Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/pbo_yYGlYLfKIEnmF-nYWGYoJi0.roa
File:                     pbo_yYGlYLfKIEnmF-nYWGYoJi0.roa (raw, json)
Hash identifier:          kZ94/9JLtXSbn1plFzJxq63DKrMuxmk492XlVM+47zg=
Subject key identifier:   A5:BA:3F:C9:81:A5:60:B7:CA:20:49:E6:17:E9:D8:58:66:28:26:2D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A49F9DEA61311E0753D96AD6DA4304DC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/pbo_yYGlYLfKIEnmF-nYWGYoJi0.roa
Signing time:             Thu 02 Mar 2023 23:19:29 +0000
ROA not before:           Thu 02 Mar 2023 23:19:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a4:9f:9d:ea:61:31:1e:07:53:d9:6a:d6:da:43:04:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  2 23:19:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a5ba3fc981a560b7ca2049e617e9d8586628262d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0b:30:81:1f:13:dc:74:5f:a1:e1:24:fb:01:
                    fe:a7:cc:2a:c4:3d:a4:3f:05:0c:e3:10:7f:4b:ad:
                    82:2e:86:49:73:ef:60:d0:f2:1b:d5:be:3f:8d:1d:
                    86:36:67:51:aa:fa:f0:e5:00:0d:22:9b:cd:7b:6b:
                    bd:9e:a0:1f:65:6a:c6:a5:a2:b0:e5:92:b8:aa:d0:
                    2b:7c:f4:f5:a7:14:b0:d7:db:dd:4f:e1:2e:61:4b:
                    bc:5b:71:5a:b8:b2:60:03:fa:16:df:24:ed:1e:be:
                    17:9f:58:99:34:fa:56:9f:3b:e7:d5:3e:a4:32:f0:
                    82:0c:cb:81:77:3a:f3:4b:11:dd:47:d4:a8:9c:5e:
                    6c:d5:03:6d:65:45:8a:d2:52:ab:f3:ed:67:19:37:
                    07:d3:63:4f:f7:1e:86:b4:e0:e6:67:c3:02:52:f8:
                    80:c8:36:2f:4a:e1:9d:6e:a6:cc:a6:5e:80:12:0b:
                    04:a1:e5:98:e5:10:af:e4:f4:19:8d:18:6a:ae:61:
                    48:b5:8c:15:39:dc:2d:f2:1a:dc:05:f9:45:ae:36:
                    e3:b2:31:69:e7:7b:7d:9c:48:fa:7f:61:78:72:8d:
                    e7:60:d8:06:e6:59:47:4c:bc:2b:1e:28:0e:50:eb:
                    73:e0:b2:6b:4b:85:72:82:b9:8e:8d:3d:67:2b:f8:
                    e5:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:BA:3F:C9:81:A5:60:B7:CA:20:49:E6:17:E9:D8:58:66:28:26:2D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/pbo_yYGlYLfKIEnmF-nYWGYoJi0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:ea:fb:50:0b:bb:0f:28:6c:d6:62:1e:3d:46:2b:e0:7e:9a:
         d9:a6:da:15:ac:fb:cd:18:56:0b:5d:8b:b8:d5:7b:ef:a8:ce:
         e1:96:6f:a2:4f:ca:8f:98:0b:d7:f0:ed:7c:8f:ab:9b:11:1d:
         b2:d3:37:64:88:00:8f:ff:7d:20:b7:96:fa:7f:a2:29:04:25:
         ba:10:f0:97:b6:52:86:9d:8a:8c:de:e6:f2:d1:2d:6f:34:d0:
         1c:9c:f3:2d:d8:77:38:ec:70:65:f2:0c:dc:5b:33:b1:ec:80:
         27:4f:c6:02:c9:d6:cd:a5:84:d2:9d:f7:7f:8e:36:e3:62:98:
         ba:89:d5:53:47:b4:c5:57:43:0a:c0:58:d4:fd:f6:35:d1:3e:
         bf:27:f3:26:c8:87:b5:a6:f8:ab:7b:7a:55:d2:c8:73:cc:cd:
         a7:eb:2a:59:32:a7:f3:74:9c:47:b1:38:73:18:35:c2:2f:f6:
         7c:ba:49:1d:84:65:70:c1:44:b5:9e:66:f5:fa:f7:69:66:15:
         40:f2:1a:c4:a5:42:54:9c:25:d8:96:9e:29:f0:af:89:6d:e0:
         82:f1:ae:26:9f:49:fb:f8:af:85:2a:a7:68:30:17:be:6c:e4:
         22:25:b9:b7:5e:78:3f:d1:2b:81:77:b6:fb:35:cf:b5:32:bc:
         5a:79:1a:03
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYakn53qYTEeB1PZatbaQwTcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAyMjMxOTI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWJhM2ZjOTgxYTU2MGI3Y2EyMDQ5ZTYxN2U5ZDg1ODY2MjgyNjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwswgR8T3HRfoeEk+wH+p8wqxD2k
PwUM4xB/S62CLoZJc+9g0PIb1b4/jR2GNmdRqvrw5QANIpvNe2u9nqAfZWrGpaKw
5ZK4qtArfPT1pxSw19vdT+EuYUu8W3FauLJgA/oW3yTtHr4Xn1iZNPpWnzvn1T6k
MvCCDMuBdzrzSxHdR9SonF5s1QNtZUWK0lKr8+1nGTcH02NP9x6GtODmZ8MCUviA
yDYvSuGdbqbMpl6AEgsEoeWY5RCv5PQZjRhqrmFItYwVOdwt8hrcBflFrjbjsjFp
53t9nEj6f2F4co3nYNgG5llHTLwrHigOUOtz4LJrS4VygrmOjT1nK/jlbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKW6P8mBpWC3yiBJ5hfp2FhmKCYtMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcGJvX3lZR2xZTGZLSUVubUYtbllXR1lvSmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABXq+1ALuw8obNZiHj1G
K+B+mtmm2hWs+80YVgtdi7jVe++ozuGWb6JPyo+YC9fw7XyPq5sRHbLTN2SIAI//
fSC3lvp/oikEJboQ8Je2Uoadioze5vLRLW800Byc8y3YdzjscGXyDNxbM7HsgCdP
xgLJ1s2lhNKd93+ONuNimLqJ1VNHtMVXQwrAWNT99jXRPr8n8ybIh7Wm+Kt7elXS
yHPMzafrKlkyp/N0nEexOHMYNcIv9ny6SR2EZXDBRLWeZvX692lmFUDyGsSlQlSc
JdiWninwr4lt4ILxriafSfv4r4Uqp2gwF75s5CIlubdeeD/RK4F3tvs1z7UyvFp5
GgM=
-----END CERTIFICATE-----