Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TtEh9pB-gDrNbeJRToY7URtYv7g.roa
File:                     TtEh9pB-gDrNbeJRToY7URtYv7g.roa (raw, json)
Hash identifier:          WmsLxIthMCN8hedi3aZOJcdJeCkz8yKl0zvqXEMi9HM=
Subject key identifier:   4E:D1:21:F6:90:7E:80:3A:CD:6D:E2:51:4E:86:3B:51:1B:58:BF:B8
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A469E6A036EA703A0192BDC8A20E4C94
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TtEh9pB-gDrNbeJRToY7URtYv7g.roa
Signing time:             Thu 02 Mar 2023 22:20:49 +0000
ROA not before:           Thu 02 Mar 2023 22:20:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a4:69:e6:a0:36:ea:70:3a:01:92:bd:c8:a2:0e:4c:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  2 22:20:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4ed121f6907e803acd6de2514e863b511b58bfb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e5:59:7c:4c:06:3b:73:eb:65:4e:e0:6d:eb:
                    d4:ea:82:30:77:92:53:8c:46:8a:83:46:fd:f1:bb:
                    7c:1b:f5:13:07:00:fa:15:5f:77:10:ba:a6:a4:84:
                    d5:c6:86:40:ee:9e:56:98:20:31:34:9e:de:5d:62:
                    dc:f1:49:09:38:da:27:c3:cd:5b:73:52:fa:81:25:
                    fe:10:93:0c:3b:d0:96:8c:ac:46:3c:55:ea:2a:c1:
                    f0:55:60:83:9c:a9:76:12:21:95:1e:a0:d7:ac:d6:
                    22:a5:cd:85:79:80:91:97:0f:79:8b:5e:f9:38:f2:
                    a0:ec:a2:b5:05:f9:d3:d9:0d:2a:b1:1e:c7:0c:f9:
                    1c:5a:65:14:07:9e:a6:f5:29:10:d9:c4:ba:ee:5b:
                    fd:77:92:f7:5d:ca:41:48:78:65:b3:8d:a8:47:29:
                    2e:4c:2c:7f:03:df:d5:c2:a3:07:93:7b:39:4a:d0:
                    1c:4b:ad:a0:e8:e7:13:4d:1e:12:01:cb:ae:78:55:
                    a0:95:cb:1b:e9:32:6a:51:3e:93:80:77:17:26:6e:
                    2d:cf:d0:8c:db:01:dd:ef:9a:36:da:83:91:7a:95:
                    fc:2f:84:a2:35:74:40:4d:a5:d5:13:76:72:41:b7:
                    94:ff:8e:bf:15:75:63:ff:bb:08:0c:dd:56:76:a7:
                    b4:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:D1:21:F6:90:7E:80:3A:CD:6D:E2:51:4E:86:3B:51:1B:58:BF:B8
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TtEh9pB-gDrNbeJRToY7URtYv7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:b5:9f:b9:ab:e8:fb:0a:a6:ba:a0:85:8f:fd:20:48:7d:39:
         f2:09:23:32:94:e1:36:f3:c3:77:a5:be:94:6c:d3:71:bc:da:
         f4:e0:70:c3:2b:76:1a:ca:3b:4b:c2:1f:59:82:5c:de:ab:48:
         8f:38:a4:3f:b7:34:5d:60:54:3d:d6:52:60:28:fa:e5:33:ac:
         49:54:96:54:d2:ec:3c:78:3d:30:4f:7e:64:c4:2d:58:e1:b2:
         5e:f6:b3:bc:37:79:d6:9d:74:ab:37:48:cd:fd:25:c2:2a:56:
         61:bc:5f:91:b0:25:64:6d:d5:3f:b8:87:3a:2e:38:84:fa:a5:
         7b:b0:a4:56:4f:e5:71:8c:71:7a:67:99:e6:a0:4c:17:52:ab:
         1f:dc:8f:7c:c2:de:ab:33:0a:9b:a3:4d:c3:6e:a0:06:0d:a4:
         35:d4:64:0e:80:53:8b:75:7e:44:2d:50:07:aa:d2:44:5e:4b:
         a7:da:4c:56:41:bb:83:0a:b9:dc:8a:01:d4:6b:74:19:05:a4:
         a2:73:d3:f8:83:3a:6e:29:c0:6d:ff:dc:06:ab:b9:fb:72:eb:
         e8:09:61:54:b4:58:33:46:58:69:44:fa:3e:76:2f:ae:8d:dd:
         2d:89:f9:eb:29:6e:bd:b1:61:1e:9f:90:39:96:f8:2a:1e:4d:
         ac:90:31:58
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYakaeagNupwOgGSvciiDkyUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAyMjIyMDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWQxMjFmNjkwN2U4MDNhY2Q2ZGUyNTE0ZTg2M2I1MTFiNThiZmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOVZfEwGO3PrZU7gbevU6oIwd5JT
jEaKg0b98bt8G/UTBwD6FV93ELqmpITVxoZA7p5WmCAxNJ7eXWLc8UkJONonw81b
c1L6gSX+EJMMO9CWjKxGPFXqKsHwVWCDnKl2EiGVHqDXrNYipc2FeYCRlw95i175
OPKg7KK1BfnT2Q0qsR7HDPkcWmUUB56m9SkQ2cS67lv9d5L3XcpBSHhls42oRyku
TCx/A9/VwqMHk3s5StAcS62g6OcTTR4SAcuueFWglcsb6TJqUT6TgHcXJm4tz9CM
2wHd75o22oORepX8L4SiNXRATaXVE3ZyQbeU/46/FXVj/7sIDN1Wdqe0oQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE7RIfaQfoA6zW3iUU6GO1EbWL+4MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVHRFaDlwQi1nRHJOYmVKUlRvWTdVUnRZdjdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAC21n7mr6PsKprqghY/9
IEh9OfIJIzKU4Tbzw3elvpRs03G82vTgcMMrdhrKO0vCH1mCXN6rSI84pD+3NF1g
VD3WUmAo+uUzrElUllTS7Dx4PTBPfmTELVjhsl72s7w3edaddKs3SM39JcIqVmG8
X5GwJWRt1T+4hzouOIT6pXuwpFZP5XGMcXpnmeagTBdSqx/cj3zC3qszCpujTcNu
oAYNpDXUZA6AU4t1fkQtUAeq0kReS6faTFZBu4MKudyKAdRrdBkFpKJz0/iDOm4p
wG3/3Aarufty6+gJYVS0WDNGWGlE+j52L66N3S2J+espbr2xYR6fkDmW+CoeTayQ
MVg=
-----END CERTIFICATE-----