Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sddEQ2ZwGWMUWavObVj-s3F27OY.roa
File:                     sddEQ2ZwGWMUWavObVj-s3F27OY.roa (raw, json)
Hash identifier:          TzLNHzveVKrVltaoD86lgoWKgUu0+LjQ2hNOsk/IX2c=
Subject key identifier:   B1:D7:44:43:66:70:19:63:14:59:AB:CE:6D:58:FE:B3:71:76:EC:E6
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186F2B534E35852718C4EAF3389F1CE1E93
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sddEQ2ZwGWMUWavObVj-s3F27OY.roa
Signing time:             Sat 18 Mar 2023 03:13:27 +0000
ROA not before:           Sat 18 Mar 2023 03:13:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:f2:b5:34:e3:58:52:71:8c:4e:af:33:89:f1:ce:1e:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 18 03:13:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b1d74443667019631459abce6d58feb37176ece6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:42:16:64:c2:9c:f3:c0:15:d9:22:0a:4c:fb:
                    35:d0:43:79:1a:f8:14:4b:1f:b1:56:05:eb:98:a3:
                    05:07:7a:20:73:b1:47:9d:0c:32:0b:ea:36:9d:b2:
                    86:90:c5:7e:95:72:6f:bd:2a:53:05:47:57:d5:9c:
                    c3:d5:86:1e:2b:dc:46:47:9d:0d:4b:eb:59:3c:84:
                    81:51:ce:20:3d:9c:ee:fb:6f:fa:37:e6:0f:c7:f7:
                    b0:af:0a:dc:90:41:96:18:41:56:57:a5:ab:72:b3:
                    77:7b:d8:af:83:e6:75:72:3e:4b:40:78:c9:0e:f9:
                    d7:c2:af:5c:06:90:6a:5e:dd:78:67:b6:16:33:6d:
                    18:c4:67:2b:e2:67:d4:4b:6d:05:78:d9:98:d7:c1:
                    d6:69:37:85:59:32:6f:59:e9:b2:4d:14:8b:01:64:
                    72:33:c9:3b:58:59:dc:c2:68:75:d7:12:97:a4:3b:
                    ae:37:0c:2d:30:06:33:63:47:e0:43:20:69:92:86:
                    b4:9e:98:d6:c3:1f:c6:c7:52:8a:04:05:eb:da:a1:
                    31:ec:4d:9b:d7:cb:8b:80:c2:a9:c8:48:ad:9e:ef:
                    7c:61:29:bd:c1:34:b1:b3:48:5b:82:22:a4:e4:1b:
                    1f:58:3f:e6:35:7c:8f:cd:a3:8c:ff:94:32:5f:44:
                    ef:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D7:44:43:66:70:19:63:14:59:AB:CE:6D:58:FE:B3:71:76:EC:E6
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sddEQ2ZwGWMUWavObVj-s3F27OY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:af:a6:bb:f9:f3:62:27:24:6b:40:ab:6f:75:8d:b1:86:85:
         3d:00:2d:e5:04:d6:b6:04:15:cf:fe:d7:c7:1c:1a:3a:00:9e:
         af:5e:4b:ee:96:47:0a:39:3d:0a:d4:b8:34:85:c3:47:a9:96:
         d6:f1:55:71:b2:72:62:c5:10:80:81:d3:fe:51:67:9e:eb:7a:
         58:8d:1f:44:82:a4:21:e8:7e:6d:9c:56:1d:b0:93:42:bf:63:
         84:9c:07:a8:f7:56:9e:05:b4:92:ef:66:af:33:2b:ca:d4:31:
         44:19:3f:9d:95:e7:aa:76:47:f3:c0:e8:f9:3f:8b:b2:58:54:
         cc:18:aa:6f:74:ab:e8:a7:74:dc:ba:9f:cc:af:f9:c0:9b:aa:
         90:57:cd:29:1a:b4:8b:1a:b3:34:6e:fe:52:17:61:bd:90:0c:
         25:3d:21:4d:55:35:7b:d8:d4:0c:33:8c:b3:6d:25:27:ea:65:
         23:87:4b:86:51:91:93:8a:ff:70:5e:5a:3a:db:e4:96:6d:7d:
         fb:2c:89:ac:28:d2:50:9b:91:ea:1b:41:df:43:1c:98:ed:75:
         7c:cf:22:59:b6:4b:66:09:da:08:f8:54:93:6a:7a:ae:b7:0d:
         95:53:6c:6e:d9:27:aa:53:ae:4e:1c:a6:42:c0:f3:b7:74:86:
         18:88:a0:a3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbytTTjWFJxjE6vM4nxzh6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE4MDMxMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQ3NDQ0MzY2NzAxOTYzMTQ1OWFiY2U2ZDU4ZmViMzcxNzZlY2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEIWZMKc88AV2SIKTPs10EN5GvgU
Sx+xVgXrmKMFB3ogc7FHnQwyC+o2nbKGkMV+lXJvvSpTBUdX1ZzD1YYeK9xGR50N
S+tZPISBUc4gPZzu+2/6N+YPx/ewrwrckEGWGEFWV6WrcrN3e9ivg+Z1cj5LQHjJ
DvnXwq9cBpBqXt14Z7YWM20YxGcr4mfUS20FeNmY18HWaTeFWTJvWemyTRSLAWRy
M8k7WFncwmh11xKXpDuuNwwtMAYzY0fgQyBpkoa0npjWwx/Gx1KKBAXr2qEx7E2b
18uLgMKpyEitnu98YSm9wTSxs0hbgiKk5BsfWD/mNXyPzaOM/5QyX0Tv7QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLHXRENmcBljFFmrzm1Y/rNxduzmMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc2RkRVEyWndHV01VV2F2T2JWai1zM0YyN09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAFCvprv582InJGtAq291
jbGGhT0ALeUE1rYEFc/+18ccGjoAnq9eS+6WRwo5PQrUuDSFw0epltbxVXGycmLF
EICB0/5RZ57reliNH0SCpCHofm2cVh2wk0K/Y4ScB6j3Vp4FtJLvZq8zK8rUMUQZ
P52V56p2R/PA6Pk/i7JYVMwYqm90q+indNy6n8yv+cCbqpBXzSkatIsaszRu/lIX
Yb2QDCU9IU1VNXvY1AwzjLNtJSfqZSOHS4ZRkZOK/3BeWjrb5JZtffssiawo0lCb
keobQd9DHJjtdXzPIlm2S2YJ2gj4VJNqeq63DZVTbG7ZJ6pTrk4cpkLA87d0hhiI
oKM=
-----END CERTIFICATE-----