Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cf_xPmCbQImcdp1z5__PPK3jZuo.roa
File:                     cf_xPmCbQImcdp1z5__PPK3jZuo.roa (raw, json)
Hash identifier:          BXqRccGLkvDbp+x7xnsY3V3Sm9A5xFmUfU5/JVTde3Q=
Subject key identifier:   71:FF:F1:3E:60:9B:40:89:9C:76:9D:73:E7:FF:CF:3C:AD:E3:66:EA
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CB742B0D4044D57751ABD3CF3EB408A6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cf_xPmCbQImcdp1z5__PPK3jZuo.roa
Signing time:             Fri 10 Mar 2023 12:17:13 +0000
ROA not before:           Fri 10 Mar 2023 12:17:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cb:74:2b:0d:40:44:d5:77:51:ab:d3:cf:3e:b4:08:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 10 12:17:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=71fff13e609b40899c769d73e7ffcf3cade366ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:c5:2d:e8:7e:21:bd:db:a0:ed:bc:2a:20:2b:
                    d9:34:e6:df:c8:95:5f:b8:57:e7:b2:ba:93:64:bd:
                    5b:87:4d:84:87:96:cb:34:58:81:a0:d7:0e:a9:87:
                    c0:46:f8:93:c2:74:e5:fc:54:33:31:bf:15:b8:12:
                    77:67:f6:19:4d:4a:3f:d9:81:4a:c0:75:c9:42:45:
                    fe:1b:59:45:71:71:77:34:b2:d5:bd:48:fb:38:7b:
                    01:2f:28:ef:f1:24:c3:5f:99:52:94:cb:75:e3:81:
                    c2:ac:6a:78:54:e0:db:15:f8:86:16:35:db:87:3c:
                    5e:8c:6c:8a:17:bc:5c:51:c0:c2:df:75:bb:35:ae:
                    8c:89:bc:89:f7:76:9f:87:8a:34:ef:5d:9f:b1:e8:
                    76:b5:41:6b:2f:07:b4:54:fc:e8:fe:51:9f:bf:6b:
                    43:0c:08:b8:59:74:e7:63:01:f0:18:19:fc:c8:07:
                    d0:46:a6:16:21:e4:7c:30:99:c4:b0:f9:76:3c:08:
                    c2:4c:d3:3d:2f:89:f3:75:11:12:52:67:bf:7b:a8:
                    90:2b:32:70:27:32:70:d8:35:0b:cb:a0:5c:b5:bd:
                    9d:07:e9:23:0c:4b:b1:f4:22:70:c9:a1:18:ea:61:
                    cf:bb:0e:8a:64:b1:d5:24:8b:e9:63:3f:69:f9:c2:
                    e1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:FF:F1:3E:60:9B:40:89:9C:76:9D:73:E7:FF:CF:3C:AD:E3:66:EA
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cf_xPmCbQImcdp1z5__PPK3jZuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:33:44:6a:c3:b3:a1:ab:73:21:a4:4a:af:7b:5d:36:3b:33:
         73:34:07:3d:85:34:84:7e:40:7d:0d:96:91:4c:04:27:7a:13:
         54:21:62:90:5c:2f:d3:1e:1a:d6:aa:0d:ca:7d:20:da:2e:c7:
         02:50:46:6b:b8:33:02:e3:31:20:1a:7b:79:60:66:55:0f:40:
         ce:e4:75:90:94:23:b1:a7:9d:da:9a:8e:ff:57:b9:68:8d:1f:
         a2:e0:de:67:05:4f:70:f9:a0:58:db:28:6c:78:e3:76:34:dc:
         85:1f:cb:1b:1e:76:da:f0:a3:22:37:6f:29:c7:72:5f:88:72:
         b8:9f:7b:95:31:5d:25:85:29:ea:c0:e0:f8:07:f9:04:24:e7:
         41:cb:21:94:b5:a5:72:07:76:9b:ec:a8:d5:e6:53:65:f5:88:
         93:91:b1:05:7a:bb:21:98:eb:ed:a1:cb:f9:7c:9a:4b:93:cb:
         a8:bc:d3:51:3a:fd:e0:26:22:86:a1:0a:36:be:e8:f0:fe:8d:
         24:f7:2e:9e:07:71:e9:f5:d2:24:55:6f:ee:ca:c5:ed:12:a4:
         a7:37:07:dc:6b:2e:d9:84:8f:2c:f8:9a:dd:f1:1e:cf:04:73:
         51:11:fe:2d:fb:a1:b7:cf:b7:00:56:63:a4:79:30:5a:98:57:
         85:a6:ad:de
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbLdCsNQETVd1Gr088+tAimMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEwMTIxNzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWZmZjEzZTYwOWI0MDg5OWM3NjlkNzNlN2ZmY2YzY2FkZTM2NmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38Ut6H4hvdug7bwqICvZNObfyJVf
uFfnsrqTZL1bh02Eh5bLNFiBoNcOqYfARviTwnTl/FQzMb8VuBJ3Z/YZTUo/2YFK
wHXJQkX+G1lFcXF3NLLVvUj7OHsBLyjv8STDX5lSlMt144HCrGp4VODbFfiGFjXb
hzxejGyKF7xcUcDC33W7Na6MibyJ93afh4o0712fseh2tUFrLwe0VPzo/lGfv2tD
DAi4WXTnYwHwGBn8yAfQRqYWIeR8MJnEsPl2PAjCTNM9L4nzdRESUme/e6iQKzJw
JzJw2DULy6Bctb2dB+kjDEux9CJwyaEY6mHPuw6KZLHVJIvpYz9p+cLhZwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHH/8T5gm0CJnHadc+f/zzyt42bqMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvY2ZfeFBtQ2JRSW1jZHAxejVfX1BQSzNqWnVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH0zRGrDs6GrcyGkSq97
XTY7M3M0Bz2FNIR+QH0NlpFMBCd6E1QhYpBcL9MeGtaqDcp9INouxwJQRmu4MwLj
MSAae3lgZlUPQM7kdZCUI7Gnndqajv9XuWiNH6Lg3mcFT3D5oFjbKGx443Y03IUf
yxsedtrwoyI3bynHcl+Icrife5UxXSWFKerA4PgH+QQk50HLIZS1pXIHdpvsqNXm
U2X1iJORsQV6uyGY6+2hy/l8mkuTy6i801E6/eAmIoahCja+6PD+jST3Lp4Hcen1
0iRVb+7Kxe0SpKc3B9xrLtmEjyz4mt3xHs8Ec1ER/i37obfPtwBWY6R5MFqYV4Wm
rd4=
-----END CERTIFICATE-----