Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5hoYskiiQR6PAnNUau5OcACDPgA.roa
File:                     5hoYskiiQR6PAnNUau5OcACDPgA.roa (raw, json)
Hash identifier:          24IWoIsNL2RU19+FS59cOtPv8pXbpcfOim+59Vt+CxQ=
Subject key identifier:   E6:1A:18:B2:48:A2:41:1E:8F:02:73:54:6A:EE:4E:70:00:83:3E:00
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CB6A1959A41C6EB58F3F7F0563D00603
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5hoYskiiQR6PAnNUau5OcACDPgA.roa
Signing time:             Fri 10 Mar 2023 12:06:13 +0000
ROA not before:           Fri 10 Mar 2023 12:06:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cb69:4fba/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cb:6a:19:59:a4:1c:6e:b5:8f:3f:7f:05:63:d0:06:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 10 12:06:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e61a18b248a2411e8f0273546aee4e7000833e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:50:69:aa:27:36:0f:d8:0c:d3:da:6b:ed:c0:
                    fe:f5:22:03:3f:45:e2:18:fc:d4:1e:30:84:48:0a:
                    31:4e:61:6d:0f:45:ae:86:91:34:46:75:31:d8:52:
                    77:2a:41:31:d2:cb:1a:8f:0d:8f:e8:fe:6c:2c:92:
                    56:a8:36:48:3f:f6:3a:f4:df:d8:72:8e:ce:ca:b7:
                    6a:91:c5:eb:be:a0:f9:4d:d5:f9:1b:5c:f6:60:97:
                    cb:cd:20:60:72:97:fb:72:a5:61:57:23:82:a9:08:
                    ae:1a:45:c9:4d:c2:be:df:71:9a:27:83:35:d3:d4:
                    46:47:06:70:0e:f0:f1:65:ad:b4:b8:a6:a7:86:3c:
                    d2:8f:c7:eb:77:32:58:51:20:52:58:1c:63:61:1d:
                    09:28:ba:d7:de:0a:d0:05:32:4e:d5:34:0c:92:74:
                    af:93:a8:c9:b0:06:09:70:d5:57:02:5e:1c:30:e2:
                    c7:f8:04:72:49:16:22:e2:a5:38:42:30:f3:10:ed:
                    8d:30:c0:26:93:3e:05:02:ff:d8:52:56:54:82:f5:
                    73:f3:9b:af:21:12:61:e9:59:26:69:9f:6c:b8:2f:
                    0a:10:16:1c:4c:24:44:87:1a:86:0b:14:a3:47:57:
                    0f:f2:1e:ff:e3:a3:2a:8f:f7:93:4a:35:ac:18:e0:
                    0b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:1A:18:B2:48:A2:41:1E:8F:02:73:54:6A:EE:4E:70:00:83:3E:00
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/5hoYskiiQR6PAnNUau5OcACDPgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:8a:2a:6b:e4:c7:b7:8a:71:10:2a:f8:7e:60:59:38:92:2c:
         01:8d:31:3d:8a:45:d8:7a:e7:f4:80:72:6c:6e:c6:48:5f:27:
         58:86:da:94:d0:91:ac:4b:4c:ff:d9:e7:bd:1a:8f:c2:f8:f1:
         80:9d:37:82:ea:c9:5a:6d:b8:dd:60:e5:72:29:f2:10:63:f7:
         ef:93:de:f4:af:60:5e:0e:35:21:4a:3b:69:70:98:1e:a4:21:
         48:c6:50:ff:c8:fa:2c:b1:59:90:27:e9:df:88:fb:f7:cc:02:
         7c:9e:3b:d2:50:d4:f3:2c:69:bd:b7:a3:e7:d5:9d:87:ad:37:
         ea:8a:16:57:83:6d:20:e6:c9:41:96:ac:61:db:54:0a:e1:06:
         b1:27:1e:9b:c3:6b:bc:9c:14:32:dd:e4:08:dc:9e:1e:84:28:
         2d:a0:e3:79:ee:72:7c:fd:f4:c9:d1:78:53:14:b9:18:0c:a0:
         64:d3:1c:ba:f8:97:6b:ac:7c:96:ae:5a:71:a3:ce:52:2a:6c:
         04:30:8c:b2:66:da:2b:64:8a:af:86:71:cd:c1:f3:15:d8:0b:
         e4:5d:69:9e:5f:16:27:4e:0e:37:c0:96:77:4f:0f:6c:47:7e:
         49:7e:b1:a0:d1:00:78:90:12:3f:fc:d1:91:f9:fc:a0:9b:e0:
         57:4b:7b:d9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbLahlZpBxutY8/fwVj0AYDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEwMTIwNjEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjFhMThiMjQ4YTI0MTFlOGYwMjczNTQ2YWVlNGU3MDAwODMzZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1Bpqic2D9gM09pr7cD+9SIDP0Xi
GPzUHjCESAoxTmFtD0WuhpE0RnUx2FJ3KkEx0ssajw2P6P5sLJJWqDZIP/Y69N/Y
co7OyrdqkcXrvqD5TdX5G1z2YJfLzSBgcpf7cqVhVyOCqQiuGkXJTcK+33GaJ4M1
09RGRwZwDvDxZa20uKanhjzSj8frdzJYUSBSWBxjYR0JKLrX3grQBTJO1TQMknSv
k6jJsAYJcNVXAl4cMOLH+ARySRYi4qU4QjDzEO2NMMAmkz4FAv/YUlZUgvVz85uv
IRJh6VkmaZ9suC8KEBYcTCREhxqGCxSjR1cP8h7/46Mqj/eTSjWsGOALEQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOYaGLJIokEejwJzVGruTnAAgz4AMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNWhvWXNraWlRUjZQQW5OVWF1NU9jQUNEUGdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJqKKmvkx7eKcRAq+H5g
WTiSLAGNMT2KRdh65/SAcmxuxkhfJ1iG2pTQkaxLTP/Z570aj8L48YCdN4LqyVpt
uN1g5XIp8hBj9++T3vSvYF4ONSFKO2lwmB6kIUjGUP/I+iyxWZAn6d+I+/fMAnye
O9JQ1PMsab23o+fVnYetN+qKFleDbSDmyUGWrGHbVArhBrEnHpvDa7ycFDLd5Ajc
nh6EKC2g43nucnz99MnReFMUuRgMoGTTHLr4l2usfJauWnGjzlIqbAQwjLJm2itk
iq+Gcc3B8xXYC+RdaZ5fFidODjfAlndPD2xHfkl+saDRAHiQEj/80ZH5/KCb4FdL
e9k=
-----END CERTIFICATE-----