Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HkBYX1T7pX217MLy1LxL2xbcVVU.roa
File:                     HkBYX1T7pX217MLy1LxL2xbcVVU.roa (raw, json)
Hash identifier:          xJDuZNke5tkW5HOTj3BYSjur0YEqxqhITL3XfMYi+2o=
Subject key identifier:   1E:40:58:5F:54:FB:A5:7D:B5:EC:C2:F2:D4:BC:4B:DB:16:DC:55:55
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CFBCF71B89D4086A69B227DE75FE62FF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HkBYX1T7pX217MLy1LxL2xbcVVU.roa
Signing time:             Sat 11 Mar 2023 08:15:13 +0000
ROA not before:           Sat 11 Mar 2023 08:15:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cf:bc:f7:1b:89:d4:08:6a:69:b2:27:de:75:fe:62:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 11 08:15:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1e40585f54fba57db5ecc2f2d4bc4bdb16dc5555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0e:67:4a:4e:78:44:13:ac:5f:a1:70:ad:63:
                    18:51:a9:79:2c:eb:f5:31:94:4e:bc:00:73:69:e6:
                    d2:02:f7:7c:e6:b2:b4:68:fd:a0:8c:38:3e:ae:fa:
                    fd:1d:35:8a:e3:06:2b:6e:8f:01:6f:3a:58:2a:14:
                    c4:d7:fd:e2:2e:9f:ab:02:ff:7a:cb:d2:52:e3:6d:
                    00:ba:b2:04:35:94:42:10:66:1e:a5:f7:40:fb:e0:
                    0e:6c:3f:27:e2:06:9e:80:d4:65:7c:40:b9:2c:d4:
                    66:55:91:10:b5:b4:70:b8:bc:7e:06:14:7f:91:e3:
                    1b:d8:e9:1b:2e:7f:9d:0a:9d:7d:43:80:f5:70:8c:
                    e9:9d:aa:c9:10:63:6c:24:f1:f6:44:72:df:52:2e:
                    18:ac:eb:a9:1b:f9:1e:dc:e4:7f:40:94:d1:ba:e2:
                    f9:9b:0c:16:33:c4:83:8d:50:d8:76:45:18:b0:68:
                    23:5c:09:65:f3:e5:05:87:82:96:4d:64:56:e8:4b:
                    fd:25:07:99:fa:e0:d4:5c:1e:9f:56:2c:f2:e4:62:
                    01:29:2d:4d:d2:eb:3e:c8:e9:8e:61:b8:25:8a:2b:
                    8d:73:05:b8:ec:f8:23:aa:98:83:00:9e:df:7a:a2:
                    2a:99:9d:7f:a5:2a:99:e3:2e:7b:68:d9:16:da:0c:
                    05:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:40:58:5F:54:FB:A5:7D:B5:EC:C2:F2:D4:BC:4B:DB:16:DC:55:55
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/HkBYX1T7pX217MLy1LxL2xbcVVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:6c:dc:e8:a7:e2:a2:f8:a3:03:34:95:f3:8c:b9:67:50:af:
         34:4b:28:fd:bd:b1:cc:60:73:33:78:10:2a:69:5c:40:eb:94:
         ee:4b:5e:b9:11:20:c7:b6:ef:d6:85:68:6b:e2:68:c5:df:1d:
         bf:62:f9:67:25:69:95:18:0e:9a:2e:11:68:1d:ed:30:75:c9:
         f8:13:1a:36:36:3a:2b:c5:a5:78:32:56:ec:41:61:30:85:c4:
         79:4b:42:1d:74:32:fa:39:5e:77:bb:40:da:b5:7d:1a:46:43:
         f1:79:b6:ca:c4:c3:93:6b:74:c6:23:ef:ee:f3:7f:f7:9e:00:
         fb:69:ba:64:06:d1:2a:f5:82:c2:7c:7c:5d:55:9f:36:ea:5a:
         45:4d:11:ea:da:5d:7a:03:55:5f:9e:db:76:12:3b:ec:0f:f2:
         1f:dd:10:7a:fb:71:91:86:2d:d2:c6:4b:6f:dd:45:fd:4a:94:
         d2:32:8d:1f:d5:87:70:ab:20:f4:9d:10:8a:5d:73:c2:8e:99:
         6f:e4:b7:85:12:73:be:fe:5c:88:4a:2e:a0:42:3b:c1:1d:87:
         b8:81:1d:3c:b3:ee:6b:c8:c2:3c:a9:80:c5:c7:48:02:3a:06:
         d0:3e:cd:1e:38:ac:1a:a4:74:a6:da:bf:52:76:61:99:bc:ad:
         2d:a7:d3:b9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbPvPcbidQIammyJ951/mL/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzExMDgxNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTQwNTg1ZjU0ZmJhNTdkYjVlY2MyZjJkNGJjNGJkYjE2ZGM1NTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmw5nSk54RBOsX6FwrWMYUal5LOv1
MZROvABzaebSAvd85rK0aP2gjDg+rvr9HTWK4wYrbo8BbzpYKhTE1/3iLp+rAv96
y9JS420AurIENZRCEGYepfdA++AObD8n4gaegNRlfEC5LNRmVZEQtbRwuLx+BhR/
keMb2OkbLn+dCp19Q4D1cIzpnarJEGNsJPH2RHLfUi4YrOupG/ke3OR/QJTRuuL5
mwwWM8SDjVDYdkUYsGgjXAll8+UFh4KWTWRW6Ev9JQeZ+uDUXB6fVizy5GIBKS1N
0us+yOmOYbgliiuNcwW47PgjqpiDAJ7feqIqmZ1/pSqZ4y57aNkW2gwFMQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB5AWF9U+6V9tezC8tS8S9sW3FVVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSGtCWVgxVDdwWDIxN01MeTFMeEwyeGJjVlZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIBs3Oin4qL4owM0lfOM
uWdQrzRLKP29scxgczN4ECppXEDrlO5LXrkRIMe279aFaGviaMXfHb9i+WclaZUY
DpouEWgd7TB1yfgTGjY2OivFpXgyVuxBYTCFxHlLQh10Mvo5Xne7QNq1fRpGQ/F5
tsrEw5NrdMYj7+7zf/eeAPtpumQG0Sr1gsJ8fF1VnzbqWkVNEeraXXoDVV+e23YS
O+wP8h/dEHr7cZGGLdLGS2/dRf1KlNIyjR/Vh3CrIPSdEIpdc8KOmW/kt4USc77+
XIhKLqBCO8Edh7iBHTyz7mvIwjypgMXHSAI6BtA+zR44rBqkdKbav1J2YZm8rS2n
07k=
-----END CERTIFICATE-----