Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fswXOXBsk4EK6UdXwXg5OgevdSs.roa
File:                     fswXOXBsk4EK6UdXwXg5OgevdSs.roa (raw, json)
Hash identifier:          aRRxqCf80Ml/kTiGveC6ubeOASmTMzXs+pyVhRvFx6Y=
Subject key identifier:   7E:CC:17:39:70:6C:93:81:0A:E9:47:57:C1:78:39:3A:07:AF:75:2B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B7E234E6B812D5F09F2B35197CDAB2C3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fswXOXBsk4EK6UdXwXg5OgevdSs.roa
Signing time:             Mon 06 Mar 2023 17:05:00 +0000
ROA not before:           Mon 06 Mar 2023 17:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:b7e1:8bb3/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b7:e2:34:e6:b8:12:d5:f0:9f:2b:35:19:7c:da:b2:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  6 17:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7ecc1739706c93810ae94757c178393a07af752b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:db:34:a4:f9:b1:2b:66:3f:40:32:45:b8:7d:
                    30:80:0b:cc:21:4a:b5:61:fa:cf:a3:fa:bd:c9:b1:
                    1a:18:63:e2:32:1e:7e:d7:5d:03:c0:2a:19:fd:ec:
                    52:7e:0a:d7:d2:ab:f7:ba:ef:c7:75:07:85:c4:7c:
                    1e:74:8b:8b:14:dd:9a:e3:df:79:b7:ab:49:62:c4:
                    67:11:95:93:aa:8a:45:1b:42:a7:83:4a:a6:bd:78:
                    03:83:3e:d7:56:98:50:44:1c:df:a4:80:25:3b:71:
                    24:c4:61:2f:17:c0:2f:5a:04:a1:41:15:7d:d4:48:
                    17:dc:47:fd:ab:bb:1b:34:f1:2f:a2:3c:22:9c:30:
                    14:73:0e:3e:8c:d8:ff:46:1a:95:d6:1a:d3:b1:1d:
                    cc:c0:82:6e:33:11:aa:9a:39:67:b9:08:cd:e8:68:
                    f8:fb:00:ac:c7:99:36:85:1a:63:19:8e:31:e4:c8:
                    bc:99:2e:ae:62:b3:d3:4c:2d:90:fb:2d:8e:32:e3:
                    c4:a0:6f:6d:fe:c8:1a:3a:d9:c3:d2:9b:2f:e7:4c:
                    ee:e0:73:e1:87:5b:e2:11:9f:57:b6:e3:24:bf:49:
                    41:aa:e3:cc:42:e7:d2:d5:65:e0:ca:94:0e:21:e9:
                    a4:94:fc:57:18:b3:b2:72:ed:54:1b:69:1d:a2:c3:
                    5c:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:CC:17:39:70:6C:93:81:0A:E9:47:57:C1:78:39:3A:07:AF:75:2B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/fswXOXBsk4EK6UdXwXg5OgevdSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:ff:6d:3b:ce:59:a1:aa:a9:1f:8a:15:a2:9a:28:2e:f0:cd:
         04:53:d5:1a:b4:23:ba:ed:c6:6e:d7:b1:8d:5f:3e:e9:f1:51:
         a1:45:17:f6:45:4f:56:d0:60:5f:91:67:96:2e:ad:43:7b:2c:
         d6:fa:2c:67:83:2c:6d:40:22:6f:e5:aa:eb:27:3e:a6:5c:60:
         ff:50:6d:e2:41:97:5e:d6:89:20:10:6a:a3:d2:2b:a8:5a:fc:
         f2:28:23:63:49:db:c7:01:14:fb:39:7c:62:b3:34:b3:d7:29:
         0d:b7:16:49:67:1d:35:df:3b:48:cf:2b:8e:71:72:46:c5:63:
         5d:55:5e:6f:4a:b3:6d:b6:82:72:0b:70:77:76:c7:0f:d4:ee:
         6e:10:1f:11:98:36:1d:ff:62:fb:ac:64:2f:d1:37:90:f1:6f:
         b0:f2:cb:f2:c7:46:c4:75:3c:49:91:0c:87:92:87:30:10:b9:
         f8:ac:ae:3f:0f:6c:7e:77:2b:41:b8:e5:87:52:35:8a:9f:2a:
         44:ff:e5:0e:15:f8:03:c5:81:72:19:2d:06:77:91:3d:08:7b:
         87:84:f2:9f:68:5d:07:bc:f9:be:06:17:59:e8:7f:dd:6d:89:
         45:ce:57:42:92:ae:83:ce:b6:c9:a8:fd:c2:ea:32:bb:fb:ea:
         aa:1d:f7:a4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa34jTmuBLV8J8rNRl82rLDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA2MTcwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWNjMTczOTcwNmM5MzgxMGFlOTQ3NTdjMTc4MzkzYTA3YWY3NTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Ns0pPmxK2Y/QDJFuH0wgAvMIUq1
YfrPo/q9ybEaGGPiMh5+110DwCoZ/exSfgrX0qv3uu/HdQeFxHwedIuLFN2a4995
t6tJYsRnEZWTqopFG0Kng0qmvXgDgz7XVphQRBzfpIAlO3EkxGEvF8AvWgShQRV9
1EgX3Ef9q7sbNPEvojwinDAUcw4+jNj/RhqV1hrTsR3MwIJuMxGqmjlnuQjN6Gj4
+wCsx5k2hRpjGY4x5Mi8mS6uYrPTTC2Q+y2OMuPEoG9t/sgaOtnD0psv50zu4HPh
h1viEZ9XtuMkv0lBquPMQufS1WXgypQOIemklPxXGLOycu1UG2kdosNc5wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFH7MFzlwbJOBCulHV8F4OToHr3UrMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZnN3WE9YQnNrNEVLNlVkWHdYZzVPZ2V2ZFNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIP/bTvOWaGqqR+KFaKa
KC7wzQRT1Rq0I7rtxm7XsY1fPunxUaFFF/ZFT1bQYF+RZ5YurUN7LNb6LGeDLG1A
Im/lqusnPqZcYP9QbeJBl17WiSAQaqPSK6ha/PIoI2NJ28cBFPs5fGKzNLPXKQ23
FklnHTXfO0jPK45xckbFY11VXm9Ks222gnILcHd2xw/U7m4QHxGYNh3/YvusZC/R
N5Dxb7Dyy/LHRsR1PEmRDIeShzAQufisrj8PbH53K0G45YdSNYqfKkT/5Q4V+APF
gXIZLQZ3kT0Ie4eE8p9oXQe8+b4GF1nof91tiUXOV0KSroPOtsmo/cLqMrv76qod
96Q=
-----END CERTIFICATE-----