Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/T0xJtG6bsFE4LptrTREKCOVnVao.roa
File:                     T0xJtG6bsFE4LptrTREKCOVnVao.roa (raw, json)
Hash identifier:          2HwKPPCW6fux4wHnTEtY+djYGQr/YCl0qTfPHgU1c5k=
Subject key identifier:   4F:4C:49:B4:6E:9B:B0:51:38:2E:9B:6B:4D:11:0A:08:E5:67:55:AA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01873D60EA53910303A016CE798580ED4BD1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/T0xJtG6bsFE4LptrTREKCOVnVao.roa
Signing time:             Sat 01 Apr 2023 15:12:54 +0000
ROA not before:           Sat 01 Apr 2023 15:12:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:3d:60:ea:53:91:03:03:a0:16:ce:79:85:80:ed:4b:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Apr  1 15:12:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4f4c49b46e9bb051382e9b6b4d110a08e56755aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ef:0b:13:70:46:a0:3b:18:61:cc:00:ab:c8:
                    ed:3b:59:3c:39:c8:7c:43:27:80:3e:28:a3:64:8f:
                    25:de:68:c6:0f:34:68:b7:f8:2f:3f:18:e3:0a:3e:
                    97:a5:2e:cd:f9:62:87:1d:5b:0b:cd:a4:10:4d:dd:
                    4e:89:e8:07:36:66:03:12:6d:6d:24:59:f3:4f:58:
                    f9:bc:a0:44:63:fe:d3:48:d9:fd:4a:09:03:e9:67:
                    8b:8a:82:15:dc:46:86:04:6e:5c:b3:14:88:0f:e0:
                    49:a5:b9:53:26:64:1e:b4:aa:78:0f:4d:13:90:5e:
                    e6:e5:dd:a4:c9:d8:e6:8a:77:9a:5b:85:01:25:59:
                    87:84:c3:2d:a5:99:95:af:6d:12:68:d9:1d:59:58:
                    a5:ed:90:e7:7c:3d:bd:18:c3:01:73:5a:a3:0d:bf:
                    ce:66:e1:20:cc:9e:1c:7b:66:3b:03:2d:04:63:2e:
                    88:ed:94:c7:5f:cb:54:10:b6:69:e3:f6:13:0f:7a:
                    52:19:77:34:93:40:68:0f:97:ed:df:ce:82:f0:9f:
                    e0:d0:09:c6:23:e6:f1:c1:a2:ab:2c:0a:99:80:67:
                    67:76:e9:32:d1:84:4e:88:c5:0a:68:4e:81:39:b3:
                    89:f6:98:65:41:d8:03:23:d8:42:03:07:76:5c:e1:
                    07:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:4C:49:B4:6E:9B:B0:51:38:2E:9B:6B:4D:11:0A:08:E5:67:55:AA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/T0xJtG6bsFE4LptrTREKCOVnVao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:25:94:5d:44:40:e2:cc:7d:5f:71:bc:56:7d:be:c3:56:3f:
         28:8f:d4:d7:74:87:8b:ab:19:8e:64:e0:e2:9d:49:cb:1f:96:
         d4:e5:cf:3e:ec:f1:a8:ec:1f:84:d5:a9:95:89:98:99:a4:cf:
         2b:15:69:c2:94:27:a3:d1:95:f1:88:42:51:ba:22:02:e0:4a:
         ea:a4:ed:d7:bb:8b:86:d3:92:dd:6d:f0:c9:43:b1:82:b9:6e:
         e3:a0:ab:20:f1:b8:43:63:2c:0d:27:d5:81:89:19:3c:c7:f4:
         51:c0:f5:aa:9d:56:7a:38:3a:74:6e:b1:47:ad:97:2c:c9:4e:
         79:63:84:ac:43:c8:9f:87:11:45:8a:9e:53:7d:48:e6:1b:0b:
         e5:13:c6:9e:79:ff:ad:ea:5e:87:13:36:e4:26:1b:81:be:f5:
         0e:65:5d:e7:26:66:d3:8a:8f:0b:3d:6e:a2:8a:29:76:6b:d2:
         71:c9:62:31:fc:4c:ae:76:48:0b:a4:a0:4e:65:34:4e:85:c2:
         cc:41:71:8d:9c:c0:14:c8:5b:9d:5d:a7:19:78:33:57:7b:1a:
         aa:37:0d:91:89:8e:75:af:b1:0c:95:a1:6e:3b:96:e9:ae:4e:
         ec:1d:15:95:fd:07:15:85:82:1a:c1:04:61:98:d6:22:40:50:
         5b:4e:23:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYc9YOpTkQMDoBbOeYWA7UvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwNDAxMTUxMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjRjNDliNDZlOWJiMDUxMzgyZTliNmI0ZDExMGEwOGU1Njc1NWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+8LE3BGoDsYYcwAq8jtO1k8Och8
QyeAPiijZI8l3mjGDzRot/gvPxjjCj6XpS7N+WKHHVsLzaQQTd1OiegHNmYDEm1t
JFnzT1j5vKBEY/7TSNn9SgkD6WeLioIV3EaGBG5csxSID+BJpblTJmQetKp4D00T
kF7m5d2kydjmineaW4UBJVmHhMMtpZmVr20SaNkdWVil7ZDnfD29GMMBc1qjDb/O
ZuEgzJ4ce2Y7Ay0EYy6I7ZTHX8tUELZp4/YTD3pSGXc0k0BoD5ft386C8J/g0AnG
I+bxwaKrLAqZgGdnduky0YROiMUKaE6BObOJ9phlQdgDI9hCAwd2XOEHNwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE9MSbRum7BROC6ba00RCgjlZ1WqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVDB4SnRHNmJzRkU0THB0clRSRUtDT1ZuVmFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJ4llF1EQOLMfV9xvFZ9
vsNWPyiP1Nd0h4urGY5k4OKdScsfltTlzz7s8ajsH4TVqZWJmJmkzysVacKUJ6PR
lfGIQlG6IgLgSuqk7de7i4bTkt1t8MlDsYK5buOgqyDxuENjLA0n1YGJGTzH9FHA
9aqdVno4OnRusUetlyzJTnljhKxDyJ+HEUWKnlN9SOYbC+UTxp55/63qXocTNuQm
G4G+9Q5lXecmZtOKjws9bqKKKXZr0nHJYjH8TK52SAukoE5lNE6FwsxBcY2cwBTI
W51dpxl4M1d7Gqo3DZGJjnWvsQyVoW47lumuTuwdFZX9BxWFghrBBGGY1iJAUFtO
Ix0=
-----END CERTIFICATE-----