Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qM7pAnNWmsRAPKlp2Kcpyb1389s.roa
File:                     qM7pAnNWmsRAPKlp2Kcpyb1389s.roa (raw, json)
Hash identifier:          L0aWYo0eDsi0f6aPBJ61c+qVyUHt587A6dt+xTSNTc0=
Subject key identifier:   A8:CE:E9:02:73:56:9A:C4:40:3C:A9:69:D8:A7:29:C9:BD:77:F3:DB
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A3F9E9409B82EF1DECC447EE1C6A1BE4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qM7pAnNWmsRAPKlp2Kcpyb1389s.roa
Signing time:             Thu 02 Mar 2023 20:18:29 +0000
ROA not before:           Thu 02 Mar 2023 20:18:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a3:f9:e9:40:9b:82:ef:1d:ec:c4:47:ee:1c:6a:1b:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  2 20:18:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8cee90273569ac4403ca969d8a729c9bd77f3db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c6:13:fa:75:36:be:63:26:ce:29:77:69:04:
                    1d:9d:f4:6a:41:03:2e:ca:5e:64:ce:61:36:3c:51:
                    0d:16:1f:fc:11:39:eb:12:05:18:b7:28:e1:a0:e3:
                    5c:c0:db:d9:86:18:a6:f4:97:4c:4d:1b:df:5c:34:
                    a3:c9:d7:af:5d:9f:c3:05:d2:3f:8b:0f:ab:1e:25:
                    c7:c4:59:2a:67:12:24:c8:3e:ee:2e:dc:b1:05:67:
                    a7:1d:3d:cd:7c:f8:ef:2e:a6:0f:4c:38:5a:d3:e5:
                    91:ab:d2:fe:b0:a4:dc:de:8b:69:5e:e4:34:ac:35:
                    78:4d:a8:33:35:3d:70:78:ce:38:9e:0c:4f:35:4e:
                    1f:3b:63:d8:07:13:ff:8e:b6:1a:7a:50:f4:8a:99:
                    5b:75:28:6e:34:00:64:81:e6:ac:53:ff:47:d0:51:
                    73:76:e6:f1:7d:b6:6e:14:01:c1:0b:4a:d6:42:cb:
                    a1:52:d6:0a:d7:72:99:00:bf:ba:e4:de:d3:01:e3:
                    59:f3:a5:92:45:57:77:27:f5:53:a3:7e:dc:16:01:
                    4d:64:eb:f0:73:08:3d:78:c9:23:54:b7:d6:5b:25:
                    69:2c:9e:61:bf:78:d8:be:87:79:6c:ca:04:7b:db:
                    76:77:cc:29:41:4a:03:ff:99:4e:93:3c:3e:32:f7:
                    b7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:CE:E9:02:73:56:9A:C4:40:3C:A9:69:D8:A7:29:C9:BD:77:F3:DB
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/qM7pAnNWmsRAPKlp2Kcpyb1389s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:6f:e2:6b:7b:f5:89:92:cc:c0:b8:e7:df:d4:eb:b8:fe:02:
         54:b4:02:df:ce:53:6c:4c:44:4b:f6:f2:e7:10:aa:05:54:3b:
         aa:68:65:dd:67:1d:7d:da:f3:1d:a7:f3:06:2f:62:fd:e1:0c:
         1e:ef:dd:ca:de:d3:51:5b:43:2c:c5:60:8b:52:66:56:d1:92:
         b6:b7:2f:cd:80:61:87:dc:cf:9c:06:15:b9:25:19:2a:90:76:
         47:62:c1:0d:48:87:3a:cb:a2:33:e8:6e:72:be:ea:15:6e:23:
         3e:10:fe:c6:30:2d:3e:0b:58:47:03:d4:80:dc:56:bf:86:b6:
         a9:dd:42:de:1c:81:bd:72:8c:17:1f:11:2d:e0:18:dd:ff:b6:
         10:90:0f:31:2e:53:bd:69:86:5a:4d:5a:c7:66:fc:09:cb:db:
         a7:76:c3:c3:5f:56:c9:29:2c:97:d5:32:1e:ab:b8:48:c7:ac:
         c3:09:f4:16:23:19:1f:e4:c6:37:1f:67:57:23:d4:b1:31:1f:
         9b:16:f4:3f:a4:33:f0:59:b2:38:a4:36:c1:08:a0:16:22:b4:
         90:e6:12:d6:99:ed:f7:3a:3b:4a:ef:79:99:c9:d8:33:d2:67:
         1c:81:d9:1b:b7:11:c8:02:d6:43:43:74:d6:c5:c0:67:b0:55:
         72:21:a0:4c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYaj+elAm4LvHezER+4cahvkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAyMjAxODI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGNlZTkwMjczNTY5YWM0NDAzY2E5NjlkOGE3MjljOWJkNzdmM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsYT+nU2vmMmzil3aQQdnfRqQQMu
yl5kzmE2PFENFh/8ETnrEgUYtyjhoONcwNvZhhim9JdMTRvfXDSjydevXZ/DBdI/
iw+rHiXHxFkqZxIkyD7uLtyxBWenHT3NfPjvLqYPTDha0+WRq9L+sKTc3otpXuQ0
rDV4TagzNT1weM44ngxPNU4fO2PYBxP/jrYaelD0iplbdShuNABkgeasU/9H0FFz
dubxfbZuFAHBC0rWQsuhUtYK13KZAL+65N7TAeNZ86WSRVd3J/VTo37cFgFNZOvw
cwg9eMkjVLfWWyVpLJ5hv3jYvod5bMoEe9t2d8wpQUoD/5lOkzw+Mve3MQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKjO6QJzVprEQDypadinKcm9d/PbMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcU03cEFuTldtc1JBUEtscDJLY3B5YjEzODlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAVv4mt79YmSzMC459/U
67j+AlS0At/OU2xMREv28ucQqgVUO6poZd1nHX3a8x2n8wYvYv3hDB7v3cre01Fb
QyzFYItSZlbRkra3L82AYYfcz5wGFbklGSqQdkdiwQ1IhzrLojPobnK+6hVuIz4Q
/sYwLT4LWEcD1IDcVr+GtqndQt4cgb1yjBcfES3gGN3/thCQDzEuU71phlpNWsdm
/AnL26d2w8NfVskpLJfVMh6ruEjHrMMJ9BYjGR/kxjcfZ1cj1LExH5sW9D+kM/BZ
sjikNsEIoBYitJDmEtaZ7fc6O0rveZnJ2DPSZxyB2Ru3EcgC1kNDdNbFwGewVXIh
oEw=
-----END CERTIFICATE-----