Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bdQOoWpOuvLXI7j75hKdVGfsQbE.roa
File:                     bdQOoWpOuvLXI7j75hKdVGfsQbE.roa (raw, json)
Hash identifier:          iI0Lnr1WFQK4vCj7LWdbRUWrE4QvChf5taG8+HpVYeo=
Subject key identifier:   6D:D4:0E:A1:6A:4E:BA:F2:D7:23:B8:FB:E6:12:9D:54:67:EC:41:B1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C15AB78E8803979DE001BD9CB08A3B97
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bdQOoWpOuvLXI7j75hKdVGfsQbE.roa
Signing time:             Wed 08 Mar 2023 13:13:13 +0000
ROA not before:           Wed 08 Mar 2023 13:13:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c1:5a:b7:8e:88:03:97:9d:e0:01:bd:9c:b0:8a:3b:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  8 13:13:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6dd40ea16a4ebaf2d723b8fbe6129d5467ec41b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7c:78:35:83:88:03:a7:37:66:e5:0f:e2:e4:
                    6c:27:21:c2:b9:c0:f1:a6:2c:36:21:5e:93:2f:34:
                    af:51:17:2c:4c:98:f8:f4:0a:fe:07:63:c9:0b:cd:
                    73:29:bf:56:26:0b:ef:d5:58:a1:4f:c4:b6:7d:b8:
                    01:7d:61:0d:91:3d:cb:f0:64:ee:1f:96:12:41:91:
                    ec:2c:7b:e8:dc:ba:55:dc:ea:88:32:ce:78:9a:13:
                    89:1c:1c:39:f9:a5:6a:46:7d:e7:c6:dc:3c:e9:ed:
                    6a:08:4f:4e:fd:db:56:cc:a4:22:2e:f6:62:82:66:
                    cd:25:4e:c0:82:27:3e:5b:c3:2e:c5:f0:af:c1:8c:
                    da:f7:16:15:14:85:92:60:b5:35:ad:80:20:d9:2f:
                    d5:8d:58:02:d9:c1:48:d0:6f:6d:97:69:91:87:15:
                    00:d3:27:ed:5a:f1:e7:34:75:df:f1:9f:5d:4d:39:
                    46:04:25:ce:59:59:cd:61:18:e5:c5:6f:c7:3c:0a:
                    e8:14:44:b2:06:46:22:77:43:12:fd:35:69:dd:cb:
                    0b:01:a3:b1:0b:b4:c3:0e:c0:3a:99:62:0d:3d:ed:
                    c8:e4:72:36:d4:fe:e0:54:84:8e:b4:f0:37:07:14:
                    e6:3b:1a:c4:e2:c5:51:60:3d:14:9b:e0:bd:b1:fb:
                    fa:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D4:0E:A1:6A:4E:BA:F2:D7:23:B8:FB:E6:12:9D:54:67:EC:41:B1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bdQOoWpOuvLXI7j75hKdVGfsQbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:b7:7e:0e:9d:a5:a0:d4:d4:68:24:67:45:e8:70:7c:ee:e4:
         27:d6:a3:28:9f:98:c9:e1:1c:1b:ec:4d:7e:62:69:ff:1a:de:
         b8:da:e7:2e:c4:7f:56:57:53:1a:76:aa:d3:26:8d:53:de:b0:
         22:4a:b1:e4:a8:36:0b:9e:80:e8:95:7a:9c:e8:b1:83:3d:64:
         08:eb:b9:c9:a5:b1:07:37:67:54:e4:9e:ac:31:75:4e:07:80:
         d6:52:41:71:f8:71:49:ed:6f:3d:f1:ec:3b:33:59:2c:2c:58:
         61:19:f2:13:d0:4b:42:2d:01:b0:5b:20:5a:05:3a:6a:44:53:
         9a:b9:0c:b9:02:46:ae:16:6d:5c:68:40:68:91:5d:8d:f1:76:
         fc:16:02:f1:32:d4:15:b2:ef:0d:e2:cd:c5:f4:e1:27:fa:cd:
         91:59:cf:09:8f:0d:9b:91:38:cb:f2:fe:9d:53:05:63:f5:15:
         87:ab:32:d9:0c:8c:6c:ba:d3:c8:69:be:cd:e0:6a:55:7f:32:
         28:36:d2:7d:dd:32:0a:55:7e:d2:08:fe:d5:f1:2e:c1:6a:03:
         be:49:f6:08:e6:f1:0e:79:37:ea:d0:34:c6:a7:f0:db:82:62:
         8f:6b:89:bc:9f:7d:15:53:c8:68:89:7b:f4:09:1c:3f:49:f5:
         3d:20:b9:8a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbBWreOiAOXneABvZywijuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA4MTMxMzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQ0MGVhMTZhNGViYWYyZDcyM2I4ZmJlNjEyOWQ1NDY3ZWM0MWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnx4NYOIA6c3ZuUP4uRsJyHCucDx
piw2IV6TLzSvURcsTJj49Ar+B2PJC81zKb9WJgvv1VihT8S2fbgBfWENkT3L8GTu
H5YSQZHsLHvo3LpV3OqIMs54mhOJHBw5+aVqRn3nxtw86e1qCE9O/dtWzKQiLvZi
gmbNJU7Agic+W8MuxfCvwYza9xYVFIWSYLU1rYAg2S/VjVgC2cFI0G9tl2mRhxUA
0yftWvHnNHXf8Z9dTTlGBCXOWVnNYRjlxW/HPAroFESyBkYid0MS/TVp3csLAaOx
C7TDDsA6mWINPe3I5HI21P7gVISOtPA3BxTmOxrE4sVRYD0Um+C9sfv6wQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG3UDqFqTrry1yO4++YSnVRn7EGxMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYmRRT29XcE91dkxYSTdqNzVoS2RWR2ZzUWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADK3fg6dpaDU1GgkZ0Xo
cHzu5CfWoyifmMnhHBvsTX5iaf8a3rja5y7Ef1ZXUxp2qtMmjVPesCJKseSoNgue
gOiVepzosYM9ZAjrucmlsQc3Z1TknqwxdU4HgNZSQXH4cUntbz3x7DszWSwsWGEZ
8hPQS0ItAbBbIFoFOmpEU5q5DLkCRq4WbVxoQGiRXY3xdvwWAvEy1BWy7w3izcX0
4Sf6zZFZzwmPDZuROMvy/p1TBWP1FYerMtkMjGy608hpvs3galV/Mig20n3dMgpV
ftII/tXxLsFqA75J9gjm8Q55N+rQNMan8NuCYo9ribyffRVTyGiJe/QJHD9J9T0g
uYo=
-----END CERTIFICATE-----