Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3hd_jIzfGSTu5wbS9ROpGzGRmas.roa
File:                     3hd_jIzfGSTu5wbS9ROpGzGRmas.roa (raw, json)
Hash identifier:          HsfJTlCatXXbLgO15FoczSRro1MZBOHvG+Bmv2DGabs=
Subject key identifier:   DE:17:7F:8C:8C:DF:19:24:EE:E7:06:D2:F5:13:A9:1B:31:91:99:AB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0187222250B0EA423E9D911EA91A82A50B95
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3hd_jIzfGSTu5wbS9ROpGzGRmas.roa
Signing time:             Mon 27 Mar 2023 08:14:46 +0000
ROA not before:           Mon 27 Mar 2023 08:14:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:22:22:50:b0:ea:42:3e:9d:91:1e:a9:1a:82:a5:0b:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 27 08:14:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de177f8c8cdf1924eee706d2f513a91b319199ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6b:ee:61:52:08:99:64:8e:71:4d:28:2b:28:
                    10:eb:5e:dd:1a:e3:c2:b1:b3:db:64:55:94:38:ae:
                    65:ce:8f:41:db:0d:83:e6:26:d1:78:a3:b7:b1:0d:
                    65:b6:2b:04:9e:7c:52:29:64:54:ae:29:ac:70:c7:
                    af:11:b8:20:bf:45:0e:ea:54:a2:49:54:b8:df:29:
                    ed:56:5f:5d:ba:fb:67:56:49:38:bb:dd:79:f4:fd:
                    14:92:10:88:61:24:12:2e:bb:8b:3f:5e:5c:28:93:
                    7b:63:c1:99:5c:82:a2:b3:97:83:0d:9a:4d:21:0e:
                    75:f2:34:27:5e:aa:b4:71:fa:69:34:30:99:92:ca:
                    5a:db:87:2c:26:3e:5e:18:d6:96:40:e4:a5:60:34:
                    12:1a:44:9f:be:af:73:dd:24:6d:52:26:7e:61:ce:
                    07:de:cd:a1:14:3f:b5:37:52:40:aa:ce:e0:2c:3d:
                    6e:05:ba:25:11:e1:e5:0c:69:67:88:e4:1b:0a:4f:
                    dd:c5:37:4c:3c:20:4b:67:85:22:d0:80:fe:ac:f5:
                    b4:c1:e4:1f:2a:be:7d:c9:6d:18:ce:31:f4:7b:2f:
                    f0:13:71:fb:7c:5e:90:59:be:7a:e5:66:12:a6:ff:
                    82:ca:71:3f:64:38:64:32:5e:d7:8b:9f:b9:93:36:
                    cf:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:17:7F:8C:8C:DF:19:24:EE:E7:06:D2:F5:13:A9:1B:31:91:99:AB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/3hd_jIzfGSTu5wbS9ROpGzGRmas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:27:40:b8:7c:14:27:72:b7:8d:12:ee:33:6d:d2:3a:25:50:
         88:76:a3:af:39:16:c5:58:be:d5:ec:c2:cc:5a:cf:e4:2d:6d:
         ae:e9:75:fb:b5:8d:f6:ce:38:c5:72:d4:f5:76:0b:ce:c5:5b:
         4d:52:59:48:da:db:c9:75:44:16:6f:ce:2b:31:7f:ff:21:35:
         5f:8c:aa:8f:0d:2d:4a:84:e7:48:ec:e8:22:ea:ba:13:52:97:
         8f:a7:14:f9:c2:80:d8:27:55:80:c4:67:13:6f:c1:62:cd:cb:
         56:94:c8:24:e8:b6:56:12:66:3a:a2:81:a2:29:73:d6:b5:2f:
         29:a1:87:4c:c5:4b:10:eb:d7:2e:8b:6b:38:75:06:c2:70:37:
         78:3c:c3:70:1f:48:4d:33:27:b1:fd:db:8f:53:4a:f9:24:d5:
         39:fb:4d:6a:db:8f:b9:a4:3d:2a:01:ca:26:fb:62:9c:6f:47:
         27:c9:5e:44:98:da:3a:d4:f2:4a:8b:12:a0:c9:79:71:47:1d:
         23:2f:fd:2d:96:f1:3d:83:af:c0:73:7e:a4:1d:8d:04:d4:43:
         d8:d8:a5:f5:21:3e:3d:66:a3:fd:69:da:2e:35:70:fd:ac:a2:
         c7:01:63:38:5a:ef:5c:a1:e1:3a:59:13:6e:b1:e1:18:a6:3c:
         b2:5c:64:22
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYciIlCw6kI+nZEeqRqCpQuVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI3MDgxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTE3N2Y4YzhjZGYxOTI0ZWVlNzA2ZDJmNTEzYTkxYjMxOTE5OWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2vuYVIImWSOcU0oKygQ617dGuPC
sbPbZFWUOK5lzo9B2w2D5ibReKO3sQ1ltisEnnxSKWRUrimscMevEbggv0UO6lSi
SVS43yntVl9duvtnVkk4u9159P0UkhCIYSQSLruLP15cKJN7Y8GZXIKis5eDDZpN
IQ518jQnXqq0cfppNDCZkspa24csJj5eGNaWQOSlYDQSGkSfvq9z3SRtUiZ+Yc4H
3s2hFD+1N1JAqs7gLD1uBbolEeHlDGlniOQbCk/dxTdMPCBLZ4Ui0ID+rPW0weQf
Kr59yW0YzjH0ey/wE3H7fF6QWb565WYSpv+CynE/ZDhkMl7Xi5+5kzbP0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN4Xf4yM3xkk7ucG0vUTqRsxkZmrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvM2hkX2pJemZHU1R1NXdiUzlST3BHekdSbWFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACInQLh8FCdyt40S7jNt
0jolUIh2o685FsVYvtXswsxaz+Qtba7pdfu1jfbOOMVy1PV2C87FW01SWUja28l1
RBZvzisxf/8hNV+Mqo8NLUqE50js6CLquhNSl4+nFPnCgNgnVYDEZxNvwWLNy1aU
yCTotlYSZjqigaIpc9a1Lymhh0zFSxDr1y6Lazh1BsJwN3g8w3AfSE0zJ7H9249T
Svkk1Tn7TWrbj7mkPSoByib7YpxvRyfJXkSY2jrU8kqLEqDJeXFHHSMv/S2W8T2D
r8BzfqQdjQTUQ9jYpfUhPj1mo/1p2i41cP2soscBYzha71yh4TpZE26x4RimPLJc
ZCI=
-----END CERTIFICATE-----