Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/71UEiBQlndaLBiIBCNAC6dH-ocw.roa
File:                     71UEiBQlndaLBiIBCNAC6dH-ocw.roa (raw, json)
Hash identifier:          oIu+g4QmE6yThAntMGePAC/aZkyRdoFu5f4n/Fxf//Y=
Subject key identifier:   EF:55:04:88:14:25:9D:D6:8B:06:22:01:08:D0:02:E9:D1:FE:A1:CC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A122FAF23CFCF77181501CAD5FFF3BD0
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/71UEiBQlndaLBiIBCNAC6dH-ocw.roa
Signing time:             Thu 02 Mar 2023 07:04:29 +0000
ROA not before:           Thu 02 Mar 2023 07:04:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a122:c6ca/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a1:22:fa:f2:3c:fc:f7:71:81:50:1c:ad:5f:ff:3b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  2 07:04:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ef55048814259dd68b06220108d002e9d1fea1cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ae:8d:3f:c6:87:05:d4:d8:00:90:a2:4d:03:
                    8d:0c:17:ab:41:c3:06:1b:38:0c:7c:ec:e8:f5:be:
                    23:81:31:bb:a5:8f:c6:82:b9:79:d0:6b:06:12:7b:
                    06:81:79:ab:80:f7:de:f5:53:06:bb:fc:89:96:47:
                    4a:e7:62:6f:f9:17:4b:93:a8:ab:ea:58:04:0b:c4:
                    d2:56:fd:54:89:af:5c:4d:3f:f5:eb:39:f6:ae:38:
                    26:96:ac:3c:c3:38:ac:a4:8f:1e:1a:75:36:7d:f9:
                    2a:8a:00:99:39:44:d0:18:99:34:c7:8a:ea:7c:5c:
                    76:52:a2:55:2a:09:38:68:04:8e:16:dc:67:c2:dd:
                    70:e9:94:09:98:2a:f2:e8:b8:86:c2:2e:23:02:9c:
                    0b:fc:bb:59:b5:30:52:2c:f4:d2:50:fe:df:cd:15:
                    04:0c:fd:68:e2:59:a8:bd:01:a5:39:bd:ac:37:eb:
                    a0:97:53:07:4e:42:d5:8c:07:03:bd:0b:2f:63:0b:
                    95:e8:8a:73:02:3d:b5:f0:d2:46:5e:47:23:8f:9e:
                    c6:c3:75:05:72:fd:9a:37:7e:70:58:61:77:ed:68:
                    20:b2:d8:0e:91:fb:b3:43:07:e5:f3:9d:3a:67:03:
                    a2:2d:5c:fb:50:69:1f:17:66:13:00:25:41:bd:57:
                    fb:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:55:04:88:14:25:9D:D6:8B:06:22:01:08:D0:02:E9:D1:FE:A1:CC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/71UEiBQlndaLBiIBCNAC6dH-ocw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:b4:e1:29:01:44:b6:c8:fa:17:b0:1a:03:cb:18:43:ca:64:
         f6:3a:0c:c1:ad:13:9b:29:29:6e:62:ec:65:a5:fb:2d:f0:71:
         bd:6e:b9:cf:b3:2b:86:46:3a:9f:30:91:03:8f:8b:f0:6c:10:
         74:4d:b0:2f:7c:e9:66:33:77:29:38:ba:ae:89:10:e8:22:c5:
         e8:1d:88:fe:12:b1:1c:4c:57:cb:22:3d:40:71:a6:d2:64:fd:
         4b:97:76:d1:b2:64:6d:16:9b:0c:ce:21:c0:17:e1:4a:6c:0a:
         a4:f5:38:a4:26:1d:48:58:a0:96:9a:97:91:39:bc:ff:ca:14:
         58:2f:ae:65:62:1c:81:16:b1:7c:cc:b4:3c:69:4a:05:f2:48:
         52:70:7c:1e:8d:12:ee:bf:c5:ee:aa:d5:44:6d:59:82:8a:e7:
         a8:a4:4c:49:96:2d:23:86:b8:e9:8a:bd:4f:e8:21:44:49:53:
         18:bd:14:85:57:68:b6:38:3f:b2:4c:5b:bc:20:df:49:e1:5d:
         5e:01:e2:b6:ed:a7:78:ee:80:79:ec:73:ff:20:86:f2:76:27:
         13:b1:f1:6b:17:1a:a6:07:81:7f:25:29:52:82:28:bc:e1:41:
         4c:84:5e:d0:dc:f2:10:29:82:44:e6:54:83:c3:81:4a:46:36:
         1b:6c:f3:35
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYahIvryPPz3cYFQHK1f/zvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAyMDcwNDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjU1MDQ4ODE0MjU5ZGQ2OGIwNjIyMDEwOGQwMDJlOWQxZmVhMWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjK6NP8aHBdTYAJCiTQONDBerQcMG
GzgMfOzo9b4jgTG7pY/Ggrl50GsGEnsGgXmrgPfe9VMGu/yJlkdK52Jv+RdLk6ir
6lgEC8TSVv1Uia9cTT/16zn2rjgmlqw8wzispI8eGnU2ffkqigCZOUTQGJk0x4rq
fFx2UqJVKgk4aASOFtxnwt1w6ZQJmCry6LiGwi4jApwL/LtZtTBSLPTSUP7fzRUE
DP1o4lmovQGlOb2sN+ugl1MHTkLVjAcDvQsvYwuV6IpzAj218NJGXkcjj57Gw3UF
cv2aN35wWGF37WggstgOkfuzQwfl8506ZwOiLVz7UGkfF2YTACVBvVf7nQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO9VBIgUJZ3WiwYiAQjQAunR/qHMMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNzFVRWlCUWxuZGFMQmlJQkNOQUM2ZEgtb2N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIm04SkBRLbI+hewGgPL
GEPKZPY6DMGtE5spKW5i7GWl+y3wcb1uuc+zK4ZGOp8wkQOPi/BsEHRNsC986WYz
dyk4uq6JEOgixegdiP4SsRxMV8siPUBxptJk/UuXdtGyZG0WmwzOIcAX4UpsCqT1
OKQmHUhYoJaal5E5vP/KFFgvrmViHIEWsXzMtDxpSgXySFJwfB6NEu6/xe6q1URt
WYKK56ikTEmWLSOGuOmKvU/oIURJUxi9FIVXaLY4P7JMW7wg30nhXV4B4rbtp3ju
gHnsc/8ghvJ2JxOx8WsXGqYHgX8lKVKCKLzhQUyEXtDc8hApgkTmVIPDgUpGNhts
8zU=
-----END CERTIFICATE-----