Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/alIHVUVY6bdTHhsQGop6_-XI-DQ.roa
File:                     alIHVUVY6bdTHhsQGop6_-XI-DQ.roa (raw, json)
Hash identifier:          Bw3nyVpRrEwJKz3PnPWZzeGtkafwvh3q2a8nReQiYbU=
Subject key identifier:   6A:52:07:55:45:58:E9:B7:53:1E:1B:10:1A:8A:7A:FF:E5:C8:F8:34
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A56E860132D5770D0E9CDEAA3C51D3DE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/alIHVUVY6bdTHhsQGop6_-XI-DQ.roa
Signing time:             Fri 03 Mar 2023 03:05:29 +0000
ROA not before:           Fri 03 Mar 2023 03:05:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a56e:6a0f/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a5:6e:86:01:32:d5:77:0d:0e:9c:de:aa:3c:51:d3:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  3 03:05:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a5207554558e9b7531e1b101a8a7affe5c8f834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4d:22:84:21:ff:c9:6d:76:a4:1a:81:67:75:
                    fa:12:42:53:d0:80:58:f3:ff:3f:d5:61:01:9f:c5:
                    bc:1d:0b:87:7d:13:3c:1b:3b:f9:ce:9c:da:7a:f6:
                    8c:c1:f6:84:ed:89:0b:e5:8d:cf:fc:70:a1:5b:36:
                    07:b4:82:f9:cb:4f:63:9c:21:04:28:d5:f0:50:9f:
                    cd:ba:76:80:33:9a:08:8c:65:89:4f:5b:64:54:30:
                    fb:df:79:79:b3:10:21:3f:0c:2f:51:c8:ee:8c:52:
                    68:08:05:c9:b0:0b:84:b3:7f:51:db:40:30:70:38:
                    35:19:4a:d9:bd:0a:b5:c3:af:6b:9d:a9:12:65:e8:
                    85:99:6a:bb:48:30:30:af:dd:8b:55:d4:f6:3a:d8:
                    0f:01:77:a6:4a:c1:8f:20:3a:dd:31:eb:1b:ae:45:
                    f3:38:a4:2d:60:39:88:3d:fb:b5:23:90:ac:54:70:
                    de:93:a1:cf:f5:9c:3b:d6:b4:86:0a:ea:2f:bb:b3:
                    c5:3b:11:91:37:fa:02:23:d1:93:7a:0a:bb:de:1a:
                    09:70:c1:02:7b:49:23:26:4d:dd:60:b7:49:a8:de:
                    15:3a:b3:8e:8e:7f:a1:07:41:6f:e1:d5:7e:84:28:
                    e9:10:c2:70:95:14:df:f5:ed:42:78:67:42:9c:93:
                    fd:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:52:07:55:45:58:E9:B7:53:1E:1B:10:1A:8A:7A:FF:E5:C8:F8:34
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/alIHVUVY6bdTHhsQGop6_-XI-DQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:af:54:5f:15:5b:0e:ed:94:75:09:87:0e:58:2c:3a:2e:ac:
         4f:34:6c:36:b8:14:24:e1:b0:d2:b7:5f:56:c3:50:17:33:4d:
         d4:8f:5e:f9:08:a9:55:e5:c6:94:8a:d6:71:87:dd:0c:67:ad:
         ce:2a:29:e0:07:04:d1:1a:e0:9f:9c:1f:5a:49:47:a7:69:07:
         5c:c6:2d:63:52:0a:15:72:e0:20:44:23:1a:43:67:97:b4:f1:
         2a:aa:50:c6:14:3b:2c:ef:bc:21:51:6b:74:67:72:31:72:4c:
         6f:1c:35:aa:e5:2f:17:5a:a5:0c:8b:a0:c5:24:4f:67:53:90:
         fb:c2:45:52:6b:b5:96:66:6c:45:0d:12:94:85:a1:0c:16:21:
         52:29:ac:c1:e1:b6:42:97:45:d8:cf:55:47:77:54:e0:20:71:
         f9:86:6b:62:30:95:6a:65:c0:da:a8:4e:b0:f6:a8:44:76:82:
         63:7c:1b:c7:55:8f:f3:85:7c:76:6c:94:95:52:1d:18:7e:b3:
         36:95:c2:69:99:70:14:96:85:48:95:6f:a5:38:49:e9:00:0c:
         f8:74:d3:05:09:13:c2:f5:2d:6b:a7:e9:5a:e9:94:e4:ce:8f:
         b6:90:4c:7b:64:0c:d5:0d:95:5b:24:0d:52:75:ce:74:3c:c4:
         7c:7d:f2:c3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYalboYBMtV3DQ6c3qo8UdPeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMDMwNTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTUyMDc1NTQ1NThlOWI3NTMxZTFiMTAxYThhN2FmZmU1YzhmODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsk0ihCH/yW12pBqBZ3X6EkJT0IBY
8/8/1WEBn8W8HQuHfRM8Gzv5zpzaevaMwfaE7YkL5Y3P/HChWzYHtIL5y09jnCEE
KNXwUJ/NunaAM5oIjGWJT1tkVDD733l5sxAhPwwvUcjujFJoCAXJsAuEs39R20Aw
cDg1GUrZvQq1w69rnakSZeiFmWq7SDAwr92LVdT2OtgPAXemSsGPIDrdMesbrkXz
OKQtYDmIPfu1I5CsVHDek6HP9Zw71rSGCuovu7PFOxGRN/oCI9GTegq73hoJcMEC
e0kjJk3dYLdJqN4VOrOOjn+hB0Fv4dV+hCjpEMJwlRTf9e1CeGdCnJP9awIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGpSB1VFWOm3Ux4bEBqKev/lyPg0MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYWxJSFZVVlk2YmRUSGhzUUdvcDZfLVhJLURRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABqvVF8VWw7tlHUJhw5Y
LDourE80bDa4FCThsNK3X1bDUBczTdSPXvkIqVXlxpSK1nGH3Qxnrc4qKeAHBNEa
4J+cH1pJR6dpB1zGLWNSChVy4CBEIxpDZ5e08SqqUMYUOyzvvCFRa3RncjFyTG8c
NarlLxdapQyLoMUkT2dTkPvCRVJrtZZmbEUNEpSFoQwWIVIprMHhtkKXRdjPVUd3
VOAgcfmGa2IwlWplwNqoTrD2qER2gmN8G8dVj/OFfHZslJVSHRh+szaVwmmZcBSW
hUiVb6U4SekADPh00wUJE8L1LWun6VrplOTOj7aQTHtkDNUNlVskDVJ1znQ8xHx9
8sM=
-----END CERTIFICATE-----