Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AmPkAEeiOzY5pOvX4nYX-6MM61Q.roa
File:                     AmPkAEeiOzY5pOvX4nYX-6MM61Q.roa (raw, json)
Hash identifier:          7n+pCYWudSDre0wIOkQ3ijJpvUp3XLFWP8zMpbcSh9k=
Subject key identifier:   02:63:E4:00:47:A2:3B:36:39:A4:EB:D7:E2:76:17:FB:A3:0C:EB:54
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186BE597ECE9B24826BDEB65D4CC02D6AF9
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AmPkAEeiOzY5pOvX4nYX-6MM61Q.roa
Signing time:             Tue 07 Mar 2023 23:13:01 +0000
ROA not before:           Tue 07 Mar 2023 23:13:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:be:59:7e:ce:9b:24:82:6b:de:b6:5d:4c:c0:2d:6a:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  7 23:13:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0263e40047a23b3639a4ebd7e27617fba30ceb54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7b:63:e8:f7:0e:5e:e0:3c:00:ec:28:51:1d:
                    23:48:d7:7b:7f:dc:73:26:70:80:31:2b:4e:29:d5:
                    6a:a4:fb:14:6d:6a:0c:18:e3:4b:2a:34:53:63:3d:
                    34:36:8b:c1:0e:54:53:5b:59:2a:fc:9f:c6:e3:a6:
                    bc:1b:4d:94:8c:31:4a:f0:da:1a:67:35:95:b1:7b:
                    b7:ef:a2:09:b6:2c:12:a5:66:37:69:57:22:d8:93:
                    05:d2:38:80:d0:25:fe:3c:a4:44:68:a6:e8:ba:bd:
                    4f:04:1f:43:27:65:4c:8a:fe:65:f6:b0:a2:26:6e:
                    0d:47:80:95:dc:05:4a:ef:53:89:63:06:f9:21:d3:
                    f2:bb:20:36:6a:d7:87:b1:04:aa:eb:be:f0:a2:5a:
                    c4:b0:16:ad:49:a3:5b:be:08:e6:84:cc:fa:f7:24:
                    91:f2:48:12:12:da:ed:98:03:b4:c3:0f:c8:bd:c3:
                    12:43:95:18:a5:86:97:69:d2:00:68:13:1e:f5:cb:
                    34:c1:87:81:6e:2d:f4:93:cd:ca:51:c4:3d:c2:48:
                    50:1f:96:17:21:1a:86:5b:45:93:47:22:0d:8d:71:
                    ca:4f:f8:fc:c1:8f:7a:55:24:8d:f8:62:b0:84:94:
                    4d:ee:c9:9e:4b:6c:e0:27:52:c4:48:c4:55:7b:9c:
                    04:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:63:E4:00:47:A2:3B:36:39:A4:EB:D7:E2:76:17:FB:A3:0C:EB:54
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/AmPkAEeiOzY5pOvX4nYX-6MM61Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:e0:8c:4c:8a:a1:65:5c:a1:07:f6:b1:05:4d:66:a6:f2:bf:
         02:36:7d:0d:b8:df:e0:48:03:9d:ca:ca:dc:6d:82:08:37:a4:
         9e:e1:1b:75:c6:7d:d6:00:59:54:43:4c:15:74:ca:ec:c2:14:
         a9:5c:53:18:b9:c7:2e:dd:ea:cb:0b:5f:69:0f:0b:79:95:b0:
         06:09:8a:cb:92:3b:48:5f:a8:bb:b8:1c:c2:cd:00:b3:c6:57:
         1e:aa:3e:84:f0:e4:80:d8:35:dd:53:29:3e:59:03:3e:4f:af:
         52:0f:08:0c:24:03:ac:a4:88:f7:0a:a8:1d:25:fb:28:62:23:
         be:7f:0a:24:43:5b:84:70:a4:f5:d8:50:07:41:0d:8b:87:88:
         1d:1b:de:33:5d:cd:7f:e8:3e:0b:90:af:82:48:94:f6:35:d5:
         ba:0a:da:3d:e6:bf:f1:ec:c5:0e:94:27:85:7e:3b:9b:dd:db:
         1a:90:63:b5:dc:29:54:d6:81:4b:2d:c3:a3:a7:b9:7b:ae:6f:
         46:2b:09:df:8c:d3:17:a8:eb:4d:62:1f:c9:99:5e:d2:04:15:
         76:a1:0e:f5:5d:0b:ee:55:86:03:44:0a:39:9b:41:11:c3:c7:
         74:59:19:18:ee:be:61:e7:a1:c9:d7:69:3e:69:7e:bf:64:5a:
         93:59:ea:56
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa+WX7OmySCa962XUzALWr5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA3MjMxMzAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjYzZTQwMDQ3YTIzYjM2MzlhNGViZDdlMjc2MTdmYmEzMGNlYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3tj6PcOXuA8AOwoUR0jSNd7f9xz
JnCAMStOKdVqpPsUbWoMGONLKjRTYz00NovBDlRTW1kq/J/G46a8G02UjDFK8Noa
ZzWVsXu376IJtiwSpWY3aVci2JMF0jiA0CX+PKREaKbour1PBB9DJ2VMiv5l9rCi
Jm4NR4CV3AVK71OJYwb5IdPyuyA2ateHsQSq677wolrEsBatSaNbvgjmhMz69ySR
8kgSEtrtmAO0ww/IvcMSQ5UYpYaXadIAaBMe9cs0wYeBbi30k83KUcQ9wkhQH5YX
IRqGW0WTRyINjXHKT/j8wY96VSSN+GKwhJRN7smeS2zgJ1LESMRVe5wE8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAJj5ABHojs2OaTr1+J2F/ujDOtUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQW1Qa0FFZWlPelk1cE92WDRuWVgtNk1NNjFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAG/gjEyKoWVcoQf2sQVN
ZqbyvwI2fQ243+BIA53Kytxtggg3pJ7hG3XGfdYAWVRDTBV0yuzCFKlcUxi5xy7d
6ssLX2kPC3mVsAYJisuSO0hfqLu4HMLNALPGVx6qPoTw5IDYNd1TKT5ZAz5Pr1IP
CAwkA6ykiPcKqB0l+yhiI75/CiRDW4RwpPXYUAdBDYuHiB0b3jNdzX/oPguQr4JI
lPY11boK2j3mv/HsxQ6UJ4V+O5vd2xqQY7XcKVTWgUstw6OnuXuub0YrCd+M0xeo
601iH8mZXtIEFXahDvVdC+5VhgNECjmbQRHDx3RZGRjuvmHnocnXaT5pfr9kWpNZ
6lY=
-----END CERTIFICATE-----