Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VVpd4O_Rk6hI9WF7vVT2nOkNSmQ.roa
File:                     VVpd4O_Rk6hI9WF7vVT2nOkNSmQ.roa (raw, json)
Hash identifier:          L/04Mpd1a7P1LABsWsTReunQa/fKoZrd5Apc1TyuKCk=
Subject key identifier:   55:5A:5D:E0:EF:D1:93:A8:48:F5:61:7B:BD:54:F6:9C:E9:0D:4A:64
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186AAD7474DF5F97094052D601A8AF17CB2
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VVpd4O_Rk6hI9WF7vVT2nOkNSmQ.roa
Signing time:             Sat 04 Mar 2023 04:18:00 +0000
ROA not before:           Sat 04 Mar 2023 04:18:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:aa:d7:47:4d:f5:f9:70:94:05:2d:60:1a:8a:f1:7c:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  4 04:18:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=555a5de0efd193a848f5617bbd54f69ce90d4a64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d2:75:2f:dc:c8:9f:60:ef:b1:ee:44:a8:92:
                    14:92:76:32:b8:11:45:eb:4a:e5:2c:ba:b2:34:52:
                    b5:ca:f1:93:28:c8:3c:e4:ac:9d:d1:95:52:e2:94:
                    61:0e:7e:bd:ef:17:29:50:b2:cf:5c:0f:01:1c:e3:
                    53:7e:db:c0:cd:ff:50:03:27:f8:b3:e4:11:84:e2:
                    2f:49:ab:c3:c0:7b:48:a9:9f:bd:a1:28:77:ff:a4:
                    5b:b9:fa:18:ee:69:24:12:a6:b1:6d:92:a4:58:d5:
                    58:2e:a8:1f:9a:34:91:52:42:f3:e9:e2:08:00:79:
                    b2:a3:a4:93:77:f0:34:7f:2b:31:be:df:5b:54:41:
                    85:13:e8:2d:30:97:46:ce:2c:46:8f:3e:89:ec:8e:
                    a6:4f:fe:94:d5:82:3c:6e:fd:32:f6:77:4a:f7:91:
                    7a:f3:01:88:4b:21:2a:48:a5:40:88:9a:95:8d:f7:
                    13:7b:22:4e:52:30:7d:c6:8c:95:1b:29:f6:a0:99:
                    d8:e8:2f:cb:b4:4c:5e:5d:8a:dc:00:b3:ba:e8:00:
                    dd:e9:fe:72:82:7c:8a:78:49:cd:dc:73:f8:50:a6:
                    35:b1:ed:99:e8:a2:f3:b5:2f:0e:7f:2e:36:52:be:
                    d1:df:c4:4a:26:7a:b4:94:2e:fa:03:13:25:f6:ce:
                    2d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:5A:5D:E0:EF:D1:93:A8:48:F5:61:7B:BD:54:F6:9C:E9:0D:4A:64
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/VVpd4O_Rk6hI9WF7vVT2nOkNSmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         b4:5d:3c:2e:66:6f:00:13:cd:d2:dd:20:c3:3b:7a:ab:52:27:
         f3:c9:d2:fb:50:38:43:17:c9:6a:b6:45:6e:c1:2f:e8:e4:17:
         c4:52:25:4d:0b:03:32:42:96:00:67:9a:c1:45:ff:4d:87:3d:
         ab:9b:37:99:7b:4d:f6:71:d9:ac:39:e3:ca:69:6a:76:ca:bf:
         33:04:df:5e:ae:49:8f:61:5a:4e:66:42:4f:9e:4b:34:0b:8c:
         f4:83:5b:24:9c:24:d6:b5:fb:8f:ec:2b:6f:89:a7:85:6d:83:
         d0:ee:fc:4b:9d:88:0e:85:32:b0:b5:92:e9:c9:d9:af:81:18:
         f3:1a:d1:8e:8d:42:ff:dd:c2:1c:2d:9e:da:3b:e7:cd:a9:ee:
         8a:0c:44:89:3c:af:71:0b:98:ff:18:34:4f:c9:34:51:4a:20:
         91:40:5b:20:06:e2:23:d4:83:42:5e:c6:29:9c:b4:4c:d7:d1:
         c0:a4:57:41:7c:30:98:26:50:1b:c0:97:43:77:55:c6:ac:4f:
         b3:9e:0f:7e:a5:4b:ed:71:c5:9d:6c:23:de:f5:fc:1a:ac:e2:
         54:dd:7d:0b:f1:09:ae:61:93:a9:ed:c6:b3:3c:aa:7d:17:16:
         e1:fd:56:ab:4c:2e:12:21:dd:43:9d:68:69:c0:5d:74:9e:c1:
         bb:91:bf:8b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYaq10dN9flwlAUtYBqK8XyyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA0MDQxODAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTVhNWRlMGVmZDE5M2E4NDhmNTYxN2JiZDU0ZjY5Y2U5MGQ0YTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstJ1L9zIn2Dvse5EqJIUknYyuBFF
60rlLLqyNFK1yvGTKMg85Kyd0ZVS4pRhDn697xcpULLPXA8BHONTftvAzf9QAyf4
s+QRhOIvSavDwHtIqZ+9oSh3/6RbufoY7mkkEqaxbZKkWNVYLqgfmjSRUkLz6eII
AHmyo6STd/A0fysxvt9bVEGFE+gtMJdGzixGjz6J7I6mT/6U1YI8bv0y9ndK95F6
8wGISyEqSKVAiJqVjfcTeyJOUjB9xoyVGyn2oJnY6C/LtExeXYrcALO66ADd6f5y
gnyKeEnN3HP4UKY1se2Z6KLztS8Ofy42Ur7R38RKJnq0lC76AxMl9s4tOwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFVaXeDv0ZOoSPVhe71U9pzpDUpkMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVlZwZDRPX1JrNmhJOVdGN3ZWVDJuT2tOU21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBALRdPC5mbwATzdLdIMM7
eqtSJ/PJ0vtQOEMXyWq2RW7BL+jkF8RSJU0LAzJClgBnmsFF/02HPaubN5l7TfZx
2aw548ppanbKvzME316uSY9hWk5mQk+eSzQLjPSDWyScJNa1+4/sK2+Jp4Vtg9Du
/EudiA6FMrC1kunJ2a+BGPMa0Y6NQv/dwhwtnto7582p7ooMRIk8r3ELmP8YNE/J
NFFKIJFAWyAG4iPUg0JeximctEzX0cCkV0F8MJgmUBvAl0N3VcasT7OeD36lS+1x
xZ1sI971/Bqs4lTdfQvxCa5hk6ntxrM8qn0XFuH9VqtMLhIh3UOdaGnAXXSewbuR
v4s=
-----END CERTIFICATE-----