Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Paqr-Q5XOueRDwHbfsJaVgD1TE4.roa
File:                     Paqr-Q5XOueRDwHbfsJaVgD1TE4.roa (raw, json)
Hash identifier:          CSyMyBTarjvfoyz6apf5Nbn0pygWWfcNkJ4d2v45B6k=
Subject key identifier:   3D:AA:AB:F9:0E:57:3A:E7:91:0F:01:DB:7E:C2:5A:56:00:F5:4C:4E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186BBD05F4D6D0F9030694827B32D39A898
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Paqr-Q5XOueRDwHbfsJaVgD1TE4.roa
Signing time:             Tue 07 Mar 2023 11:24:00 +0000
ROA not before:           Tue 07 Mar 2023 11:24:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bb:d0:5f:4d:6d:0f:90:30:69:48:27:b3:2d:39:a8:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  7 11:24:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3daaabf90e573ae7910f01db7ec25a5600f54c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f6:a6:48:d6:13:9c:94:10:51:66:b3:c5:9a:
                    0c:04:30:1b:8e:2f:23:67:7f:40:79:f7:58:40:01:
                    bc:2d:e2:b8:cb:7e:3e:c8:3c:af:8d:5b:23:02:6b:
                    6d:c2:22:fc:38:9f:8a:ff:3c:39:60:b1:86:35:73:
                    c6:b4:fb:dd:55:3b:5f:bb:14:95:ed:9c:91:49:a9:
                    65:fa:1b:ee:5d:7c:e8:cc:64:5a:fe:2a:f2:f6:26:
                    27:7d:55:f6:60:f1:bd:e2:ea:84:6a:6f:ed:7f:44:
                    26:5c:ad:5c:ba:34:8d:4d:53:e1:c0:94:80:2e:05:
                    6b:2c:6a:32:f7:b8:53:a6:f3:e7:9e:4b:3f:ac:c6:
                    59:96:e0:a9:25:07:ee:d7:e7:53:dc:dd:0d:57:c1:
                    ef:26:6c:32:67:3d:0b:03:25:b9:a5:cd:2b:df:c9:
                    78:78:15:0b:e1:06:0e:1b:25:14:ca:8c:9f:72:e0:
                    a1:60:69:0b:af:c7:30:09:24:e5:54:45:68:a6:94:
                    0f:ba:e1:32:2d:94:07:3d:a3:cd:76:f6:b2:cf:98:
                    d5:2d:96:73:1c:5a:64:5d:d7:f4:2a:14:f7:e9:18:
                    78:d5:22:3a:b9:c4:cf:c0:6b:f3:e6:60:2d:45:79:
                    0c:45:c3:a1:ee:93:7b:ed:96:3d:eb:46:6c:fa:ad:
                    9c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:AA:AB:F9:0E:57:3A:E7:91:0F:01:DB:7E:C2:5A:56:00:F5:4C:4E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Paqr-Q5XOueRDwHbfsJaVgD1TE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:7e:6f:80:bc:8a:d9:26:4e:98:ce:fb:13:81:01:09:f6:f3:
         1e:58:fc:6e:94:ef:4b:98:bb:05:cc:ee:6f:a9:b1:22:7d:2c:
         fb:70:19:58:aa:b3:8b:d1:78:dc:2f:b8:5c:b7:ad:65:76:66:
         6f:d2:b2:1a:e3:7d:42:d2:21:8d:82:09:2d:6d:89:70:1d:a2:
         db:7e:54:e9:a2:df:b4:a5:36:ec:9e:1a:b6:27:f5:8e:73:a9:
         40:bc:6f:44:b9:88:bf:16:4b:5a:29:4b:09:c9:ff:07:46:99:
         58:7f:42:3f:69:bc:be:26:cb:c0:23:59:41:a1:85:33:d0:fd:
         f0:57:92:2d:97:dc:8d:84:89:41:05:a3:b6:cb:3a:06:e6:2f:
         ca:82:11:8b:fe:33:03:4e:82:ec:a4:cf:26:eb:ea:a8:79:72:
         d7:66:8d:75:23:35:86:a4:95:5d:33:2d:40:e9:a3:d1:87:38:
         24:fe:ac:d0:36:e0:fc:5e:32:ea:b7:41:94:11:d1:43:85:79:
         15:6f:80:c3:47:d5:0e:3d:6a:33:b7:eb:5f:ff:d6:d8:73:2f:
         93:4f:dc:86:92:f7:a7:2a:dc:4a:d9:84:df:09:98:85:80:77:
         5c:fb:a4:d7:06:25:f2:6c:aa:b0:f5:e8:7c:fd:9b:76:22:3e:
         fa:1d:00:4a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa70F9NbQ+QMGlIJ7MtOaiYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA3MTEyNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGFhYWJmOTBlNTczYWU3OTEwZjAxZGI3ZWMyNWE1NjAwZjU0YzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvamSNYTnJQQUWazxZoMBDAbji8j
Z39AefdYQAG8LeK4y34+yDyvjVsjAmttwiL8OJ+K/zw5YLGGNXPGtPvdVTtfuxSV
7ZyRSall+hvuXXzozGRa/iry9iYnfVX2YPG94uqEam/tf0QmXK1cujSNTVPhwJSA
LgVrLGoy97hTpvPnnks/rMZZluCpJQfu1+dT3N0NV8HvJmwyZz0LAyW5pc0r38l4
eBUL4QYOGyUUyoyfcuChYGkLr8cwCSTlVEVoppQPuuEyLZQHPaPNdvayz5jVLZZz
HFpkXdf0KhT36Rh41SI6ucTPwGvz5mAtRXkMRcOh7pN77ZY960Zs+q2cPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD2qq/kOVzrnkQ8B237CWlYA9UxOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUGFxci1RNVhPdWVSRHdIYmZzSmFWZ0QxVEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFV+b4C8itkmTpjO+xOB
AQn28x5Y/G6U70uYuwXM7m+psSJ9LPtwGViqs4vReNwvuFy3rWV2Zm/SshrjfULS
IY2CCS1tiXAdott+VOmi37SlNuyeGrYn9Y5zqUC8b0S5iL8WS1opSwnJ/wdGmVh/
Qj9pvL4my8AjWUGhhTPQ/fBXki2X3I2EiUEFo7bLOgbmL8qCEYv+MwNOguykzybr
6qh5ctdmjXUjNYaklV0zLUDpo9GHOCT+rNA24PxeMuq3QZQR0UOFeRVvgMNH1Q49
ajO361//1thzL5NP3IaS96cq3ErZhN8JmIWAd1z7pNcGJfJsqrD16Hz9m3YiPvod
AEo=
-----END CERTIFICATE-----