Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rlkdy3wsKfhINklTamjzKQ6egEk.roa
File:                     rlkdy3wsKfhINklTamjzKQ6egEk.roa (raw, json)
Hash identifier:          WaQUcYyrLZCSH17sgaBkm0+L9hUielHKW3roQahnstc=
Subject key identifier:   AE:59:1D:CB:7C:2C:29:F8:48:36:49:53:6A:68:F3:29:0E:9E:80:49
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186BC3B7D7DDA00B12E6EA9AC5CEF6F2CFC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rlkdy3wsKfhINklTamjzKQ6egEk.roa
Signing time:             Tue 07 Mar 2023 13:21:00 +0000
ROA not before:           Tue 07 Mar 2023 13:21:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bc:3b:7d:7d:da:00:b1:2e:6e:a9:ac:5c:ef:6f:2c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  7 13:21:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ae591dcb7c2c29f8483649536a68f3290e9e8049
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:75:b2:0b:3b:df:c9:f6:5b:d9:6b:eb:f3:54:
                    38:4d:3f:30:6d:fc:4a:56:36:d9:58:3a:b3:98:78:
                    55:21:40:34:7d:59:15:18:5b:d5:13:7c:31:79:f5:
                    23:64:40:0d:0b:04:2c:ad:58:f1:a9:1e:34:cf:c0:
                    ba:a2:f6:ec:43:7e:ca:1f:c3:b1:da:4c:81:7d:66:
                    59:67:94:e4:79:d1:94:fe:7b:0b:e7:aa:30:3d:89:
                    5f:7e:5b:34:71:6a:63:e6:05:f2:a4:2a:16:9e:14:
                    be:c6:a5:6b:cf:0d:c4:86:81:dd:ae:93:79:74:24:
                    89:2e:47:e5:01:89:20:15:a3:8f:1c:52:e1:bd:45:
                    88:e8:8b:05:37:27:7f:7d:22:e7:37:3c:78:85:0d:
                    73:8b:ec:98:65:9a:c3:80:2c:7b:e8:9c:f8:e4:15:
                    5d:31:51:cd:fa:9c:a2:48:a3:21:0c:9f:07:2d:f6:
                    21:b6:f2:4e:04:aa:90:d1:6b:24:02:ae:73:64:3e:
                    54:1d:dc:ce:f0:99:af:5e:10:74:24:31:43:79:be:
                    ac:c9:f1:68:81:ed:32:e7:d6:c9:92:18:60:e8:97:
                    64:81:74:41:eb:06:cb:85:bc:53:f5:19:5a:e7:74:
                    50:09:a3:15:0a:fc:1e:85:35:09:df:60:e8:43:1f:
                    fb:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:59:1D:CB:7C:2C:29:F8:48:36:49:53:6A:68:F3:29:0E:9E:80:49
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rlkdy3wsKfhINklTamjzKQ6egEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:24:83:d8:4d:2d:00:e4:b3:79:a1:80:d6:b9:74:bd:bc:38:
         d0:68:96:05:9b:7c:10:14:53:e1:8f:92:fb:8a:d5:c6:64:e1:
         70:0d:ce:0d:79:21:96:af:ed:44:0f:f4:15:00:4b:51:16:00:
         70:f1:05:a3:20:46:02:62:02:c0:ab:94:7c:51:3e:2c:ef:21:
         af:fb:15:99:71:f3:a3:5c:8d:7a:f1:cf:87:cd:97:1e:24:24:
         2d:fe:67:75:d5:c1:9a:62:a6:28:6d:10:0c:64:11:0e:85:57:
         d7:d5:b7:56:24:6c:ac:dc:00:5f:43:b7:05:a0:d7:ef:c6:62:
         ff:33:99:2d:8f:d9:31:e5:43:d2:08:00:73:cd:eb:c8:76:3f:
         81:8d:46:ac:35:34:72:c2:65:5e:d3:e5:77:de:58:db:21:03:
         96:c2:04:92:37:13:0a:df:3a:77:6c:a3:ea:07:54:2f:0b:ad:
         3a:c3:0e:84:86:12:e4:47:4e:67:58:ec:c7:c6:72:50:b6:28:
         8a:69:49:f5:c4:73:1d:4a:f9:6b:52:f9:b2:1b:a4:62:1a:52:
         bc:20:6c:74:a3:d3:33:be:6b:9f:8a:c6:90:9f:c0:3c:f7:f9:
         88:6f:a5:fe:83:26:58:80:c7:3a:c0:a8:da:70:fa:c5:e6:33:
         b2:42:1e:d3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa8O3192gCxLm6prFzvbyz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA3MTMyMTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTU5MWRjYjdjMmMyOWY4NDgzNjQ5NTM2YTY4ZjMyOTBlOWU4MDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHWyCzvfyfZb2Wvr81Q4TT8wbfxK
VjbZWDqzmHhVIUA0fVkVGFvVE3wxefUjZEANCwQsrVjxqR40z8C6ovbsQ37KH8Ox
2kyBfWZZZ5TkedGU/nsL56owPYlffls0cWpj5gXypCoWnhS+xqVrzw3EhoHdrpN5
dCSJLkflAYkgFaOPHFLhvUWI6IsFNyd/fSLnNzx4hQ1zi+yYZZrDgCx76Jz45BVd
MVHN+pyiSKMhDJ8HLfYhtvJOBKqQ0WskAq5zZD5UHdzO8JmvXhB0JDFDeb6syfFo
ge0y59bJkhhg6JdkgXRB6wbLhbxT9Rla53RQCaMVCvwehTUJ32DoQx/7DwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK5ZHct8LCn4SDZJU2po8ykOnoBJMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcmxrZHkzd3NLZmhJTmtsVGFtanpLUTZlZ0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGckg9hNLQDks3mhgNa5
dL28ONBolgWbfBAUU+GPkvuK1cZk4XANzg15IZav7UQP9BUAS1EWAHDxBaMgRgJi
AsCrlHxRPizvIa/7FZlx86NcjXrxz4fNlx4kJC3+Z3XVwZpipihtEAxkEQ6FV9fV
t1YkbKzcAF9DtwWg1+/GYv8zmS2P2THlQ9IIAHPN68h2P4GNRqw1NHLCZV7T5Xfe
WNshA5bCBJI3EwrfOndso+oHVC8LrTrDDoSGEuRHTmdY7MfGclC2KIppSfXEcx1K
+WtS+bIbpGIaUrwgbHSj0zO+a5+KxpCfwDz3+Yhvpf6DJliAxzrAqNpw+sXmM7JC
HtM=
-----END CERTIFICATE-----