Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OPAO5aWydFOVFEY98ou41JPRYfI.roa
File:                     OPAO5aWydFOVFEY98ou41JPRYfI.roa (raw, json)
Hash identifier:          nkgG7njrss3TjPKb2JO3hd8q3KTkrvS1D7m1h0+huis=
Subject key identifier:   38:F0:0E:E5:A5:B2:74:53:95:14:46:3D:F2:8B:B8:D4:93:D1:61:F2
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C56C96C8EBA9E07BCC438FF4CCC1CC3F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OPAO5aWydFOVFEY98ou41JPRYfI.roa
Signing time:             Thu 09 Mar 2023 08:11:13 +0000
ROA not before:           Thu 09 Mar 2023 08:11:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c5:6c:96:c8:eb:a9:e0:7b:cc:43:8f:f4:cc:c1:cc:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  9 08:11:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38f00ee5a5b274539514463df28bb8d493d161f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ef:73:8a:31:5a:2d:b4:16:a3:a3:2e:e6:ff:
                    6b:60:fb:c7:04:30:74:45:bc:21:83:13:fc:4d:a5:
                    8c:47:bb:41:26:d9:be:73:be:5a:e1:d6:36:8a:67:
                    7a:b1:af:2a:11:d1:7d:d7:e7:cf:e1:47:24:13:7c:
                    6e:c3:19:44:6e:24:46:46:ac:42:bc:a9:18:5d:ed:
                    18:70:f0:25:25:3e:3c:55:38:d8:3b:7f:ad:93:10:
                    b4:43:cc:03:6a:23:ad:a2:64:cf:4b:04:a0:5e:52:
                    5c:60:dd:97:b6:c1:46:52:78:30:e2:8f:d0:bf:34:
                    82:95:4a:af:d1:bf:54:97:80:ed:55:b5:30:c8:35:
                    c5:43:46:59:9d:6e:43:b0:68:3a:ba:f2:82:f1:22:
                    7b:05:ec:1a:68:47:98:ee:29:b2:9c:11:98:92:c7:
                    5d:01:e5:a1:7d:28:d8:ef:39:b2:ad:65:e7:44:0b:
                    9f:9d:63:59:1f:82:a5:ea:bb:f0:18:af:88:db:ff:
                    71:39:d4:16:5a:7e:90:a2:58:65:59:8a:74:b3:69:
                    79:bb:15:3a:e1:01:67:5d:0a:42:dd:69:c5:f3:cc:
                    9a:85:b0:f2:f3:be:e3:17:22:38:f2:b4:87:31:ad:
                    4f:32:28:57:68:01:d3:97:74:f4:54:f6:17:8a:00:
                    f6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:F0:0E:E5:A5:B2:74:53:95:14:46:3D:F2:8B:B8:D4:93:D1:61:F2
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/OPAO5aWydFOVFEY98ou41JPRYfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:d2:b1:1f:ea:30:b3:38:95:f3:5f:6f:08:0c:fb:f7:d3:ee:
         b0:3f:e3:9b:31:c8:b4:84:c8:b2:eb:c5:e0:24:cf:05:e4:bd:
         7e:46:f0:96:48:a9:42:37:68:7e:24:67:be:be:99:ef:62:c5:
         c2:9f:1e:62:de:82:64:ca:d7:99:62:65:68:ed:83:e5:b9:9f:
         0c:df:2c:c4:10:72:b6:05:b4:0f:d9:4f:9e:64:10:ff:48:e4:
         a5:7d:ae:20:3c:d3:c6:f7:64:a1:dc:a0:1e:dd:42:f7:a9:4c:
         5d:41:ca:b8:a7:e4:1a:35:03:71:e9:ce:7d:0c:e0:2c:7a:b0:
         e6:f7:5e:2e:a3:a1:4f:69:04:bf:06:0e:a2:1d:51:5e:24:fb:
         f6:39:9b:d7:b3:e6:a9:f6:d6:66:e7:02:fb:bc:42:5c:80:2b:
         0b:54:3f:68:13:0a:ec:fd:06:b6:85:1a:28:6d:99:b2:21:7f:
         10:fe:cc:2e:44:df:5c:bc:35:46:68:f1:92:91:8d:b8:9d:15:
         bd:10:ca:36:b8:d4:74:bf:6a:e8:f0:98:5e:77:41:c6:c9:85:
         c0:f1:6a:85:0b:37:78:80:1c:4a:bd:ff:82:6a:23:fa:6a:2f:
         ad:32:f0:66:27:15:55:f4:d6:60:50:16:d8:53:36:0b:32:a7:
         03:97:37:5b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbFbJbI66nge8xDj/TMwcw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA5MDgxMTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGYwMGVlNWE1YjI3NDUzOTUxNDQ2M2RmMjhiYjhkNDkzZDE2MWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+9zijFaLbQWo6Mu5v9rYPvHBDB0
RbwhgxP8TaWMR7tBJtm+c75a4dY2imd6sa8qEdF91+fP4UckE3xuwxlEbiRGRqxC
vKkYXe0YcPAlJT48VTjYO3+tkxC0Q8wDaiOtomTPSwSgXlJcYN2XtsFGUngw4o/Q
vzSClUqv0b9Ul4DtVbUwyDXFQ0ZZnW5DsGg6uvKC8SJ7BewaaEeY7imynBGYksdd
AeWhfSjY7zmyrWXnRAufnWNZH4Kl6rvwGK+I2/9xOdQWWn6QolhlWYp0s2l5uxU6
4QFnXQpC3WnF88yahbDy877jFyI48rSHMa1PMihXaAHTl3T0VPYXigD2PwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDjwDuWlsnRTlRRGPfKLuNST0WHyMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvT1BBTzVhV3lkRk9WRkVZOThvdTQxSlBSWWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADvSsR/qMLM4lfNfbwgM
+/fT7rA/45sxyLSEyLLrxeAkzwXkvX5G8JZIqUI3aH4kZ76+me9ixcKfHmLegmTK
15liZWjtg+W5nwzfLMQQcrYFtA/ZT55kEP9I5KV9riA808b3ZKHcoB7dQvepTF1B
yrin5Bo1A3Hpzn0M4Cx6sOb3Xi6joU9pBL8GDqIdUV4k+/Y5m9ez5qn21mbnAvu8
QlyAKwtUP2gTCuz9BraFGihtmbIhfxD+zC5E31y8NUZo8ZKRjbidFb0Qyja41HS/
aujwmF53QcbJhcDxaoULN3iAHEq9/4JqI/pqL60y8GYnFVX01mBQFthTNgsypwOX
N1s=
-----END CERTIFICATE-----