Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Bo9zAP_mJEmLAFGG-ZdaROiAoVA.roa
File:                     Bo9zAP_mJEmLAFGG-ZdaROiAoVA.roa (raw, json)
Hash identifier:          SoEK9G9OmHpY+yUIphqQN+A7EYMpDGQ001UV1l/TCuU=
Subject key identifier:   06:8F:73:00:FF:E6:24:49:8B:00:51:86:F9:97:5A:44:E8:80:A1:50
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       018715E73623C47E747967656E09BA988C1D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Bo9zAP_mJEmLAFGG-ZdaROiAoVA.roa
Signing time:             Fri 24 Mar 2023 23:14:46 +0000
ROA not before:           Fri 24 Mar 2023 23:14:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:15:e7:36:23:c4:7e:74:79:67:65:6e:09:ba:98:8c:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 24 23:14:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=068f7300ffe624498b005186f9975a44e880a150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e3:82:a0:11:27:13:57:dd:43:e1:99:82:95:
                    07:61:aa:d3:3e:19:19:84:9f:78:e3:65:51:22:8a:
                    5c:54:0e:d1:64:fe:90:09:9a:64:7d:0f:59:2a:ca:
                    da:2d:2c:a0:19:bb:63:6c:4e:e4:a0:00:5a:bc:a1:
                    11:22:7d:47:27:e1:1b:cb:e2:56:f3:fc:e6:ec:90:
                    b1:ad:e4:1a:c5:a2:22:35:2d:22:9e:4c:2c:35:9c:
                    8d:0c:40:74:a2:17:ff:44:01:f7:65:39:69:81:f9:
                    95:4b:8c:2a:c8:fa:fd:ea:ef:86:90:3e:e7:0e:94:
                    02:d7:05:e6:47:13:c4:f3:37:2e:e5:74:5f:3b:6f:
                    33:8e:2e:dc:1d:43:fe:ba:73:3e:de:01:76:3d:44:
                    d6:37:71:44:ce:22:c4:10:ed:4c:fd:e6:b4:55:7b:
                    97:a3:bf:8c:8b:56:18:81:06:e0:6f:6f:b2:30:fa:
                    54:9b:4c:1d:27:a0:ff:ed:50:c5:f3:d0:10:fb:21:
                    2b:18:44:e5:4e:05:a3:32:5a:61:5a:58:fc:7f:eb:
                    f0:d7:28:80:09:95:db:8c:49:1a:10:92:5e:5d:9e:
                    d6:10:3c:9f:23:48:b0:37:63:3b:b2:1b:67:64:63:
                    8f:34:93:df:d0:98:24:e3:04:c5:f5:a3:70:84:74:
                    b6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:8F:73:00:FF:E6:24:49:8B:00:51:86:F9:97:5A:44:E8:80:A1:50
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Bo9zAP_mJEmLAFGG-ZdaROiAoVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:fa:2a:11:bb:bc:a4:70:f1:be:a9:35:fc:7b:1e:31:70:a1:
         46:9f:85:13:7d:24:54:4b:b5:47:62:96:02:e9:41:60:0e:80:
         46:a2:f8:db:56:99:0a:5c:27:71:1a:5c:8b:96:cc:6c:67:ee:
         03:8a:45:e3:29:7b:d2:88:a4:3c:b9:ca:2d:39:60:2b:ee:43:
         98:a7:86:96:1f:9b:f6:4e:0e:5d:64:e2:ea:ea:2d:ea:fc:66:
         ad:f5:9b:52:3b:1d:d8:01:f2:ec:bb:80:40:9a:e3:74:75:37:
         51:fc:0c:31:6a:63:7c:c9:c4:0c:2d:fe:da:f6:8c:c2:9f:c3:
         db:88:f5:8e:cf:3c:c0:42:a2:61:38:87:e7:09:d4:4b:a4:5b:
         9a:2e:b9:e9:27:7f:52:e2:e0:a7:08:97:b8:be:7b:23:1b:74:
         27:a7:81:97:22:22:c7:56:fc:26:a2:85:61:76:52:79:d2:a3:
         fa:eb:c7:4f:9a:8f:0a:94:7d:27:37:d9:65:2b:88:b9:26:a5:
         95:f2:a0:83:04:7b:7a:b2:02:44:69:3a:b3:27:80:bc:50:7b:
         80:61:30:88:c8:12:a5:46:72:7f:e7:a8:ca:5e:3a:e9:01:6d:
         ce:a1:34:26:38:7a:de:03:63:0b:b3:e6:70:18:26:01:c6:12:
         16:2a:d9:c0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcV5zYjxH50eWdlbgm6mIwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI0MjMxNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjhmNzMwMGZmZTYyNDQ5OGIwMDUxODZmOTk3NWE0NGU4ODBhMTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOOCoBEnE1fdQ+GZgpUHYarTPhkZ
hJ9442VRIopcVA7RZP6QCZpkfQ9ZKsraLSygGbtjbE7koABavKERIn1HJ+Eby+JW
8/zm7JCxreQaxaIiNS0inkwsNZyNDEB0ohf/RAH3ZTlpgfmVS4wqyPr96u+GkD7n
DpQC1wXmRxPE8zcu5XRfO28zji7cHUP+unM+3gF2PUTWN3FEziLEEO1M/ea0VXuX
o7+Mi1YYgQbgb2+yMPpUm0wdJ6D/7VDF89AQ+yErGETlTgWjMlphWlj8f+vw1yiA
CZXbjEkaEJJeXZ7WEDyfI0iwN2M7shtnZGOPNJPf0Jgk4wTF9aNwhHS2rwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAaPcwD/5iRJiwBRhvmXWkTogKFQMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvQm85ekFQX21KRW1MQUZHRy1aZGFST2lBb1ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH76KhG7vKRw8b6pNfx7
HjFwoUafhRN9JFRLtUdilgLpQWAOgEai+NtWmQpcJ3EaXIuWzGxn7gOKReMpe9KI
pDy5yi05YCvuQ5inhpYfm/ZODl1k4urqLer8Zq31m1I7HdgB8uy7gECa43R1N1H8
DDFqY3zJxAwt/tr2jMKfw9uI9Y7PPMBComE4h+cJ1EukW5ouueknf1Li4KcIl7i+
eyMbdCengZciIsdW/CaihWF2UnnSo/rrx0+ajwqUfSc32WUriLkmpZXyoIMEe3qy
AkRpOrMngLxQe4BhMIjIEqVGcn/nqMpeOukBbc6hNCY4et4DYwuz5nAYJgHGEhYq
2cA=
-----END CERTIFICATE-----