Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9S1n6MicyJhiAppBEUcokZ9MxmA.roa
File:                     9S1n6MicyJhiAppBEUcokZ9MxmA.roa (raw, json)
Hash identifier:          urwZlTd1yOomww65UO2Q27VOr/v0F1G+EkbrOMjpnRw=
Subject key identifier:   F5:2D:67:E8:C8:9C:C8:98:62:02:9A:41:11:47:28:91:9F:4C:C6:60
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186AD021756CF4BD0D189CB5735A9FB2A0C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9S1n6MicyJhiAppBEUcokZ9MxmA.roa
Signing time:             Sat 04 Mar 2023 14:24:00 +0000
ROA not before:           Sat 04 Mar 2023 14:24:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ad:02:17:56:cf:4b:d0:d1:89:cb:57:35:a9:fb:2a:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  4 14:24:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f52d67e8c89cc89862029a41114728919f4cc660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c6:a9:e1:5b:48:2e:4e:db:62:78:ef:01:49:
                    b4:fc:0f:9c:f3:28:00:a8:6f:f2:c1:c7:07:36:45:
                    a4:c4:b8:a0:e1:21:1c:42:0a:60:17:25:a1:ac:8d:
                    72:e8:5d:ac:a8:9a:0e:6a:de:ec:17:c1:92:ed:72:
                    83:3a:7d:e0:6b:b5:27:bf:e3:5c:39:8b:0f:34:6e:
                    86:ba:d3:01:3f:74:0e:16:61:89:90:84:cc:51:55:
                    49:88:92:96:68:53:d9:b9:d6:c3:82:71:09:24:2a:
                    3e:08:bd:cc:11:b0:ad:a1:44:4f:1e:a8:9b:3e:57:
                    22:35:56:88:30:db:23:b9:89:29:32:5e:9a:71:46:
                    d3:d0:a3:4a:2e:77:04:51:d8:3d:37:3d:66:ec:ed:
                    df:ce:f8:9d:5b:b3:11:42:78:d7:16:d9:4f:6e:4d:
                    ed:90:58:e3:a8:17:54:3d:c4:23:4f:00:bd:cf:66:
                    cd:a2:7a:5a:e1:e9:f9:8a:54:6a:ee:b2:12:b5:8f:
                    72:e7:c3:e1:4b:96:3b:09:90:b8:04:18:34:2f:68:
                    06:12:55:4f:4c:6c:bd:43:b8:03:8b:30:6b:03:5e:
                    fb:9a:f8:ca:c8:ae:d6:4b:0c:5f:01:ec:a5:25:02:
                    4a:fe:7a:a5:23:ab:6e:6b:64:8d:3b:ea:d4:e3:79:
                    52:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:2D:67:E8:C8:9C:C8:98:62:02:9A:41:11:47:28:91:9F:4C:C6:60
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9S1n6MicyJhiAppBEUcokZ9MxmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:bf:3e:13:1d:1a:93:a7:6e:09:e8:2a:60:0d:dd:dd:68:59:
         20:d0:11:20:4f:a2:43:d7:fa:9d:bb:48:5b:19:2c:7b:3d:fa:
         ac:a1:88:af:63:46:98:4f:af:a7:f0:bd:cc:2b:3d:3e:18:5e:
         46:b2:04:b9:7e:3c:e1:52:cf:2f:fb:1f:7c:1b:a2:8d:91:71:
         b5:97:79:0d:b9:4f:60:4c:54:a7:dc:8b:a3:2b:59:b2:d7:24:
         ed:ad:d3:61:0e:b1:52:f8:9d:2e:a2:85:61:d0:11:05:e1:8d:
         4b:3d:ea:07:3a:30:04:97:86:93:19:42:89:66:62:67:03:da:
         b6:db:4a:54:31:37:7e:3d:18:7a:80:9d:00:46:5b:96:31:bd:
         01:d2:61:72:5f:f0:c0:e9:64:5b:1b:cb:b0:a9:ef:a6:17:33:
         35:d1:e0:bf:a1:b1:53:bb:d1:84:a2:21:02:ae:7a:a0:4f:0c:
         ef:d5:d9:36:50:f9:d2:30:ec:8a:b3:d6:71:a3:4f:b0:ad:ef:
         3b:f7:5c:aa:2c:8d:7c:c0:17:ba:b8:01:58:9b:e2:74:6c:5e:
         68:21:b8:03:e6:46:5f:be:01:d1:2e:84:2e:86:7f:a8:d3:5c:
         61:e6:f0:2d:3e:18:d4:d2:42:ed:2d:68:be:62:c7:f9:4f:aa:
         2c:27:9c:fe
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYatAhdWz0vQ0YnLVzWp+yoMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA0MTQyNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTJkNjdlOGM4OWNjODk4NjIwMjlhNDExMTQ3Mjg5MTlmNGNjNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8ap4VtILk7bYnjvAUm0/A+c8ygA
qG/ywccHNkWkxLig4SEcQgpgFyWhrI1y6F2sqJoOat7sF8GS7XKDOn3ga7Unv+Nc
OYsPNG6GutMBP3QOFmGJkITMUVVJiJKWaFPZudbDgnEJJCo+CL3MEbCtoURPHqib
PlciNVaIMNsjuYkpMl6acUbT0KNKLncEUdg9Nz1m7O3fzvidW7MRQnjXFtlPbk3t
kFjjqBdUPcQjTwC9z2bNonpa4en5ilRq7rIStY9y58PhS5Y7CZC4BBg0L2gGElVP
TGy9Q7gDizBrA177mvjKyK7WSwxfAeylJQJK/nqlI6tua2SNO+rU43lSZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPUtZ+jInMiYYgKaQRFHKJGfTMZgMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOVMxbjZNaWN5SmhpQXBwQkVVY29rWjlNeG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAG/PhMdGpOnbgnoKmAN
3d1oWSDQESBPokPX+p27SFsZLHs9+qyhiK9jRphPr6fwvcwrPT4YXkayBLl+POFS
zy/7H3wboo2RcbWXeQ25T2BMVKfci6MrWbLXJO2t02EOsVL4nS6ihWHQEQXhjUs9
6gc6MASXhpMZQolmYmcD2rbbSlQxN349GHqAnQBGW5YxvQHSYXJf8MDpZFsby7Cp
76YXMzXR4L+hsVO70YSiIQKueqBPDO/V2TZQ+dIw7Iqz1nGjT7Ct7zv3XKosjXzA
F7q4AVib4nRsXmghuAPmRl++AdEuhC6Gf6jTXGHm8C0+GNTSQu0taL5ix/lPqiwn
nP4=
-----END CERTIFICATE-----