Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/436D-6vWQksn_7vuyjVL149JFXk.roa
File:                     436D-6vWQksn_7vuyjVL149JFXk.roa (raw, json)
Hash identifier:          AEEZUxxnsA0lrnCOkTfSK4fRTupeVwoZLiAXE2u5A3o=
Subject key identifier:   E3:7E:83:FB:AB:D6:42:4B:27:FF:BB:EE:CA:35:4B:D7:8F:49:15:79
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186BA3F5ED8A89B7EEA620D3FB9E4AD7AD8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/436D-6vWQksn_7vuyjVL149JFXk.roa
Signing time:             Tue 07 Mar 2023 04:06:00 +0000
ROA not before:           Tue 07 Mar 2023 04:06:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:186:ba3e:7a9d/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ba:3f:5e:d8:a8:9b:7e:ea:62:0d:3f:b9:e4:ad:7a:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  7 04:06:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e37e83fbabd6424b27ffbbeeca354bd78f491579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:60:f0:48:8f:79:b8:91:53:14:d4:54:63:d7:
                    44:d2:23:28:ca:a5:65:96:e8:32:06:32:d8:94:1e:
                    14:df:5d:96:82:23:49:02:57:4a:63:13:3f:1a:fe:
                    21:bd:3b:f3:e5:32:4c:4a:ab:01:a1:24:09:31:4e:
                    06:68:50:4a:01:29:ee:19:21:bc:56:d9:12:09:ba:
                    ec:5b:4b:88:4a:a8:cd:3b:a8:1f:33:7e:ac:b2:8d:
                    07:c9:c1:9a:01:2f:60:50:6e:d3:fa:0c:d9:0e:9f:
                    34:ec:ad:05:af:2e:7a:b4:4f:2a:4e:41:f8:54:2c:
                    be:37:f9:6b:b6:19:20:85:be:b8:35:64:26:c8:28:
                    77:36:5c:55:69:ee:ab:23:4a:8e:58:dd:1a:d9:f8:
                    a1:fb:fd:3a:29:fd:95:4c:30:77:7a:f3:a8:1a:dd:
                    22:b0:a8:9c:3d:85:d9:b4:1c:1b:2e:e5:fa:ed:b7:
                    b0:30:b0:86:13:5d:3c:6c:1b:9b:03:f1:0b:a7:5c:
                    3f:34:0a:2d:f5:ce:67:c7:1f:ae:d6:6e:44:49:be:
                    c0:5a:72:1c:4b:b2:cf:9d:70:e6:26:06:98:75:cd:
                    e3:c6:dd:14:31:29:bd:97:20:8d:98:2e:97:06:dc:
                    cb:01:ab:95:30:22:97:f7:0c:c2:78:62:ac:e7:a3:
                    b0:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:7E:83:FB:AB:D6:42:4B:27:FF:BB:EE:CA:35:4B:D7:8F:49:15:79
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/436D-6vWQksn_7vuyjVL149JFXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:cd:0b:71:5f:62:b7:c0:9f:10:ad:2d:b0:aa:e3:f4:71:39:
         f9:2c:a6:82:04:90:29:f8:1e:ab:3c:ee:15:1f:49:00:2e:35:
         c8:4e:55:e1:71:c5:ea:3c:0e:a9:9e:fd:82:6c:f3:3d:4e:9d:
         d4:f3:9d:97:a6:82:69:9b:90:28:a9:f3:4b:f8:da:94:cb:b6:
         dd:71:57:a5:71:04:c5:2b:bd:e6:05:f5:73:39:d9:e8:a7:42:
         70:e6:84:92:c8:4a:44:13:01:a6:4f:a4:22:c2:77:1f:cf:47:
         51:1e:b9:bd:ef:57:b2:eb:c0:54:b3:2b:c0:59:fa:b5:a3:72:
         5c:95:10:9e:15:26:5a:d7:e2:0e:74:de:1d:64:c4:df:f4:11:
         29:42:13:b6:f8:0e:a9:4f:ba:b2:db:11:ab:93:3d:a0:52:b9:
         75:b6:32:19:c2:b4:02:fc:e1:46:4c:64:78:7b:42:76:b8:23:
         0f:b8:68:91:12:c6:7a:7f:dc:ea:b3:de:53:e1:f6:eb:0f:77:
         fe:5e:4a:cc:b4:af:19:5d:d0:db:c3:f4:1b:3c:8b:7f:9f:f7:
         98:a0:24:eb:50:7f:10:65:4e:ee:77:06:5b:07:d0:3e:e3:f6:
         f4:93:9a:52:71:de:a2:19:c0:46:e3:c0:f6:fd:b2:a4:2e:8f:
         bc:26:9a:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa6P17YqJt+6mINP7nkrXrYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA3MDQwNjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzdlODNmYmFiZDY0MjRiMjdmZmJiZWVjYTM1NGJkNzhmNDkxNTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7WDwSI95uJFTFNRUY9dE0iMoyqVl
lugyBjLYlB4U312WgiNJAldKYxM/Gv4hvTvz5TJMSqsBoSQJMU4GaFBKASnuGSG8
VtkSCbrsW0uISqjNO6gfM36sso0HycGaAS9gUG7T+gzZDp807K0Fry56tE8qTkH4
VCy+N/lrthkghb64NWQmyCh3NlxVae6rI0qOWN0a2fih+/06Kf2VTDB3evOoGt0i
sKicPYXZtBwbLuX67bewMLCGE108bBubA/ELp1w/NAot9c5nxx+u1m5ESb7AWnIc
S7LPnXDmJgaYdc3jxt0UMSm9lyCNmC6XBtzLAauVMCKX9wzCeGKs56OwEwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFON+g/ur1kJLJ/+77so1S9ePSRV5MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNDM2RC02dldRa3NuXzd2dXlqVkwxNDlKRlhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE3NC3FfYrfAnxCtLbCq
4/RxOfkspoIEkCn4Hqs87hUfSQAuNchOVeFxxeo8Dqme/YJs8z1OndTznZemgmmb
kCip80v42pTLtt1xV6VxBMUrveYF9XM52einQnDmhJLISkQTAaZPpCLCdx/PR1Ee
ub3vV7LrwFSzK8BZ+rWjclyVEJ4VJlrX4g503h1kxN/0ESlCE7b4DqlPurLbEauT
PaBSuXW2MhnCtAL84UZMZHh7Qna4Iw+4aJESxnp/3Oqz3lPh9usPd/5eSsy0rxld
0NvD9Bs8i3+f95igJOtQfxBlTu53BlsH0D7j9vSTmlJx3qIZwEbjwPb9sqQuj7wm
mgI=
-----END CERTIFICATE-----