Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YLTbn0MjkjWsEhUAAPXBjQOtA7s.roa
File:                     YLTbn0MjkjWsEhUAAPXBjQOtA7s.roa (raw, json)
Hash identifier:          0MESc+03D+BLvHmm/4lC4iukuu1KLSx2VlGBvgoPZVk=
Subject key identifier:   60:B4:DB:9F:43:23:92:35:AC:12:15:00:00:F5:C1:8D:03:AD:03:BB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186AD33D4EB473C76B5415C938A8A429A22
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YLTbn0MjkjWsEhUAAPXBjQOtA7s.roa
Signing time:             Sat 04 Mar 2023 15:18:20 +0000
ROA not before:           Sat 04 Mar 2023 15:18:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ad:33:d4:eb:47:3c:76:b5:41:5c:93:8a:8a:42:9a:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  4 15:18:20 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=60b4db9f43239235ac12150000f5c18d03ad03bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:13:5f:56:91:ae:f9:bb:6a:4c:2a:4d:31:2a:
                    47:40:28:88:60:c5:eb:1c:98:44:b7:9b:99:52:34:
                    2d:d9:54:de:97:e8:32:3f:83:19:99:33:76:df:3f:
                    3c:11:0a:27:b4:1f:bc:24:4e:83:ca:9c:da:53:86:
                    c8:ae:4a:b7:3c:a3:10:75:89:3d:00:7f:a8:ab:5f:
                    19:ee:56:5a:2c:35:ac:c9:03:b4:7a:3a:f4:f8:ee:
                    60:5c:ac:90:08:c2:c2:5d:e9:7d:d1:a7:b5:a8:29:
                    7b:5d:de:0b:15:c6:5f:67:57:09:ca:79:56:cf:f2:
                    1d:6c:1a:ca:0c:6d:15:0e:da:1f:10:ef:e8:d0:81:
                    14:82:6c:4c:b7:fd:fe:dd:34:08:72:b6:02:61:32:
                    91:5a:02:fe:2c:53:98:77:a8:26:df:2e:1f:ca:52:
                    6e:3e:ec:85:4b:a6:bf:cf:0e:81:31:40:4e:f9:93:
                    1d:bc:a9:08:49:0d:06:06:50:60:12:b6:a0:f8:4c:
                    10:74:5e:4d:d1:de:ec:c3:2b:6d:25:98:90:a3:66:
                    4a:9b:1f:3c:ef:f8:eb:68:b4:1c:92:bc:21:88:ee:
                    73:11:5e:60:36:0d:74:66:d7:7b:3c:ae:2c:5f:e3:
                    66:1b:60:ef:6f:cf:c4:b7:5d:f2:f8:63:47:d7:15:
                    bd:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:B4:DB:9F:43:23:92:35:AC:12:15:00:00:F5:C1:8D:03:AD:03:BB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/YLTbn0MjkjWsEhUAAPXBjQOtA7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:d9:0c:26:f0:1e:c0:36:7c:8d:d2:c2:ff:59:b8:e1:c9:37:
         2b:e3:8b:5a:de:d4:a6:22:00:d8:b6:40:01:51:3e:25:9d:65:
         07:ad:57:8c:2c:9e:e3:8f:a3:81:77:47:bc:b3:c9:dd:51:be:
         63:cc:30:7d:8e:35:4a:9a:1f:43:f4:46:0d:5f:ad:8e:ae:7b:
         0b:eb:a1:f2:92:a4:cd:a1:ba:95:93:df:34:2a:0a:d2:21:c5:
         5b:67:db:41:bd:50:8c:87:69:44:5f:28:a5:9c:3d:98:88:74:
         a5:ad:e4:f3:be:c0:cd:45:d1:ff:34:99:ef:85:0e:97:10:ea:
         4f:de:0a:7a:c2:ab:3e:36:2a:c8:e2:36:72:94:49:92:33:e0:
         36:73:08:eb:a2:6a:fc:0a:7e:e6:c2:d7:e2:40:32:70:3b:d7:
         83:3e:4d:61:28:7e:7c:6f:c2:eb:38:d8:c7:9f:4b:23:b2:ab:
         41:59:41:fe:b2:c2:d6:e9:2a:5c:2f:71:10:4c:ad:48:0b:ca:
         df:68:ab:ad:24:33:f3:57:3d:3b:11:a4:a3:b9:59:6d:e5:ca:
         59:c6:6f:b1:f9:ec:46:d6:76:f9:da:f2:fd:de:48:28:95:a1:
         2b:e2:44:6e:a6:5f:0b:b9:66:3f:d1:12:d1:dd:ae:c2:38:8d:
         bf:21:b9:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYatM9TrRzx2tUFck4qKQpoiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA0MTUxODIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGI0ZGI5ZjQzMjM5MjM1YWMxMjE1MDAwMGY1YzE4ZDAzYWQwM2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixNfVpGu+btqTCpNMSpHQCiIYMXr
HJhEt5uZUjQt2VTel+gyP4MZmTN23z88EQontB+8JE6DypzaU4bIrkq3PKMQdYk9
AH+oq18Z7lZaLDWsyQO0ejr0+O5gXKyQCMLCXel90ae1qCl7Xd4LFcZfZ1cJynlW
z/IdbBrKDG0VDtofEO/o0IEUgmxMt/3+3TQIcrYCYTKRWgL+LFOYd6gm3y4fylJu
PuyFS6a/zw6BMUBO+ZMdvKkISQ0GBlBgErag+EwQdF5N0d7swyttJZiQo2ZKmx88
7/jraLQckrwhiO5zEV5gNg10Ztd7PK4sX+NmG2Dvb8/Et13y+GNH1xW93QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGC0259DI5I1rBIVAAD1wY0DrQO7MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWUxUYm4wTWpraldzRWhVQUFQWEJqUU90QTdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH/ZDCbwHsA2fI3Swv9Z
uOHJNyvji1re1KYiANi2QAFRPiWdZQetV4wsnuOPo4F3R7yzyd1RvmPMMH2ONUqa
H0P0Rg1frY6uewvrofKSpM2hupWT3zQqCtIhxVtn20G9UIyHaURfKKWcPZiIdKWt
5PO+wM1F0f80me+FDpcQ6k/eCnrCqz42KsjiNnKUSZIz4DZzCOuiavwKfubC1+JA
MnA714M+TWEofnxvwus42MefSyOyq0FZQf6ywtbpKlwvcRBMrUgLyt9oq60kM/NX
PTsRpKO5WW3lylnGb7H57EbWdvna8v3eSCiVoSviRG6mXwu5Zj/REtHdrsI4jb8h
uTw=
-----END CERTIFICATE-----