Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B5mPkFROLCO0JsZmFtjiDYjDSlU.roa
File:                     B5mPkFROLCO0JsZmFtjiDYjDSlU.roa (raw, json)
Hash identifier:          MaM1pBQU9tembJaQU5DueZb4zEUu/s1ZAFRlXj43JFw=
Subject key identifier:   07:99:8F:90:54:4E:2C:23:B4:26:C6:66:16:D8:E2:0D:88:C3:4A:55
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A91EEE18CDBD92E4EEBDCED4FF3FDD72
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B5mPkFROLCO0JsZmFtjiDYjDSlU.roa
Signing time:             Fri 03 Mar 2023 20:17:01 +0000
ROA not before:           Fri 03 Mar 2023 20:17:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a9:1e:ee:18:cd:bd:92:e4:ee:bd:ce:d4:ff:3f:dd:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  3 20:17:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=07998f90544e2c23b426c66616d8e20d88c34a55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:4c:ea:f9:b2:88:1e:47:73:67:0a:e0:e0:d1:
                    37:27:38:5e:4b:ae:eb:fe:45:f3:8d:ff:3f:0f:18:
                    ea:50:2d:6e:b6:a7:51:b5:70:3d:23:2d:0a:e2:d8:
                    d3:49:15:5c:db:50:14:ab:6d:03:09:48:57:ab:36:
                    48:de:ca:1a:be:ae:7f:fe:90:34:ef:01:ac:81:26:
                    9b:ed:83:f3:5b:bf:61:a0:69:20:4b:4a:07:2c:ba:
                    2a:1e:03:5a:cc:b6:c0:ac:e0:a5:e3:2c:1e:fb:44:
                    8d:12:f9:73:c3:c0:64:c2:5c:ba:2e:9b:1f:5f:f1:
                    9c:a9:ee:e5:7d:5e:42:2e:eb:59:6d:1c:97:23:86:
                    2e:35:68:69:39:8a:1d:8c:06:12:89:fd:a6:30:06:
                    19:07:2f:84:b3:df:9e:ef:0b:d8:06:c2:47:02:ee:
                    18:f3:8b:61:c2:39:39:f0:b5:e9:8a:e4:08:34:10:
                    0e:80:76:d5:df:d5:57:70:a7:24:5e:7f:62:6b:9a:
                    22:ce:b3:a4:ab:fd:9b:6a:1a:7c:ee:99:1e:9a:19:
                    7c:3f:d2:ea:de:78:5a:35:63:b5:81:52:db:d2:37:
                    33:fa:48:34:d0:1a:48:2a:db:1f:a1:d9:68:22:88:
                    56:a8:7c:db:a3:3e:41:64:fb:88:51:0f:5c:c7:6f:
                    7c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:99:8F:90:54:4E:2C:23:B4:26:C6:66:16:D8:E2:0D:88:C3:4A:55
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/B5mPkFROLCO0JsZmFtjiDYjDSlU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:b4:21:8e:4b:47:00:78:28:7c:fb:75:40:50:4f:68:63:29:
         52:33:5d:01:a0:f1:f1:90:3d:f5:d8:ac:ca:7e:27:02:af:4e:
         b6:55:47:b0:0c:e5:ab:8e:c9:d4:f2:f9:d9:19:75:2b:4f:04:
         7a:31:46:57:e0:85:2d:66:ad:04:14:c0:ac:94:7d:1c:29:38:
         6a:e0:99:3b:e4:5a:c0:d1:5c:42:16:f6:12:46:aa:9e:63:37:
         61:1f:f9:2b:9c:ae:e8:b5:b5:77:44:81:66:a4:9e:76:8b:b2:
         ff:59:36:91:df:e0:da:13:5e:bb:33:e5:e8:96:aa:ab:1a:a7:
         88:27:78:b1:cc:78:23:52:57:8f:02:2b:03:8e:2c:47:52:a0:
         e2:e2:3e:27:8b:b6:b6:25:a4:86:22:06:6c:f3:6c:37:54:4d:
         52:9e:7a:50:a6:c4:3f:d6:ed:50:21:c6:a9:e0:31:22:90:b7:
         18:c8:14:9b:63:f3:f0:e0:8d:70:87:39:db:0e:d5:df:b4:f2:
         25:27:f5:c1:8a:cc:4f:4b:3a:9e:1b:1c:0b:b6:6e:3c:75:ad:
         5c:a2:53:aa:4b:8c:77:03:76:00:0d:4e:16:8d:de:31:b4:6f:
         51:42:a1:6e:db:b6:f4:07:65:2c:7f:0d:df:08:0d:9f:90:54:
         bc:e0:5f:c0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYapHu4Yzb2S5O69ztT/P91yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMjAxNzAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzk5OGY5MDU0NGUyYzIzYjQyNmM2NjYxNmQ4ZTIwZDg4YzM0YTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0zq+bKIHkdzZwrg4NE3JzheS67r
/kXzjf8/DxjqUC1utqdRtXA9Iy0K4tjTSRVc21AUq20DCUhXqzZI3soavq5//pA0
7wGsgSab7YPzW79hoGkgS0oHLLoqHgNazLbArOCl4ywe+0SNEvlzw8Bkwly6Lpsf
X/Gcqe7lfV5CLutZbRyXI4YuNWhpOYodjAYSif2mMAYZBy+Es9+e7wvYBsJHAu4Y
84thwjk58LXpiuQINBAOgHbV39VXcKckXn9ia5oizrOkq/2bahp87pkemhl8P9Lq
3nhaNWO1gVLb0jcz+kg00BpIKtsfodloIohWqHzboz5BZPuIUQ9cx298YwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAeZj5BUTiwjtCbGZhbY4g2Iw0pVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQjVtUGtGUk9MQ08wSnNabUZ0amlEWWpEU2xVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIm0IY5LRwB4KHz7dUBQ
T2hjKVIzXQGg8fGQPfXYrMp+JwKvTrZVR7AM5auOydTy+dkZdStPBHoxRlfghS1m
rQQUwKyUfRwpOGrgmTvkWsDRXEIW9hJGqp5jN2Ef+Sucrui1tXdEgWaknnaLsv9Z
NpHf4NoTXrsz5eiWqqsap4gneLHMeCNSV48CKwOOLEdSoOLiPieLtrYlpIYiBmzz
bDdUTVKeelCmxD/W7VAhxqngMSKQtxjIFJtj8/DgjXCHOdsO1d+08iUn9cGKzE9L
Op4bHAu2bjx1rVyiU6pLjHcDdgANThaN3jG0b1FCoW7btvQHZSx/Dd8IDZ+QVLzg
X8A=
-----END CERTIFICATE-----