Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Xj9XhFFBmdYxoGE790M_3R-AIyI.roa
File:                     Xj9XhFFBmdYxoGE790M_3R-AIyI.roa (raw, json)
Hash identifier:          1Kvm718+1+q5s8F+eXkZOgtZ9GOzVf00aGTIzRV4IcI=
Subject key identifier:   5E:3F:57:84:51:41:99:D6:31:A0:61:3B:F7:43:3F:DD:1F:80:23:22
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B71262B74B681AB8F10E9049291C7227
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Xj9XhFFBmdYxoGE790M_3R-AIyI.roa
Signing time:             Mon 06 Mar 2023 13:18:00 +0000
ROA not before:           Mon 06 Mar 2023 13:18:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b7:12:62:b7:4b:68:1a:b8:f1:0e:90:49:29:1c:72:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  6 13:18:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e3f5784514199d631a0613bf7433fdd1f802322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:97:d7:00:9d:2b:48:32:97:f3:99:c6:49:75:
                    0a:8b:09:e6:04:39:e4:0b:06:e2:2c:c6:b5:49:12:
                    a2:7f:a3:7e:0a:79:68:2a:53:63:aa:30:d5:99:b0:
                    fb:ba:d0:d2:e2:c7:3b:22:d3:ae:06:0d:a0:92:6a:
                    08:2f:85:76:83:84:eb:c9:38:59:ae:a1:6c:51:18:
                    8e:9b:e9:05:17:29:27:c1:5b:01:82:5f:a9:21:87:
                    94:3c:a3:28:df:f0:6b:f0:6a:15:5f:23:c5:c5:e0:
                    e4:c2:82:0d:c5:9f:e3:65:ea:31:cc:29:67:3e:00:
                    2e:4b:b1:57:fa:e0:55:aa:af:9f:6d:48:bb:bf:50:
                    e6:9a:c1:fb:a0:05:c5:dd:05:56:a7:8b:12:8c:34:
                    a6:76:d7:12:07:35:de:22:e4:ac:cb:89:79:7e:de:
                    f2:d8:18:01:3d:7b:aa:58:91:25:d1:ae:56:71:93:
                    c8:f4:00:00:b4:ac:bf:5d:78:18:d9:38:91:af:a2:
                    2a:3d:6f:65:58:70:b6:c7:2a:fc:7b:81:e3:b4:2b:
                    e4:1a:a1:45:ae:2e:ff:b4:85:91:b0:1b:c5:02:00:
                    25:24:f6:0c:8b:88:2e:3d:dd:1b:c9:d3:7b:e7:f1:
                    3b:bc:4b:47:56:61:1c:81:03:1b:4b:62:ab:1d:88:
                    a4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:3F:57:84:51:41:99:D6:31:A0:61:3B:F7:43:3F:DD:1F:80:23:22
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Xj9XhFFBmdYxoGE790M_3R-AIyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:88:ff:03:01:39:f0:2e:1b:9b:6d:6d:4c:13:fe:b7:ba:8a:
         8d:be:e5:2e:5b:e9:8d:87:c3:00:b6:a1:9f:85:b5:e6:c5:f2:
         0f:1b:52:0f:a2:18:4e:42:cc:25:cb:af:e1:e0:5c:bb:c6:8e:
         bf:63:40:24:de:39:f4:04:22:76:cd:b8:0d:78:80:b0:70:2d:
         1a:d8:b6:03:fa:b9:70:6a:28:31:ff:80:fa:60:26:18:7b:03:
         37:31:43:ea:71:4f:85:4a:75:bc:58:27:61:60:21:64:e3:06:
         3e:ba:33:e4:4e:37:fa:b2:b0:23:b8:e9:ce:3d:8e:34:ca:7b:
         7d:0e:19:4e:91:ab:06:05:fc:00:a5:db:98:ab:39:0d:c1:11:
         a4:e5:22:f3:f8:e4:fa:dd:07:02:55:a8:00:d4:66:4b:bf:7b:
         b6:b1:f1:38:20:91:ab:be:4f:ff:98:0e:69:b0:88:00:49:8f:
         fd:f8:3e:14:17:1c:aa:c9:63:b4:43:fb:40:cd:91:ce:17:33:
         3d:4a:f8:7a:34:e8:11:63:92:24:53:d1:b2:d8:aa:6a:4a:b9:
         d7:fd:92:61:2c:76:8b:07:9c:62:23:06:ee:e6:60:5b:f2:0a:
         67:f5:4d:99:91:e8:c9:a6:fa:9d:91:de:83:0b:21:81:f8:5e:
         40:e2:20:ce
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa3EmK3S2gauPEOkEkpHHInMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA2MTMxODAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTNmNTc4NDUxNDE5OWQ2MzFhMDYxM2JmNzQzM2ZkZDFmODAyMzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZfXAJ0rSDKX85nGSXUKiwnmBDnk
CwbiLMa1SRKif6N+CnloKlNjqjDVmbD7utDS4sc7ItOuBg2gkmoIL4V2g4TryThZ
rqFsURiOm+kFFyknwVsBgl+pIYeUPKMo3/Br8GoVXyPFxeDkwoINxZ/jZeoxzCln
PgAuS7FX+uBVqq+fbUi7v1DmmsH7oAXF3QVWp4sSjDSmdtcSBzXeIuSsy4l5ft7y
2BgBPXuqWJEl0a5WcZPI9AAAtKy/XXgY2TiRr6IqPW9lWHC2xyr8e4HjtCvkGqFF
ri7/tIWRsBvFAgAlJPYMi4guPd0bydN75/E7vEtHVmEcgQMbS2KrHYikqwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF4/V4RRQZnWMaBhO/dDP90fgCMiMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWGo5WGhGRkJtZFl4b0dFNzkwTV8zUi1BSXlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAB2I/wMBOfAuG5ttbUwT
/re6io2+5S5b6Y2HwwC2oZ+FtebF8g8bUg+iGE5CzCXLr+HgXLvGjr9jQCTeOfQE
InbNuA14gLBwLRrYtgP6uXBqKDH/gPpgJhh7AzcxQ+pxT4VKdbxYJ2FgIWTjBj66
M+RON/qysCO46c49jjTKe30OGU6RqwYF/ACl25irOQ3BEaTlIvP45PrdBwJVqADU
Zku/e7ax8Tggkau+T/+YDmmwiABJj/34PhQXHKrJY7RD+0DNkc4XMz1K+Ho06BFj
kiRT0bLYqmpKudf9kmEsdosHnGIjBu7mYFvyCmf1TZmR6Mmm+p2R3oMLIYH4XkDi
IM4=
-----END CERTIFICATE-----