Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lQw0247hQF3dWUO2Ow8ylxKXaVE.roa
File:                     lQw0247hQF3dWUO2Ow8ylxKXaVE.roa (raw, json)
Hash identifier:          Tj2CL7mSftvBVugr30uBuq0c5La7NdsvZzz+9VmygLI=
Subject key identifier:   95:0C:34:DB:8E:E1:40:5D:DD:59:43:B6:3B:0F:32:97:12:97:69:51
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B0DB338A5AE17CADBAAC7A49E827124B
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lQw0247hQF3dWUO2Ow8ylxKXaVE.roa
Signing time:             Sun 05 Mar 2023 08:20:00 +0000
ROA not before:           Sun 05 Mar 2023 08:20:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b0:db:33:8a:5a:e1:7c:ad:ba:ac:7a:49:e8:27:12:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  5 08:20:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=950c34db8ee1405ddd5943b63b0f329712976951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c1:6f:72:c8:f8:bc:a4:58:93:a9:92:37:6f:
                    e3:f8:16:8d:23:63:45:26:dd:db:98:ab:ee:14:d5:
                    18:a4:b5:4d:29:7c:e6:69:05:ac:7f:30:7c:35:75:
                    ce:c9:3a:66:d0:90:19:7e:71:2c:1e:ed:93:1e:2f:
                    6a:ca:52:4b:06:3e:22:5a:a7:f0:01:d2:79:c7:83:
                    92:f9:f0:01:45:ee:7a:fc:08:f5:75:9a:f6:2c:fc:
                    e5:b2:b7:25:5c:d0:89:2e:a9:ea:bc:e4:6c:fe:6c:
                    5b:e7:5b:44:5e:08:82:5e:ef:b3:86:47:da:ac:ec:
                    a1:d3:e5:37:47:96:ae:b5:0d:4d:af:6d:99:88:b9:
                    24:5e:86:c8:5a:bd:89:fe:15:b5:e5:d7:0b:3b:c4:
                    1b:08:57:06:4f:6c:5e:a6:0d:4e:b0:e5:7d:86:fa:
                    30:a7:e2:5f:f1:46:b0:dc:a7:f9:bf:ba:e8:f0:b6:
                    3a:de:aa:66:c7:4c:71:6f:cb:c1:9c:f8:7a:3a:0b:
                    86:82:49:19:ed:1d:58:6e:20:c5:c5:9a:e8:07:7e:
                    ef:a1:3f:69:77:7a:99:17:ea:11:c3:31:40:b0:1c:
                    03:19:fe:57:6c:9d:02:e9:69:b9:37:fc:a3:0f:f1:
                    09:6a:73:d4:8d:a0:c8:b5:3d:6c:e6:4c:d6:06:2f:
                    0e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:0C:34:DB:8E:E1:40:5D:DD:59:43:B6:3B:0F:32:97:12:97:69:51
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/lQw0247hQF3dWUO2Ow8ylxKXaVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:fb:d3:cb:64:a1:fb:47:f9:67:b6:35:98:d5:e4:3f:03:ba:
         6f:c3:82:57:f0:e5:05:21:73:45:5f:02:15:e5:c8:3c:67:c8:
         c9:1d:00:67:af:77:e0:63:aa:93:0d:45:92:aa:6f:8d:46:5b:
         27:1e:7d:7c:f3:49:b6:a7:be:0a:38:d7:92:28:0e:40:87:9e:
         b5:44:76:95:46:5c:2c:dc:3a:f4:a8:4e:04:34:d3:34:0d:79:
         9b:69:08:22:87:95:31:fb:41:fa:0b:d5:02:84:c1:6b:08:e9:
         1e:eb:60:4b:c1:f0:11:d2:bc:95:ad:2a:a1:3d:dd:7b:38:31:
         35:0d:c1:e7:af:99:c9:d8:16:71:c6:ea:f4:7c:c8:0d:28:1d:
         6f:29:f4:a8:22:a9:06:32:3b:d1:13:6a:d4:cf:25:f1:2d:b9:
         93:7f:d2:25:d4:83:4f:1a:aa:bb:64:b5:54:5f:f7:9c:b4:8d:
         79:f3:90:d2:1e:8a:a9:da:0e:fe:0d:85:e4:77:e7:fe:f1:22:
         56:77:14:50:24:d7:fa:f4:6a:c7:2c:18:5b:66:f9:6b:ae:93:
         a9:6f:99:b6:e5:b0:65:4d:19:c4:e3:17:b1:b6:57:a5:12:e5:
         df:e8:52:79:ed:09:32:8a:42:a3:76:c3:97:40:d3:a8:dc:42:
         62:65:af:67
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYaw2zOKWuF8rbqseknoJxJLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA1MDgyMDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTBjMzRkYjhlZTE0MDVkZGQ1OTQzYjYzYjBmMzI5NzEyOTc2OTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMFvcsj4vKRYk6mSN2/j+BaNI2NF
Jt3bmKvuFNUYpLVNKXzmaQWsfzB8NXXOyTpm0JAZfnEsHu2THi9qylJLBj4iWqfw
AdJ5x4OS+fABRe56/Aj1dZr2LPzlsrclXNCJLqnqvORs/mxb51tEXgiCXu+zhkfa
rOyh0+U3R5autQ1Nr22ZiLkkXobIWr2J/hW15dcLO8QbCFcGT2xepg1OsOV9hvow
p+Jf8Uaw3Kf5v7ro8LY63qpmx0xxb8vBnPh6OguGgkkZ7R1YbiDFxZroB37voT9p
d3qZF+oRwzFAsBwDGf5XbJ0C6Wm5N/yjD/EJanPUjaDItT1s5kzWBi8O8wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJUMNNuO4UBd3VlDtjsPMpcSl2lRMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbFF3MDI0N2hRRjNkV1VPMk93OHlseEtYYVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAX708tkoftH+We2NZjV
5D8Dum/Dglfw5QUhc0VfAhXlyDxnyMkdAGevd+BjqpMNRZKqb41GWycefXzzSban
vgo415IoDkCHnrVEdpVGXCzcOvSoTgQ00zQNeZtpCCKHlTH7QfoL1QKEwWsI6R7r
YEvB8BHSvJWtKqE93Xs4MTUNweevmcnYFnHG6vR8yA0oHW8p9KgiqQYyO9ETatTP
JfEtuZN/0iXUg08aqrtktVRf95y0jXnzkNIeiqnaDv4NheR35/7xIlZ3FFAk1/r0
ascsGFtm+Wuuk6lvmbblsGVNGcTjF7G2V6US5d/oUnntCTKKQqN2w5dA06jcQmJl
r2c=
-----END CERTIFICATE-----