Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_GWxogG83QBqI5REtijgm0E8_ns.roa
File:                     _GWxogG83QBqI5REtijgm0E8_ns.roa (raw, json)
Hash identifier:          GgTNfYLeg3pHHFnlyheAxWDtqpRKQmmQxfPq+GPVuxI=
Subject key identifier:   FC:65:B1:A2:01:BC:DD:00:6A:23:94:44:B6:28:E0:9B:41:3C:FE:7B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B3016DD0F063178EEBD41ED8542F50A3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_GWxogG83QBqI5REtijgm0E8_ns.roa
Signing time:             Sun 05 Mar 2023 18:21:00 +0000
ROA not before:           Sun 05 Mar 2023 18:21:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b3:01:6d:d0:f0:63:17:8e:eb:d4:1e:d8:54:2f:50:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  5 18:21:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fc65b1a201bcdd006a239444b628e09b413cfe7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:eb:0a:88:fa:19:f9:d0:b7:c8:2e:8c:67:d9:
                    3c:91:cd:78:3f:9e:a5:cf:03:68:34:56:b7:f1:1b:
                    d3:45:c1:c9:ba:86:a0:c6:dd:e9:7b:58:df:f4:82:
                    45:da:56:69:77:1a:d5:03:6e:e9:2a:bd:48:54:1d:
                    84:cd:96:76:d3:c6:c5:38:18:20:56:e4:f4:31:29:
                    f4:ce:e5:55:f1:16:f9:e4:61:68:0f:76:ca:2a:31:
                    bd:6b:eb:63:2b:37:55:22:41:40:16:f1:ca:91:9d:
                    5e:c5:74:b8:2a:67:e1:81:d7:1f:77:e8:46:96:5a:
                    b9:92:34:9c:34:86:21:a7:fe:87:59:14:ed:d6:eb:
                    0f:75:7a:55:e0:f3:9e:58:d5:4d:5b:ce:c0:a3:7d:
                    ee:8d:21:49:a0:c5:c9:f8:11:83:fc:d2:53:c3:60:
                    14:91:f8:1c:44:67:72:64:eb:34:6e:19:5e:05:b6:
                    cc:9a:b9:9f:e6:5a:3e:a0:f0:7d:71:e7:f5:fb:0d:
                    c4:81:45:b5:af:d8:d7:3b:25:21:a8:73:e9:e7:4d:
                    95:8e:44:bc:0b:7a:4b:4f:a0:e5:80:d8:de:fe:0d:
                    fa:a9:af:03:48:be:1c:6c:c4:f1:7b:ff:ba:19:60:
                    ec:2e:32:b2:06:bc:aa:41:4b:23:72:9e:67:81:d2:
                    c7:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:65:B1:A2:01:BC:DD:00:6A:23:94:44:B6:28:E0:9B:41:3C:FE:7B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/_GWxogG83QBqI5REtijgm0E8_ns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:8e:3b:27:c9:be:4e:5c:51:3e:d9:0f:da:d3:3a:ef:63:2a:
         67:d9:03:92:2f:29:4a:97:49:fe:7c:04:18:c1:be:49:5d:56:
         f9:ea:83:93:17:81:20:01:e6:cb:80:c8:4a:0d:d2:cc:89:82:
         c1:2b:53:ae:63:fa:16:35:32:7a:51:20:6f:7c:b0:c7:9e:b8:
         93:89:3d:67:83:d3:a8:35:78:64:51:0b:77:e8:3b:7d:63:8c:
         24:9a:24:b2:bd:6a:f8:2b:6d:da:a5:62:be:b0:46:11:f7:93:
         10:77:2d:99:5a:02:6a:b6:95:5a:cd:e5:b4:4b:11:36:25:78:
         20:9e:88:3b:df:75:bc:7d:a5:fa:ea:89:bb:1c:8e:ac:51:88:
         ae:fa:73:4f:26:52:6b:bb:a6:74:87:56:30:7d:a8:a3:ba:8d:
         28:8a:e4:c6:3b:69:3b:c8:ee:2f:f4:d2:18:df:06:c6:79:67:
         30:15:f8:e4:83:35:63:ef:e5:1c:18:d9:61:09:7e:4d:33:e7:
         2a:3d:c8:98:62:3e:e7:4e:d5:da:10:b5:69:07:22:75:17:5f:
         ca:9d:00:5e:e9:9c:39:c8:4b:bf:5b:ad:ea:e8:f0:32:57:3c:
         09:2b:70:97:b0:05:5e:67:47:3a:bb:cb:ed:59:70:54:74:e4:
         26:5a:da:8c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYazAW3Q8GMXjuvUHthUL1CjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA1MTgyMTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzY1YjFhMjAxYmNkZDAwNmEyMzk0NDRiNjI4ZTA5YjQxM2NmZTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApusKiPoZ+dC3yC6MZ9k8kc14P56l
zwNoNFa38RvTRcHJuoagxt3pe1jf9IJF2lZpdxrVA27pKr1IVB2EzZZ208bFOBgg
VuT0MSn0zuVV8Rb55GFoD3bKKjG9a+tjKzdVIkFAFvHKkZ1exXS4Kmfhgdcfd+hG
llq5kjScNIYhp/6HWRTt1usPdXpV4POeWNVNW87Ao33ujSFJoMXJ+BGD/NJTw2AU
kfgcRGdyZOs0bhleBbbMmrmf5lo+oPB9cef1+w3EgUW1r9jXOyUhqHPp502VjkS8
C3pLT6DlgNje/g36qa8DSL4cbMTxe/+6GWDsLjKyBryqQUsjcp5ngdLH4QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPxlsaIBvN0AaiOURLYo4JtBPP57MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvX0dXeG9nRzgzUUJxSTVSRXRpamdtMEU4X25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJmOOyfJvk5cUT7ZD9rT
Ou9jKmfZA5IvKUqXSf58BBjBvkldVvnqg5MXgSAB5suAyEoN0syJgsErU65j+hY1
MnpRIG98sMeeuJOJPWeD06g1eGRRC3foO31jjCSaJLK9avgrbdqlYr6wRhH3kxB3
LZlaAmq2lVrN5bRLETYleCCeiDvfdbx9pfrqibscjqxRiK76c08mUmu7pnSHVjB9
qKO6jSiK5MY7aTvI7i/00hjfBsZ5ZzAV+OSDNWPv5RwY2WEJfk0z5yo9yJhiPudO
1doQtWkHInUXX8qdAF7pnDnIS79brero8DJXPAkrcJewBV5nRzq7y+1ZcFR05CZa
2ow=
-----END CERTIFICATE-----