Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/43iQ-lJpaIhJ7CD3rq68sOCouRQ.roa
File:                     43iQ-lJpaIhJ7CD3rq68sOCouRQ.roa (raw, json)
Hash identifier:          5t15EW6/fGtUCovZwkrQ8+P2tZNt1TdzO/jv1oM7Nx0=
Subject key identifier:   E3:78:90:FA:52:69:68:88:49:EC:20:F7:AE:AE:BC:B0:E0:A8:B9:14
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CE334BB332EF19794588E0DA51C155EC
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/43iQ-lJpaIhJ7CD3rq68sOCouRQ.roa
Signing time:             Sat 11 Mar 2023 01:05:13 +0000
ROA not before:           Sat 11 Mar 2023 01:05:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:ce32:63d1/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ce:33:4b:b3:32:ef:19:79:45:88:e0:da:51:c1:55:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 11 01:05:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e37890fa5269688849ec20f7aeaebcb0e0a8b914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:14:4f:e3:3a:b9:06:b1:0c:c6:27:1a:f5:a9:
                    57:0d:50:d7:ed:24:b0:06:18:99:2e:4e:8a:90:a2:
                    37:eb:be:aa:28:67:aa:83:fd:8a:7f:36:43:1d:63:
                    97:ab:f7:41:eb:4d:4f:ee:38:19:4f:c3:43:ee:b2:
                    8d:83:af:0e:bc:37:54:00:c3:f1:3c:31:96:4b:2d:
                    30:f8:dd:62:99:49:4c:9a:09:14:ca:99:02:49:85:
                    95:85:88:42:0b:91:ac:9e:8d:34:4a:38:9b:9f:a1:
                    47:27:4a:1d:97:01:e1:82:ba:ba:ee:54:b7:1b:71:
                    5f:16:5f:e2:8e:35:78:cb:f2:57:3b:f1:b5:83:75:
                    4f:fd:32:ce:3a:4b:01:18:e5:04:87:b9:05:35:b6:
                    c7:e3:bc:f6:eb:5b:6b:7c:22:ab:fc:8b:5f:f8:2d:
                    fa:52:9a:4b:06:04:c4:38:cf:3c:35:ab:02:cc:ae:
                    75:54:e5:04:fb:92:f5:de:73:05:c5:5f:ca:5d:2d:
                    20:2c:e4:4b:af:ea:bb:44:71:81:8e:23:6b:0b:19:
                    eb:4a:29:dc:2b:f3:df:88:23:e4:03:10:bf:d2:80:
                    e6:57:46:02:fb:51:fd:b5:29:6d:f4:6f:43:ad:2c:
                    c7:87:91:39:39:f3:cd:c7:cc:2b:a6:9b:87:22:ab:
                    8e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:78:90:FA:52:69:68:88:49:EC:20:F7:AE:AE:BC:B0:E0:A8:B9:14
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/43iQ-lJpaIhJ7CD3rq68sOCouRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:3c:88:3a:31:51:8c:4c:b2:3c:39:0c:f2:6b:42:60:39:85:
         62:e3:bd:3c:12:a7:23:27:8d:71:c2:f3:72:85:89:1c:9e:f6:
         b3:8b:10:0b:fd:3d:04:5c:d7:b8:b5:dc:45:23:30:1b:aa:40:
         73:c3:9d:4f:00:86:f5:87:d7:03:15:db:19:09:df:0b:8e:10:
         87:0a:ea:49:78:c5:bf:41:01:c4:cf:c3:41:5c:c0:bc:da:23:
         35:4a:e7:95:4b:62:e0:a3:8b:05:5d:93:b6:b1:c9:64:c1:20:
         37:a4:41:a2:e2:fa:43:ce:91:38:d8:ad:58:cb:f6:95:24:6a:
         fb:24:17:68:65:ec:6c:c4:b5:b0:d4:08:2e:db:16:6e:aa:e1:
         4f:13:6c:25:18:d6:ad:41:d8:4e:83:39:28:95:90:4b:af:c5:
         58:de:e6:04:d7:cd:89:f3:56:27:8b:2c:61:21:a0:94:f5:71:
         42:1c:31:35:a6:fc:2c:db:c3:da:f2:55:e7:f9:2a:17:ad:bf:
         dc:ae:a6:96:be:d3:51:ab:52:62:de:82:0e:2b:cd:6f:c2:ca:
         5a:30:6e:3c:f6:b4:7d:99:53:ef:7f:5c:02:e0:24:d8:51:ea:
         ea:89:81:d9:e2:58:64:84:88:45:2d:14:fe:b9:10:d0:1e:6a:
         ae:57:0d:c8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbOM0uzMu8ZeUWI4NpRwVXsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzExMDEwNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzc4OTBmYTUyNjk2ODg4NDllYzIwZjdhZWFlYmNiMGUwYThiOTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRRP4zq5BrEMxica9alXDVDX7SSw
BhiZLk6KkKI3676qKGeqg/2KfzZDHWOXq/dB601P7jgZT8ND7rKNg68OvDdUAMPx
PDGWSy0w+N1imUlMmgkUypkCSYWVhYhCC5Gsno00Sjibn6FHJ0odlwHhgrq67lS3
G3FfFl/ijjV4y/JXO/G1g3VP/TLOOksBGOUEh7kFNbbH47z261trfCKr/Itf+C36
UppLBgTEOM88NasCzK51VOUE+5L13nMFxV/KXS0gLORLr+q7RHGBjiNrCxnrSinc
K/PfiCPkAxC/0oDmV0YC+1H9tSlt9G9DrSzHh5E5OfPNx8wrppuHIquOnQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFON4kPpSaWiISewg966uvLDgqLkUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvNDNpUS1sSnBhSWhKN0NEM3JxNjhzT0NvdVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHE8iDoxUYxMsjw5DPJr
QmA5hWLjvTwSpyMnjXHC83KFiRye9rOLEAv9PQRc17i13EUjMBuqQHPDnU8AhvWH
1wMV2xkJ3wuOEIcK6kl4xb9BAcTPw0FcwLzaIzVK55VLYuCjiwVdk7axyWTBIDek
QaLi+kPOkTjYrVjL9pUkavskF2hl7GzEtbDUCC7bFm6q4U8TbCUY1q1B2E6DOSiV
kEuvxVje5gTXzYnzVieLLGEhoJT1cUIcMTWm/Czbw9ryVef5Khetv9yuppa+01Gr
UmLegg4rzW/Cylowbjz2tH2ZU+9/XALgJNhR6uqJgdniWGSEiEUtFP65ENAeaq5X
Dcg=
-----END CERTIFICATE-----