Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OLS0laq0_4DN9QKdo-LK3yGbpdY.roa
File:                     OLS0laq0_4DN9QKdo-LK3yGbpdY.roa (raw, json)
Hash identifier:          cHQfJfHDPG2JcJN+AlvyVMR8rtpR7CGPrQnY59Tvw8M=
Subject key identifier:   38:B4:B4:95:AA:B4:FF:80:CD:F5:02:9D:A3:E2:CA:DF:21:9B:A5:D6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A6C1469F733BBEBCDEFE09FB71EE0FA6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OLS0laq0_4DN9QKdo-LK3yGbpdY.roa
Signing time:             Fri 03 Mar 2023 09:15:29 +0000
ROA not before:           Fri 03 Mar 2023 09:15:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a6:c1:46:9f:73:3b:be:bc:de:fe:09:fb:71:ee:0f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  3 09:15:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38b4b495aab4ff80cdf5029da3e2cadf219ba5d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:35:bd:28:4b:44:76:79:93:0c:fd:c3:49:a1:
                    74:0f:a0:2a:e1:40:ea:57:36:ad:2e:4b:62:5e:7f:
                    fd:7d:da:eb:07:3d:d9:6e:0d:50:f5:b5:ad:58:3b:
                    87:09:4c:c6:ce:03:e6:51:16:d7:b1:22:9b:77:0e:
                    28:93:66:dc:38:d0:bd:c3:65:85:4e:aa:85:cc:bc:
                    16:9b:4b:19:ef:69:40:be:1b:eb:bc:72:56:99:b8:
                    be:89:b6:79:42:a5:58:2c:f7:85:1d:4e:e8:de:ed:
                    d1:9e:0d:af:7a:c2:ef:23:2f:47:1c:2e:a3:b5:f4:
                    0d:38:82:f1:1f:be:c1:b8:cd:5e:01:80:b1:9f:34:
                    bf:ef:8e:7f:5f:a4:04:1f:9e:51:4f:ea:a0:15:67:
                    72:0b:d0:db:c5:ea:2f:38:78:c3:44:b9:35:1e:52:
                    12:48:cb:bb:ba:80:4d:86:69:eb:fe:d2:11:75:2f:
                    70:22:21:2a:60:43:50:b2:02:76:00:bc:10:d9:e4:
                    45:88:80:96:12:42:e0:5b:e7:70:d1:49:34:ac:6f:
                    e3:7e:49:79:ad:7e:55:50:e9:64:e5:70:15:83:dc:
                    03:b0:6b:0d:8f:8f:d7:54:86:ac:9f:51:de:af:94:
                    3f:a6:de:bd:67:3a:63:e4:1d:68:dd:0b:b8:be:11:
                    1b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B4:B4:95:AA:B4:FF:80:CD:F5:02:9D:A3:E2:CA:DF:21:9B:A5:D6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OLS0laq0_4DN9QKdo-LK3yGbpdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:4d:a6:e8:92:80:36:e2:2c:e5:5d:81:f6:87:6c:9b:cc:c4:
         47:9a:30:3c:e1:51:52:69:44:2f:31:31:49:6c:89:a1:05:98:
         40:fb:9d:db:94:90:e6:ec:92:d0:b0:27:70:de:0a:80:da:87:
         c5:bf:17:a3:8b:15:2d:63:f8:b8:4e:11:4d:9c:80:5c:7d:0f:
         89:4e:f3:6e:59:ec:fa:56:d3:98:e4:2d:7a:7a:85:2a:7a:53:
         b0:9f:c0:3e:eb:f1:f0:be:75:ba:40:8b:99:ce:ec:79:5e:fe:
         ba:e7:0c:36:ae:b8:97:17:76:6d:04:50:da:3b:f8:88:50:21:
         50:e8:08:65:95:32:9d:58:96:e8:81:1d:79:08:23:2a:bf:0d:
         a7:a6:be:b8:9a:0c:64:8c:3c:20:ab:5f:8f:fb:d1:e6:ee:b3:
         58:ff:ac:44:21:5a:4b:9b:49:bf:47:ca:25:ee:f9:ec:da:2b:
         11:4f:6c:48:87:ba:de:96:32:f4:cf:04:b0:c5:0e:d0:6e:3b:
         f8:a9:e9:b3:b8:d8:c9:3e:8d:ad:85:7d:fe:d1:5d:9c:21:d4:
         49:9c:89:79:c0:b8:58:47:5b:cf:e3:be:9e:e0:39:e0:93:e9:
         33:fa:b8:12:3b:03:e0:82:19:9c:80:4a:3e:ec:90:0c:85:79:
         eb:21:8a:c0
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYamwUafczu+vN7+Cftx7g+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMDkxNTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGI0YjQ5NWFhYjRmZjgwY2RmNTAyOWRhM2UyY2FkZjIxOWJhNWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDW9KEtEdnmTDP3DSaF0D6Aq4UDq
VzatLktiXn/9fdrrBz3Zbg1Q9bWtWDuHCUzGzgPmURbXsSKbdw4ok2bcONC9w2WF
TqqFzLwWm0sZ72lAvhvrvHJWmbi+ibZ5QqVYLPeFHU7o3u3Rng2vesLvIy9HHC6j
tfQNOILxH77BuM1eAYCxnzS/745/X6QEH55RT+qgFWdyC9DbxeovOHjDRLk1HlIS
SMu7uoBNhmnr/tIRdS9wIiEqYENQsgJ2ALwQ2eRFiICWEkLgW+dw0Uk0rG/jfkl5
rX5VUOlk5XAVg9wDsGsNj4/XVIasn1Her5Q/pt69Zzpj5B1o3Qu4vhEbLQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDi0tJWqtP+AzfUCnaPiyt8hm6XWMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT0xTMGxhcTBfNEROOVFLZG8tTEszeUdicGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAB5NpuiSgDbiLOVdgfaH
bJvMxEeaMDzhUVJpRC8xMUlsiaEFmED7nduUkObsktCwJ3DeCoDah8W/F6OLFS1j
+LhOEU2cgFx9D4lO825Z7PpW05jkLXp6hSp6U7CfwD7r8fC+dbpAi5nO7Hle/rrn
DDauuJcXdm0EUNo7+IhQIVDoCGWVMp1YluiBHXkIIyq/DaemvriaDGSMPCCrX4/7
0ebus1j/rEQhWkubSb9HyiXu+ezaKxFPbEiHut6WMvTPBLDFDtBuO/ip6bO42Mk+
ja2Fff7RXZwh1EmciXnAuFhHW8/jvp7gOeCT6TP6uBI7A+CCGZyASj7skAyFeesh
isA=
-----END CERTIFICATE-----