Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PcvbEzhHfgzslwKqe3cpAtshUdQ.roa
File:                     PcvbEzhHfgzslwKqe3cpAtshUdQ.roa (raw, json)
Hash identifier:          Il9Z4hXCR/XsFUZZrfbD1kWABLYBZEovN6+WZXiGliM=
Subject key identifier:   3D:CB:DB:13:38:47:7E:0C:EC:97:02:AA:7B:77:29:02:DB:21:51:D4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CF7CE305763D38004CA14820312861EB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PcvbEzhHfgzslwKqe3cpAtshUdQ.roa
Signing time:             Sat 11 Mar 2023 07:05:13 +0000
ROA not before:           Sat 11 Mar 2023 07:05:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cf7c:2cf7/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cf:7c:e3:05:76:3d:38:00:4c:a1:48:20:31:28:61:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 11 07:05:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3dcbdb1338477e0cec9702aa7b772902db2151d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:6e:e9:36:92:08:28:48:fe:2f:42:ed:c7:ea:
                    4c:5d:9f:27:bc:fd:c7:12:f2:29:8a:23:11:a0:d0:
                    6d:3b:21:db:df:72:8a:5f:d8:a6:14:f5:76:26:0a:
                    ec:f7:07:7c:34:2e:25:bc:e4:12:fc:39:4d:2d:69:
                    94:4a:27:a0:ba:17:e3:a1:2d:e0:9f:45:ef:40:af:
                    bf:1e:2b:d9:c7:d2:fc:42:d0:0d:8f:83:d7:78:26:
                    8b:85:b2:a8:3e:d5:dd:93:ed:69:09:c0:9e:d9:01:
                    92:b8:f5:cc:4d:e9:08:42:d8:83:0d:91:f8:15:dd:
                    53:83:7e:df:d2:50:05:8e:eb:76:c4:15:f6:ce:66:
                    b5:bf:c7:1f:a4:d4:f8:54:a9:37:d5:a8:71:e2:fc:
                    88:fd:8e:3a:64:3d:34:bf:b4:60:44:56:b3:31:3b:
                    26:4f:ba:2d:4e:38:da:c0:c7:ea:1a:a4:7b:12:39:
                    7e:49:67:2b:c6:78:8e:60:b5:e5:fa:32:e3:b3:d8:
                    95:07:d3:f5:f7:40:51:d8:41:c1:36:0b:44:8d:e6:
                    01:ad:e4:be:73:43:cf:e2:3c:c0:bc:07:4f:e9:da:
                    b9:12:e4:b8:5a:e8:c6:8d:cd:ef:14:90:67:27:9c:
                    f0:da:7c:61:59:42:86:22:83:f4:b1:fe:fc:fb:62:
                    c3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:CB:DB:13:38:47:7E:0C:EC:97:02:AA:7B:77:29:02:DB:21:51:D4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PcvbEzhHfgzslwKqe3cpAtshUdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:97:1d:e8:a6:76:fa:0b:1f:f7:6e:6c:fd:0f:df:e7:58:e5:
         2f:5d:af:7f:4e:0f:46:f4:f2:d2:86:75:16:2b:7d:14:5b:f0:
         16:44:47:a1:47:d3:f7:8c:86:0f:10:f3:b5:0f:84:54:af:19:
         78:6c:ee:c3:fa:74:06:8b:8c:73:f9:45:30:39:ac:58:9b:3e:
         c3:f1:fa:d9:c2:d0:0c:86:bf:7d:84:c8:7e:c9:3a:db:b1:30:
         ae:d1:e3:fd:b9:df:1e:cc:3f:d9:4b:1c:7a:4a:43:0e:89:f1:
         76:79:b4:8b:38:db:46:91:53:4a:a0:c5:b3:a5:e4:2e:b3:33:
         84:4e:b8:a2:82:a2:0d:8f:06:70:39:af:4c:76:77:41:04:c0:
         03:0f:e7:1e:da:9a:c8:c8:ac:84:90:d5:d1:d0:88:2b:db:c8:
         d8:46:c6:23:45:1e:e4:b3:a3:23:6b:1a:39:34:fd:a0:b2:97:
         cd:b6:d5:1a:7f:8c:cf:40:6f:04:a3:e2:7c:bc:79:54:d6:03:
         01:89:a4:ff:7b:38:82:57:97:2e:da:b9:a5:aa:a4:b0:a5:6d:
         97:ca:08:b2:72:29:4b:34:6b:df:3b:63:92:70:aa:31:fe:6b:
         37:d5:99:78:84:55:4b:9f:36:4e:a9:c1:0a:7d:08:69:2d:44:
         58:d4:d1:0d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbPfOMFdj04AEyhSCAxKGHrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzExMDcwNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGNiZGIxMzM4NDc3ZTBjZWM5NzAyYWE3Yjc3MjkwMmRiMjE1MWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi27pNpIIKEj+L0Ltx+pMXZ8nvP3H
EvIpiiMRoNBtOyHb33KKX9imFPV2Jgrs9wd8NC4lvOQS/DlNLWmUSieguhfjoS3g
n0XvQK+/HivZx9L8QtANj4PXeCaLhbKoPtXdk+1pCcCe2QGSuPXMTekIQtiDDZH4
Fd1Tg37f0lAFjut2xBX2zma1v8cfpNT4VKk31ahx4vyI/Y46ZD00v7RgRFazMTsm
T7otTjjawMfqGqR7Ejl+SWcrxniOYLXl+jLjs9iVB9P190BR2EHBNgtEjeYBreS+
c0PP4jzAvAdP6dq5EuS4WujGjc3vFJBnJ5zw2nxhWUKGIoP0sf78+2LD5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD3L2xM4R34M7JcCqnt3KQLbIVHUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUGN2YkV6aEhmZ3pzbHdLcWUzY3BBdHNoVWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKOXHeimdvoLH/dubP0P
3+dY5S9dr39OD0b08tKGdRYrfRRb8BZER6FH0/eMhg8Q87UPhFSvGXhs7sP6dAaL
jHP5RTA5rFibPsPx+tnC0AyGv32EyH7JOtuxMK7R4/253x7MP9lLHHpKQw6J8XZ5
tIs420aRU0qgxbOl5C6zM4ROuKKCog2PBnA5r0x2d0EEwAMP5x7amsjIrISQ1dHQ
iCvbyNhGxiNFHuSzoyNrGjk0/aCyl8221Rp/jM9AbwSj4ny8eVTWAwGJpP97OIJX
ly7auaWqpLClbZfKCLJyKUs0a987Y5JwqjH+azfVmXiEVUufNk6pwQp9CGktRFjU
0Q0=
-----END CERTIFICATE-----