:04:c3:65:94:64:60:6f:21:00:c4:57:
         dd:c4:e1:59:7b:ea:38:e0:12:01:2c:02:48:23:12:d1:11:2e:
         26:d3:bb:3e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYamgS8WH06tVKRnSHMBBrpEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMDgwNTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTg1MjUxMDBiNTc0NTAxYmM1NDkzNTI2MDQyNGU1NjhjMTA5OTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuuQ+x3AAMXULCgO61oIaWPV+K9N
JD6FqC0Gb4k1+jV67pJ3l5ekkw0/fSlt+qfv7/wr5Zb2RDhaNLMVG/uO4/BUSZUp
hS/RmW6/Aqn55R7ADVrdnG21dgEXKz7V0lDDknW/MSoJ+6rIzysOdkrfgpBSny4R
5poemmQVJJacuOSjydSmuJJ39ZUfbRFQq/IGs8195hVNLUkDIiZE8nT8rIY24NrO
7jOA373TT580vDCUocTqmSYwxF32zpeGVWVpyUvAuE3zuTOm4Nmf5EZbAs7D4mrf
RximCeCInod3QxLbGpbMLmFsCqODruG/G2E7XuUiKJR2s0Bsvc6XZe73iQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNmFJRALV0UBvFSTUmBCTlaMEJmQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvMllVbEVBdFhSUUc4VkpOU1lFSk9Wb3dRbVpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKkqhpFulmD7+LWqIh5A
Zy600jp7+v9Re+N7mbXz2ts6qGcAOeftmH0q1tMBIT7PV3kBAf/a5hF2r8sWdLTG
COOJb2kBjSi5QmRk9O21Ju6rFmy1FJDct9Ybu35+A+CrSDnjo7T46lieH/O+hWyV
9WC9VhabL3r/SpCJ7XKT7cSpC/CwLkdVuAJTr3QY8hDjLxyJbAy5a6zSOtxyPdSZ
IhEgHtIru+LDa6Xfx2KLoIIJHU+3qWPWBX4UTO3qaf/U7AFe2g8HKFI335AX/+wu
qQtD9YPdt03mr9m52n97guAEw2WUZGBvIQDEV93E4Vl76jjgEgEsAkgjEtERLibT
uz4=
-----END CERTIFICATE-----