Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/DxQUJxesjKsEqTWzzfXppsQyV38.roa
File:                     DxQUJxesjKsEqTWzzfXppsQyV38.roa (raw, json)
Hash identifier:          YylenFUD/FWNyk6NhhgUUNF9U/6JBiEjej8VR92Y76U=
Subject key identifier:   0F:14:14:27:17:AC:8C:AB:04:A9:35:B3:CD:F5:E9:A6:C4:32:57:7F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186AEB7B5D5F430E6B1B0EF6C8BEDE102F4
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/DxQUJxesjKsEqTWzzfXppsQyV38.roa
Signing time:             Sat 04 Mar 2023 22:22:00 +0000
ROA not before:           Sat 04 Mar 2023 22:22:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ae:b7:b5:d5:f4:30:e6:b1:b0:ef:6c:8b:ed:e1:02:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  4 22:22:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0f14142717ac8cab04a935b3cdf5e9a6c432577f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:06:b5:0e:e4:63:f8:46:84:7a:4d:b8:d0:d4:
                    78:b5:46:d6:24:2d:21:13:ed:ca:6d:0b:34:18:d5:
                    bb:f0:4d:42:29:25:25:a2:39:ec:c9:87:59:76:61:
                    f4:b9:d5:2b:d9:ab:93:1d:8a:07:c3:da:73:05:97:
                    8a:4e:eb:05:65:53:7d:ff:98:05:13:40:56:08:7e:
                    9b:25:57:f7:75:39:63:83:3a:c0:95:9a:0c:2f:48:
                    b8:9c:b4:aa:23:f5:a1:1e:63:cc:ab:5a:9f:1e:fc:
                    6c:53:df:92:3b:e1:66:f1:9b:e3:ea:6c:c2:7f:f5:
                    9d:9d:fe:0b:f4:83:93:7f:23:3b:17:a8:5f:58:4d:
                    32:18:54:7e:0f:3c:ee:e3:00:86:cb:36:e9:55:9b:
                    0f:8c:35:ec:2a:26:c8:a4:0b:e0:51:ab:b6:30:17:
                    17:c5:e2:67:f6:bf:58:83:93:b5:26:bb:60:76:a0:
                    da:89:c1:ac:17:0b:7a:0c:41:cb:48:6f:a5:c2:a3:
                    a3:9e:96:9e:f3:26:c7:3d:85:1c:e5:32:f1:fc:18:
                    15:67:c1:d1:29:30:2f:c7:e2:fb:7b:04:4c:2c:fb:
                    a6:c0:cb:09:39:23:a5:58:ca:fb:26:1e:4f:d5:28:
                    19:f1:2b:85:f1:ca:fe:b1:b4:fe:bf:3b:5b:87:d9:
                    98:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:14:14:27:17:AC:8C:AB:04:A9:35:B3:CD:F5:E9:A6:C4:32:57:7F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/DxQUJxesjKsEqTWzzfXppsQyV38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:23:bd:5a:47:10:7a:c1:21:40:64:74:21:a9:be:fa:b0:ea:
         2a:63:f3:9e:ad:20:b6:e2:11:c9:9a:3d:bb:08:2e:92:3c:3f:
         d8:81:c4:81:99:60:b0:56:34:4c:36:2f:32:be:4c:76:94:e4:
         f7:5c:d0:e6:20:bb:ea:3b:13:ad:4a:6e:3b:0b:84:d7:ba:0c:
         f2:70:83:99:0a:9c:e6:52:06:d8:0e:da:4b:58:d8:2e:08:d0:
         f5:e1:88:02:84:55:b1:4c:3f:7e:aa:45:1b:cf:bb:bc:ba:e2:
         ef:8c:0c:ad:f4:a9:55:ca:fd:0a:eb:cb:4f:63:57:6b:8a:da:
         6a:2e:10:f2:13:22:88:81:fa:04:4a:d0:d2:c9:cc:2f:3b:8e:
         8f:d4:f5:6e:e9:52:0f:bc:57:44:09:e9:e8:bf:b7:b2:21:4b:
         b7:4f:21:94:48:04:73:85:cd:00:cf:e3:32:dc:1d:a4:da:05:
         0e:9c:d6:d9:bc:f9:3d:14:67:ba:19:47:cc:c3:80:9d:48:de:
         8d:a4:e8:cb:e0:f9:08:c9:34:b6:7d:bb:88:66:72:23:35:69:
         c8:23:d7:8b:22:da:b7:ba:f4:7e:da:c2:4a:ef:78:1a:2c:91:
         8d:b6:b2:99:34:69:f2:b7:6b:0e:b8:bf:86:14:de:6a:ee:d2:
         1e:e3:4a:04
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYaut7XV9DDmsbDvbIvt4QL0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA0MjIyMjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjE0MTQyNzE3YWM4Y2FiMDRhOTM1YjNjZGY1ZTlhNmM0MzI1NzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQa1DuRj+EaEek240NR4tUbWJC0h
E+3KbQs0GNW78E1CKSUlojnsyYdZdmH0udUr2auTHYoHw9pzBZeKTusFZVN9/5gF
E0BWCH6bJVf3dTljgzrAlZoML0i4nLSqI/WhHmPMq1qfHvxsU9+SO+Fm8Zvj6mzC
f/Wdnf4L9IOTfyM7F6hfWE0yGFR+Dzzu4wCGyzbpVZsPjDXsKibIpAvgUau2MBcX
xeJn9r9Yg5O1JrtgdqDaicGsFwt6DEHLSG+lwqOjnpae8ybHPYUc5TLx/BgVZ8HR
KTAvx+L7ewRMLPumwMsJOSOlWMr7Jh5P1SgZ8SuF8cr+sbT+vztbh9mY7wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFA8UFCcXrIyrBKk1s8316abEMld/MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRHhRVUp4ZXNqS3NFcVRXenpmWHBwc1F5VjM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJEjvVpHEHrBIUBkdCGp
vvqw6ipj856tILbiEcmaPbsILpI8P9iBxIGZYLBWNEw2LzK+THaU5Pdc0OYgu+o7
E61KbjsLhNe6DPJwg5kKnOZSBtgO2ktY2C4I0PXhiAKEVbFMP36qRRvPu7y64u+M
DK30qVXK/Qrry09jV2uK2mouEPITIoiB+gRK0NLJzC87jo/U9W7pUg+8V0QJ6ei/
t7IhS7dPIZRIBHOFzQDP4zLcHaTaBQ6c1tm8+T0UZ7oZR8zDgJ1I3o2k6Mvg+QjJ
NLZ9u4hmciM1acgj14si2re69H7awkrveBoskY22spk0afK3aw64v4YU3mru0h7j
SgQ=
-----END CERTIFICATE-----