Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oCD8CbZH0O8pKOlZlef6tuM0ZWM.roa
File:                     oCD8CbZH0O8pKOlZlef6tuM0ZWM.roa (raw, json)
Hash identifier:          C/W7s2Lb4AgtraNgv6gUAQQgAr8z9YHzLmIzkosqCA0=
Subject key identifier:   A0:20:FC:09:B6:47:D0:EF:29:28:E9:59:95:E7:FA:B6:E3:34:65:63
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C617CA790BD0E23C6C2F9B79805B09CD
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oCD8CbZH0O8pKOlZlef6tuM0ZWM.roa
Signing time:             Thu 09 Mar 2023 11:18:13 +0000
ROA not before:           Thu 09 Mar 2023 11:18:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c6:17:ca:79:0b:d0:e2:3c:6c:2f:9b:79:80:5b:09:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  9 11:18:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a020fc09b647d0ef2928e95995e7fab6e3346563
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:58:6f:9e:22:ef:cb:0e:fb:56:c5:fc:6e:bf:
                    00:e8:ab:68:6c:7a:33:7d:ac:f0:83:5e:69:31:a1:
                    5d:6f:6b:a5:27:63:4d:12:c5:04:54:ef:ef:d5:17:
                    b8:cf:38:f4:65:50:78:04:24:16:be:63:6b:96:2c:
                    ea:c0:20:27:d9:a5:17:42:f1:1f:85:3c:35:85:de:
                    cc:ac:60:c6:08:d5:3e:2c:ef:d9:f2:b2:92:38:28:
                    99:79:df:31:3a:c1:d8:e3:b6:1d:22:b7:d8:f4:39:
                    f6:3e:bf:a8:6f:7f:e3:77:ff:90:42:2e:9c:b7:bd:
                    bc:ac:30:f2:b0:a8:d8:c6:72:65:d8:5d:6f:ce:5a:
                    f6:50:d9:70:4d:44:84:cb:f2:92:5b:ad:96:ab:06:
                    d3:e8:63:08:8a:9f:5c:e9:b8:57:40:fa:06:60:2b:
                    89:86:ab:73:02:98:cd:6c:b8:6d:8d:ea:60:3a:32:
                    8b:72:3c:db:c8:0c:70:da:85:14:ea:60:43:0c:5f:
                    fb:2e:9c:4a:ab:e5:bc:e0:0f:22:6e:cd:1e:01:dd:
                    ae:b2:1e:af:02:42:c7:2c:f4:ef:7d:aa:32:23:29:
                    77:dc:6f:d0:a2:2c:64:a7:da:a3:0b:a0:c3:2d:b2:
                    b4:d0:b3:94:89:76:87:77:a5:c5:3b:4c:da:96:19:
                    25:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:20:FC:09:B6:47:D0:EF:29:28:E9:59:95:E7:FA:B6:E3:34:65:63
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/oCD8CbZH0O8pKOlZlef6tuM0ZWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:e9:36:93:74:64:f7:54:ff:e4:b7:f4:84:c0:6b:e3:33:b2:
         a1:b0:5a:51:8d:25:6e:10:17:85:71:16:0d:62:10:4d:40:b0:
         ec:93:93:0a:62:ad:02:f9:2a:d6:20:92:ac:32:ca:81:c7:8f:
         4d:04:b7:aa:0a:e5:94:20:21:64:59:b4:cb:e8:93:d3:09:ce:
         c8:0c:cd:d5:09:54:67:2d:b6:00:c9:3c:ca:68:c8:08:f7:2a:
         64:1c:14:a9:cb:99:93:04:00:ee:52:6e:8e:eb:c0:53:52:b0:
         4b:8b:e4:da:95:fc:59:36:1e:3f:c5:b7:52:02:6e:16:a5:4d:
         c8:9b:c7:88:2f:16:5c:52:13:e5:1b:5f:89:b6:14:67:dd:97:
         c1:8c:38:b1:55:ab:6f:cd:bb:54:b5:eb:7d:1b:18:bd:16:62:
         0c:24:75:b6:64:98:74:72:3c:15:61:27:2e:46:42:13:80:f9:
         fb:70:84:ba:a3:04:71:82:38:2b:af:82:0d:30:cb:c9:41:eb:
         39:7a:43:95:07:6a:82:fc:a8:24:3d:6e:89:90:62:1f:d7:b6:
         6d:9e:5c:2f:23:d8:23:4c:85:3d:c4:fa:df:f4:db:1b:23:90:
         9e:b1:71:04:98:2f:5b:3d:56:ef:0b:25:94:41:5c:be:87:25:
         5b:e0:63:ca
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbGF8p5C9DiPGwvm3mAWwnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA5MTExODEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDIwZmMwOWI2NDdkMGVmMjkyOGU5NTk5NWU3ZmFiNmUzMzQ2NTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVhvniLvyw77VsX8br8A6KtobHoz
fazwg15pMaFdb2ulJ2NNEsUEVO/v1Re4zzj0ZVB4BCQWvmNrlizqwCAn2aUXQvEf
hTw1hd7MrGDGCNU+LO/Z8rKSOCiZed8xOsHY47YdIrfY9Dn2Pr+ob3/jd/+QQi6c
t728rDDysKjYxnJl2F1vzlr2UNlwTUSEy/KSW62WqwbT6GMIip9c6bhXQPoGYCuJ
hqtzApjNbLhtjepgOjKLcjzbyAxw2oUU6mBDDF/7LpxKq+W84A8ibs0eAd2ush6v
AkLHLPTvfaoyIyl33G/Qoixkp9qjC6DDLbK00LOUiXaHd6XFO0zalhkl3QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKAg/Am2R9DvKSjpWZXn+rbjNGVjMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvb0NEOENiWkgwTzhwS09sWmxlZjZ0dU0wWldNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFrpNpN0ZPdU/+S39ITA
a+MzsqGwWlGNJW4QF4VxFg1iEE1AsOyTkwpirQL5KtYgkqwyyoHHj00Et6oK5ZQg
IWRZtMvok9MJzsgMzdUJVGcttgDJPMpoyAj3KmQcFKnLmZMEAO5Sbo7rwFNSsEuL
5NqV/Fk2Hj/Ft1ICbhalTcibx4gvFlxSE+UbX4m2FGfdl8GMOLFVq2/Nu1S1630b
GL0WYgwkdbZkmHRyPBVhJy5GQhOA+ftwhLqjBHGCOCuvgg0wy8lB6zl6Q5UHaoL8
qCQ9bomQYh/Xtm2eXC8j2CNMhT3E+t/02xsjkJ6xcQSYL1s9Vu8LJZRBXL6HJVvg
Y8o=
-----END CERTIFICATE-----