Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jMWFCCEsHJTS5tbYFH7_1mvFZCY.roa
File:                     jMWFCCEsHJTS5tbYFH7_1mvFZCY.roa (raw, json)
Hash identifier:          /U45UFGSDkByKuoZbOtS79GrGYrKDEbb6Bcv5Ot69EQ=
Subject key identifier:   8C:C5:85:08:21:2C:1C:94:D2:E6:D6:D8:14:7E:FF:D6:6B:C5:64:26
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A6FB6C3CA54C5A12748022F220419B97
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jMWFCCEsHJTS5tbYFH7_1mvFZCY.roa
Signing time:             Fri 03 Mar 2023 10:19:00 +0000
ROA not before:           Fri 03 Mar 2023 10:19:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a6:fb:6c:3c:a5:4c:5a:12:74:80:22:f2:20:41:9b:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  3 10:19:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8cc58508212c1c94d2e6d6d8147effd66bc56426
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d5:74:b6:ea:32:f0:92:74:10:26:da:35:ce:
                    0d:bf:59:b8:eb:7a:66:49:ae:4b:98:eb:cf:5b:c3:
                    0c:59:dd:32:48:67:e1:5d:b6:7d:79:a9:87:12:46:
                    8b:ad:88:71:46:0c:65:a8:87:83:e7:44:11:b7:e4:
                    d1:e4:3d:c0:a9:18:17:51:71:89:4e:5e:b7:5a:dd:
                    fc:76:38:d5:39:5c:3f:ec:13:20:33:be:23:59:29:
                    0d:cb:9d:d6:b3:ee:bb:58:3d:13:56:47:dd:6a:3e:
                    21:55:50:9a:3c:c9:03:92:c7:bb:1f:f6:01:bc:ae:
                    f2:93:d2:32:4e:0b:08:d5:48:e2:ea:ed:37:0d:3b:
                    4f:34:0f:93:5b:4e:80:45:a0:42:dc:43:b5:ea:84:
                    d9:cc:38:bc:89:29:bc:1a:9b:4f:a3:af:dc:5d:fb:
                    64:aa:f3:1b:57:d3:fe:b6:ac:42:7e:33:29:0d:70:
                    88:f6:cf:62:f2:f3:6d:61:1c:ef:fe:0c:50:ab:e6:
                    b0:c1:e5:20:e5:c4:3d:a2:fd:db:ac:f6:9d:74:da:
                    39:0c:34:ad:51:39:b0:20:4d:f6:9e:61:06:06:2d:
                    f1:e8:6a:71:2d:cf:b7:c1:3f:1f:01:a5:9e:c1:2d:
                    bf:9e:21:9b:bf:06:e3:61:e4:f1:fa:0c:c5:58:3c:
                    54:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:C5:85:08:21:2C:1C:94:D2:E6:D6:D8:14:7E:FF:D6:6B:C5:64:26
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/jMWFCCEsHJTS5tbYFH7_1mvFZCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:e6:03:b0:1d:8e:8b:27:2b:68:f6:6d:a4:dd:22:84:f6:19:
         7c:51:b5:30:5a:38:35:09:90:b0:d0:10:62:f7:10:9a:f1:f0:
         4b:d6:c6:44:71:ca:e8:f9:d7:c6:84:eb:1d:1e:88:39:63:87:
         3a:6d:3c:29:a0:c6:33:85:18:29:0d:e0:b1:44:a0:75:59:97:
         42:4c:c1:3d:12:9d:4b:f5:09:1e:6b:eb:e4:ab:cf:38:a7:29:
         db:05:19:bd:a7:f7:26:f7:9d:13:f7:67:a8:7b:03:73:5c:ce:
         0e:a3:71:2f:4e:4d:2e:15:16:9e:22:24:74:42:29:de:b3:09:
         13:4a:14:09:0a:89:05:79:c7:1c:31:3e:9d:3d:cc:9c:76:39:
         d1:ce:2c:a7:56:b9:a0:55:72:b3:01:31:23:70:13:fe:fd:af:
         de:00:08:dc:93:45:1d:6f:49:7d:03:e5:f2:ff:13:f0:ef:0b:
         8f:17:ac:17:f3:3c:98:aa:c9:ab:9d:0e:db:42:d1:c0:12:83:
         e7:09:6b:e3:3d:55:31:db:ff:12:5b:39:ba:0e:51:ef:4d:57:
         3e:ca:fe:a1:b5:58:86:fa:c6:a4:0d:85:01:1a:c3:40:a4:d1:
         96:6e:8c:cd:20:b3:c3:9c:85:9b:59:aa:a6:c3:49:06:e6:bf:
         af:9b:75:9a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYam+2w8pUxaEnSAIvIgQZuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMTAxOTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2M1ODUwODIxMmMxYzk0ZDJlNmQ2ZDgxNDdlZmZkNjZiYzU2NDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtV0tuoy8JJ0ECbaNc4Nv1m463pm
Sa5LmOvPW8MMWd0ySGfhXbZ9eamHEkaLrYhxRgxlqIeD50QRt+TR5D3AqRgXUXGJ
Tl63Wt38djjVOVw/7BMgM74jWSkNy53Ws+67WD0TVkfdaj4hVVCaPMkDkse7H/YB
vK7yk9IyTgsI1Uji6u03DTtPNA+TW06ARaBC3EO16oTZzDi8iSm8GptPo6/cXftk
qvMbV9P+tqxCfjMpDXCI9s9i8vNtYRzv/gxQq+awweUg5cQ9ov3brPaddNo5DDSt
UTmwIE32nmEGBi3x6GpxLc+3wT8fAaWewS2/niGbvwbjYeTx+gzFWDxUTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIzFhQghLByU0ubW2BR+/9ZrxWQmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvak1XRkNDRXNISlRTNXRiWUZIN18xbXZGWkNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFLmA7AdjosnK2j2baTd
IoT2GXxRtTBaODUJkLDQEGL3EJrx8EvWxkRxyuj518aE6x0eiDljhzptPCmgxjOF
GCkN4LFEoHVZl0JMwT0SnUv1CR5r6+SrzzinKdsFGb2n9yb3nRP3Z6h7A3Nczg6j
cS9OTS4VFp4iJHRCKd6zCRNKFAkKiQV5xxwxPp09zJx2OdHOLKdWuaBVcrMBMSNw
E/79r94ACNyTRR1vSX0D5fL/E/DvC48XrBfzPJiqyaudDttC0cASg+cJa+M9VTHb
/xJbOboOUe9NVz7K/qG1WIb6xqQNhQEaw0Ck0ZZujM0gs8OchZtZqqbDSQbmv6+b
dZo=
-----END CERTIFICATE-----