Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WXjFiJIsE6CBKYZp0XPT4NP-s3E.roa
File:                     WXjFiJIsE6CBKYZp0XPT4NP-s3E.roa (raw, json)
Hash identifier:          DIF35Qpv2W41TzWk7n1XzqVJpqS4/xm/JI5aDMiZsL4=
Subject key identifier:   59:78:C5:88:92:2C:13:A0:81:29:86:69:D1:73:D3:E0:D3:FE:B3:71
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C425BE5F35DFC7F14C910A1D490E81F6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WXjFiJIsE6CBKYZp0XPT4NP-s3E.roa
Signing time:             Thu 09 Mar 2023 02:14:13 +0000
ROA not before:           Thu 09 Mar 2023 02:14:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c4:25:be:5f:35:df:c7:f1:4c:91:0a:1d:49:0e:81:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  9 02:14:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5978c588922c13a081298669d173d3e0d3feb371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:5c:0c:31:d4:b5:d8:95:4b:61:9e:3e:c1:34:
                    e6:02:59:37:52:a2:2c:1e:65:06:53:ff:0e:eb:df:
                    79:0c:d0:d7:09:89:7e:d5:e3:b1:90:bf:c0:fa:cf:
                    95:4b:73:ba:a9:8b:32:5a:69:da:f8:48:84:fa:33:
                    1a:57:07:72:02:dc:34:84:f9:48:c8:91:e7:cb:11:
                    ae:d3:96:b9:87:db:ff:64:45:02:9c:ca:eb:eb:60:
                    c4:07:5a:61:2a:a0:cc:62:ed:60:0d:38:0a:e3:b5:
                    42:f9:9b:64:b5:02:a4:6c:03:60:f9:5a:cb:49:37:
                    ad:a4:70:fd:8f:a1:9a:5c:e4:2a:cf:64:d3:fb:25:
                    ea:4e:e2:91:d8:eb:68:d6:c0:68:f8:40:be:dc:34:
                    e6:06:38:d5:d6:dd:28:fc:ba:92:06:f7:ee:55:ac:
                    b3:d6:fd:c5:33:03:02:7b:6d:18:70:8a:b7:c1:dd:
                    9b:51:17:a7:0d:ed:e5:35:b9:82:66:15:25:3b:7f:
                    a3:71:5f:c9:7d:5f:e7:8c:30:61:36:3d:13:12:b5:
                    1e:2c:94:12:59:60:e1:0b:38:97:03:5f:1c:14:b4:
                    90:28:1a:74:ea:bd:6a:d9:78:2e:cf:97:a5:28:e7:
                    d6:3c:9d:7c:14:bf:b7:52:fe:8a:03:a0:8e:83:e8:
                    f1:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:78:C5:88:92:2C:13:A0:81:29:86:69:D1:73:D3:E0:D3:FE:B3:71
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/WXjFiJIsE6CBKYZp0XPT4NP-s3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:7b:ed:a3:07:00:49:12:7b:63:56:b6:8d:2a:da:ad:28:b2:
         62:2e:e4:56:ed:45:0a:5d:e2:a9:c2:6f:95:ed:95:27:9f:dd:
         34:53:78:3a:a7:9c:f6:0b:85:36:8b:5f:a8:71:98:c5:79:a2:
         77:ba:f2:8f:b8:49:9f:6b:e7:b5:80:63:a0:48:8c:f1:5a:40:
         ee:e1:45:55:93:d5:6e:44:27:e2:df:84:e9:31:f3:30:6d:9d:
         c6:fd:f6:e4:b1:a6:29:99:60:98:27:ce:f4:57:02:b9:a2:df:
         f0:dd:2e:ea:ff:e6:44:8d:5e:02:bb:22:85:dd:54:ee:87:a3:
         59:a9:b5:4f:f3:5d:7a:27:3d:ce:95:fb:24:b8:5d:41:cb:0f:
         51:f9:bd:87:80:26:22:b0:b6:a7:59:83:7e:ac:20:8e:80:0f:
         28:cf:51:36:2d:d1:9e:5c:88:70:f6:76:ce:90:ea:1f:0d:90:
         a5:af:b3:cd:27:78:e3:71:83:82:2d:0c:21:dd:4b:30:4d:03:
         2f:62:04:08:05:83:f3:be:2f:58:78:b1:56:49:92:e2:7e:46:
         8d:f1:5c:77:29:3e:37:57:01:ef:03:30:22:69:b7:97:fa:43:
         11:a4:28:8a:1e:35:80:94:ad:79:7f:f0:b4:7d:6a:97:29:bc:
         f0:0a:1b:61
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbEJb5fNd/H8UyRCh1JDoH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA5MDIxNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTc4YzU4ODkyMmMxM2EwODEyOTg2NjlkMTczZDNlMGQzZmViMzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAglwMMdS12JVLYZ4+wTTmAlk3UqIs
HmUGU/8O6995DNDXCYl+1eOxkL/A+s+VS3O6qYsyWmna+EiE+jMaVwdyAtw0hPlI
yJHnyxGu05a5h9v/ZEUCnMrr62DEB1phKqDMYu1gDTgK47VC+ZtktQKkbANg+VrL
STetpHD9j6GaXOQqz2TT+yXqTuKR2Oto1sBo+EC+3DTmBjjV1t0o/LqSBvfuVayz
1v3FMwMCe20YcIq3wd2bURenDe3lNbmCZhUlO3+jcV/JfV/njDBhNj0TErUeLJQS
WWDhCziXA18cFLSQKBp06r1q2Xguz5elKOfWPJ18FL+3Uv6KA6COg+jxcwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFl4xYiSLBOggSmGadFz0+DT/rNxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvV1hqRmlKSXNFNkNCS1lacDBYUFQ0TlAtczNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFR77aMHAEkSe2NWto0q
2q0osmIu5FbtRQpd4qnCb5XtlSef3TRTeDqnnPYLhTaLX6hxmMV5one68o+4SZ9r
57WAY6BIjPFaQO7hRVWT1W5EJ+LfhOkx8zBtncb99uSxpimZYJgnzvRXArmi3/Dd
Lur/5kSNXgK7IoXdVO6Ho1mptU/zXXonPc6V+yS4XUHLD1H5vYeAJiKwtqdZg36s
II6ADyjPUTYt0Z5ciHD2ds6Q6h8NkKWvs80neONxg4ItDCHdSzBNAy9iBAgFg/O+
L1h4sVZJkuJ+Ro3xXHcpPjdXAe8DMCJpt5f6QxGkKIoeNYCUrXl/8LR9apcpvPAK
G2E=
-----END CERTIFICATE-----