Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9nGBIN26VJou7bCihnCoi6ma1BQ.roa
File:                     9nGBIN26VJou7bCihnCoi6ma1BQ.roa (raw, json)
Hash identifier:          znZGT97mXyJ8Sz35vbr/Zri3Gr/wZQHzFBVD8wQpzu0=
Subject key identifier:   F6:71:81:20:DD:BA:54:9A:2E:ED:B0:A2:86:70:A8:8B:A9:9A:D4:14
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B1724199F8051830C9A1E0D3A90B9C8A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9nGBIN26VJou7bCihnCoi6ma1BQ.roa
Signing time:             Sun 05 Mar 2023 11:05:00 +0000
ROA not before:           Sun 05 Mar 2023 11:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:186:b171:b93a/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b1:72:41:99:f8:05:18:30:c9:a1:e0:d3:a9:0b:9c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  5 11:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f6718120ddba549a2eedb0a28670a88ba99ad414
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fb:5c:b9:36:93:06:ad:5d:34:cc:aa:47:e7:
                    16:dc:2f:26:be:88:96:20:29:90:a7:13:70:94:92:
                    37:d7:77:f2:ba:5e:9f:42:0a:c3:58:04:e6:17:57:
                    9a:ba:f1:b2:fb:09:cd:96:10:25:ad:23:6e:2b:81:
                    4d:cf:e0:10:df:3b:22:cd:86:fc:b8:75:1c:35:07:
                    6a:69:5d:fa:5f:f0:98:60:26:9e:75:d4:2f:d0:bb:
                    23:97:61:d9:cc:26:2f:f9:f0:62:2d:42:a3:04:16:
                    bf:e5:7e:09:37:fb:c8:12:8f:96:33:a1:de:0e:0a:
                    0f:72:8f:96:12:f8:27:62:a4:8e:bd:1b:a5:0b:ae:
                    dd:03:b1:b5:bc:6d:fd:b8:dc:b5:d6:be:2a:6c:06:
                    0d:61:75:e0:fe:e6:70:50:85:59:ea:92:79:07:04:
                    89:95:ca:09:58:67:c2:5c:4d:ce:08:9e:34:3d:82:
                    f3:e8:9c:e2:9f:3b:be:df:bf:6c:55:0d:8e:52:e7:
                    c0:ee:05:dc:99:bd:92:91:74:06:dd:5c:13:71:86:
                    1d:07:7a:75:1a:50:b6:fa:e6:2a:e4:0d:3d:8b:12:
                    33:73:66:fd:3e:8f:1e:c8:79:22:91:40:94:9c:b0:
                    f3:9c:a4:22:2f:df:8d:ce:63:85:06:15:38:11:b5:
                    d6:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:71:81:20:DD:BA:54:9A:2E:ED:B0:A2:86:70:A8:8B:A9:9A:D4:14
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/9nGBIN26VJou7bCihnCoi6ma1BQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:b4:1f:c9:40:b6:cc:99:d6:dc:0b:6b:10:aa:af:9d:3a:ca:
         31:6e:0a:6d:8a:2a:2f:34:f4:2b:d7:1c:db:4f:2a:94:5b:c3:
         a9:ce:f1:15:d2:dc:47:60:8d:96:4a:91:d1:65:1a:cc:0a:6e:
         60:e5:2a:ed:0a:eb:ef:79:2b:da:6d:6e:b9:50:39:b8:db:6a:
         b2:f1:8f:5d:0c:45:6a:cf:10:34:db:f9:4e:7a:98:63:fe:bb:
         6a:6d:e1:55:cd:b3:80:45:55:7c:79:28:c7:e3:16:02:36:6e:
         78:61:37:90:60:84:b6:4f:44:66:06:42:0b:fd:d2:32:ad:07:
         1b:df:95:47:01:4d:f1:a7:87:08:e8:d6:1e:dc:8d:5a:57:a2:
         49:e3:52:d0:82:82:d6:90:5d:a0:14:1f:3a:71:a4:39:7b:49:
         b5:77:d3:8f:ad:59:7e:df:54:c4:e1:96:f5:a2:92:cd:35:2d:
         b8:35:c6:07:f8:85:5a:cd:72:fc:c9:e0:2c:b1:06:42:c7:62:
         6b:e9:3f:f7:2f:4b:ce:2a:a6:e1:38:43:7b:e2:a5:cc:90:9a:
         17:7b:48:19:80:b0:7f:ff:77:b5:32:2e:87:70:9a:ef:b1:85:
         5b:b0:37:4a:88:7b:0b:b2:33:c0:a2:6f:90:01:5d:e0:73:ce:
         8a:44:82:86
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYaxckGZ+AUYMMmh4NOpC5yKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA1MTEwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjcxODEyMGRkYmE1NDlhMmVlZGIwYTI4NjcwYTg4YmE5OWFkNDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiPtcuTaTBq1dNMyqR+cW3C8mvoiW
ICmQpxNwlJI313fyul6fQgrDWATmF1eauvGy+wnNlhAlrSNuK4FNz+AQ3zsizYb8
uHUcNQdqaV36X/CYYCaeddQv0Lsjl2HZzCYv+fBiLUKjBBa/5X4JN/vIEo+WM6He
DgoPco+WEvgnYqSOvRulC67dA7G1vG39uNy11r4qbAYNYXXg/uZwUIVZ6pJ5BwSJ
lcoJWGfCXE3OCJ40PYLz6Jzinzu+379sVQ2OUufA7gXcmb2SkXQG3VwTcYYdB3p1
GlC2+uYq5A09ixIzc2b9Po8eyHkikUCUnLDznKQiL9+NzmOFBhU4EbXW/wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFPZxgSDdulSaLu2wooZwqIupmtQUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvOW5HQklOMjZWSm91N2JDaWhuQ29pNm1hMUJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAAS0H8lAtsyZ1twLaxCq
r506yjFuCm2KKi809CvXHNtPKpRbw6nO8RXS3EdgjZZKkdFlGswKbmDlKu0K6+95
K9ptbrlQObjbarLxj10MRWrPEDTb+U56mGP+u2pt4VXNs4BFVXx5KMfjFgI2bnhh
N5BghLZPRGYGQgv90jKtBxvflUcBTfGnhwjo1h7cjVpXoknjUtCCgtaQXaAUHzpx
pDl7SbV304+tWX7fVMThlvWiks01Lbg1xgf4hVrNcvzJ4CyxBkLHYmvpP/cvS84q
puE4Q3vipcyQmhd7SBmAsH//d7UyLodwmu+xhVuwN0qIewuyM8Cib5ABXeBzzopE
goY=
-----END CERTIFICATE-----