Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9GV7md3U80Umw3wwO436OxXgQno.roa
File:                     9GV7md3U80Umw3wwO436OxXgQno.roa (raw, json)
Hash identifier:          cehNnNRiDV4VFzaVYg5sE0An4raaSTuHu+FgOxS7eNU=
Subject key identifier:   F4:65:7B:99:DD:D4:F3:45:26:C3:7C:30:3B:8D:FA:3B:15:E0:42:7A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A4D3CCE55308D942121533EC653BEFA4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9GV7md3U80Umw3wwO436OxXgQno.roa
Signing time:             Fri 03 Mar 2023 00:16:29 +0000
ROA not before:           Fri 03 Mar 2023 00:16:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a4:d3:cc:e5:53:08:d9:42:12:15:33:ec:65:3b:ef:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  3 00:16:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f4657b99ddd4f34526c37c303b8dfa3b15e0427a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:15:57:63:f6:45:86:44:29:40:7c:1e:56:76:
                    ca:64:2c:11:2d:2d:3a:38:44:08:95:93:a2:e7:27:
                    b2:72:d7:dc:fb:0a:c0:e6:09:b9:7d:69:47:18:67:
                    bd:6a:5e:a1:37:ba:68:20:f1:eb:52:d4:29:2e:3d:
                    27:6b:57:20:51:d9:7b:28:fa:3b:0b:c5:9e:05:6f:
                    a8:f0:5e:e3:b5:13:16:78:bc:48:b4:95:65:5d:7c:
                    fa:7b:96:bf:75:ee:fb:09:ea:68:17:b2:e9:fa:40:
                    57:16:39:b6:40:45:59:27:60:94:3b:16:23:45:64:
                    d9:3d:48:17:58:34:b5:85:63:cb:10:69:69:dc:4c:
                    51:18:36:e4:d0:96:ea:63:4c:8e:be:c5:77:a1:f7:
                    7c:8a:ff:cc:20:26:58:9c:09:67:f7:74:d9:81:d2:
                    dc:98:a2:cd:0f:08:1d:53:83:2a:25:0a:90:33:ec:
                    b7:9f:35:1d:1a:ca:55:b4:04:a9:37:09:76:c0:fd:
                    4d:b4:2a:8b:0c:2a:45:6e:18:07:6e:ef:c0:2f:1e:
                    11:d8:cc:44:9b:ed:c9:df:f8:df:7a:7e:5f:2b:8a:
                    ec:69:cc:60:ee:a7:e8:9e:04:e6:a0:66:51:e3:cf:
                    91:18:ea:49:f5:e5:3f:b9:19:c8:d7:e0:82:3e:f8:
                    9f:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:65:7B:99:DD:D4:F3:45:26:C3:7C:30:3B:8D:FA:3B:15:E0:42:7A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9GV7md3U80Umw3wwO436OxXgQno.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:c5:25:cb:10:32:2d:55:75:86:d1:c9:67:7f:85:e0:f7:aa:
         d5:9a:52:1f:91:07:a3:7c:71:67:a1:1c:ea:71:40:81:3d:ea:
         ab:f0:74:e8:c3:f2:7a:af:ca:78:4a:cd:14:d1:78:c6:ac:37:
         a2:11:2c:4b:97:ee:0a:8f:1e:d5:e4:05:b8:1d:13:68:9f:d3:
         8b:d1:49:5d:0b:5d:a0:bd:20:08:28:29:a5:bf:38:ec:bd:bc:
         2f:38:a0:8d:5e:a9:5c:b5:a8:c9:07:9a:22:33:ac:71:e1:2a:
         0f:7f:e9:b9:ef:84:a4:b0:25:3a:bc:68:7d:bf:1e:8c:7b:59:
         2e:79:f3:62:f8:ec:7e:92:cd:6d:d3:f7:e7:a9:9f:35:a5:f6:
         fa:2c:23:55:87:19:8f:f1:b1:fb:7a:72:9b:c7:d7:fc:f5:9b:
         f4:0e:63:73:30:fe:b9:06:cd:0a:94:82:3c:2a:e7:e0:97:55:
         2a:cd:71:12:1a:9e:51:76:f6:33:4a:32:56:05:cf:4e:19:91:
         8f:69:b1:be:13:7e:d3:03:f1:45:ec:00:12:f7:69:7a:18:12:
         46:40:22:61:d0:84:88:21:62:a2:ef:bd:c4:4e:8e:2c:e6:39:
         a6:77:04:6c:0b:ce:d3:9b:b7:8d:f3:45:9a:29:77:18:35:05:
         06:84:1f:b2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYak08zlUwjZQhIVM+xlO++kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMDAxNjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDY1N2I5OWRkZDRmMzQ1MjZjMzdjMzAzYjhkZmEzYjE1ZTA0MjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgBVXY/ZFhkQpQHweVnbKZCwRLS06
OEQIlZOi5yeyctfc+wrA5gm5fWlHGGe9al6hN7poIPHrUtQpLj0na1cgUdl7KPo7
C8WeBW+o8F7jtRMWeLxItJVlXXz6e5a/de77CepoF7Lp+kBXFjm2QEVZJ2CUOxYj
RWTZPUgXWDS1hWPLEGlp3ExRGDbk0JbqY0yOvsV3ofd8iv/MICZYnAln93TZgdLc
mKLNDwgdU4MqJQqQM+y3nzUdGspVtASpNwl2wP1NtCqLDCpFbhgHbu/ALx4R2MxE
m+3J3/jfen5fK4rsacxg7qfongTmoGZR48+RGOpJ9eU/uRnI1+CCPvifDQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPRle5nd1PNFJsN8MDuN+jsV4EJ6MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOUdWN21kM1U4MFVtdzN3d080MzZPeFhnUW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGvFJcsQMi1VdYbRyWd/
heD3qtWaUh+RB6N8cWehHOpxQIE96qvwdOjD8nqvynhKzRTReMasN6IRLEuX7gqP
HtXkBbgdE2if04vRSV0LXaC9IAgoKaW/OOy9vC84oI1eqVy1qMkHmiIzrHHhKg9/
6bnvhKSwJTq8aH2/Hox7WS5582L47H6SzW3T9+epnzWl9vosI1WHGY/xsft6cpvH
1/z1m/QOY3Mw/rkGzQqUgjwq5+CXVSrNcRIanlF29jNKMlYFz04ZkY9psb4TftMD
8UXsABL3aXoYEkZAImHQhIghYqLvvcROjizmOaZ3BGwLztObt43zRZopdxg1BQaE
H7I=
-----END CERTIFICATE-----