Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SW8ISGbcOLJ980Dw_8gh6P8ugxo.roa
File:                     SW8ISGbcOLJ980Dw_8gh6P8ugxo.roa (raw, json)
Hash identifier:          /7m/04/2ZarNpquYVTEGHYw82xi3aKim2Qrb1sip5v4=
Subject key identifier:   49:6F:08:48:66:DC:38:B2:7D:F3:40:F0:FF:C8:21:E8:FF:2E:83:1A
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B7EE1B7A0E15383A97C95B9676AB2847
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SW8ISGbcOLJ980Dw_8gh6P8ugxo.roa
Signing time:             Mon 06 Mar 2023 17:18:00 +0000
ROA not before:           Mon 06 Mar 2023 17:18:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b7:ee:1b:7a:0e:15:38:3a:97:c9:5b:96:76:ab:28:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  6 17:18:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=496f084866dc38b27df340f0ffc821e8ff2e831a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:06:6e:6b:9f:2d:3b:0d:73:15:a2:63:02:79:
                    a8:c5:01:b7:32:01:5c:1a:e1:48:13:e6:40:6d:a0:
                    54:67:57:ce:a0:66:43:fd:9b:13:da:a1:fa:0b:ed:
                    46:c6:aa:65:e3:fc:fb:cd:51:33:8e:34:78:d0:4a:
                    74:10:37:19:c0:26:30:8c:ac:ac:ba:c4:af:e0:c6:
                    10:8f:fc:c5:94:01:9d:2d:55:ce:03:5d:3e:67:84:
                    f5:f5:e3:89:69:2d:37:9d:fc:76:71:79:59:63:5e:
                    05:0c:b0:f8:f2:d6:91:12:33:c8:72:2f:6b:24:78:
                    0f:80:9d:b5:b3:13:99:d3:f1:ec:cd:dd:d5:50:6e:
                    eb:d7:dd:c7:e3:85:78:26:f8:11:eb:2e:b0:84:40:
                    df:56:3f:24:f6:cb:d2:35:a6:0c:96:f9:71:6a:a8:
                    e7:24:93:44:6d:1b:60:54:5d:bd:b0:ae:df:dd:07:
                    80:57:63:b5:ea:68:54:2b:4d:50:8b:60:43:7c:6f:
                    80:c3:b6:72:f1:79:f2:67:b5:28:88:28:97:e1:05:
                    19:2d:4a:cd:a4:17:2d:eb:c7:7f:31:2e:de:31:a2:
                    91:66:5d:79:41:13:b1:dd:fd:9d:aa:5c:2c:e4:dd:
                    21:bd:bf:6b:b6:79:a9:de:ff:46:99:81:0b:95:04:
                    36:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:6F:08:48:66:DC:38:B2:7D:F3:40:F0:FF:C8:21:E8:FF:2E:83:1A
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/SW8ISGbcOLJ980Dw_8gh6P8ugxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:76:69:8b:43:71:af:94:99:c1:e8:e3:b6:a6:6d:31:7a:d4:
         4e:20:3f:29:c4:3f:f1:a1:f2:b5:77:b1:da:25:92:87:60:bb:
         e2:db:0d:7b:18:e0:fa:86:4e:14:38:03:d8:c1:1d:94:80:da:
         a5:40:69:b4:22:c9:f1:a1:01:a8:bd:7d:d7:89:e1:52:38:27:
         ca:0a:0b:e3:6b:59:3e:dc:3e:8d:72:be:f5:32:16:da:e5:bb:
         39:80:5d:f8:ad:08:f1:ed:1d:8e:21:5c:0d:f7:03:4a:82:4d:
         aa:0f:e6:5e:09:93:57:07:99:40:e9:6c:a7:3a:54:14:97:82:
         96:ba:f4:d0:33:45:87:be:5d:bb:45:52:a8:82:3a:d9:fb:75:
         da:5d:98:67:f0:60:91:bf:b8:b7:16:1c:f3:5b:35:7c:e6:a2:
         5b:95:6a:5a:ab:0a:b6:f1:cb:cf:48:9d:de:9a:f9:b3:04:2c:
         ce:0d:c2:99:5d:19:09:42:d5:4e:3e:4f:12:b2:23:c0:36:ca:
         af:f1:ca:11:7f:6f:9c:f5:00:89:1b:c5:d3:8e:33:af:90:98:
         f6:8b:24:26:6a:d3:74:13:8d:27:7c:1b:7a:5b:dd:09:ff:a7:
         3e:65:a2:03:10:8d:7b:b6:e6:bd:84:e5:10:5c:c6:71:94:54:
         9e:dc:36:e9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa37ht6DhU4OpfJW5Z2qyhHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA2MTcxODAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTZmMDg0ODY2ZGMzOGIyN2RmMzQwZjBmZmM4MjFlOGZmMmU4MzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQZua58tOw1zFaJjAnmoxQG3MgFc
GuFIE+ZAbaBUZ1fOoGZD/ZsT2qH6C+1Gxqpl4/z7zVEzjjR40Ep0EDcZwCYwjKys
usSv4MYQj/zFlAGdLVXOA10+Z4T19eOJaS03nfx2cXlZY14FDLD48taREjPIci9r
JHgPgJ21sxOZ0/Hszd3VUG7r193H44V4JvgR6y6whEDfVj8k9svSNaYMlvlxaqjn
JJNEbRtgVF29sK7f3QeAV2O16mhUK01Qi2BDfG+Aw7Zy8XnyZ7UoiCiX4QUZLUrN
pBct68d/MS7eMaKRZl15QROx3f2dqlws5N0hvb9rtnmp3v9GmYELlQQ2ywIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFElvCEhm3DiyffNA8P/IIej/LoMaMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvU1c4SVNHYmNPTEo5ODBEd184Z2g2UDh1Z3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADJ2aYtDca+UmcHo47am
bTF61E4gPynEP/Gh8rV3sdolkodgu+LbDXsY4PqGThQ4A9jBHZSA2qVAabQiyfGh
Aai9fdeJ4VI4J8oKC+NrWT7cPo1yvvUyFtrluzmAXfitCPHtHY4hXA33A0qCTaoP
5l4Jk1cHmUDpbKc6VBSXgpa69NAzRYe+XbtFUqiCOtn7ddpdmGfwYJG/uLcWHPNb
NXzmoluValqrCrbxy89Ind6a+bMELM4NwpldGQlC1U4+TxKyI8A2yq/xyhF/b5z1
AIkbxdOOM6+QmPaLJCZq03QTjSd8G3pb3Qn/pz5logMQjXu25r2E5RBcxnGUVJ7c
Nuk=
-----END CERTIFICATE-----