Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Ty8ZyyDYmM7si1TysQNLsyiYbSU.roa
File:                     Ty8ZyyDYmM7si1TysQNLsyiYbSU.roa (raw, json)
Hash identifier:          HSJS6Stl3K1rmwhBcSEwacYs2QbpIIrYq6PTTy5ah/o=
Subject key identifier:   4F:2F:19:CB:20:D8:98:CE:EC:8B:54:F2:B1:03:4B:B3:28:98:6D:25
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CBE20792A71EF4C27CFD47C751C129AD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Ty8ZyyDYmM7si1TysQNLsyiYbSU.roa
Signing time:             Fri 10 Mar 2023 14:17:13 +0000
ROA not before:           Fri 10 Mar 2023 14:17:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cb:e2:07:92:a7:1e:f4:c2:7c:fd:47:c7:51:c1:29:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 10 14:17:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4f2f19cb20d898ceec8b54f2b1034bb328986d25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4b:b4:c3:9a:54:04:7b:ea:f6:20:bb:ca:20:
                    d0:6e:77:a7:cc:99:83:2d:75:8a:d4:77:7d:bb:bc:
                    10:ee:99:6a:64:8e:ba:31:59:c6:85:08:ca:5a:7f:
                    df:96:53:8b:e5:62:57:0d:c7:2a:80:6b:58:bd:87:
                    19:1c:93:13:d8:63:72:e6:d2:17:96:56:bc:bc:43:
                    2e:aa:f3:15:33:af:47:d5:37:d7:7b:f9:6f:0f:1c:
                    49:e0:ab:1b:c9:49:09:0e:43:d4:93:50:47:f8:69:
                    2c:10:c5:dc:91:15:8d:fa:cc:c4:95:45:c6:be:1c:
                    f4:16:95:42:aa:cb:ad:f2:0f:de:f0:81:02:6a:b3:
                    87:83:0c:58:0e:0c:1b:da:01:de:b8:b5:8c:ba:d1:
                    18:ef:94:25:8d:d8:6f:91:50:24:b1:7a:3b:cf:e7:
                    3e:43:01:b4:fc:7f:09:17:ea:f1:22:81:e5:25:c5:
                    20:c4:a7:6a:91:91:11:66:39:fc:40:73:bc:13:50:
                    4d:32:39:ff:63:fe:b8:69:dc:77:83:d4:ba:7e:79:
                    ec:b5:02:a8:2c:35:89:18:05:b5:ab:a4:ff:49:8a:
                    70:61:d3:99:4d:6d:b4:55:4a:cd:c0:b4:32:7d:fb:
                    cf:69:11:f3:8f:43:90:9a:2e:ff:b1:20:b0:69:06:
                    a5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:2F:19:CB:20:D8:98:CE:EC:8B:54:F2:B1:03:4B:B3:28:98:6D:25
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Ty8ZyyDYmM7si1TysQNLsyiYbSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b1:31:ea:7b:73:48:24:2e:f3:e6:27:68:28:27:ee:13:45:be:
         e9:71:d8:20:5e:0d:01:41:26:9e:21:ab:91:a1:67:1a:12:e9:
         c5:ab:2a:3c:74:b2:54:84:52:5b:02:e4:77:cd:75:a2:9e:47:
         85:09:4e:f0:94:3f:65:69:87:0f:0e:c6:6d:fb:fd:0e:a6:7f:
         ec:7e:13:d3:48:83:26:56:a2:fe:3b:a2:25:79:c1:91:dd:28:
         6f:13:21:15:e4:0c:03:42:05:fb:4a:d4:d8:84:64:eb:93:b6:
         08:e3:aa:37:d8:ce:68:7a:54:67:b3:55:5b:76:66:fc:40:83:
         74:c9:7c:69:b2:01:00:b8:81:be:9a:bb:f2:8a:be:fe:e3:29:
         94:1a:0e:45:4e:8b:d4:38:db:d2:aa:4e:b4:0b:8d:bb:bc:c1:
         ea:49:90:0c:6b:b3:aa:d8:c8:18:7b:a2:74:1a:11:b3:cc:d8:
         45:64:84:5a:5f:91:9b:a4:a3:5e:d2:af:a3:fe:6f:89:4b:e8:
         82:de:8e:ba:33:bc:c0:61:75:a1:a2:f9:c5:aa:b2:f7:af:2c:
         39:7c:8e:4f:e5:69:38:58:63:26:43:c4:fc:de:64:b0:cc:d8:
         a3:3f:74:ca:6a:74:9d:c0:e7:a5:5e:a1:30:86:a5:59:5b:86:
         0f:9e:9d:51
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbL4geSpx70wnz9R8dRwSmtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEwMTQxNzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjJmMTljYjIwZDg5OGNlZWM4YjU0ZjJiMTAzNGJiMzI4OTg2ZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0u0w5pUBHvq9iC7yiDQbnenzJmD
LXWK1Hd9u7wQ7plqZI66MVnGhQjKWn/fllOL5WJXDccqgGtYvYcZHJMT2GNy5tIX
lla8vEMuqvMVM69H1TfXe/lvDxxJ4KsbyUkJDkPUk1BH+GksEMXckRWN+szElUXG
vhz0FpVCqsut8g/e8IECarOHgwxYDgwb2gHeuLWMutEY75QljdhvkVAksXo7z+c+
QwG0/H8JF+rxIoHlJcUgxKdqkZERZjn8QHO8E1BNMjn/Y/64adx3g9S6fnnstQKo
LDWJGAW1q6T/SYpwYdOZTW20VUrNwLQyffvPaRHzj0OQmi7/sSCwaQalDQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE8vGcsg2JjO7ItU8rEDS7MomG0lMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVHk4Wnl5RFltTTdzaTFUeXNRTkxzeWlZYlNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALEx6ntzSCQu8+YnaCgn
7hNFvulx2CBeDQFBJp4hq5GhZxoS6cWrKjx0slSEUlsC5HfNdaKeR4UJTvCUP2Vp
hw8Oxm37/Q6mf+x+E9NIgyZWov47oiV5wZHdKG8TIRXkDANCBftK1NiEZOuTtgjj
qjfYzmh6VGezVVt2ZvxAg3TJfGmyAQC4gb6au/KKvv7jKZQaDkVOi9Q429KqTrQL
jbu8wepJkAxrs6rYyBh7onQaEbPM2EVkhFpfkZuko17Sr6P+b4lL6ILejrozvMBh
daGi+cWqsvevLDl8jk/laThYYyZDxPzeZLDM2KM/dMpqdJ3A56VeoTCGpVlbhg+e
nVE=
-----END CERTIFICATE-----