Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r8my6p2rZlsnA3n7F6FXwFzhelg.roa
File:                     r8my6p2rZlsnA3n7F6FXwFzhelg.roa (raw, json)
Hash identifier:          xfC9l4su3bLkiIG6ekJwv96ePPRqyaiRgN5RAHHd6Gk=
Subject key identifier:   AF:C9:B2:EA:9D:AB:66:5B:27:03:79:FB:17:A1:57:C0:5C:E1:7A:58
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186BB9439D7126D864702DAD39EDD89C085
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r8my6p2rZlsnA3n7F6FXwFzhelg.roa
Signing time:             Tue 07 Mar 2023 10:18:18 +0000
ROA not before:           Tue 07 Mar 2023 10:18:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bb:94:39:d7:12:6d:86:47:02:da:d3:9e:dd:89:c0:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  7 10:18:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=afc9b2ea9dab665b270379fb17a157c05ce17a58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3d:90:86:6b:6c:0c:e8:82:4d:43:c5:9f:f2:
                    45:a1:b7:6d:e3:0d:fa:d8:41:4f:09:24:50:2a:4a:
                    7d:fb:e5:64:a0:55:44:06:5b:7f:34:55:e7:61:36:
                    08:e3:97:ad:f2:bf:29:a1:14:6d:5f:e4:c0:75:1e:
                    8d:24:bd:1d:16:55:1c:99:78:22:b8:95:90:f2:61:
                    6b:d2:31:fb:cf:cf:ba:d7:c9:6c:35:e5:70:1b:16:
                    c0:8a:16:b4:da:27:db:65:b5:5a:f9:28:ef:12:35:
                    be:a7:f5:e3:27:19:98:f6:34:12:39:08:75:85:52:
                    a5:a0:aa:54:97:cc:2f:93:f1:76:ec:b4:31:b6:54:
                    80:a1:47:18:8d:75:af:dd:3b:7f:a9:a2:18:61:a3:
                    93:ab:e6:f6:2a:c6:52:16:73:54:31:3e:a7:80:04:
                    89:d6:8c:23:bc:d8:92:ae:76:77:74:ea:86:36:62:
                    7a:2d:9c:01:34:bf:f2:3f:25:32:19:56:4a:7a:aa:
                    e1:5f:71:a4:c9:69:6a:a5:4d:80:ab:1a:0c:4c:7f:
                    8e:ed:c4:0e:29:31:ab:59:a6:29:78:e8:c9:fa:c3:
                    3e:c7:42:8a:d4:7a:4d:97:95:3c:9e:75:65:5a:ee:
                    0e:1e:b5:7d:8f:c6:98:fd:b6:cc:12:80:36:37:6f:
                    76:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:C9:B2:EA:9D:AB:66:5B:27:03:79:FB:17:A1:57:C0:5C:E1:7A:58
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/r8my6p2rZlsnA3n7F6FXwFzhelg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:16:f7:c4:35:f9:1d:32:54:10:7b:9e:8a:1f:90:48:07:85:
         1d:0b:c2:c9:1d:b2:a0:f2:fe:6e:ce:2e:2f:9b:5c:24:42:25:
         0e:dd:ec:fb:48:8a:e2:4b:f5:64:7a:d3:89:51:83:59:96:61:
         cc:42:6f:f6:fd:5d:42:39:ed:ed:2e:7c:12:6c:48:53:ff:07:
         61:70:41:81:7d:15:c8:8d:2b:63:91:87:f9:1c:d8:f5:76:62:
         3d:b1:52:c7:fa:be:e1:38:78:dd:fb:d8:82:80:ef:bb:c1:1b:
         14:b5:e0:39:86:50:f7:93:84:9d:9d:b9:b5:5b:61:bf:38:ae:
         44:97:24:1b:89:89:52:43:01:f8:b8:52:72:02:81:56:b5:0d:
         8c:53:8a:7b:89:76:f6:f9:b0:4b:81:f5:0d:2a:32:77:13:6c:
         c0:7f:64:51:e1:39:3b:80:fa:2a:17:f4:6a:4c:8a:db:25:21:
         04:e9:58:6d:28:a2:b3:e3:f3:7e:c8:af:cd:df:b4:d4:e5:a3:
         3b:fc:52:90:1e:14:e3:d5:20:a4:f4:92:e6:93:0c:97:4c:1e:
         dc:f9:a2:f0:d3:92:1c:77:ff:d4:68:ce:a6:59:6a:25:14:e8:
         79:5d:ad:20:4d:8a:a1:05:0d:37:d2:8d:2b:b7:7a:ed:ab:f0:
         f2:ca:05:ae
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa7lDnXEm2GRwLa057dicCFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA3MTAxODE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmM5YjJlYTlkYWI2NjViMjcwMzc5ZmIxN2ExNTdjMDVjZTE3YTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsT2QhmtsDOiCTUPFn/JFobdt4w36
2EFPCSRQKkp9++VkoFVEBlt/NFXnYTYI45et8r8poRRtX+TAdR6NJL0dFlUcmXgi
uJWQ8mFr0jH7z8+618lsNeVwGxbAiha02ifbZbVa+SjvEjW+p/XjJxmY9jQSOQh1
hVKloKpUl8wvk/F27LQxtlSAoUcYjXWv3Tt/qaIYYaOTq+b2KsZSFnNUMT6ngASJ
1owjvNiSrnZ3dOqGNmJ6LZwBNL/yPyUyGVZKeqrhX3GkyWlqpU2AqxoMTH+O7cQO
KTGrWaYpeOjJ+sM+x0KK1HpNl5U8nnVlWu4OHrV9j8aY/bbMEoA2N292YQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK/Jsuqdq2ZbJwN5+xehV8Bc4XpYMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcjhteTZwMnJabHNuQTNuN0Y2Rlh3RnpoZWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACkW98Q1+R0yVBB7noof
kEgHhR0LwskdsqDy/m7OLi+bXCRCJQ7d7PtIiuJL9WR604lRg1mWYcxCb/b9XUI5
7e0ufBJsSFP/B2FwQYF9FciNK2ORh/kc2PV2Yj2xUsf6vuE4eN372IKA77vBGxS1
4DmGUPeThJ2dubVbYb84rkSXJBuJiVJDAfi4UnICgVa1DYxTinuJdvb5sEuB9Q0q
MncTbMB/ZFHhOTuA+ioX9GpMitslIQTpWG0oorPj837Ir83ftNTlozv8UpAeFOPV
IKT0kuaTDJdMHtz5ovDTkhx3/9RozqZZaiUU6HldrSBNiqEFDTfSjSu3eu2r8PLK
Ba4=
-----END CERTIFICATE-----