Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5aX14UqCsTGHUeo68qobYztQ_F0.roa
File:                     5aX14UqCsTGHUeo68qobYztQ_F0.roa (raw, json)
Hash identifier:          8q/sfPH7e5PFpVbzu4AljZ3LhmQ/ogQmnpFKIzsPuGU=
Subject key identifier:   E5:A5:F5:E1:4A:82:B1:31:87:51:EA:3A:F2:AA:1B:63:3B:50:FC:5D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B13B53FF27DE3BBFA045450D19B64D8A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5aX14UqCsTGHUeo68qobYztQ_F0.roa
Signing time:             Sun 05 Mar 2023 10:05:00 +0000
ROA not before:           Sun 05 Mar 2023 10:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:186:b13a:b851/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b1:3b:53:ff:27:de:3b:bf:a0:45:45:0d:19:b6:4d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  5 10:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e5a5f5e14a82b1318751ea3af2aa1b633b50fc5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d6:2c:7c:e4:7c:4d:2e:90:3e:89:f7:68:d2:
                    50:bb:6c:fb:12:95:2e:69:86:e1:ff:af:0c:fc:f8:
                    89:8a:9c:8d:7e:3a:82:93:b0:47:3e:c0:7f:1c:a9:
                    12:2e:55:16:61:8d:db:21:7c:d9:e7:62:44:d4:9e:
                    fe:3c:a4:7d:5a:d8:a4:a8:ed:24:3b:58:c8:42:a7:
                    71:20:8b:d9:db:f4:cb:a4:fb:b2:32:9c:43:f1:71:
                    2e:8c:9c:5c:b5:69:52:77:5e:62:f5:64:23:0e:63:
                    1f:74:0b:4c:c0:12:69:09:8d:34:1a:b5:1d:69:d8:
                    16:af:13:eb:4a:e6:61:5e:a2:e3:1f:a6:99:a0:cc:
                    1d:ce:28:e9:e1:85:81:29:76:95:de:d6:44:34:ba:
                    ab:79:50:4a:22:25:41:ff:4d:23:37:2a:39:e9:58:
                    ad:f9:77:4f:10:33:c8:17:7c:36:f6:ee:38:95:d1:
                    6f:23:30:d0:ac:f8:d4:15:a3:ee:17:9d:52:da:2c:
                    e7:f3:28:12:b8:6f:11:e9:41:a0:fa:e4:a7:5a:3a:
                    bb:7c:13:ca:f4:50:82:92:80:c0:3f:03:b2:8d:f2:
                    8e:a7:c8:8e:d4:79:dc:da:27:ed:22:9a:61:95:88:
                    af:2b:e1:18:12:ce:6a:a4:c4:1a:fe:d1:89:f3:d9:
                    2c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:A5:F5:E1:4A:82:B1:31:87:51:EA:3A:F2:AA:1B:63:3B:50:FC:5D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5aX14UqCsTGHUeo68qobYztQ_F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:f4:02:a6:eb:b3:61:b4:49:e8:48:6a:96:9f:bf:f0:ec:a3:
         b8:23:64:dd:99:81:ce:ca:0d:53:21:ea:f1:2c:aa:34:ca:a1:
         b0:c3:44:17:02:71:f6:87:20:91:15:cb:c1:b2:99:d1:21:62:
         fe:7a:2b:ef:6e:6d:3c:e7:ba:36:ee:8f:48:c0:bf:54:67:85:
         50:6a:b6:92:78:fa:f4:8c:66:e2:c7:2f:f9:90:a7:7d:80:54:
         16:69:1d:9b:3c:e4:86:ef:ca:18:7c:2e:38:1c:c8:dd:81:12:
         5c:5c:9e:6e:17:38:a5:9e:54:c7:79:4a:e3:df:fb:ba:06:b6:
         45:d9:b5:63:3c:6f:b7:03:25:82:5b:62:1e:e1:3d:d0:79:27:
         1d:b8:fb:62:cc:cc:e7:25:8c:3d:34:c3:39:68:68:ce:17:49:
         43:e7:2d:a3:1d:d5:b1:f4:62:32:07:8b:48:05:a7:ab:53:5f:
         b9:9a:35:f1:78:63:ab:dd:82:c2:b6:54:a3:b8:e4:7a:0e:a2:
         38:50:1a:ec:3a:c1:81:d7:87:e0:4f:51:04:00:06:2c:f6:ae:
         01:e3:5f:78:85:1e:a9:ad:3d:9d:09:94:16:2b:fa:78:c1:9b:
         b0:f8:48:4d:d2:ce:6c:3b:22:54:3d:1a:f7:ea:21:1d:d4:1e:
         10:09:16:75
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYaxO1P/J947v6BFRQ0Ztk2KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA1MTAwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWE1ZjVlMTRhODJiMTMxODc1MWVhM2FmMmFhMWI2MzNiNTBmYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNYsfOR8TS6QPon3aNJQu2z7EpUu
aYbh/68M/PiJipyNfjqCk7BHPsB/HKkSLlUWYY3bIXzZ52JE1J7+PKR9WtikqO0k
O1jIQqdxIIvZ2/TLpPuyMpxD8XEujJxctWlSd15i9WQjDmMfdAtMwBJpCY00GrUd
adgWrxPrSuZhXqLjH6aZoMwdzijp4YWBKXaV3tZENLqreVBKIiVB/00jNyo56Vit
+XdPEDPIF3w29u44ldFvIzDQrPjUFaPuF51S2izn8ygSuG8R6UGg+uSnWjq7fBPK
9FCCkoDAPwOyjfKOp8iO1Hnc2iftIpphlYivK+EYEs5qpMQa/tGJ89ksiQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOWl9eFKgrExh1HqOvKqG2M7UPxdMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNWFYMTRVcUNzVEdIVWVvNjhxb2JZenRRX0YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALL0Aqbrs2G0SehIapaf
v/Dso7gjZN2Zgc7KDVMh6vEsqjTKobDDRBcCcfaHIJEVy8GymdEhYv56K+9ubTzn
ujbuj0jAv1RnhVBqtpJ4+vSMZuLHL/mQp32AVBZpHZs85Ibvyhh8LjgcyN2BElxc
nm4XOKWeVMd5SuPf+7oGtkXZtWM8b7cDJYJbYh7hPdB5Jx24+2LMzOcljD00wzlo
aM4XSUPnLaMd1bH0YjIHi0gFp6tTX7maNfF4Y6vdgsK2VKO45HoOojhQGuw6wYHX
h+BPUQQABiz2rgHjX3iFHqmtPZ0JlBYr+njBm7D4SE3Szmw7IlQ9GvfqIR3UHhAJ
FnU=
-----END CERTIFICATE-----