Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X5F9nmIStoauNpxXOwQQbl0c-JI.roa
File:                     X5F9nmIStoauNpxXOwQQbl0c-JI.roa (raw, json)
Hash identifier:          Nh2Rt4oKRs1Km20ajn/r7foKTwCSHYnE6dGYzfLsBbo=
Subject key identifier:   5F:91:7D:9E:62:12:B6:86:AE:36:9C:57:3B:04:10:6E:5D:1C:F8:92
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186AEDF13AC28277BAAB8C92A21FBD0C0E8
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X5F9nmIStoauNpxXOwQQbl0c-JI.roa
Signing time:             Sat 04 Mar 2023 23:05:00 +0000
ROA not before:           Sat 04 Mar 2023 23:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:aede:6db8/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ae:df:13:ac:28:27:7b:aa:b8:c9:2a:21:fb:d0:c0:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  4 23:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f917d9e6212b686ae369c573b04106e5d1cf892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:67:79:3c:99:ed:89:19:71:26:62:d2:a3:99:
                    00:83:c3:fd:cf:54:d1:49:98:79:47:bc:55:9c:77:
                    9c:60:c8:e5:2b:fa:d6:74:ab:7d:dc:ca:d6:1a:85:
                    92:e3:a2:91:74:cd:db:59:a1:d6:db:d1:98:4f:4b:
                    27:26:69:82:ad:38:fa:7b:80:3d:a2:74:8d:ea:bd:
                    4a:05:f0:27:3b:6f:aa:33:de:e3:8e:77:d5:6f:9b:
                    9b:80:10:73:b3:e0:44:79:48:0e:65:06:32:f8:9e:
                    cd:1f:9d:cc:26:be:62:65:20:5b:08:ea:4b:70:77:
                    ce:1b:22:4b:43:8f:a2:38:53:70:a2:f4:10:57:79:
                    fe:94:34:85:2e:7c:cc:a3:9d:7d:06:18:62:e5:85:
                    b3:71:0d:67:8f:12:86:55:36:54:dd:91:50:72:11:
                    34:5d:da:9b:06:e6:c9:68:2e:8d:25:57:f6:df:b0:
                    b7:42:fd:33:19:51:d4:23:a7:f5:2e:79:b1:72:b3:
                    bd:5f:75:c0:22:af:a5:6f:17:64:d6:5f:4c:9b:e7:
                    5e:5a:ff:b2:0a:0a:c2:77:ce:85:f3:93:55:94:89:
                    3f:ab:bf:2e:d2:a3:0e:16:0e:fe:1c:1e:5d:3d:0d:
                    70:56:5b:df:0e:8a:66:37:37:53:b6:26:e7:89:a0:
                    0f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:91:7D:9E:62:12:B6:86:AE:36:9C:57:3B:04:10:6E:5D:1C:F8:92
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/X5F9nmIStoauNpxXOwQQbl0c-JI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:78:5b:5f:ad:5c:0c:8d:74:b9:64:0f:ea:98:77:75:b8:e6:
         f4:ad:ba:cc:0d:b0:f3:2a:ef:e0:27:9b:d1:82:2a:6c:2c:2c:
         91:0b:fd:b5:18:40:61:83:49:d3:63:7d:4e:e7:25:88:f6:c6:
         3f:35:4e:64:97:6e:ee:a9:c2:16:ab:20:8d:46:1c:46:ac:b3:
         53:4c:b3:41:83:67:70:fb:84:4a:ba:21:3d:56:57:27:61:23:
         2e:61:1a:8a:92:59:2a:f3:99:61:bf:f0:fe:a7:f5:b0:0b:8a:
         18:34:c6:09:0d:60:6f:d5:9e:a1:65:01:5d:27:42:8b:d9:4d:
         45:eb:a8:b7:57:7e:71:29:13:58:fb:e4:f0:e3:f3:74:87:f8:
         f1:9e:b4:5e:ac:e8:e2:33:df:54:48:3e:24:a0:df:1a:b1:e2:
         3d:07:58:b8:4a:3a:33:b4:a4:a7:d1:9c:01:d6:76:b6:02:14:
         6d:3a:f8:05:88:51:1e:32:33:62:19:81:af:29:c5:04:88:b6:
         2c:d3:b4:8d:4e:f4:f2:6e:ce:dd:7e:d1:09:09:65:1b:83:ea:
         96:00:ca:69:71:fb:b2:07:9c:22:bd:ca:83:58:4c:89:38:a2:
         06:d3:0d:63:9b:9d:74:f1:e4:04:4b:0c:f8:89:ab:a3:8e:21:
         67:7a:51:d9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYau3xOsKCd7qrjJKiH70MDoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA0MjMwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjkxN2Q5ZTYyMTJiNjg2YWUzNjljNTczYjA0MTA2ZTVkMWNmODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2d5PJntiRlxJmLSo5kAg8P9z1TR
SZh5R7xVnHecYMjlK/rWdKt93MrWGoWS46KRdM3bWaHW29GYT0snJmmCrTj6e4A9
onSN6r1KBfAnO2+qM97jjnfVb5ubgBBzs+BEeUgOZQYy+J7NH53MJr5iZSBbCOpL
cHfOGyJLQ4+iOFNwovQQV3n+lDSFLnzMo519Bhhi5YWzcQ1njxKGVTZU3ZFQchE0
XdqbBubJaC6NJVf237C3Qv0zGVHUI6f1LnmxcrO9X3XAIq+lbxdk1l9Mm+deWv+y
CgrCd86F85NVlIk/q78u0qMOFg7+HB5dPQ1wVlvfDopmNzdTtibniaAPPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF+RfZ5iEraGrjacVzsEEG5dHPiSMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWDVGOW5tSVN0b2F1TnB4WE93UVFibDBjLUpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAK54W1+tXAyNdLlkD+qY
d3W45vStuswNsPMq7+Anm9GCKmwsLJEL/bUYQGGDSdNjfU7nJYj2xj81TmSXbu6p
wharII1GHEass1NMs0GDZ3D7hEq6IT1WVydhIy5hGoqSWSrzmWG/8P6n9bALihg0
xgkNYG/VnqFlAV0nQovZTUXrqLdXfnEpE1j75PDj83SH+PGetF6s6OIz31RIPiSg
3xqx4j0HWLhKOjO0pKfRnAHWdrYCFG06+AWIUR4yM2IZga8pxQSItizTtI1O9PJu
zt1+0QkJZRuD6pYAymlx+7IHnCK9yoNYTIk4ogbTDWObnXTx5ARLDPiJq6OOIWd6
Udk=
-----END CERTIFICATE-----