Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HiETcaQgI3kDhosMGYnFa182rA0.roa
File:                     HiETcaQgI3kDhosMGYnFa182rA0.roa (raw, json)
Hash identifier:          DIiUZqcvCmDoI3W9Q2palJWkJf7KbKfABjnZ9xi6yKw=
Subject key identifier:   1E:21:13:71:A4:20:23:79:03:86:8B:0C:19:89:C5:6B:5F:36:AC:0D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186EF121E98018B6AB2B64573C2D1CB41A5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HiETcaQgI3kDhosMGYnFa182rA0.roa
Signing time:             Fri 17 Mar 2023 10:16:27 +0000
ROA not before:           Fri 17 Mar 2023 10:16:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ef:12:1e:98:01:8b:6a:b2:b6:45:73:c2:d1:cb:41:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 17 10:16:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1e211371a420237903868b0c1989c56b5f36ac0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d9:e7:18:a7:0a:6b:27:cc:1a:be:29:5f:9c:
                    d7:79:70:a0:e8:63:68:44:56:54:d5:e0:a0:42:fc:
                    9f:66:f0:ba:37:4d:ad:d3:c2:88:d5:08:50:9d:69:
                    b4:ad:b3:94:62:fa:1c:21:90:a3:8b:40:67:0a:38:
                    6a:48:82:d6:d9:40:53:09:61:3e:25:4f:6b:c8:ac:
                    f9:01:be:31:16:82:39:43:a2:4e:25:15:f2:9e:35:
                    16:ba:1d:6e:88:1c:f1:98:ff:55:39:cd:04:08:2c:
                    08:e6:db:a3:d6:9c:e6:32:01:76:59:6b:d7:73:cf:
                    a9:a2:ad:f5:4d:6d:c6:8d:50:7f:f7:75:16:4f:c4:
                    13:81:90:00:5b:1e:14:24:4f:53:a1:d2:38:04:89:
                    a5:7d:64:a3:e3:55:e6:f7:6d:24:31:a3:43:c1:d5:
                    18:02:31:82:27:98:2f:68:85:99:a5:92:38:7b:59:
                    30:4e:2c:7b:89:15:e9:53:56:be:c3:88:31:6f:a9:
                    f5:0b:99:aa:b9:de:f6:e5:b4:ed:c7:b8:57:3e:9b:
                    c5:46:4c:86:b3:bf:41:57:55:9a:4d:35:95:c4:53:
                    d5:38:6f:9f:9a:51:74:47:e3:7c:35:e8:fe:c1:4d:
                    c8:25:36:a9:1a:74:d7:fb:93:07:cf:ae:8f:12:8a:
                    6e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:21:13:71:A4:20:23:79:03:86:8B:0C:19:89:C5:6B:5F:36:AC:0D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HiETcaQgI3kDhosMGYnFa182rA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:77:64:ed:59:fe:75:19:3e:3c:7f:f7:17:19:a8:fa:50:41:
         e0:8f:42:13:64:9e:5a:43:c3:53:47:65:31:82:00:3e:f8:9f:
         59:81:c9:91:83:c8:85:0f:15:fc:db:52:c0:88:a7:a2:6c:b6:
         e3:cc:80:4a:71:b2:6b:ff:86:5c:f4:91:ac:21:b9:b7:37:01:
         1b:f8:17:bd:d9:11:33:c7:44:0a:16:76:e0:3d:a1:ef:7d:8f:
         28:5f:c7:3f:15:d3:31:01:e6:43:aa:00:70:f7:86:58:07:4b:
         9b:a7:d1:8a:86:9c:6f:a5:42:b2:ef:88:24:08:b5:0c:90:d4:
         76:ec:48:c5:00:37:4b:23:46:c3:fe:2a:2a:8d:98:ce:bf:a4:
         64:42:20:43:2d:4c:c8:50:3c:a7:cf:db:5c:ea:b3:2a:50:95:
         b6:52:cc:0e:49:d4:01:ea:f9:54:a5:56:5a:07:a6:85:31:7d:
         93:e2:f6:6c:b4:f0:8c:c9:90:90:e1:5a:1a:60:20:d2:ac:3c:
         d2:ee:53:d2:fd:7c:cc:d7:6f:81:cb:d6:03:0c:7f:a8:82:6c:
         f1:24:80:14:52:4c:93:f3:ad:7b:7b:7e:7a:a6:82:2c:a4:6d:
         9a:de:4a:e3:c8:9d:d8:bf:a4:0a:d2:1d:c3:28:13:ca:9b:7c:
         0a:85:5c:31
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbvEh6YAYtqsrZFc8LRy0GlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE3MTAxNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTIxMTM3MWE0MjAyMzc5MDM4NjhiMGMxOTg5YzU2YjVmMzZhYzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdnnGKcKayfMGr4pX5zXeXCg6GNo
RFZU1eCgQvyfZvC6N02t08KI1QhQnWm0rbOUYvocIZCji0BnCjhqSILW2UBTCWE+
JU9ryKz5Ab4xFoI5Q6JOJRXynjUWuh1uiBzxmP9VOc0ECCwI5tuj1pzmMgF2WWvX
c8+poq31TW3GjVB/93UWT8QTgZAAWx4UJE9TodI4BImlfWSj41Xm920kMaNDwdUY
AjGCJ5gvaIWZpZI4e1kwTix7iRXpU1a+w4gxb6n1C5mqud725bTtx7hXPpvFRkyG
s79BV1WaTTWVxFPVOG+fmlF0R+N8Nej+wU3IJTapGnTX+5MHz66PEoputQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB4hE3GkICN5A4aLDBmJxWtfNqwNMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSGlFVGNhUWdJM2tEaG9zTUdZbkZhMTgyckEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAZ3ZO1Z/nUZPjx/9xcZ
qPpQQeCPQhNknlpDw1NHZTGCAD74n1mByZGDyIUPFfzbUsCIp6JstuPMgEpxsmv/
hlz0kawhubc3ARv4F73ZETPHRAoWduA9oe99jyhfxz8V0zEB5kOqAHD3hlgHS5un
0YqGnG+lQrLviCQItQyQ1HbsSMUAN0sjRsP+KiqNmM6/pGRCIEMtTMhQPKfP21zq
sypQlbZSzA5J1AHq+VSlVloHpoUxfZPi9my08IzJkJDhWhpgINKsPNLuU9L9fMzX
b4HL1gMMf6iCbPEkgBRSTJPzrXt7fnqmgiykbZreSuPIndi/pArSHcMoE8qbfAqF
XDE=
-----END CERTIFICATE-----