Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bly9eHVtdEoOcnSjcslZLdQ0uQ8.roa
File:                     bly9eHVtdEoOcnSjcslZLdQ0uQ8.roa (raw, json)
Hash identifier:          LaZlGg1u47+EWIWoa8acy9PZjDQxEjyG88mEYRZJAJY=
Subject key identifier:   6E:5C:BD:78:75:6D:74:4A:0E:72:74:A3:72:C9:59:2D:D4:34:B9:0F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C59D478D95E54CD223F1757279F681B6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bly9eHVtdEoOcnSjcslZLdQ0uQ8.roa
Signing time:             Thu 09 Mar 2023 09:04:24 +0000
ROA not before:           Thu 09 Mar 2023 09:04:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:c59d:2a82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c5:9d:47:8d:95:e5:4c:d2:23:f1:75:72:79:f6:81:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  9 09:04:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6e5cbd78756d744a0e7274a372c9592dd434b90f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c9:10:c8:d3:b5:2c:cc:21:0f:39:3c:b0:be:
                    34:36:1d:26:ed:2f:20:aa:87:95:e7:0e:1e:c5:95:
                    bb:1e:fd:f8:f4:a5:bd:ec:9c:10:95:82:1c:14:05:
                    6a:5c:f5:40:f1:87:ff:c0:26:a4:7e:b4:97:f4:11:
                    0a:aa:14:45:c2:d2:04:ea:06:62:86:d4:49:1c:13:
                    bf:b7:38:89:3f:c0:4c:6f:13:cd:18:a7:53:ab:94:
                    e3:ec:15:07:d8:5a:c1:34:fe:9c:c7:37:f5:25:92:
                    68:13:d0:a0:5b:96:82:59:ff:0d:bd:55:13:08:ca:
                    50:28:e9:7f:0e:6b:98:ce:3f:45:fe:4a:4b:ee:68:
                    0b:70:90:b8:9c:39:ce:85:c3:12:0a:22:34:11:64:
                    38:32:85:b4:04:ae:57:04:ea:be:89:ea:24:9b:d9:
                    f7:de:a4:f6:bc:f1:cb:22:12:59:40:30:a6:e0:91:
                    a6:e2:a9:08:63:88:22:b6:0f:29:cd:d4:ee:f8:d1:
                    86:b6:b9:dd:df:0b:8f:8a:7b:b6:b9:7d:63:7a:89:
                    42:43:94:f6:6e:d9:d5:c7:a3:d0:e8:54:1b:40:c4:
                    c2:a5:99:80:14:e3:6e:92:9c:9e:6d:d6:d0:ed:6d:
                    3d:bf:c8:81:71:a6:1a:83:0f:53:99:32:21:e5:d6:
                    70:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:5C:BD:78:75:6D:74:4A:0E:72:74:A3:72:C9:59:2D:D4:34:B9:0F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/bly9eHVtdEoOcnSjcslZLdQ0uQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:eb:e9:a0:38:8a:f8:b9:88:d3:71:b6:26:50:29:85:47:eb:
         8b:80:a6:01:22:68:cc:c8:53:00:17:51:05:d7:45:93:bc:bd:
         96:68:bb:7d:4c:c2:5e:5f:09:0a:08:14:ec:55:84:51:da:18:
         6b:ef:49:8f:6d:3d:e0:21:18:cf:fa:65:7f:f1:02:bf:4f:8b:
         c1:84:65:98:b7:67:dc:dd:15:c2:b4:e5:f5:5d:96:f9:68:93:
         00:50:9a:e1:9d:a7:68:93:a2:04:fa:50:30:9b:5a:d7:27:20:
         b3:d3:fd:b0:57:ba:2a:4e:54:b4:a1:68:d1:69:97:33:ba:7b:
         b5:47:41:e2:b0:e0:fd:36:a3:ad:ce:e4:2e:2f:be:91:d8:78:
         e2:f6:a3:3d:8f:b5:8a:7d:fd:c4:c3:26:5d:ee:90:98:4a:b3:
         25:cb:79:ae:d4:0b:0f:15:4b:3c:ad:ab:9f:16:ff:e2:d0:40:
         2c:32:ab:48:aa:3b:29:a6:1d:02:b9:f5:a4:fd:c6:d8:7e:fa:
         c8:93:80:aa:bc:1b:e5:14:64:b9:06:63:fc:29:32:60:0d:94:
         c7:1a:af:ff:97:a5:6d:0e:fb:0b:ca:42:ff:4e:42:b8:ba:36:
         22:9a:31:21:a0:e5:8a:48:b8:84:6c:27:f8:16:26:2a:05:7b:
         b5:a5:fd:4e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbFnUeNleVM0iPxdXJ59oG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA5MDkwNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTVjYmQ3ODc1NmQ3NDRhMGU3Mjc0YTM3MmM5NTkyZGQ0MzRiOTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmskQyNO1LMwhDzk8sL40Nh0m7S8g
qoeV5w4exZW7Hv349KW97JwQlYIcFAVqXPVA8Yf/wCakfrSX9BEKqhRFwtIE6gZi
htRJHBO/tziJP8BMbxPNGKdTq5Tj7BUH2FrBNP6cxzf1JZJoE9CgW5aCWf8NvVUT
CMpQKOl/DmuYzj9F/kpL7mgLcJC4nDnOhcMSCiI0EWQ4MoW0BK5XBOq+ieokm9n3
3qT2vPHLIhJZQDCm4JGm4qkIY4gitg8pzdTu+NGGtrnd3wuPinu2uX1jeolCQ5T2
btnVx6PQ6FQbQMTCpZmAFONukpyebdbQ7W09v8iBcaYagw9TmTIh5dZwlwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG5cvXh1bXRKDnJ0o3LJWS3UNLkPMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvYmx5OWVIVnRkRW9PY25TamNzbFpMZFEwdVE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFzr6aA4ivi5iNNxtiZQ
KYVH64uApgEiaMzIUwAXUQXXRZO8vZZou31Mwl5fCQoIFOxVhFHaGGvvSY9tPeAh
GM/6ZX/xAr9Pi8GEZZi3Z9zdFcK05fVdlvlokwBQmuGdp2iTogT6UDCbWtcnILPT
/bBXuipOVLShaNFplzO6e7VHQeKw4P02o63O5C4vvpHYeOL2oz2PtYp9/cTDJl3u
kJhKsyXLea7UCw8VSzytq58W/+LQQCwyq0iqOymmHQK59aT9xth++siTgKq8G+UU
ZLkGY/wpMmANlMcar/+XpW0O+wvKQv9OQri6NiKaMSGg5YpIuIRsJ/gWJioFe7Wl
/U4=
-----END CERTIFICATE-----