Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Yn-UPIZc02TdORjWH3nD_ghYv_o.roa
File:                     Yn-UPIZc02TdORjWH3nD_ghYv_o.roa (raw, json)
Hash identifier:          dfLLYOIQOFzQ1HTTTP5inWl8OtgA2aNclCqW2yf5G10=
Subject key identifier:   62:7F:94:3C:86:5C:D3:64:DD:39:18:D6:1F:79:C3:FE:08:58:BF:FA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CE3E476814931612788D31604D00167E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Yn-UPIZc02TdORjWH3nD_ghYv_o.roa
Signing time:             Sat 11 Mar 2023 01:17:13 +0000
ROA not before:           Sat 11 Mar 2023 01:17:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ce:3e:47:68:14:93:16:12:78:8d:31:60:4d:00:16:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 11 01:17:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=627f943c865cd364dd3918d61f79c3fe0858bffa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:50:69:4f:9e:1b:54:31:9c:ab:06:ab:b8:d3:
                    ac:94:13:b8:b5:6b:82:b2:57:d1:f9:d8:da:10:c6:
                    cc:03:32:c3:68:3c:88:33:98:0d:f7:b1:d3:77:31:
                    7f:dd:e5:73:7b:51:9e:5d:ed:f8:5a:0d:9d:83:6e:
                    0c:74:25:8a:42:9c:fe:57:13:2e:fc:4d:f1:ee:79:
                    7c:03:c6:67:f8:6f:e0:0c:34:e3:fb:bb:66:7e:f0:
                    0f:a3:59:a0:43:16:ef:58:30:c4:2f:86:a4:9c:5e:
                    86:2c:82:b0:0b:d7:d2:99:15:6c:43:c6:8a:ce:6d:
                    b9:99:8a:ed:0c:a9:9e:a0:25:98:19:84:f8:04:f4:
                    1f:a9:6c:12:b6:ec:6d:02:cf:63:2c:fe:51:bc:18:
                    41:63:b7:cd:85:5c:f9:4f:c0:75:fd:e6:d8:3b:64:
                    35:7e:14:6c:8d:11:de:92:b3:78:6b:39:9b:6d:ed:
                    7f:c7:06:1c:7c:65:58:72:dc:6b:6d:13:72:c8:b1:
                    09:59:44:78:13:a5:51:2c:3d:e1:4f:74:ea:bb:57:
                    d9:48:ff:d0:81:87:e2:3c:8f:5e:9d:0c:07:1b:84:
                    9e:9b:77:ae:86:ae:b7:7e:72:e0:fe:2b:1b:d7:06:
                    12:c1:f9:18:d9:6d:2e:36:01:79:29:b5:b8:c7:0e:
                    9c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:7F:94:3C:86:5C:D3:64:DD:39:18:D6:1F:79:C3:FE:08:58:BF:FA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Yn-UPIZc02TdORjWH3nD_ghYv_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:84:2b:53:03:d1:c0:3a:3b:03:f4:fb:ea:63:48:41:dd:8c:
         f8:a5:83:e4:9e:64:62:fa:ce:ae:ee:43:ad:f1:fa:f2:5a:3b:
         78:e1:33:2a:ce:f4:e0:e0:1e:04:be:fa:e2:34:f9:0a:0b:d0:
         4b:74:01:82:67:76:18:c5:24:d9:ff:9f:bf:9a:4a:fc:3d:3a:
         2e:de:f9:3f:c5:c0:cf:a8:11:87:39:0b:12:99:37:e0:7f:c5:
         6d:b9:18:e3:4a:ff:7a:72:36:d4:dd:c3:59:f7:e4:78:7c:ee:
         e9:64:ea:98:a9:3c:aa:da:4e:4e:d6:7c:9a:de:43:9e:19:29:
         01:de:24:92:fe:be:e4:19:69:0d:03:7e:79:1a:95:f6:b3:84:
         d6:3a:ec:9b:6c:80:07:43:e6:fc:ac:62:ec:e3:55:ee:a0:9e:
         9e:b8:f0:5a:9f:95:d2:70:4d:61:ce:90:c8:4e:4f:f7:d2:a6:
         43:c0:07:98:e2:71:04:b0:f9:b1:64:52:9f:ce:b4:3f:45:0c:
         c2:87:bb:cc:73:62:c3:1c:9f:e1:e1:0c:20:78:9e:c9:f0:d5:
         8a:d6:45:64:2a:11:31:9d:bb:77:87:f4:17:59:ee:ef:1f:ea:
         d4:b1:1b:0a:9f:84:63:e0:6c:14:9f:17:12:c8:05:c2:eb:cf:
         49:74:17:14
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbOPkdoFJMWEniNMWBNABZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzExMDExNzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjdmOTQzYzg2NWNkMzY0ZGQzOTE4ZDYxZjc5YzNmZTA4NThiZmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg1BpT54bVDGcqwaruNOslBO4tWuC
slfR+djaEMbMAzLDaDyIM5gN97HTdzF/3eVze1GeXe34Wg2dg24MdCWKQpz+VxMu
/E3x7nl8A8Zn+G/gDDTj+7tmfvAPo1mgQxbvWDDEL4aknF6GLIKwC9fSmRVsQ8aK
zm25mYrtDKmeoCWYGYT4BPQfqWwStuxtAs9jLP5RvBhBY7fNhVz5T8B1/ebYO2Q1
fhRsjRHekrN4azmbbe1/xwYcfGVYctxrbRNyyLEJWUR4E6VRLD3hT3Tqu1fZSP/Q
gYfiPI9enQwHG4Sem3euhq63fnLg/isb1wYSwfkY2W0uNgF5KbW4xw6cpQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGJ/lDyGXNNk3TkY1h95w/4IWL/6MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvWW4tVVBJWmMwMlRkT1JqV0gzbkRfZ2hZdl9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACKEK1MD0cA6OwP0++pj
SEHdjPilg+SeZGL6zq7uQ63x+vJaO3jhMyrO9ODgHgS++uI0+QoL0Et0AYJndhjF
JNn/n7+aSvw9Oi7e+T/FwM+oEYc5CxKZN+B/xW25GONK/3pyNtTdw1n35Hh87ulk
6pipPKraTk7WfJreQ54ZKQHeJJL+vuQZaQ0DfnkalfazhNY67JtsgAdD5vysYuzj
Ve6gnp648FqfldJwTWHOkMhOT/fSpkPAB5jicQSw+bFkUp/OtD9FDMKHu8xzYsMc
n+HhDCB4nsnw1YrWRWQqETGdu3eH9BdZ7u8f6tSxGwqfhGPgbBSfFxLIBcLrz0l0
FxQ=
-----END CERTIFICATE-----