Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Pyri9cYaua601QC0c8zqcIFKY40.roa
File:                     Pyri9cYaua601QC0c8zqcIFKY40.roa (raw, json)
Hash identifier:          VTccpEHjHUgGo1g9/Z+OifbzQvhxgA1XBVxNY0j/NW8=
Subject key identifier:   3F:2A:E2:F5:C6:1A:B9:AE:B4:D5:00:B4:73:CC:EA:70:81:4A:63:8D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186BFA6BD55045F722F861DF0ECF63C0B17
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Pyri9cYaua601QC0c8zqcIFKY40.roa
Signing time:             Wed 08 Mar 2023 05:17:00 +0000
ROA not before:           Wed 08 Mar 2023 05:17:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bf:a6:bd:55:04:5f:72:2f:86:1d:f0:ec:f6:3c:0b:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  8 05:17:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f2ae2f5c61ab9aeb4d500b473ccea70814a638d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:83:a9:25:0d:83:71:9c:21:b5:3d:35:8f:e7:
                    c5:00:38:b8:94:33:80:64:a5:5e:5e:1e:e8:c2:9c:
                    bf:05:ba:28:33:11:f5:bb:62:fb:c2:82:92:7d:f9:
                    0c:23:e0:d1:bf:de:f7:0f:00:91:49:cf:f1:c3:0f:
                    60:08:5a:80:c6:26:00:62:2f:5a:dc:76:84:aa:b7:
                    d8:4b:98:76:1f:8d:af:03:e7:ac:97:0f:f5:d8:ce:
                    c9:d8:c3:58:72:61:90:d6:6b:98:fe:73:cf:40:00:
                    df:74:c8:7c:bd:34:9f:4e:4f:6f:53:bc:e8:25:e5:
                    95:ff:a8:86:69:b7:bd:8d:f1:e2:a1:75:20:73:14:
                    9e:39:47:4f:b4:30:45:53:d9:fa:1b:6e:e5:a9:52:
                    d6:5b:a3:0a:73:11:61:8d:44:6c:18:de:f0:94:ee:
                    b6:46:52:34:5a:f0:81:47:4f:f8:9b:3b:c7:62:69:
                    30:7d:1d:50:d8:1b:69:78:18:3e:3d:49:29:05:40:
                    7f:b9:28:a5:9e:75:61:f1:43:7b:46:a1:74:03:64:
                    fa:ef:66:be:5b:11:d4:f7:90:68:3e:74:bc:fe:d3:
                    40:36:15:ba:d8:77:82:b1:fa:a3:a0:36:ea:c0:2a:
                    39:20:bf:8d:1c:8b:d9:b1:5c:bd:df:c2:98:da:21:
                    3a:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:2A:E2:F5:C6:1A:B9:AE:B4:D5:00:B4:73:CC:EA:70:81:4A:63:8D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Pyri9cYaua601QC0c8zqcIFKY40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:45:ea:ba:76:91:8c:b2:24:ca:17:d0:60:83:83:29:07:f3:
         a0:84:12:e0:b3:c0:9c:46:4d:ed:3f:ef:c2:23:fa:e3:50:b3:
         9b:3f:6f:04:34:65:2c:28:68:a9:5f:55:ae:84:a1:82:bd:ef:
         ea:13:3c:dd:e1:2d:fc:7d:78:ad:71:4c:54:c1:7c:d2:f9:a4:
         db:ac:d4:88:af:ee:bc:9a:8f:a2:5d:e1:0a:55:e3:da:28:57:
         6d:fe:c4:83:1a:f4:6a:f4:76:0a:69:2b:09:34:3a:71:1a:52:
         0c:f1:e1:5b:38:6d:ce:0a:84:f5:60:98:c6:b8:50:14:94:0f:
         5e:76:5b:6d:ae:26:a8:1d:d2:0d:f2:cf:fd:3f:bd:a2:1a:c2:
         a1:f0:46:21:14:0f:bb:7f:c5:cb:0b:11:70:70:5c:86:31:69:
         34:d8:b4:af:a8:c1:b3:ad:4d:c1:f0:cc:6c:16:db:92:ba:8c:
         7b:3d:7a:d5:d8:f0:2f:23:ba:88:92:3d:56:60:f3:01:5b:17:
         72:89:4a:2b:46:53:7a:02:e8:a8:e7:7f:e3:b2:59:0c:11:09:
         e9:83:c6:97:dc:11:c0:18:74:47:f1:04:94:89:a4:a9:92:f0:
         8d:f7:54:7e:5b:f7:f5:04:34:88:ef:35:3d:75:00:66:82:1a:
         6e:96:1d:64
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa/pr1VBF9yL4Yd8Oz2PAsXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA4MDUxNzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjJhZTJmNWM2MWFiOWFlYjRkNTAwYjQ3M2NjZWE3MDgxNGE2MzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4OpJQ2DcZwhtT01j+fFADi4lDOA
ZKVeXh7owpy/BbooMxH1u2L7woKSffkMI+DRv973DwCRSc/xww9gCFqAxiYAYi9a
3HaEqrfYS5h2H42vA+eslw/12M7J2MNYcmGQ1muY/nPPQADfdMh8vTSfTk9vU7zo
JeWV/6iGabe9jfHioXUgcxSeOUdPtDBFU9n6G27lqVLWW6MKcxFhjURsGN7wlO62
RlI0WvCBR0/4mzvHYmkwfR1Q2BtpeBg+PUkpBUB/uSilnnVh8UN7RqF0A2T672a+
WxHU95BoPnS8/tNANhW62HeCsfqjoDbqwCo5IL+NHIvZsVy938KY2iE6QQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD8q4vXGGrmutNUAtHPM6nCBSmONMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUHlyaTljWWF1YTYwMVFDMGM4enFjSUZLWTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKtF6rp2kYyyJMoX0GCD
gykH86CEEuCzwJxGTe0/78Ij+uNQs5s/bwQ0ZSwoaKlfVa6EoYK97+oTPN3hLfx9
eK1xTFTBfNL5pNus1Iiv7ryaj6Jd4QpV49ooV23+xIMa9Gr0dgppKwk0OnEaUgzx
4Vs4bc4KhPVgmMa4UBSUD152W22uJqgd0g3yz/0/vaIawqHwRiEUD7t/xcsLEXBw
XIYxaTTYtK+owbOtTcHwzGwW25K6jHs9etXY8C8juoiSPVZg8wFbF3KJSitGU3oC
6Kjnf+OyWQwRCemDxpfcEcAYdEfxBJSJpKmS8I33VH5b9/UENIjvNT11AGaCGm6W
HWQ=
-----END CERTIFICATE-----