Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/L3fFJYbVEG12u6zAplKwVzR0aWE.roa
File:                     L3fFJYbVEG12u6zAplKwVzR0aWE.roa (raw, json)
Hash identifier:          4Q/3Kj4kw7HODU0k3NvCp+L07HAXoPx7G/9kn1kmIvU=
Subject key identifier:   2F:77:C5:25:86:D5:10:6D:76:BB:AC:C0:A6:52:B0:57:34:74:69:61
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01874409A1F54035C797E5930027D9342A3C
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/L3fFJYbVEG12u6zAplKwVzR0aWE.roa
Signing time:             Sun 02 Apr 2023 22:14:54 +0000
ROA not before:           Sun 02 Apr 2023 22:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:44:09:a1:f5:40:35:c7:97:e5:93:00:27:d9:34:2a:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  2 22:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2f77c52586d5106d76bbacc0a652b05734746961
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:4e:64:b1:89:ca:3d:00:91:e1:fd:df:9d:bd:
                    c4:7d:61:00:ce:39:54:34:71:04:f9:8a:eb:ba:63:
                    c1:97:d5:d5:fd:91:e2:ce:99:c5:64:88:b7:b2:c3:
                    50:19:5a:67:d6:e7:fd:19:2a:52:ad:30:9c:10:8a:
                    c7:5f:ed:69:13:78:b7:5d:94:0a:3b:45:7e:54:a1:
                    e0:7a:16:0c:94:69:91:38:21:0f:66:6a:1b:40:0b:
                    82:e6:d7:d2:0b:43:a9:e3:01:92:55:44:83:0f:0c:
                    ad:a8:cc:a1:d8:10:6c:12:5c:93:06:73:67:d1:1f:
                    fc:5f:94:48:cf:03:fa:ec:45:a2:0b:c4:3a:5c:90:
                    52:b5:90:9a:ba:71:1e:29:f1:81:1b:8c:eb:de:9c:
                    74:04:fc:44:db:55:d4:70:7f:12:ef:32:99:18:a3:
                    ea:bf:cc:d1:76:c5:19:8b:3c:57:e2:63:d2:5c:41:
                    95:27:88:82:4d:66:17:ce:ce:9c:89:63:f8:0e:4f:
                    46:36:7c:40:8f:69:80:93:15:89:7b:aa:a3:8c:56:
                    ff:77:29:ed:62:39:78:7c:8e:30:4e:13:07:ba:17:
                    b5:36:d0:5e:26:5f:b9:95:71:71:5a:ef:5a:fd:9b:
                    22:a6:a2:08:77:0e:82:36:7a:40:38:fb:6f:41:60:
                    34:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:77:C5:25:86:D5:10:6D:76:BB:AC:C0:A6:52:B0:57:34:74:69:61
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/L3fFJYbVEG12u6zAplKwVzR0aWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:90:02:4d:9f:36:c9:0b:69:90:94:63:0d:84:8c:8a:86:f2:
         65:8f:ab:d3:28:1d:c7:98:80:bc:af:0f:90:b7:6a:0d:9c:42:
         69:ff:79:e7:d5:c0:09:62:78:2a:03:7c:bd:36:6c:8b:28:dc:
         19:55:49:34:f6:33:7a:ec:d8:21:12:5a:fb:a9:c7:88:09:55:
         75:0c:6e:12:89:a2:3f:d2:bc:01:40:2f:f5:f2:a6:71:e5:57:
         1e:ae:c4:c9:3f:e6:38:ed:f4:ab:b2:15:f9:76:d4:b0:ea:86:
         b3:4a:9a:4d:59:73:8f:19:a6:07:16:a7:54:b4:c8:f1:68:bb:
         72:5e:17:2b:05:48:4b:58:57:25:4a:2c:59:a6:de:19:2d:7f:
         a3:4a:37:95:d9:32:7f:4d:d0:12:d4:51:b4:21:83:73:42:c2:
         fb:0a:81:05:9c:32:34:93:2c:da:7a:1e:fc:3b:a4:30:fd:89:
         2b:30:51:d3:de:9e:08:cb:cf:cd:0d:df:0e:35:97:55:e7:29:
         1e:26:1b:0f:e2:81:c2:c6:2c:d0:ae:d7:77:c3:b2:21:3e:b0:
         61:0e:94:b2:26:b6:13:d0:ce:52:ca:14:ea:bb:82:c9:2c:0f:
         9b:04:89:d0:af:aa:cf:70:bc:b9:68:01:70:99:7c:71:ce:1c:
         50:4a:7c:4f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYdECaH1QDXHl+WTACfZNCo8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAyMjIxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjc3YzUyNTg2ZDUxMDZkNzZiYmFjYzBhNjUyYjA1NzM0NzQ2OTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl05ksYnKPQCR4f3fnb3EfWEAzjlU
NHEE+YrrumPBl9XV/ZHizpnFZIi3ssNQGVpn1uf9GSpSrTCcEIrHX+1pE3i3XZQK
O0V+VKHgehYMlGmROCEPZmobQAuC5tfSC0Op4wGSVUSDDwytqMyh2BBsElyTBnNn
0R/8X5RIzwP67EWiC8Q6XJBStZCaunEeKfGBG4zr3px0BPxE21XUcH8S7zKZGKPq
v8zRdsUZizxX4mPSXEGVJ4iCTWYXzs6ciWP4Dk9GNnxAj2mAkxWJe6qjjFb/dynt
Yjl4fI4wThMHuhe1NtBeJl+5lXFxWu9a/ZsipqIIdw6CNnpAOPtvQWA0pQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC93xSWG1RBtdruswKZSsFc0dGlhMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTDNmRkpZYlZFRzEydTZ6QXBsS3dWelIwYVdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGiQAk2fNskLaZCUYw2E
jIqG8mWPq9MoHceYgLyvD5C3ag2cQmn/eefVwAlieCoDfL02bIso3BlVSTT2M3rs
2CESWvupx4gJVXUMbhKJoj/SvAFAL/XypnHlVx6uxMk/5jjt9KuyFfl21LDqhrNK
mk1Zc48ZpgcWp1S0yPFou3JeFysFSEtYVyVKLFmm3hktf6NKN5XZMn9N0BLUUbQh
g3NCwvsKgQWcMjSTLNp6Hvw7pDD9iSswUdPengjLz80N3w41l1XnKR4mGw/igcLG
LNCu13fDsiE+sGEOlLImthPQzlLKFOq7gsksD5sEidCvqs9wvLloAXCZfHHOHFBK
fE8=
-----END CERTIFICATE-----