Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5anvxH-jm4gIJ8xqAnO77QCfrHg.roa
File:                     5anvxH-jm4gIJ8xqAnO77QCfrHg.roa (raw, json)
Hash identifier:          uMMxW1Ruq2bSqsLPI+ElgQy4UUqzfDjam0K3g/1Fu+Q=
Subject key identifier:   E5:A9:EF:C4:7F:A3:9B:88:08:27:CC:6A:02:73:BB:ED:00:9F:AC:78
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B6CF8DBFDD105BB5569124DBA7B2A851
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5anvxH-jm4gIJ8xqAnO77QCfrHg.roa
Signing time:             Mon 06 Mar 2023 12:05:00 +0000
ROA not before:           Mon 06 Mar 2023 12:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:b6ce:f2c1/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b6:cf:8d:bf:dd:10:5b:b5:56:91:24:db:a7:b2:a8:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  6 12:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e5a9efc47fa39b880827cc6a0273bbed009fac78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f8:85:59:bf:c8:13:28:ea:70:30:4e:e9:46:
                    12:20:dc:e8:31:2b:08:1e:14:08:e0:e7:fb:ba:99:
                    52:fd:ad:c7:7e:46:ec:21:5b:1d:d0:36:71:a0:65:
                    c6:a5:23:45:14:4e:22:8d:16:61:84:30:7d:53:04:
                    e1:7b:b3:22:bb:5e:5b:5a:5a:a5:a3:6f:b5:69:a7:
                    20:1a:31:a9:5f:1c:84:ab:9f:42:ea:23:83:7e:ca:
                    7f:31:07:1f:dd:6c:6b:c8:3a:ef:e1:39:ce:d6:71:
                    b2:76:7e:69:94:e7:7c:85:3b:ab:75:72:2c:9a:19:
                    3c:0f:8b:0c:85:f9:a1:2f:3e:5b:31:26:b8:84:9e:
                    c2:47:41:44:b7:14:30:1a:d6:97:02:e0:0f:9c:8c:
                    c6:b9:e3:28:b1:07:e9:ee:fd:b1:55:0d:cd:2d:37:
                    e4:30:18:33:b9:19:5e:c5:34:1b:8f:cc:29:2a:10:
                    2d:cd:61:1d:ad:8b:f7:16:f5:4f:da:ee:92:84:c9:
                    07:76:3a:8c:71:73:b4:2e:3f:33:13:c8:14:88:14:
                    bd:35:f0:f8:e6:a7:ac:10:0a:9f:66:d7:9e:75:95:
                    7a:1d:1d:b7:e8:e9:55:17:34:1e:34:34:d7:59:a6:
                    3b:7b:9c:e0:43:23:e8:0e:1c:26:4e:ce:9e:21:84:
                    1f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:A9:EF:C4:7F:A3:9B:88:08:27:CC:6A:02:73:BB:ED:00:9F:AC:78
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5anvxH-jm4gIJ8xqAnO77QCfrHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:07:03:bb:15:91:bb:ed:ba:59:37:96:fc:b0:77:cc:bd:a8:
         56:6e:2d:0c:76:77:6c:b7:90:f5:4b:1b:0d:80:56:1f:d2:86:
         3f:80:6a:0f:bf:47:00:84:b4:d6:0a:f5:ab:6e:78:30:f4:c3:
         e7:c3:d3:59:d6:ee:55:01:35:e5:a8:5f:d8:2b:aa:00:b4:d5:
         f9:f7:17:73:aa:40:cb:52:80:5f:87:c5:e6:8f:81:8b:0e:fe:
         1f:7e:a9:f1:64:2c:cb:2f:d5:b2:38:84:23:a8:5d:74:05:28:
         2b:16:ad:1e:48:f5:a5:90:0e:d8:b0:db:86:d0:b3:a3:5a:04:
         e8:5e:00:26:10:fe:55:36:da:c9:56:5d:36:0d:b2:c4:09:f9:
         b3:f7:9e:27:3f:dd:ca:f9:5b:e0:d9:cb:f3:af:fa:c9:05:a1:
         43:cf:20:b6:8a:c6:3e:48:c7:b9:e0:e3:75:10:e9:d0:a8:b9:
         da:f3:08:4f:de:32:76:23:49:bf:e8:2c:9e:a7:9f:39:25:2b:
         8c:78:c0:2c:28:39:b2:bf:7a:0b:49:95:35:34:97:46:f5:7c:
         02:01:f9:ca:25:88:eb:8a:5c:63:41:7e:38:b7:59:b0:3e:f3:
         fb:9b:b2:d6:91:13:d6:27:bd:9d:3c:f2:cf:af:31:9f:5f:10:
         ea:be:e5:13
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa2z42/3RBbtVaRJNunsqhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA2MTIwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWE5ZWZjNDdmYTM5Yjg4MDgyN2NjNmEwMjczYmJlZDAwOWZhYzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfiFWb/IEyjqcDBO6UYSINzoMSsI
HhQI4Of7uplS/a3HfkbsIVsd0DZxoGXGpSNFFE4ijRZhhDB9UwThe7Miu15bWlql
o2+1aacgGjGpXxyEq59C6iODfsp/MQcf3WxryDrv4TnO1nGydn5plOd8hTurdXIs
mhk8D4sMhfmhLz5bMSa4hJ7CR0FEtxQwGtaXAuAPnIzGueMosQfp7v2xVQ3NLTfk
MBgzuRlexTQbj8wpKhAtzWEdrYv3FvVP2u6ShMkHdjqMcXO0Lj8zE8gUiBS9NfD4
5qesEAqfZteedZV6HR236OlVFzQeNDTXWaY7e5zgQyPoDhwmTs6eIYQf7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOWp78R/o5uICCfMagJzu+0An6x4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNWFudnhILWptNGdJSjh4cUFuTzc3UUNmckhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGsHA7sVkbvtulk3lvyw
d8y9qFZuLQx2d2y3kPVLGw2AVh/Shj+Aag+/RwCEtNYK9atueDD0w+fD01nW7lUB
NeWoX9grqgC01fn3F3OqQMtSgF+HxeaPgYsO/h9+qfFkLMsv1bI4hCOoXXQFKCsW
rR5I9aWQDtiw24bQs6NaBOheACYQ/lU22slWXTYNssQJ+bP3nic/3cr5W+DZy/Ov
+skFoUPPILaKxj5Ix7ng43UQ6dCoudrzCE/eMnYjSb/oLJ6nnzklK4x4wCwoObK/
egtJlTU0l0b1fAIB+coliOuKXGNBfji3WbA+8/ubstaRE9YnvZ088s+vMZ9fEOq+
5RM=
-----END CERTIFICATE-----