Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IHwh9rjLvO20IxzOWqWBGEzcFfU.roa
File:                     IHwh9rjLvO20IxzOWqWBGEzcFfU.roa (raw, json)
Hash identifier:          7VuLB2mo0c/3Y10HxHcAP6lkubeyteimFaZyDkM6rTs=
Subject key identifier:   20:7C:21:F6:B8:CB:BC:ED:B4:23:1C:CE:5A:A5:81:18:4C:DC:15:F5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C5662DE5D753F0CB4EC4FAE34360A3A5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IHwh9rjLvO20IxzOWqWBGEzcFfU.roa
Signing time:             Thu 09 Mar 2023 08:04:13 +0000
ROA not before:           Thu 09 Mar 2023 08:04:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:c566:26e8/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c5:66:2d:e5:d7:53:f0:cb:4e:c4:fa:e3:43:60:a3:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  9 08:04:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=207c21f6b8cbbcedb4231cce5aa581184cdc15f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:2b:c6:83:2d:8d:4c:98:48:58:db:b9:c5:44:
                    ed:ea:e2:ef:c5:7b:87:df:a9:30:83:b6:0f:d4:3f:
                    3e:3d:78:d5:32:dd:1d:b1:c4:c6:f5:47:73:9c:26:
                    67:2e:98:5a:22:5a:02:c1:4e:a1:05:20:2e:fb:5c:
                    98:a1:19:3d:9a:c7:52:6c:d1:e5:d8:d7:71:73:8e:
                    3d:23:09:68:f1:67:dd:11:a4:45:b9:f3:c6:38:58:
                    13:cd:b7:20:57:6b:1f:65:18:85:7a:f5:e9:9c:d1:
                    6b:c2:32:f2:3c:51:58:e6:52:c9:3f:69:66:33:77:
                    68:19:9b:75:23:a1:8c:41:ee:c3:8c:9a:da:2c:fa:
                    a9:93:72:c7:dc:f4:e1:1b:34:15:ef:56:9e:3d:8c:
                    08:82:2f:7e:72:60:60:d6:8d:be:a5:34:59:1f:f6:
                    22:94:04:fc:02:f4:d9:65:2b:af:cb:c3:80:75:26:
                    67:b3:cc:93:90:b5:01:68:d8:47:ce:1a:8c:62:f1:
                    f8:45:f8:29:71:c3:2d:eb:3e:3d:d8:9b:0c:18:1e:
                    12:6a:6c:4e:25:60:0e:08:7b:8c:68:56:f4:05:39:
                    43:ff:85:f7:86:17:6f:c3:91:1b:47:78:bd:cd:8c:
                    26:14:6e:d5:f0:74:71:27:26:34:bf:e7:b1:a7:b1:
                    5d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:7C:21:F6:B8:CB:BC:ED:B4:23:1C:CE:5A:A5:81:18:4C:DC:15:F5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/IHwh9rjLvO20IxzOWqWBGEzcFfU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:e2:48:2b:71:41:8d:b3:ac:18:24:5f:bc:0c:bb:3b:13:1f:
         bb:44:33:3e:c9:f4:dd:35:e6:d4:7b:ab:e1:fc:72:1b:2d:8a:
         26:ad:0e:77:49:03:4e:09:fb:4a:20:94:a8:ed:ba:85:ba:ee:
         f9:59:1e:ed:33:c4:87:b1:16:02:a2:89:7e:f1:ca:ac:6e:bb:
         c5:68:18:97:98:fe:c9:73:0f:e8:a6:8f:b6:af:cd:6d:b6:46:
         ca:b5:2e:33:05:80:f6:17:31:e7:db:f4:fa:8d:30:07:d8:c9:
         36:07:f5:86:cc:34:96:64:cb:aa:ad:dc:1d:09:ed:fb:e6:23:
         99:d3:3b:69:98:28:f7:58:23:33:44:7c:5f:c1:00:a4:77:0c:
         8a:e4:e7:f6:cf:ae:5c:8f:81:7b:58:3c:8c:6e:cd:83:bc:a4:
         9f:d6:4b:dc:2c:fc:fa:c7:a0:05:e0:f8:ba:36:b6:b9:50:1d:
         16:c8:95:57:7a:b0:18:f3:8c:62:cc:c6:62:56:49:b8:01:cb:
         ad:71:8b:39:e3:e2:82:55:9d:63:59:f0:b5:fd:9f:bd:7f:91:
         09:a1:dd:e5:bd:5e:2e:42:67:61:f9:50:6a:57:39:ac:49:d5:
         53:e1:fd:81:3c:ca:ab:f2:2d:f0:5d:96:26:6b:f5:a3:c8:a9:
         b1:b3:87:17
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbFZi3l11Pwy07E+uNDYKOlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA5MDgwNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDdjMjFmNmI4Y2JiY2VkYjQyMzFjY2U1YWE1ODExODRjZGMxNWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSvGgy2NTJhIWNu5xUTt6uLvxXuH
36kwg7YP1D8+PXjVMt0dscTG9UdznCZnLphaIloCwU6hBSAu+1yYoRk9msdSbNHl
2Ndxc449Iwlo8WfdEaRFufPGOFgTzbcgV2sfZRiFevXpnNFrwjLyPFFY5lLJP2lm
M3doGZt1I6GMQe7DjJraLPqpk3LH3PThGzQV71aePYwIgi9+cmBg1o2+pTRZH/Yi
lAT8AvTZZSuvy8OAdSZns8yTkLUBaNhHzhqMYvH4RfgpccMt6z492JsMGB4SamxO
JWAOCHuMaFb0BTlD/4X3hhdvw5EbR3i9zYwmFG7V8HRxJyY0v+exp7FdGQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCB8Ifa4y7zttCMczlqlgRhM3BX1MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvSUh3aDlyakx2TzIwSXh6T1dxV0JHRXpjRmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACTiSCtxQY2zrBgkX7wM
uzsTH7tEMz7J9N015tR7q+H8chstiiatDndJA04J+0oglKjtuoW67vlZHu0zxIex
FgKiiX7xyqxuu8VoGJeY/slzD+imj7avzW22Rsq1LjMFgPYXMefb9PqNMAfYyTYH
9YbMNJZky6qt3B0J7fvmI5nTO2mYKPdYIzNEfF/BAKR3DIrk5/bPrlyPgXtYPIxu
zYO8pJ/WS9ws/PrHoAXg+Lo2trlQHRbIlVd6sBjzjGLMxmJWSbgBy61xiznj4oJV
nWNZ8LX9n71/kQmh3eW9Xi5CZ2H5UGpXOaxJ1VPh/YE8yqvyLfBdliZr9aPIqbGz
hxc=
-----END CERTIFICATE-----