Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cZ2t_9EWbgDenT_3NacThVVLwkk.roa
File:                     cZ2t_9EWbgDenT_3NacThVVLwkk.roa (raw, json)
Hash identifier:          NWlV30oBzi202RNHVwUP9AcIdKvWmMkQCJ34LEO5o7M=
Subject key identifier:   71:9D:AD:FF:D1:16:6E:00:DE:9D:3F:F7:35:A7:13:85:55:4B:C2:49
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01872DF033171F5D984C46F4FC721B65CE65
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cZ2t_9EWbgDenT_3NacThVVLwkk.roa
Signing time:             Wed 29 Mar 2023 15:15:29 +0000
ROA not before:           Wed 29 Mar 2023 15:15:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2d:f0:33:17:1f:5d:98:4c:46:f4:fc:72:1b:65:ce:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 29 15:15:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=719dadffd1166e00de9d3ff735a71385554bc249
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e3:30:cf:34:13:b1:7b:25:dd:f8:f7:d5:99:
                    41:0c:d0:98:a2:3a:0d:95:ca:76:0e:ab:a6:35:b1:
                    d9:68:10:65:65:58:49:6f:17:ca:01:ce:78:1c:d6:
                    c3:6b:5f:f3:b6:3e:40:11:cc:a7:99:57:76:e4:40:
                    77:3b:ee:29:97:17:25:8b:f8:60:6b:0d:b0:61:f9:
                    7a:e1:f7:63:13:6a:91:4c:47:f5:47:13:95:73:ec:
                    e4:9d:aa:19:1b:81:79:1c:53:25:41:4d:67:5a:25:
                    87:bb:4c:cf:b2:6f:d9:db:b8:e3:9d:61:fd:ea:03:
                    d0:83:9f:fc:93:50:f8:5d:51:23:40:f5:3b:d2:07:
                    5e:80:5b:e7:0f:eb:65:05:89:6b:10:9d:ae:74:9f:
                    c4:ba:6c:59:01:3d:10:50:4f:a0:8e:c8:98:b0:20:
                    13:2a:ad:cb:a6:73:6a:9d:42:b2:01:19:f1:71:2f:
                    4a:8b:04:dc:3f:d0:ec:43:da:c1:cf:19:57:bf:29:
                    e6:a8:64:6a:d8:04:71:fa:06:e7:c7:7a:f9:6d:a2:
                    81:1b:41:43:73:bf:7b:4b:40:b3:54:32:32:5b:53:
                    36:4a:2e:eb:ee:5a:72:f3:87:1a:a9:b0:e3:e7:59:
                    df:e2:ba:ca:fc:e8:e9:16:ad:74:8b:96:28:5c:57:
                    f2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:9D:AD:FF:D1:16:6E:00:DE:9D:3F:F7:35:A7:13:85:55:4B:C2:49
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cZ2t_9EWbgDenT_3NacThVVLwkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:6e:f1:ee:c4:64:93:b6:b8:2f:af:01:ca:ec:c9:d9:c8:8f:
         e9:0d:57:79:d4:76:6c:97:bc:38:70:3e:32:d5:7c:b0:0b:b1:
         6b:c5:d1:a2:76:af:1f:23:94:00:8d:2c:f4:3d:ba:d1:b2:79:
         88:13:6c:25:49:18:6e:97:f4:25:80:d2:9d:e6:68:1a:28:8a:
         24:28:3e:be:f9:69:a4:7a:74:66:ad:61:8a:06:d8:7c:c6:2a:
         32:6d:6f:88:51:ae:e3:ba:ec:f8:3e:f6:19:02:a8:79:f3:d2:
         e7:3e:1b:c5:98:65:56:b0:84:4c:a4:ff:23:f8:50:e2:8a:f5:
         ab:69:50:0d:0b:48:c1:36:08:a5:ae:c0:7a:82:88:ae:30:f4:
         da:6d:c0:7d:26:45:c9:2a:a5:97:26:78:7a:54:31:f5:89:31:
         93:d1:ac:7d:99:e5:6b:29:10:95:9f:7b:c6:24:02:96:ec:43:
         ba:fb:f1:d2:76:a2:db:ae:7d:6e:cc:71:88:ca:fc:59:28:3e:
         13:d6:96:75:10:87:1b:21:f1:10:3f:71:94:45:21:ef:63:59:
         8d:20:07:d6:7b:80:98:a5:4f:8d:0e:37:6a:20:f5:37:17:28:
         c9:9b:c0:13:9e:44:31:ef:ac:a4:91:57:95:95:dd:0b:67:53:
         70:e8:19:b3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYct8DMXH12YTEb0/HIbZc5lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzI5MTUxNTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTlkYWRmZmQxMTY2ZTAwZGU5ZDNmZjczNWE3MTM4NTU1NGJjMjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOMwzzQTsXsl3fj31ZlBDNCYojoN
lcp2DqumNbHZaBBlZVhJbxfKAc54HNbDa1/ztj5AEcynmVd25EB3O+4plxcli/hg
aw2wYfl64fdjE2qRTEf1RxOVc+zknaoZG4F5HFMlQU1nWiWHu0zPsm/Z27jjnWH9
6gPQg5/8k1D4XVEjQPU70gdegFvnD+tlBYlrEJ2udJ/EumxZAT0QUE+gjsiYsCAT
Kq3LpnNqnUKyARnxcS9KiwTcP9DsQ9rBzxlXvynmqGRq2ARx+gbnx3r5baKBG0FD
c797S0CzVDIyW1M2Si7r7lpy84caqbDj51nf4rrK/OjpFq10i5YoXFfyOwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHGdrf/RFm4A3p0/9zWnE4VVS8JJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY1oydF85RVdiZ0RlblRfM05hY1RoVlZMd2trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAClu8e7EZJO2uC+vAcrs
ydnIj+kNV3nUdmyXvDhwPjLVfLALsWvF0aJ2rx8jlACNLPQ9utGyeYgTbCVJGG6X
9CWA0p3maBooiiQoPr75aaR6dGatYYoG2HzGKjJtb4hRruO67Pg+9hkCqHnz0uc+
G8WYZVawhEyk/yP4UOKK9atpUA0LSME2CKWuwHqCiK4w9NptwH0mRckqpZcmeHpU
MfWJMZPRrH2Z5WspEJWfe8YkApbsQ7r78dJ2otuufW7McYjK/FkoPhPWlnUQhxsh
8RA/cZRFIe9jWY0gB9Z7gJilT40ON2og9TcXKMmbwBOeRDHvrKSRV5WV3QtnU3Do
GbM=
-----END CERTIFICATE-----