Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/W7vlEKyRaW8hoht8qgzPhAq8WYA.roa
File:                     W7vlEKyRaW8hoht8qgzPhAq8WYA.roa (raw, json)
Hash identifier:          1yzx7fAR5PKq1S0tRBcV8MKudG3KYy2XXX0jv9mIu64=
Subject key identifier:   5B:BB:E5:10:AC:91:69:6F:21:A2:1B:7C:AA:0C:CF:84:0A:BC:59:80
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186AA67958A85909985D0505FB7C4530E6A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/W7vlEKyRaW8hoht8qgzPhAq8WYA.roa
Signing time:             Sat 04 Mar 2023 02:16:00 +0000
ROA not before:           Sat 04 Mar 2023 02:16:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:aa:67:95:8a:85:90:99:85:d0:50:5f:b7:c4:53:0e:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  4 02:16:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5bbbe510ac91696f21a21b7caa0ccf840abc5980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:40:7f:49:0f:75:1a:c4:61:b7:4d:fb:1b:31:
                    72:35:f9:df:51:32:98:0c:f7:ce:c7:23:f6:87:60:
                    d4:7e:c4:39:38:8f:17:d0:85:8f:c6:9b:55:e1:f0:
                    2a:4b:b9:06:47:71:ea:64:e6:e0:05:e5:38:8e:bd:
                    46:75:56:e6:b3:a2:6e:27:9e:de:e8:a0:44:51:ed:
                    a9:3b:1d:14:4b:96:cf:b5:e0:0d:39:de:1a:a0:20:
                    1b:75:d7:6c:ed:fc:88:91:c4:71:10:a1:f9:50:1b:
                    ac:ff:55:0b:20:d7:19:44:29:b1:0e:46:0f:54:38:
                    1c:3e:20:94:e3:bc:e6:3b:56:f7:63:28:f6:53:c6:
                    88:71:f4:04:44:69:42:56:d3:fd:88:74:7d:1f:2d:
                    5f:4d:5f:77:bf:1b:2c:7b:ef:e6:04:84:de:3f:b9:
                    fe:ce:79:8c:04:5a:b7:3b:0f:90:1a:98:71:cd:4f:
                    a8:b3:b3:d5:f8:18:2b:f9:4b:33:b5:d1:25:b7:75:
                    38:6a:fd:fd:f5:f0:46:8f:a4:d5:cc:13:47:86:28:
                    81:cd:70:c9:27:a7:6d:ea:a8:41:78:ba:3e:14:76:
                    54:ce:76:fe:a4:3a:98:4f:68:f1:67:f6:09:69:c1:
                    51:f5:83:01:8e:04:1b:45:51:0f:e7:99:c0:36:21:
                    f9:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:BB:E5:10:AC:91:69:6F:21:A2:1B:7C:AA:0C:CF:84:0A:BC:59:80
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/W7vlEKyRaW8hoht8qgzPhAq8WYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:e3:79:01:ba:86:71:9b:a8:f7:ee:57:ea:40:e0:a6:22:61:
         45:ab:93:8d:35:24:da:fc:e1:9b:b3:61:8b:33:85:d9:10:ad:
         cd:d3:a1:46:7a:32:96:d7:3c:3c:69:d2:c7:8f:e3:c2:5e:c9:
         fa:22:61:a7:af:92:54:49:05:07:d2:1b:40:f7:f9:ef:f2:fc:
         ef:7b:b7:cc:28:4a:1e:0b:a9:79:5f:59:ee:11:36:9e:c4:16:
         b9:2d:fe:f2:34:17:bb:de:1a:13:41:cf:1f:08:af:22:4f:94:
         d2:21:85:a7:6b:7a:49:11:40:05:7c:61:81:a2:81:b3:49:7d:
         8e:46:fb:4f:78:6d:6c:62:28:6b:1d:cf:56:12:e4:e6:18:7b:
         32:6b:d8:20:f4:b1:00:94:f2:ef:5c:91:19:78:40:0d:90:3b:
         ed:32:a1:cc:a0:2f:d1:19:2f:28:b8:d9:33:f4:a0:82:d6:11:
         39:88:b5:ba:db:15:a3:ff:6a:f5:23:08:1b:3e:50:a7:40:6f:
         79:da:b4:a1:ea:6a:ff:00:ed:e2:c5:d2:06:f0:86:5e:0c:3c:
         4b:d4:9c:be:c4:b5:6a:b8:bf:ff:a1:65:87:78:9a:1f:8b:6f:
         5c:f9:3e:5a:8e:ea:79:29:19:5d:32:0d:65:53:ea:44:26:89:
         04:85:09:06
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYaqZ5WKhZCZhdBQX7fEUw5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA0MDIxNjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmJiZTUxMGFjOTE2OTZmMjFhMjFiN2NhYTBjY2Y4NDBhYmM1OTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUB/SQ91GsRht037GzFyNfnfUTKY
DPfOxyP2h2DUfsQ5OI8X0IWPxptV4fAqS7kGR3HqZObgBeU4jr1GdVbms6JuJ57e
6KBEUe2pOx0US5bPteANOd4aoCAbddds7fyIkcRxEKH5UBus/1ULINcZRCmxDkYP
VDgcPiCU47zmO1b3Yyj2U8aIcfQERGlCVtP9iHR9Hy1fTV93vxsse+/mBITeP7n+
znmMBFq3Ow+QGphxzU+os7PV+Bgr+UsztdElt3U4av399fBGj6TVzBNHhiiBzXDJ
J6dt6qhBeLo+FHZUznb+pDqYT2jxZ/YJacFR9YMBjgQbRVEP55nANiH5rQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFu75RCskWlvIaIbfKoMz4QKvFmAMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVzd2bEVLeVJhVzhob2h0OHFnelBoQXE4V1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADnjeQG6hnGbqPfuV+pA
4KYiYUWrk401JNr84ZuzYYszhdkQrc3ToUZ6MpbXPDxp0seP48JeyfoiYaevklRJ
BQfSG0D3+e/y/O97t8woSh4LqXlfWe4RNp7EFrkt/vI0F7veGhNBzx8IryJPlNIh
hadrekkRQAV8YYGigbNJfY5G+094bWxiKGsdz1YS5OYYezJr2CD0sQCU8u9ckRl4
QA2QO+0yocygL9EZLyi42TP0oILWETmItbrbFaP/avUjCBs+UKdAb3natKHqav8A
7eLF0gbwhl4MPEvUnL7EtWq4v/+hZYd4mh+Lb1z5PlqO6nkpGV0yDWVT6kQmiQSF
CQY=
-----END CERTIFICATE-----