Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/laRyF8DmKA5SjOf-RmeWBSzwv4k.roa
File:                     laRyF8DmKA5SjOf-RmeWBSzwv4k.roa (raw, json)
Hash identifier:          X4DE/6h8lVwvgf6X7rdnkbg/2LztxqlcqF3vNy917YY=
Subject key identifier:   95:A4:72:17:C0:E6:28:0E:52:8C:E7:FE:46:67:96:05:2C:F0:BF:89
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C049B2C8276C1D71B9430BEEF7A89939
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/laRyF8DmKA5SjOf-RmeWBSzwv4k.roa
Signing time:             Wed 08 Mar 2023 08:15:00 +0000
ROA not before:           Wed 08 Mar 2023 08:15:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c0:49:b2:c8:27:6c:1d:71:b9:43:0b:ee:f7:a8:99:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  8 08:15:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=95a47217c0e6280e528ce7fe466796052cf0bf89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b4:44:68:c8:9e:73:1f:32:6f:fd:d1:ac:fb:
                    fc:48:df:33:22:b0:47:cc:9f:32:66:bd:61:46:a8:
                    da:38:b9:91:a7:fc:fb:ef:2b:7a:71:b9:ea:50:ae:
                    0c:24:56:0a:27:4a:76:7a:b2:39:d3:9c:ee:e3:90:
                    62:69:c1:b7:ab:45:63:1c:a7:95:d9:9b:e8:77:97:
                    7f:33:ad:9b:f0:bc:46:99:bf:34:4f:84:7e:3e:8b:
                    2d:ed:fb:a4:c2:69:1a:a1:11:1d:9c:de:51:da:1a:
                    d9:95:f3:9a:96:7b:a3:a8:76:2e:00:47:b9:1c:86:
                    34:a7:3b:39:7f:e1:31:dd:84:af:7d:42:9f:e8:d9:
                    ff:fc:bd:04:9c:61:b1:96:cb:5b:42:9a:b8:61:ff:
                    a4:83:68:d7:e6:53:d6:47:c7:29:cd:a9:21:c8:56:
                    41:9a:d0:a9:03:05:1d:ec:e8:ef:b2:2c:b4:d4:1b:
                    38:77:08:8f:56:9b:0c:b5:eb:a5:1a:76:4f:ff:d6:
                    06:14:cf:0b:f2:88:7b:3c:bb:6f:1b:7b:e8:a3:b3:
                    8b:e3:37:db:c2:ec:65:52:fd:1c:7b:ce:02:bb:79:
                    53:ae:d6:a3:8d:f6:06:a7:d5:fe:2d:ae:bf:52:f8:
                    e2:8e:04:d3:85:74:a4:cc:b1:bf:d6:bc:a5:b0:89:
                    2b:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:A4:72:17:C0:E6:28:0E:52:8C:E7:FE:46:67:96:05:2C:F0:BF:89
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/laRyF8DmKA5SjOf-RmeWBSzwv4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:65:a5:84:f2:af:e4:ba:21:b7:98:b1:3d:69:61:3e:f9:7b:
         46:68:93:09:b5:20:12:d9:5b:a6:04:30:da:e6:ed:64:0d:95:
         b7:dc:30:72:fb:77:4b:1e:01:92:e4:cb:82:70:58:2f:5d:86:
         6d:c4:4c:50:18:85:54:39:2a:29:28:9d:a6:6a:fd:a3:bd:cb:
         ea:66:73:c9:95:07:ea:06:54:18:91:68:76:6e:e9:88:f4:de:
         04:d0:db:b0:07:36:e8:d1:5e:a9:c0:f5:97:e9:ee:4c:88:7c:
         a3:db:db:1e:8c:bd:ec:86:d9:84:85:13:53:3c:a5:f2:c5:fc:
         7a:f8:af:66:33:e8:cb:74:f4:a9:d8:51:25:4f:fa:26:15:ea:
         54:e5:4f:f7:fe:00:b4:6c:51:45:05:58:e5:95:07:27:0d:b9:
         fb:2c:f9:94:b6:81:65:65:38:51:6f:2e:f0:ce:7c:8f:c7:d5:
         ce:07:23:f1:06:34:d3:1a:92:89:e4:29:be:a5:0c:84:dd:0d:
         82:39:ee:57:91:4b:aa:1b:ba:f4:cd:5d:a6:6c:b6:bc:50:88:
         1e:20:77:d5:a7:2b:a1:24:b9:a0:d4:74:a2:09:55:7f:71:c8:
         38:c1:1e:b3:f6:1a:e5:51:1e:d5:21:ae:d3:5b:5c:ad:b1:eb:
         cf:42:ec:f8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbASbLIJ2wdcblDC+73qJk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA4MDgxNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWE0NzIxN2MwZTYyODBlNTI4Y2U3ZmU0NjY3OTYwNTJjZjBiZjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57REaMiecx8yb/3RrPv8SN8zIrBH
zJ8yZr1hRqjaOLmRp/z77yt6cbnqUK4MJFYKJ0p2erI505zu45BiacG3q0VjHKeV
2Zvod5d/M62b8LxGmb80T4R+Post7fukwmkaoREdnN5R2hrZlfOalnujqHYuAEe5
HIY0pzs5f+Ex3YSvfUKf6Nn//L0EnGGxlstbQpq4Yf+kg2jX5lPWR8cpzakhyFZB
mtCpAwUd7Ojvsiy01Bs4dwiPVpsMteulGnZP/9YGFM8L8oh7PLtvG3voo7OL4zfb
wuxlUv0ce84Cu3lTrtajjfYGp9X+La6/UvjijgTThXSkzLG/1rylsIkrjQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJWkchfA5igOUozn/kZnlgUs8L+JMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbGFSeUY4RG1LQTVTak9mLVJtZVdCU3p3djRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACFlpYTyr+S6IbeYsT1p
YT75e0Zokwm1IBLZW6YEMNrm7WQNlbfcMHL7d0seAZLky4JwWC9dhm3ETFAYhVQ5
KikonaZq/aO9y+pmc8mVB+oGVBiRaHZu6Yj03gTQ27AHNujRXqnA9Zfp7kyIfKPb
2x6MveyG2YSFE1M8pfLF/Hr4r2Yz6Mt09KnYUSVP+iYV6lTlT/f+ALRsUUUFWOWV
BycNufss+ZS2gWVlOFFvLvDOfI/H1c4HI/EGNNMakonkKb6lDITdDYI57leRS6ob
uvTNXaZstrxQiB4gd9WnK6EkuaDUdKIJVX9xyDjBHrP2GuVRHtUhrtNbXK2x689C
7Pg=
-----END CERTIFICATE-----