Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uhu3A6KkHHR43BoMnkOvCb3qB_0.roa
File:                     uhu3A6KkHHR43BoMnkOvCb3qB_0.roa (raw, json)
Hash identifier:          vcaeXWlEujYP7Oa/+h4tCDGv0+sE6RrQj8AgwSQM/ao=
Subject key identifier:   BA:1B:B7:03:A2:A4:1C:74:78:DC:1A:0C:9E:43:AF:09:BD:EA:07:FD
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186BCD1A2A61718B5CA8FA7E436E59AAB40
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uhu3A6KkHHR43BoMnkOvCb3qB_0.roa
Signing time:             Tue 07 Mar 2023 16:05:00 +0000
ROA not before:           Tue 07 Mar 2023 16:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:bcd1:2184/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bc:d1:a2:a6:17:18:b5:ca:8f:a7:e4:36:e5:9a:ab:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  7 16:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ba1bb703a2a41c7478dc1a0c9e43af09bdea07fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ae:03:71:98:d2:0b:c9:88:2a:4c:ab:37:e7:
                    7d:90:b6:e5:6e:03:ab:bb:d2:80:25:20:39:6a:e6:
                    c4:ed:c6:60:7f:89:d1:82:27:51:82:31:bc:9a:82:
                    d3:cc:74:53:72:a9:b9:0c:f7:83:d3:7b:1e:9f:bf:
                    38:f4:94:db:77:fa:5c:af:3a:0d:06:94:6f:db:d9:
                    01:33:8c:60:fd:32:40:85:ef:10:ed:cf:f4:7d:0e:
                    d9:16:e0:07:09:0c:1d:22:1e:8b:8c:a6:1d:f1:e4:
                    2a:1c:d3:d0:88:30:44:9e:67:df:15:0f:9e:bd:73:
                    2d:c4:e2:b0:57:03:97:31:3f:c9:ca:76:d5:69:50:
                    e6:dc:2e:46:88:73:89:08:a6:88:cd:8f:6a:c6:0e:
                    c5:8a:c2:89:59:cb:53:95:12:a9:2c:d0:23:7a:92:
                    fb:67:c9:08:6c:21:7d:5b:dc:14:4a:ff:c4:93:60:
                    07:5c:4d:6b:9b:8a:ab:03:9c:49:d8:8c:f0:0d:aa:
                    ec:38:4d:d5:60:dc:4f:56:46:24:08:69:79:06:ec:
                    47:95:63:2c:e8:cd:72:92:7b:7c:19:9a:5f:5d:81:
                    8d:31:81:40:75:8e:50:7e:21:a8:59:e9:30:15:80:
                    df:0a:26:00:7e:71:9b:dc:24:37:1a:17:d8:45:80:
                    e4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:1B:B7:03:A2:A4:1C:74:78:DC:1A:0C:9E:43:AF:09:BD:EA:07:FD
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/uhu3A6KkHHR43BoMnkOvCb3qB_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:fc:92:b8:1e:84:eb:6b:57:ca:0e:d0:81:97:29:22:09:77:
         97:50:b6:54:ad:86:f5:61:35:de:80:00:9c:30:a7:7c:56:87:
         13:ac:9a:91:f5:d7:9b:1a:4b:42:1d:f3:d0:77:5b:ec:71:8c:
         23:eb:17:98:9a:ae:31:d1:28:88:0e:60:9c:a5:9c:e9:9b:91:
         ac:03:3d:5e:85:a9:74:de:1a:78:35:30:73:fc:e0:8a:1d:8e:
         4a:2a:45:16:9b:1b:ee:4f:5a:f0:d4:8a:19:2f:96:a7:53:4b:
         79:d0:8d:29:b4:a5:cd:e0:16:bc:1a:b9:b6:c8:14:07:58:b3:
         d7:da:9e:54:f3:3e:7d:1b:08:85:2b:7f:22:dd:86:3a:db:ab:
         83:ab:b4:fb:2f:0a:fc:ff:ce:f6:62:4e:f2:05:88:f4:28:a0:
         f5:ff:b7:8e:3d:67:bf:99:13:3a:db:cf:79:11:f2:1d:f5:a6:
         bf:81:5e:5d:6f:cc:c1:14:20:76:70:8f:d0:e6:6e:ab:da:cf:
         07:6d:98:0a:41:da:ff:88:cd:3c:ab:76:9f:c7:2a:69:72:74:
         1c:7c:99:7d:e7:0c:1f:ec:35:cf:89:5c:5f:7a:d3:b4:2e:b1:
         33:69:c0:ae:6d:ef:7e:11:ba:92:a9:0d:de:50:05:5f:4d:9e:
         58:07:19:92
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa80aKmFxi1yo+n5DblmqtAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA3MTYwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTFiYjcwM2EyYTQxYzc0NzhkYzFhMGM5ZTQzYWYwOWJkZWEwN2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwK4DcZjSC8mIKkyrN+d9kLblbgOr
u9KAJSA5aubE7cZgf4nRgidRgjG8moLTzHRTcqm5DPeD03sen7849JTbd/pcrzoN
BpRv29kBM4xg/TJAhe8Q7c/0fQ7ZFuAHCQwdIh6LjKYd8eQqHNPQiDBEnmffFQ+e
vXMtxOKwVwOXMT/JynbVaVDm3C5GiHOJCKaIzY9qxg7FisKJWctTlRKpLNAjepL7
Z8kIbCF9W9wUSv/Ek2AHXE1rm4qrA5xJ2IzwDarsOE3VYNxPVkYkCGl5BuxHlWMs
6M1yknt8GZpfXYGNMYFAdY5QfiGoWekwFYDfCiYAfnGb3CQ3GhfYRYDkCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLobtwOipBx0eNwaDJ5Drwm96gf9MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdWh1M0E2S2tISFI0M0JvTW5rT3ZDYjNxQl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAT8krgehOtrV8oO0IGX
KSIJd5dQtlSthvVhNd6AAJwwp3xWhxOsmpH115saS0Id89B3W+xxjCPrF5iarjHR
KIgOYJylnOmbkawDPV6FqXTeGng1MHP84IodjkoqRRabG+5PWvDUihkvlqdTS3nQ
jSm0pc3gFrwaubbIFAdYs9fanlTzPn0bCIUrfyLdhjrbq4OrtPsvCvz/zvZiTvIF
iPQooPX/t449Z7+ZEzrbz3kR8h31pr+BXl1vzMEUIHZwj9DmbqvazwdtmApB2v+I
zTyrdp/HKmlydBx8mX3nDB/sNc+JXF9607QusTNpwK5t734RupKpDd5QBV9NnlgH
GZI=
-----END CERTIFICATE-----