Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WMvMAmfRZYiP6kkX-wv2S8MQFLw.roa
File:                     WMvMAmfRZYiP6kkX-wv2S8MQFLw.roa (raw, json)
Hash identifier:          Eu2LNE3r4SB2JgBPdkGc/RA/GYRFBom5ZCvgQ37xBsE=
Subject key identifier:   58:CB:CC:02:67:D1:65:88:8F:EA:49:17:FB:0B:F6:4B:C3:10:14:BC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186AD9EA4C82DFDD2C2B296A899E362F10B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WMvMAmfRZYiP6kkX-wv2S8MQFLw.roa
Signing time:             Sat 04 Mar 2023 17:15:00 +0000
ROA not before:           Sat 04 Mar 2023 17:15:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ad:9e:a4:c8:2d:fd:d2:c2:b2:96:a8:99:e3:62:f1:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  4 17:15:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=58cbcc0267d165888fea4917fb0bf64bc31014bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:55:20:9c:ec:66:d3:a0:c5:c8:fe:2e:c4:89:
                    bf:d7:98:f8:dc:38:d2:4b:a9:fb:6c:b9:e2:6f:a2:
                    cf:15:16:ce:c6:d7:99:23:e4:26:44:16:e3:a4:91:
                    d1:f1:52:fd:87:17:35:7e:55:0a:20:39:23:bf:71:
                    26:ce:49:71:f8:94:12:20:46:e3:a3:39:5b:63:11:
                    7a:42:4e:51:fa:4d:53:41:46:86:77:06:81:db:41:
                    79:db:a8:74:65:b3:c0:f5:5f:8e:de:ea:9e:4e:2a:
                    b1:9e:a6:b3:21:eb:65:85:34:bf:38:96:a7:40:e4:
                    87:f7:ed:a0:48:28:6f:06:98:01:bd:e6:ed:6e:76:
                    bf:54:43:7e:2a:a5:1f:57:5d:c7:3b:61:84:05:95:
                    bd:57:65:3b:c8:3c:c4:cd:da:73:ab:89:e9:7a:be:
                    16:85:8e:d8:5c:db:a2:a4:bb:78:7f:dd:66:83:e0:
                    e7:dc:3f:45:a5:fd:cc:cf:ce:31:74:dc:fb:54:02:
                    46:4a:35:3b:76:61:3b:45:53:6a:48:7f:a5:f8:47:
                    e8:e8:9f:00:e8:4f:97:1e:f1:ea:36:22:8a:d0:c1:
                    57:02:8d:e4:e0:3c:5b:fc:ad:eb:be:0f:e9:f5:b1:
                    07:e1:d0:77:76:1a:10:e0:f5:89:51:2b:35:87:48:
                    e1:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:CB:CC:02:67:D1:65:88:8F:EA:49:17:FB:0B:F6:4B:C3:10:14:BC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WMvMAmfRZYiP6kkX-wv2S8MQFLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:dd:10:14:55:b4:11:58:4f:01:52:37:08:9a:52:2b:bb:6b:
         75:55:9e:68:db:54:a7:22:04:1e:4c:5e:6c:87:54:17:8e:1c:
         0a:82:77:dc:27:ce:1d:02:72:0c:ae:87:67:85:a3:5e:32:99:
         e2:e7:30:a6:c3:9c:4e:e8:7d:58:b6:23:c7:16:1a:29:05:35:
         7f:97:f4:a0:91:91:10:1e:57:48:4e:cb:e1:9f:12:b1:54:f8:
         8d:f0:33:2f:d5:f2:88:d0:03:6b:a0:c4:af:17:e9:d2:15:78:
         1f:0f:0a:db:5b:9e:39:0d:cb:0c:24:f1:f1:b0:7f:5e:d6:29:
         86:5b:24:76:94:df:fb:7d:41:09:43:be:9a:03:96:f0:e5:76:
         3b:51:89:e4:80:a3:10:fd:e1:28:3d:74:0a:fd:fb:99:b0:d6:
         54:74:86:b9:0e:c6:87:9a:db:6a:3c:99:3a:a4:66:e0:05:35:
         97:65:b9:6f:1f:c1:7b:6d:07:1b:a3:b5:ed:e7:a5:77:2e:f5:
         82:7d:2d:6a:b0:4b:fb:3e:a4:d6:58:83:82:13:ff:6f:2d:b7:
         0f:5b:8d:a4:b5:66:c2:c7:13:e6:af:d6:11:30:0b:9c:af:e3:
         08:80:a2:e6:34:06:d3:e8:ff:90:83:0a:1e:f6:bd:8f:2d:12:
         ed:28:50:54
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYatnqTILf3SwrKWqJnjYvELMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA0MTcxNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGNiY2MwMjY3ZDE2NTg4OGZlYTQ5MTdmYjBiZjY0YmMzMTAxNGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklUgnOxm06DFyP4uxIm/15j43DjS
S6n7bLnib6LPFRbOxteZI+QmRBbjpJHR8VL9hxc1flUKIDkjv3Emzklx+JQSIEbj
ozlbYxF6Qk5R+k1TQUaGdwaB20F526h0ZbPA9V+O3uqeTiqxnqazIetlhTS/OJan
QOSH9+2gSChvBpgBvebtbna/VEN+KqUfV13HO2GEBZW9V2U7yDzEzdpzq4nper4W
hY7YXNuipLt4f91mg+Dn3D9Fpf3Mz84xdNz7VAJGSjU7dmE7RVNqSH+l+Efo6J8A
6E+XHvHqNiKK0MFXAo3k4Dxb/K3rvg/p9bEH4dB3dhoQ4PWJUSs1h0jh2QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFjLzAJn0WWIj+pJF/sL9kvDEBS8MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvV012TUFtZlJaWWlQNmtrWC13djJTOE1RRkx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABDdEBRVtBFYTwFSNwia
Uiu7a3VVnmjbVKciBB5MXmyHVBeOHAqCd9wnzh0Ccgyuh2eFo14ymeLnMKbDnE7o
fVi2I8cWGikFNX+X9KCRkRAeV0hOy+GfErFU+I3wMy/V8ojQA2ugxK8X6dIVeB8P
CttbnjkNywwk8fGwf17WKYZbJHaU3/t9QQlDvpoDlvDldjtRieSAoxD94Sg9dAr9
+5mw1lR0hrkOxoea22o8mTqkZuAFNZdluW8fwXttBxujte3npXcu9YJ9LWqwS/s+
pNZYg4IT/28ttw9bjaS1ZsLHE+av1hEwC5yv4wiAouY0BtPo/5CDCh72vY8tEu0o
UFQ=
-----END CERTIFICATE-----