Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sxkV58o9OStS9IQPu2TcUclQDNU.roa
File:                     sxkV58o9OStS9IQPu2TcUclQDNU.roa (raw, json)
Hash identifier:          dUVzt/inaiUAr/2Jlq5J4moiWHpM4elAsX6CAWOe2XY=
Subject key identifier:   B3:19:15:E7:CA:3D:39:2B:52:F4:84:0F:BB:64:DC:51:C9:50:0C:D5
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CAFA669530C712C6DFD5B4138DAD5CAE
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sxkV58o9OStS9IQPu2TcUclQDNU.roa
Signing time:             Fri 10 Mar 2023 10:04:13 +0000
ROA not before:           Fri 10 Mar 2023 10:04:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cafa:5bd2/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ca:fa:66:95:30:c7:12:c6:df:d5:b4:13:8d:ad:5c:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 10 10:04:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b31915e7ca3d392b52f4840fbb64dc51c9500cd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d2:1d:ba:fc:b1:fa:94:3b:8e:64:00:d3:82:
                    ad:4c:6c:5d:7f:b0:8f:91:28:a9:dd:1f:51:67:a6:
                    f3:d7:04:9a:b1:92:f4:3a:c6:e0:b4:96:95:08:f0:
                    36:2c:2c:3d:ec:a1:09:41:c0:d3:e4:3f:78:06:a1:
                    0b:c8:2b:48:c0:56:31:12:9a:97:d8:84:fe:0b:05:
                    2e:29:d4:ef:1a:78:1f:8e:ac:82:cd:a8:6e:04:d0:
                    8a:73:79:34:ab:e1:3d:56:d1:41:3a:8c:fa:55:e3:
                    06:ff:46:86:46:52:e8:12:1c:29:f6:a6:8a:68:9e:
                    de:03:36:a0:d3:76:b9:47:98:1d:4c:49:9e:e4:62:
                    bb:bc:25:76:f4:72:1e:30:c9:17:c2:c4:5b:69:0b:
                    a1:94:61:ba:45:16:e3:f8:c1:1d:9b:83:b4:b9:b8:
                    b0:fe:5f:f1:2d:2d:79:71:f1:df:a5:ce:80:c8:d4:
                    99:0e:65:0e:0a:17:21:7d:3f:79:61:1f:ef:98:70:
                    fc:72:f0:50:7f:59:57:3d:9a:3a:6b:19:ac:f1:9c:
                    88:33:72:5f:c5:93:0a:28:09:ec:a7:2a:0d:32:2e:
                    04:96:56:ff:40:a5:00:2b:bc:52:71:94:e7:46:15:
                    f7:44:21:fc:43:5b:75:98:16:4a:34:41:f8:cf:80:
                    e6:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:19:15:E7:CA:3D:39:2B:52:F4:84:0F:BB:64:DC:51:C9:50:0C:D5
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/sxkV58o9OStS9IQPu2TcUclQDNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:7b:b7:c2:5e:aa:aa:8d:00:dc:c3:6d:1b:26:ac:15:ae:85:
         76:ae:f5:84:ec:31:d1:16:a2:a4:69:33:55:f4:81:cc:f0:e4:
         46:a9:5a:29:57:e1:3b:c6:43:c8:c1:fc:6f:a3:39:ca:0b:2c:
         15:35:fe:16:3f:75:b4:54:24:37:d1:42:d1:f1:de:63:93:f2:
         fe:aa:ee:1e:4b:88:62:69:59:8f:23:fb:8b:2b:3c:6a:a3:a6:
         fe:ac:3f:6f:60:bc:9c:34:4b:39:16:2a:a1:41:3a:c2:ed:fb:
         3c:5f:d4:3d:e0:39:fe:ea:91:99:2c:b9:f5:11:4c:5a:b2:34:
         78:54:a0:94:d0:fb:7b:e7:a5:78:d9:50:61:c8:8f:5a:56:8f:
         5c:ba:cd:c2:57:56:8e:36:6b:7c:f3:dd:13:3b:f1:23:70:1c:
         1a:58:2b:4d:47:bb:87:82:45:79:54:b5:5c:c6:04:1b:68:d4:
         3d:0f:da:cf:9c:78:8a:2f:41:e5:2f:96:af:ee:7f:80:43:80:
         30:c7:07:ed:e1:1b:84:47:eb:52:b6:3d:a4:43:a3:24:70:31:
         27:03:98:d2:3c:b5:35:55:5f:ef:f5:56:a7:2e:f7:39:09:e2:
         cb:08:ac:e0:db:01:bb:90:f7:9e:43:e0:08:ba:c3:79:a4:86:
         54:05:4f:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbK+maVMMcSxt/VtBONrVyuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEwMTAwNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzE5MTVlN2NhM2QzOTJiNTJmNDg0MGZiYjY0ZGM1MWM5NTAwY2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNIduvyx+pQ7jmQA04KtTGxdf7CP
kSip3R9RZ6bz1wSasZL0OsbgtJaVCPA2LCw97KEJQcDT5D94BqELyCtIwFYxEpqX
2IT+CwUuKdTvGngfjqyCzahuBNCKc3k0q+E9VtFBOoz6VeMG/0aGRlLoEhwp9qaK
aJ7eAzag03a5R5gdTEme5GK7vCV29HIeMMkXwsRbaQuhlGG6RRbj+MEdm4O0ubiw
/l/xLS15cfHfpc6AyNSZDmUOChchfT95YR/vmHD8cvBQf1lXPZo6axms8ZyIM3Jf
xZMKKAnspyoNMi4Ellb/QKUAK7xScZTnRhX3RCH8Q1t1mBZKNEH4z4DmKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLMZFefKPTkrUvSED7tk3FHJUAzVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvc3hrVjU4bzlPU3RTOUlRUHUyVGNVY2xRRE5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGx7t8JeqqqNANzDbRsm
rBWuhXau9YTsMdEWoqRpM1X0gczw5EapWilX4TvGQ8jB/G+jOcoLLBU1/hY/dbRU
JDfRQtHx3mOT8v6q7h5LiGJpWY8j+4srPGqjpv6sP29gvJw0SzkWKqFBOsLt+zxf
1D3gOf7qkZksufURTFqyNHhUoJTQ+3vnpXjZUGHIj1pWj1y6zcJXVo42a3zz3RM7
8SNwHBpYK01Hu4eCRXlUtVzGBBto1D0P2s+ceIovQeUvlq/uf4BDgDDHB+3hG4RH
61K2PaRDoyRwMScDmNI8tTVVX+/1Vqcu9zkJ4ssIrODbAbuQ955D4Ai6w3mkhlQF
T4c=
-----END CERTIFICATE-----