Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PziR6l3B9VizfzdHAr4Fbdlk3RI.roa
File:                     PziR6l3B9VizfzdHAr4Fbdlk3RI.roa (raw, json)
Hash identifier:          m2+MK142wXm71OI1EIz+QEduxokStt7MsMEJN7stKh8=
Subject key identifier:   3F:38:91:EA:5D:C1:F5:58:B3:7F:37:47:02:BE:05:6D:D9:64:DD:12
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872A119B4C27C60066E280A53F756210DC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PziR6l3B9VizfzdHAr4Fbdlk3RI.roa
Signing time:             Tue 28 Mar 2023 21:13:29 +0000
ROA not before:           Tue 28 Mar 2023 21:13:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2a:11:9b:4c:27:c6:00:66:e2:80:a5:3f:75:62:10:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 28 21:13:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f3891ea5dc1f558b37f374702be056dd964dd12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:5c:73:b0:b7:06:ec:7b:cf:11:51:18:e4:6f:
                    17:47:39:85:3e:5d:b4:43:45:70:b5:ad:98:99:a7:
                    01:61:37:59:28:3b:c7:f0:fb:c4:2e:20:39:a3:78:
                    eb:0b:2c:06:cd:08:f5:9a:a2:58:a4:00:60:fe:46:
                    16:8c:f5:48:25:5a:dc:f1:2b:5f:ff:84:dc:c6:f5:
                    de:94:02:2a:71:84:f7:02:45:b8:bb:c1:66:4a:bb:
                    96:2c:67:32:22:17:58:e3:26:20:39:5b:45:c4:37:
                    ef:67:5e:50:56:33:fc:8a:fc:59:11:47:c8:9b:70:
                    de:f7:89:83:00:a2:05:2f:e8:17:41:c0:4f:e9:44:
                    97:f7:4c:81:78:ed:56:90:91:fd:63:82:88:6c:1a:
                    36:5f:33:98:78:30:4d:f2:f9:6f:b5:00:3a:25:4d:
                    aa:76:b8:c8:fe:cd:d1:f2:cf:1f:48:06:22:3e:19:
                    14:c4:c9:1a:0a:50:2c:d5:31:df:cb:e9:4d:08:f1:
                    0d:07:ff:40:27:c5:9c:bb:1d:e1:38:20:95:91:60:
                    bb:21:57:b7:94:92:f6:2b:ab:7b:c3:bb:09:a1:2d:
                    b9:30:fa:6c:f6:7c:65:37:9c:b8:90:69:22:5b:67:
                    2d:46:76:5f:71:71:dd:6a:21:aa:a6:d7:34:2d:1a:
                    18:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:38:91:EA:5D:C1:F5:58:B3:7F:37:47:02:BE:05:6D:D9:64:DD:12
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PziR6l3B9VizfzdHAr4Fbdlk3RI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:c0:2c:ae:99:52:4b:50:43:4d:6a:a2:41:0f:4b:a7:c9:80:
         53:34:4c:97:06:28:6a:90:51:60:6a:e8:f1:e3:c9:f8:99:54:
         a4:60:1d:23:ec:4d:a8:ae:23:b2:77:94:f8:40:82:74:7b:9b:
         1d:19:e6:b2:20:3a:50:f8:00:db:7d:ac:97:48:15:bc:bd:6a:
         9f:11:b3:26:0b:fe:c1:4f:4c:93:a8:06:b1:bd:96:d6:b9:42:
         8c:93:e5:23:39:0c:69:55:2a:b6:d1:a5:64:4a:e5:99:b1:1a:
         bd:2a:7e:6e:56:ee:9a:64:6e:b7:c6:07:3f:6a:f9:5a:a9:3c:
         a8:6c:dc:7c:cb:c2:fa:6e:13:22:5e:ed:0f:1a:b6:28:54:2e:
         30:12:10:e5:87:a2:f8:17:2f:10:52:7d:1b:63:72:23:b1:49:
         13:8a:90:a2:6a:15:ca:52:50:63:cb:a2:e0:ac:a5:b8:60:3a:
         14:df:85:0b:88:02:75:e7:0a:da:58:bf:3a:49:45:7c:85:4e:
         38:3d:b1:83:aa:c3:d1:57:74:ed:61:a0:e9:7e:01:ef:46:1c:
         2f:ed:e5:f8:ee:f0:ce:ed:fc:4c:04:00:40:44:a2:7c:6e:37:
         06:e1:95:22:76:c8:0f:15:df:97:91:76:65:66:18:a6:59:83:
         0c:82:93:60
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYcqEZtMJ8YAZuKApT91YhDcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI4MjExMzI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjM4OTFlYTVkYzFmNTU4YjM3ZjM3NDcwMmJlMDU2ZGQ5NjRkZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolxzsLcG7HvPEVEY5G8XRzmFPl20
Q0Vwta2YmacBYTdZKDvH8PvELiA5o3jrCywGzQj1mqJYpABg/kYWjPVIJVrc8Stf
/4TcxvXelAIqcYT3AkW4u8FmSruWLGcyIhdY4yYgOVtFxDfvZ15QVjP8ivxZEUfI
m3De94mDAKIFL+gXQcBP6USX90yBeO1WkJH9Y4KIbBo2XzOYeDBN8vlvtQA6JU2q
drjI/s3R8s8fSAYiPhkUxMkaClAs1THfy+lNCPENB/9AJ8Wcux3hOCCVkWC7IVe3
lJL2K6t7w7sJoS25MPps9nxlN5y4kGkiW2ctRnZfcXHdaiGqptc0LRoYWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD84kepdwfVYs383RwK+BW3ZZN0SMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUHppUjZsM0I5Vml6ZnpkSEFyNEZiZGxrM1JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACnALK6ZUktQQ01qokEP
S6fJgFM0TJcGKGqQUWBq6PHjyfiZVKRgHSPsTaiuI7J3lPhAgnR7mx0Z5rIgOlD4
ANt9rJdIFby9ap8RsyYL/sFPTJOoBrG9lta5QoyT5SM5DGlVKrbRpWRK5ZmxGr0q
fm5W7ppkbrfGBz9q+VqpPKhs3HzLwvpuEyJe7Q8atihULjASEOWHovgXLxBSfRtj
ciOxSROKkKJqFcpSUGPLouCspbhgOhTfhQuIAnXnCtpYvzpJRXyFTjg9sYOqw9FX
dO1hoOl+Ae9GHC/t5fju8M7t/EwEAEBEonxuNwbhlSJ2yA8V35eRdmVmGKZZgwyC
k2A=
-----END CERTIFICATE-----