Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rsWJwkV9Gy3Dqt2XWfZq_RpiZ4Y.roa
File:                     rsWJwkV9Gy3Dqt2XWfZq_RpiZ4Y.roa (raw, json)
Hash identifier:          xhYBI1ngI8f43nKbSauOUnYwrP6rV7+k2RZBJIHE7oo=
Subject key identifier:   AE:C5:89:C2:45:7D:1B:2D:C3:AA:DD:97:59:F6:6A:FD:1A:62:67:86
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C0F1D12B7B995B07D5E2DC25CDE64806
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rsWJwkV9Gy3Dqt2XWfZq_RpiZ4Y.roa
Signing time:             Wed 08 Mar 2023 11:18:38 +0000
ROA not before:           Wed 08 Mar 2023 11:18:38 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c0:f1:d1:2b:7b:99:5b:07:d5:e2:dc:25:cd:e6:48:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  8 11:18:38 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aec589c2457d1b2dc3aadd9759f66afd1a626786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0d:40:8b:63:f7:56:5b:e1:fd:1e:70:f8:d9:
                    ef:f1:51:d2:5e:bb:13:d6:00:95:98:f1:fe:8f:9a:
                    ac:77:59:ca:cb:22:d3:0f:84:b9:9b:8b:bc:16:0a:
                    02:54:8b:3a:60:44:0f:e8:9f:10:b1:a6:37:0d:84:
                    16:17:d5:73:98:8e:4c:8b:54:87:7e:94:91:13:35:
                    7b:94:78:05:c7:67:3f:0c:d6:b6:71:0e:a4:95:9d:
                    53:5b:61:e4:8f:12:b2:59:97:60:0c:74:84:9b:84:
                    2d:fc:0c:a1:2a:fc:c1:c4:83:b0:49:63:7f:98:fd:
                    05:b1:e1:e4:eb:58:60:89:91:9f:d8:10:17:54:48:
                    f6:70:73:5c:c2:cf:67:00:c7:1e:ec:4c:56:02:14:
                    b3:2a:d7:75:f4:ad:db:3f:1e:e6:9f:5f:ea:18:9b:
                    f1:91:a2:60:bb:07:c1:d3:32:2a:d2:0e:97:c5:dd:
                    f5:e1:c7:79:03:ba:0d:53:28:17:af:e1:6b:5f:3b:
                    86:2c:e3:d9:b2:90:f7:b8:ba:3d:17:3f:7f:1e:60:
                    99:87:71:25:21:cb:c5:19:51:8b:90:f9:67:ac:8b:
                    cf:9f:da:52:fe:f3:21:14:27:7a:e6:87:59:03:b3:
                    26:46:d5:33:9f:2b:67:4d:f5:d7:fa:59:c7:82:a2:
                    a7:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:C5:89:C2:45:7D:1B:2D:C3:AA:DD:97:59:F6:6A:FD:1A:62:67:86
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/rsWJwkV9Gy3Dqt2XWfZq_RpiZ4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         99:6b:02:fe:73:97:48:30:22:3e:81:11:e0:a6:2a:22:e2:ea:
         42:cb:17:4c:6b:6e:db:08:34:3a:58:58:76:ae:11:cf:64:2c:
         9d:38:19:02:cd:a2:3c:00:25:81:3e:b0:5e:e5:6a:f2:ca:8b:
         f9:94:a0:6a:88:69:9f:65:d7:77:23:8c:70:14:0d:25:17:0a:
         90:01:14:11:36:22:ee:b5:fb:6c:24:60:87:1a:7a:7e:26:c6:
         d4:e1:0e:28:41:05:2d:a1:08:b6:13:f9:ca:7d:b0:d1:71:a6:
         c0:53:2c:f9:1a:a2:c2:12:9b:e1:ae:3f:b9:21:35:67:be:a7:
         ca:2e:ce:05:d1:1b:67:fe:d6:8b:d0:ce:74:c2:e8:8e:5f:73:
         62:cc:82:0d:f3:04:22:33:ba:1e:cb:2b:c7:ad:0d:96:a3:59:
         26:e1:5d:85:4d:ce:38:ae:30:99:b5:66:0a:eb:43:9e:d3:12:
         7e:f2:fc:8f:89:9f:1e:c2:c5:39:4b:5d:85:ca:83:2c:b8:50:
         02:20:68:4f:77:6e:08:65:52:96:d4:cb:d9:1a:74:29:4b:4e:
         6f:52:b0:bd:14:cc:f1:7f:a1:bf:0c:27:df:0d:0d:5c:94:9b:
         e8:76:43:03:f1:58:6b:77:3d:7e:8e:91:0c:d8:e7:b6:ff:89:
         91:33:2c:d4
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbA8dEre5lbB9Xi3CXN5kgGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA4MTExODM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWM1ODljMjQ1N2QxYjJkYzNhYWRkOTc1OWY2NmFmZDFhNjI2Nzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjg1Ai2P3Vlvh/R5w+Nnv8VHSXrsT
1gCVmPH+j5qsd1nKyyLTD4S5m4u8FgoCVIs6YEQP6J8QsaY3DYQWF9VzmI5Mi1SH
fpSREzV7lHgFx2c/DNa2cQ6klZ1TW2HkjxKyWZdgDHSEm4Qt/AyhKvzBxIOwSWN/
mP0FseHk61hgiZGf2BAXVEj2cHNcws9nAMce7ExWAhSzKtd19K3bPx7mn1/qGJvx
kaJguwfB0zIq0g6Xxd314cd5A7oNUygXr+FrXzuGLOPZspD3uLo9Fz9/HmCZh3El
IcvFGVGLkPlnrIvPn9pS/vMhFCd65odZA7MmRtUznytnTfXX+lnHgqKnmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFK7FicJFfRstw6rdl1n2av0aYmeGMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvcnNXSndrVjlHeTNEcXQyWFdmWnFfUnBpWjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJlrAv5zl0gwIj6BEeCm
KiLi6kLLF0xrbtsINDpYWHauEc9kLJ04GQLNojwAJYE+sF7lavLKi/mUoGqIaZ9l
13cjjHAUDSUXCpABFBE2Iu61+2wkYIcaen4mxtThDihBBS2hCLYT+cp9sNFxpsBT
LPkaosISm+GuP7khNWe+p8ouzgXRG2f+1ovQznTC6I5fc2LMgg3zBCIzuh7LK8et
DZajWSbhXYVNzjiuMJm1ZgrrQ57TEn7y/I+Jnx7CxTlLXYXKgyy4UAIgaE93bghl
UpbUy9kadClLTm9SsL0UzPF/ob8MJ98NDVyUm+h2QwPxWGt3PX6OkQzY57b/iZEz
LNQ=
-----END CERTIFICATE-----