Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A082Qtkj5XFG2ypzX2mHfp_7TXo.roa
File:                     A082Qtkj5XFG2ypzX2mHfp_7TXo.roa (raw, json)
Hash identifier:          0HaN5Nn0X7rH0mshrgWRXIXqu8FbUWAtVmLCQgabv30=
Subject key identifier:   03:4F:36:42:D9:23:E5:71:46:DB:2A:73:5F:69:87:7E:9F:FB:4D:7A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186BDED739E01631541AB49CBBD14BBAD30
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A082Qtkj5XFG2ypzX2mHfp_7TXo.roa
Signing time:             Tue 07 Mar 2023 21:15:00 +0000
ROA not before:           Tue 07 Mar 2023 21:15:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bd:ed:73:9e:01:63:15:41:ab:49:cb:bd:14:bb:ad:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  7 21:15:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=034f3642d923e57146db2a735f69877e9ffb4d7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:38:b0:13:a1:bc:1e:3e:5b:11:90:4d:ea:16:
                    c8:b3:ec:33:93:52:f0:1a:ec:b6:6d:e7:7d:bb:fc:
                    5a:a2:ca:6b:fe:31:b3:bd:ca:e2:2b:a1:54:ed:10:
                    58:d5:01:a6:95:4e:00:46:32:64:80:33:c7:db:7d:
                    72:1e:16:41:56:2c:66:5d:38:b4:9f:90:8a:93:0c:
                    a5:25:bd:e7:1c:25:82:7d:05:b8:cb:23:5d:33:e0:
                    fe:f8:f0:08:08:af:b7:7e:de:fb:b3:d0:47:ff:16:
                    d7:ae:c5:13:ff:de:19:c1:94:64:2b:74:f6:00:d3:
                    97:39:c9:ed:2e:1d:7f:de:ad:70:89:4c:2f:22:c3:
                    ad:36:d4:22:84:57:6c:3e:9b:38:ff:04:82:e1:27:
                    02:a4:4d:da:cf:ef:3d:9f:21:7f:eb:75:bc:d4:0a:
                    0a:67:53:ce:c5:98:d3:9d:23:59:1e:77:25:f5:4f:
                    e6:b3:af:72:94:09:ef:1e:f5:11:9a:35:d1:18:3f:
                    e3:ad:52:6e:1a:74:65:ea:35:1d:a5:a1:7b:b6:6c:
                    15:b6:21:6e:29:dd:be:03:7b:0b:dd:71:c7:db:6c:
                    00:5a:a7:23:81:f8:df:70:c1:76:b8:04:f9:32:d2:
                    af:a6:a2:e0:4e:27:c5:35:0d:25:0d:d6:62:c9:3d:
                    ef:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:4F:36:42:D9:23:E5:71:46:DB:2A:73:5F:69:87:7E:9F:FB:4D:7A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/A082Qtkj5XFG2ypzX2mHfp_7TXo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:de:55:5d:43:ed:5d:e7:2e:b3:ef:b3:50:47:db:69:9a:c3:
         3f:ef:55:0b:b6:e2:29:30:fa:ce:88:11:41:da:e2:da:93:72:
         6f:7d:d9:7c:02:6f:46:67:44:1a:7a:96:cb:43:29:4c:9e:3d:
         98:dd:72:9b:0c:c8:97:0f:d0:bc:b3:79:b7:d4:08:a8:55:6a:
         7d:3a:74:c1:27:4d:ef:f9:73:11:21:b5:de:4b:5e:8b:de:2b:
         5f:76:b5:27:fd:f0:a8:30:2d:be:2c:29:bd:2c:98:9b:00:bc:
         5d:cc:65:d7:3f:d2:dd:45:b4:37:98:67:ca:1d:69:11:73:36:
         38:36:c6:d3:de:34:3a:79:73:13:f0:d8:16:41:9c:4e:57:95:
         39:2b:02:a9:d1:f4:7b:74:8a:cf:24:cf:88:bb:e9:91:d9:2e:
         17:a8:62:c6:86:e5:62:e8:e7:71:66:3d:74:56:9e:d7:b3:05:
         52:1d:01:48:5e:68:1d:22:0b:8b:df:47:9f:e5:ea:bd:8d:c9:
         48:46:fd:90:2a:78:c6:8d:51:c1:df:25:61:25:ab:5e:7f:df:
         82:19:d0:b8:17:f6:56:d7:6d:2b:8a:fe:14:8e:a9:0b:a2:d8:
         f6:85:0d:52:78:da:66:6c:55:51:c4:0a:65:5e:3b:df:c0:57:
         44:9f:b4:49
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa97XOeAWMVQatJy70Uu60wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA3MjExNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzRmMzY0MmQ5MjNlNTcxNDZkYjJhNzM1ZjY5ODc3ZTlmZmI0ZDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljiwE6G8Hj5bEZBN6hbIs+wzk1Lw
Guy2bed9u/xaospr/jGzvcriK6FU7RBY1QGmlU4ARjJkgDPH231yHhZBVixmXTi0
n5CKkwylJb3nHCWCfQW4yyNdM+D++PAICK+3ft77s9BH/xbXrsUT/94ZwZRkK3T2
ANOXOcntLh1/3q1wiUwvIsOtNtQihFdsPps4/wSC4ScCpE3az+89nyF/63W81AoK
Z1POxZjTnSNZHncl9U/ms69ylAnvHvURmjXRGD/jrVJuGnRl6jUdpaF7tmwVtiFu
Kd2+A3sL3XHH22wAWqcjgfjfcMF2uAT5MtKvpqLgTifFNQ0lDdZiyT3vfwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFANPNkLZI+VxRtsqc19ph36f+016MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQTA4MlF0a2o1WEZHMnlwelgybUhmcF83VFhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABveVV1D7V3nLrPvs1BH
22mawz/vVQu24ikw+s6IEUHa4tqTcm992XwCb0ZnRBp6lstDKUyePZjdcpsMyJcP
0LyzebfUCKhVan06dMEnTe/5cxEhtd5LXoveK192tSf98KgwLb4sKb0smJsAvF3M
Zdc/0t1FtDeYZ8odaRFzNjg2xtPeNDp5cxPw2BZBnE5XlTkrAqnR9Ht0is8kz4i7
6ZHZLheoYsaG5WLo53FmPXRWntezBVIdAUheaB0iC4vfR5/l6r2NyUhG/ZAqeMaN
UcHfJWElq15/34IZ0LgX9lbXbSuK/hSOqQui2PaFDVJ42mZsVVHECmVeO9/AV0Sf
tEk=
-----END CERTIFICATE-----