Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ALRaG0WpgJPzpJFgwJdFpxXf8SY.roa
File:                     ALRaG0WpgJPzpJFgwJdFpxXf8SY.roa (raw, json)
Hash identifier:          d4NPvzxpONgUotPlNhyHZnj27G8GuL8/DO81ElF04wQ=
Subject key identifier:   00:B4:5A:1B:45:A9:80:93:F3:A4:91:60:C0:97:45:A7:15:DF:F1:26
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01870415C31199F271801955AEAC62B79F37
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ALRaG0WpgJPzpJFgwJdFpxXf8SY.roa
Signing time:             Tue 21 Mar 2023 12:12:27 +0000
ROA not before:           Tue 21 Mar 2023 12:12:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:04:15:c3:11:99:f2:71:80:19:55:ae:ac:62:b7:9f:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 21 12:12:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=00b45a1b45a98093f3a49160c09745a715dff126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:20:bb:6d:67:12:0d:59:f1:87:55:db:05:e5:
                    fb:1e:06:24:74:a5:00:89:ba:f1:1b:36:9b:3e:85:
                    c5:b0:5e:66:f3:df:f1:c8:45:21:1f:a2:bb:68:c2:
                    8c:06:45:95:d9:19:01:d0:e0:7d:56:32:1b:b5:65:
                    62:2f:10:94:09:e1:d2:43:40:07:d8:e2:48:7f:95:
                    9a:a9:eb:32:96:07:5b:32:62:57:6e:83:d4:e9:88:
                    67:f7:e4:22:90:72:79:39:86:94:35:72:b5:93:c2:
                    8e:f7:dd:78:d1:3c:01:01:2d:37:5e:d8:c7:61:68:
                    3d:ff:2e:02:cd:95:21:38:03:92:69:67:d0:8d:ef:
                    eb:97:bc:4e:2e:03:97:bb:c4:6d:b4:41:41:91:d8:
                    df:21:5b:04:ed:0a:40:2a:43:3a:48:c8:d5:57:81:
                    36:e4:ea:bf:ee:c2:34:4d:5c:dd:2f:c6:c7:97:bc:
                    28:2a:f0:1a:95:4a:b7:0d:da:28:f7:0f:36:ea:5e:
                    12:64:45:bb:45:e7:d1:ac:12:b0:71:14:50:e3:b3:
                    3b:ef:81:f5:99:7d:bb:c4:46:cf:3c:ec:cc:f8:73:
                    c6:b5:11:69:27:ab:c6:c3:aa:4d:d5:89:e6:28:a8:
                    5e:69:9b:1e:73:96:79:6f:40:c2:1b:98:df:b6:20:
                    ac:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:B4:5A:1B:45:A9:80:93:F3:A4:91:60:C0:97:45:A7:15:DF:F1:26
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/ALRaG0WpgJPzpJFgwJdFpxXf8SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:33:76:34:6f:98:c7:0c:f2:d2:3b:95:ae:c3:44:49:68:40:
         b0:ca:76:cb:a8:0d:ed:7e:ba:71:67:23:3e:c5:a8:0b:54:36:
         00:e0:57:ca:b3:86:17:4c:b4:92:7a:7a:d4:03:a3:f7:28:6a:
         79:6f:79:97:a7:76:8d:8b:d4:54:1e:9b:43:bc:93:92:cf:6e:
         28:93:0e:2d:38:c1:d6:55:a0:1e:a2:20:1f:74:9a:52:34:62:
         1d:46:a2:a8:db:f9:ab:2a:22:44:8d:5e:a1:56:45:87:cd:4c:
         e2:61:1f:3e:03:90:91:35:13:2f:73:f9:bb:10:84:37:bc:fa:
         94:35:4e:93:31:78:2a:14:0f:f8:3d:8c:a2:7a:b2:3f:94:4b:
         fb:4d:56:a7:47:57:a9:74:1b:c2:ed:0b:b5:06:b1:24:77:50:
         cc:e4:3a:4f:13:da:42:2c:0a:08:08:ac:f2:84:3b:b2:11:b6:
         2b:3a:a4:0e:25:03:23:59:e6:93:35:75:7d:4a:4d:b8:74:8c:
         dc:af:24:2e:14:c8:20:8d:81:a4:2b:cd:38:46:90:d2:d5:81:
         7e:7a:b4:f8:98:53:95:cf:30:23:f7:a6:5b:e2:11:92:d0:d5:
         23:20:fe:35:e0:aa:9e:bf:7f:eb:b4:2d:1e:1a:bf:9b:8e:42:
         46:c0:28:5e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcEFcMRmfJxgBlVrqxit583MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzIxMTIxMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGI0NWExYjQ1YTk4MDkzZjNhNDkxNjBjMDk3NDVhNzE1ZGZmMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyC7bWcSDVnxh1XbBeX7HgYkdKUA
ibrxGzabPoXFsF5m89/xyEUhH6K7aMKMBkWV2RkB0OB9VjIbtWViLxCUCeHSQ0AH
2OJIf5WaqesylgdbMmJXboPU6Yhn9+QikHJ5OYaUNXK1k8KO99140TwBAS03XtjH
YWg9/y4CzZUhOAOSaWfQje/rl7xOLgOXu8RttEFBkdjfIVsE7QpAKkM6SMjVV4E2
5Oq/7sI0TVzdL8bHl7woKvAalUq3Ddoo9w826l4SZEW7RefRrBKwcRRQ47M774H1
mX27xEbPPOzM+HPGtRFpJ6vGw6pN1YnmKKheaZsec5Z5b0DCG5jftiCsJQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAC0WhtFqYCT86SRYMCXRacV3/EmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQUxSYUcwV3BnSlB6cEpGZ3dKZEZweFhmOFNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ0zdjRvmMcM8tI7la7D
REloQLDKdsuoDe1+unFnIz7FqAtUNgDgV8qzhhdMtJJ6etQDo/coanlveZendo2L
1FQem0O8k5LPbiiTDi04wdZVoB6iIB90mlI0Yh1Goqjb+asqIkSNXqFWRYfNTOJh
Hz4DkJE1Ey9z+bsQhDe8+pQ1TpMxeCoUD/g9jKJ6sj+US/tNVqdHV6l0G8LtC7UG
sSR3UMzkOk8T2kIsCggIrPKEO7IRtis6pA4lAyNZ5pM1dX1KTbh0jNyvJC4UyCCN
gaQrzThGkNLVgX56tPiYU5XPMCP3plviEZLQ1SMg/jXgqp6/f+u0LR4av5uOQkbA
KF4=
-----END CERTIFICATE-----