Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LbHxS3pWPE26RhkGjs6vL4MykZ8.roa
File:                     LbHxS3pWPE26RhkGjs6vL4MykZ8.roa (raw, json)
Hash identifier:          T10SWP2k9zyG6S+PCQ+twuTCFcVlaLxFWfF34h0k/bc=
Subject key identifier:   2D:B1:F1:4B:7A:56:3C:4D:BA:46:19:06:8E:CE:AF:2F:83:32:91:9F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A509D188938195DBE02A2C865A13ECFF
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LbHxS3pWPE26RhkGjs6vL4MykZ8.roa
Signing time:             Fri 03 Mar 2023 01:15:29 +0000
ROA not before:           Fri 03 Mar 2023 01:15:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a5:09:d1:88:93:81:95:db:e0:2a:2c:86:5a:13:ec:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  3 01:15:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2db1f14b7a563c4dba4619068eceaf2f8332919f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c0:71:db:12:61:4a:af:e1:8b:9c:24:b7:dd:
                    1c:21:0e:b3:68:85:8e:1d:b6:40:5a:a4:a1:ca:64:
                    d9:c3:c5:c7:78:08:73:b8:b2:24:5e:13:6b:22:9f:
                    2a:d8:3b:b1:c4:f4:54:47:2d:21:05:ca:cd:eb:56:
                    7d:33:e3:d2:2d:1a:e5:56:69:a2:75:90:8d:a1:93:
                    a7:ef:5c:b1:9e:5b:84:54:79:33:04:8d:8b:9f:8e:
                    33:36:bb:c3:4e:9c:5e:02:2e:52:3f:e5:41:9e:e3:
                    aa:f4:cc:8d:90:77:d2:50:f5:ba:9c:82:d5:f4:2c:
                    e8:6e:e1:7c:b5:c3:ae:71:f2:62:77:f1:a4:e1:7b:
                    20:71:ce:43:9f:fe:78:8a:5b:51:b5:a3:d9:52:9a:
                    0d:4a:a5:01:20:72:67:5a:49:e6:67:1c:da:c7:13:
                    9e:7d:da:6e:0a:84:4f:38:7a:0b:02:2d:12:c5:f7:
                    dc:aa:02:26:3b:7a:b0:05:bf:1c:59:7e:2c:f2:aa:
                    75:6f:05:3f:f5:2b:4d:bb:54:dc:4c:e9:8f:a0:88:
                    0f:73:55:2d:a8:e1:d3:21:cc:fa:dc:f0:d3:35:8c:
                    17:4f:2b:8c:3b:3b:73:00:df:8c:f0:b7:ef:7b:79:
                    3e:ac:de:65:12:46:f0:85:38:75:f7:90:65:96:5f:
                    aa:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B1:F1:4B:7A:56:3C:4D:BA:46:19:06:8E:CE:AF:2F:83:32:91:9F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/LbHxS3pWPE26RhkGjs6vL4MykZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:c4:71:ef:81:38:21:35:79:5e:e1:b5:b6:e0:cb:60:2c:1c:
         bd:58:70:31:f6:a8:5d:52:95:bc:e4:47:4d:1a:8d:a7:f1:f4:
         cd:07:28:46:53:47:d8:8c:d3:8b:c2:ad:cf:a7:93:d2:26:3a:
         9c:5f:ec:5c:89:f4:82:21:5c:eb:89:a3:ec:b8:52:53:f0:30:
         45:b8:b2:c2:fd:0c:87:90:c2:36:62:d8:43:8e:a5:44:17:77:
         45:d0:ed:d0:b9:56:cf:01:02:a1:e0:91:55:25:60:e6:11:a4:
         7d:5b:19:2a:5a:3f:83:14:77:4d:56:bc:cf:fb:d1:56:39:96:
         cd:83:78:1b:6f:4a:a9:f8:0c:0b:13:13:75:29:ec:4b:52:92:
         0c:2f:13:02:aa:22:4e:f5:af:d5:47:66:31:d2:c1:f7:49:be:
         09:d5:6e:6d:ab:05:9d:7b:56:49:0c:16:d0:bc:5f:2d:76:fb:
         03:c8:57:c7:f9:42:38:14:94:1a:7f:17:75:d7:b9:db:cd:8a:
         6b:af:2f:bb:a8:a1:fe:a5:ce:5f:7e:21:70:57:c6:17:fc:d2:
         fe:fc:46:f7:e3:71:c8:25:fe:03:f0:28:ff:c6:83:b5:06:57:
         61:3a:18:04:6a:95:d7:c7:56:74:bb:12:f8:99:00:96:53:f9:
         14:4f:e9:1a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYalCdGIk4GV2+AqLIZaE+z/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMDExNTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGIxZjE0YjdhNTYzYzRkYmE0NjE5MDY4ZWNlYWYyZjgzMzI5MTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMBx2xJhSq/hi5wkt90cIQ6zaIWO
HbZAWqShymTZw8XHeAhzuLIkXhNrIp8q2DuxxPRURy0hBcrN61Z9M+PSLRrlVmmi
dZCNoZOn71yxnluEVHkzBI2Ln44zNrvDTpxeAi5SP+VBnuOq9MyNkHfSUPW6nILV
9CzobuF8tcOucfJid/Gk4Xsgcc5Dn/54iltRtaPZUpoNSqUBIHJnWknmZxzaxxOe
fdpuCoRPOHoLAi0SxffcqgImO3qwBb8cWX4s8qp1bwU/9StNu1TcTOmPoIgPc1Ut
qOHTIcz63PDTNYwXTyuMOztzAN+M8Lfve3k+rN5lEkbwhTh195Blll+qIwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC2x8Ut6VjxNukYZBo7Ory+DMpGfMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTGJIeFMzcFdQRTI2UmhrR2pzNnZMNE15a1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAELEce+BOCE1eV7htbbg
y2AsHL1YcDH2qF1SlbzkR00ajafx9M0HKEZTR9iM04vCrc+nk9ImOpxf7FyJ9IIh
XOuJo+y4UlPwMEW4ssL9DIeQwjZi2EOOpUQXd0XQ7dC5Vs8BAqHgkVUlYOYRpH1b
GSpaP4MUd01WvM/70VY5ls2DeBtvSqn4DAsTE3Up7EtSkgwvEwKqIk71r9VHZjHS
wfdJvgnVbm2rBZ17VkkMFtC8Xy12+wPIV8f5QjgUlBp/F3XXudvNimuvL7uoof6l
zl9+IXBXxhf80v78Rvfjccgl/gPwKP/Gg7UGV2E6GARqldfHVnS7EviZAJZT+RRP
6Ro=
-----END CERTIFICATE-----