Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RnUaTw_ztf5KD2_aNIhqnubV-Y4.roa
File:                     RnUaTw_ztf5KD2_aNIhqnubV-Y4.roa (raw, json)
Hash identifier:          pWU7CiscJ8tJvmNKhiU+N7ywhSa7HJznyGQhEZ8XDdk=
Subject key identifier:   46:75:1A:4F:0F:F3:B5:FE:4A:0F:6F:DA:34:88:6A:9E:E6:D5:F9:8E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B6AA0589D8EFDBCC7C29DFCE83E7BF2E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RnUaTw_ztf5KD2_aNIhqnubV-Y4.roa
Signing time:             Mon 06 Mar 2023 11:24:01 +0000
ROA not before:           Mon 06 Mar 2023 11:24:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b6:aa:05:89:d8:ef:db:cc:7c:29:df:ce:83:e7:bf:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  6 11:24:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=46751a4f0ff3b5fe4a0f6fda34886a9ee6d5f98e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:83:9a:c0:78:7d:e0:f0:26:20:e0:05:5b:db:
                    ae:e2:af:05:24:d8:10:62:21:0b:91:98:80:3b:79:
                    2b:c8:0a:ff:4d:4b:33:a7:55:7e:2c:f1:2d:39:27:
                    5a:56:4b:df:6c:67:fa:3e:ce:1b:1e:18:d5:54:34:
                    08:9e:67:9a:85:57:68:45:51:10:b6:40:33:6d:57:
                    9b:b8:c3:c0:1b:ad:40:14:70:74:36:91:72:ce:41:
                    ad:d7:b6:be:e8:28:ea:05:58:66:28:d0:9f:23:ec:
                    89:0e:f9:95:50:01:5a:a8:f1:4c:0d:c8:71:db:30:
                    6c:b9:08:13:a7:b4:c2:1c:c7:74:5e:cd:ed:2f:69:
                    88:87:4b:b9:9e:09:86:ed:f9:8f:66:a5:31:84:7f:
                    26:82:e3:a6:44:0c:13:8d:ec:bc:92:c8:96:c3:fb:
                    b4:c5:64:53:eb:6b:bb:b5:10:ea:67:c0:91:7f:b7:
                    cf:84:16:2e:6b:2a:bc:e7:78:01:48:fa:c7:f6:6b:
                    c9:91:2d:12:12:a2:be:79:5b:f3:a0:f1:cc:e4:02:
                    56:fc:f3:9e:f9:15:12:ca:b5:7b:94:c6:89:7c:65:
                    93:31:bd:e4:79:05:d6:98:11:d3:38:a0:aa:79:52:
                    f0:c1:98:8d:ab:88:d3:07:0f:26:03:9e:93:a6:3b:
                    3a:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:75:1A:4F:0F:F3:B5:FE:4A:0F:6F:DA:34:88:6A:9E:E6:D5:F9:8E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RnUaTw_ztf5KD2_aNIhqnubV-Y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:a4:69:9b:d5:e6:51:c0:bb:ee:27:39:70:f3:82:8f:ee:75:
         3d:30:2a:e2:b5:97:d2:7f:47:6a:83:f3:5a:38:ca:b8:cb:aa:
         59:7a:16:bd:78:33:73:1d:a8:75:f2:e9:5d:51:46:48:82:38:
         26:84:cc:90:89:82:ea:5a:f0:14:bf:60:f4:c2:35:49:5a:38:
         34:92:4a:18:45:ed:74:63:b7:b5:41:8d:b3:8b:0f:58:93:81:
         58:b1:ee:3e:54:41:f4:3a:3b:6d:2c:c7:b3:b0:5e:21:5b:dd:
         04:03:bb:99:b6:91:e0:da:65:dc:f0:92:e5:24:58:8d:71:af:
         c7:26:03:a3:4f:97:42:33:32:36:6d:f1:35:1b:45:5c:87:c7:
         97:b8:ab:4e:b4:24:f0:e3:e9:04:3b:8e:10:33:7f:df:d0:7c:
         33:1a:95:9b:a6:9e:26:c4:2d:f2:98:84:91:8d:48:f6:64:ff:
         15:c0:6c:b5:1e:3b:cd:f9:04:41:77:3e:09:3b:6b:1e:d1:cf:
         41:0c:e2:66:b7:7f:d3:7d:c4:dc:60:74:76:e3:1f:a2:79:c4:
         78:78:df:ca:5c:d0:2a:0c:65:b2:da:60:0c:ae:d9:b2:66:56:
         0c:ed:d6:44:aa:f7:43:b4:e8:e3:30:31:c6:64:70:7c:37:66:
         f0:3e:25:d4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa2qgWJ2O/bzHwp386D578uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA2MTEyNDAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njc1MWE0ZjBmZjNiNWZlNGEwZjZmZGEzNDg4NmE5ZWU2ZDVmOThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoOawHh94PAmIOAFW9uu4q8FJNgQ
YiELkZiAO3kryAr/TUszp1V+LPEtOSdaVkvfbGf6Ps4bHhjVVDQInmeahVdoRVEQ
tkAzbVebuMPAG61AFHB0NpFyzkGt17a+6CjqBVhmKNCfI+yJDvmVUAFaqPFMDchx
2zBsuQgTp7TCHMd0Xs3tL2mIh0u5ngmG7fmPZqUxhH8mguOmRAwTjey8ksiWw/u0
xWRT62u7tRDqZ8CRf7fPhBYuayq853gBSPrH9mvJkS0SEqK+eVvzoPHM5AJW/POe
+RUSyrV7lMaJfGWTMb3keQXWmBHTOKCqeVLwwZiNq4jTBw8mA56Tpjs6OQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEZ1Gk8P87X+Sg9v2jSIap7m1fmOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUm5VYVR3X3p0ZjVLRDJfYU5JaHFudWJWLVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKGkaZvV5lHAu+4nOXDz
go/udT0wKuK1l9J/R2qD81o4yrjLqll6Fr14M3MdqHXy6V1RRkiCOCaEzJCJgupa
8BS/YPTCNUlaODSSShhF7XRjt7VBjbOLD1iTgVix7j5UQfQ6O20sx7OwXiFb3QQD
u5m2keDaZdzwkuUkWI1xr8cmA6NPl0IzMjZt8TUbRVyHx5e4q060JPDj6QQ7jhAz
f9/QfDMalZumnibELfKYhJGNSPZk/xXAbLUeO835BEF3Pgk7ax7Rz0EM4ma3f9N9
xNxgdHbjH6J5xHh438pc0CoMZbLaYAyu2bJmVgzt1kSq90O06OMwMcZkcHw3ZvA+
JdQ=
-----END CERTIFICATE-----