Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8Bxy9GCfwjB7_ep050IDJg0sXcA.roa
File:                     8Bxy9GCfwjB7_ep050IDJg0sXcA.roa (raw, json)
Hash identifier:          OSZilzwW5m5FgclciTFXfJFDjQQLoK8G0OWJD8AAIWI=
Subject key identifier:   F0:1C:72:F4:60:9F:C2:30:7B:FD:EA:74:E7:42:03:26:0D:2C:5D:C0
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A7258AD44B58E8575AD0BB322644CFCA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8Bxy9GCfwjB7_ep050IDJg0sXcA.roa
Signing time:             Fri 03 Mar 2023 11:05:00 +0000
ROA not before:           Fri 03 Mar 2023 11:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:a725:1370/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a7:25:8a:d4:4b:58:e8:57:5a:d0:bb:32:26:44:cf:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  3 11:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f01c72f4609fc2307bfdea74e74203260d2c5dc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:bf:27:be:f7:6b:fd:09:05:77:0f:e0:ad:12:
                    90:a2:78:5f:ea:60:a6:48:40:0d:0b:51:ab:f0:76:
                    ec:2b:48:59:b5:09:31:cd:dc:d0:17:34:2d:78:51:
                    15:72:e3:05:37:2e:db:c0:48:be:fa:c1:32:fc:9e:
                    51:df:37:59:41:58:f6:86:fd:e8:95:60:a2:ec:05:
                    31:c7:83:4c:11:59:cf:6a:e4:5c:fa:01:59:63:89:
                    36:82:bf:f1:52:46:11:0d:79:f7:22:31:7c:9f:07:
                    73:c7:9a:3f:9a:4f:52:9b:12:af:47:a8:08:f1:79:
                    4a:4f:2b:c2:a9:58:39:c0:24:96:ef:53:bf:bc:5b:
                    fd:28:c0:28:88:fc:77:9f:2a:d1:4b:d2:53:3e:41:
                    92:e6:a3:7a:e6:3d:9a:b7:ba:df:56:ad:13:73:7b:
                    54:36:15:07:48:f5:fe:cf:d2:5a:ce:77:03:45:ad:
                    c6:56:3a:62:e6:8e:1d:70:29:3d:9e:89:0f:3b:04:
                    fd:a0:ef:ed:35:e5:eb:4e:2b:44:8f:c6:01:25:bf:
                    da:99:7b:1e:03:32:5d:ce:56:e3:53:aa:f4:94:84:
                    42:a5:ad:d7:33:f9:bb:02:fb:fe:2b:c2:49:8d:a1:
                    b0:6c:7f:05:c7:6c:4f:06:2d:e3:ba:e5:90:86:46:
                    c6:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:1C:72:F4:60:9F:C2:30:7B:FD:EA:74:E7:42:03:26:0D:2C:5D:C0
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/8Bxy9GCfwjB7_ep050IDJg0sXcA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:23:c0:01:a4:66:78:73:2a:86:ed:8b:8c:be:a6:f5:d1:80:
         d8:65:01:2f:19:92:09:b0:99:45:8a:1b:50:94:07:20:04:c6:
         e8:03:ce:42:b1:ea:13:a3:17:30:8f:c0:12:74:12:d3:ec:c7:
         b8:57:37:fd:34:46:0c:21:dc:92:c3:c1:4d:c3:04:3d:71:97:
         68:e2:dc:8f:b6:de:6e:bd:57:bf:58:d6:26:85:47:04:d8:a2:
         95:f3:6c:80:c8:a5:a6:33:30:33:47:c2:31:8f:fc:42:0a:26:
         a2:18:c0:2a:62:db:bf:ce:03:6b:6f:5d:84:3e:a1:e4:56:bb:
         a7:32:ec:ef:54:e0:38:88:6f:ba:28:53:4a:77:cf:f3:91:d0:
         eb:f8:7e:32:e2:19:e9:99:9a:a8:73:ce:92:bb:53:48:2e:4c:
         01:13:eb:62:c1:46:ed:8f:da:d5:94:6e:79:3c:3d:42:c5:d5:
         fa:ab:1e:8b:59:5c:76:7b:b7:25:46:8f:54:be:1e:14:08:01:
         84:05:dd:03:85:2c:15:2c:5c:a6:b9:cd:13:c4:22:89:cd:9e:
         01:6d:ec:d0:0c:bf:d2:10:ce:66:ae:2f:16:5f:8e:29:36:02:
         3e:ee:d1:52:ab:c6:30:d7:ca:93:22:57:11:9d:da:0d:25:c4:
         90:4f:4e:02
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYanJYrUS1joV1rQuzImRM/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMTEwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDFjNzJmNDYwOWZjMjMwN2JmZGVhNzRlNzQyMDMyNjBkMmM1ZGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjr8nvvdr/QkFdw/grRKQonhf6mCm
SEANC1Gr8HbsK0hZtQkxzdzQFzQteFEVcuMFNy7bwEi++sEy/J5R3zdZQVj2hv3o
lWCi7AUxx4NMEVnPauRc+gFZY4k2gr/xUkYRDXn3IjF8nwdzx5o/mk9SmxKvR6gI
8XlKTyvCqVg5wCSW71O/vFv9KMAoiPx3nyrRS9JTPkGS5qN65j2at7rfVq0Tc3tU
NhUHSPX+z9JazncDRa3GVjpi5o4dcCk9nokPOwT9oO/tNeXrTitEj8YBJb/amXse
AzJdzlbjU6r0lIRCpa3XM/m7Avv+K8JJjaGwbH8Fx2xPBi3juuWQhkbG1QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPAccvRgn8Iwe/3qdOdCAyYNLF3AMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOEJ4eTlHQ2Z3akI3X2VwMDUwSURKZzBzWGNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKAjwAGkZnhzKobti4y+
pvXRgNhlAS8ZkgmwmUWKG1CUByAExugDzkKx6hOjFzCPwBJ0EtPsx7hXN/00Rgwh
3JLDwU3DBD1xl2ji3I+23m69V79Y1iaFRwTYopXzbIDIpaYzMDNHwjGP/EIKJqIY
wCpi27/OA2tvXYQ+oeRWu6cy7O9U4DiIb7ooU0p3z/OR0Ov4fjLiGemZmqhzzpK7
U0guTAET62LBRu2P2tWUbnk8PULF1fqrHotZXHZ7tyVGj1S+HhQIAYQF3QOFLBUs
XKa5zRPEIonNngFt7NAMv9IQzmauLxZfjik2Aj7u0VKrxjDXypMiVxGd2g0lxJBP
TgI=
-----END CERTIFICATE-----