Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kh5wY9-l0AgDMA0YGoNPdVq65pQ.roa
File:                     Kh5wY9-l0AgDMA0YGoNPdVq65pQ.roa (raw, json)
Hash identifier:          wgO/9SE3tGGix8ibWbmr4V525qvuelHVkPBzvEmaH3s=
Subject key identifier:   2A:1E:70:63:DF:A5:D0:08:03:30:0D:18:1A:83:4F:75:5A:BA:E6:94
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A98AF28E9D65DE06A3365ED8D0A7A932
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kh5wY9-l0AgDMA0YGoNPdVq65pQ.roa
Signing time:             Fri 03 Mar 2023 22:15:00 +0000
ROA not before:           Fri 03 Mar 2023 22:15:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a9:8a:f2:8e:9d:65:de:06:a3:36:5e:d8:d0:a7:a9:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  3 22:15:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a1e7063dfa5d00803300d181a834f755abae694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b0:96:1d:d3:75:af:1d:58:e1:7f:e0:cd:16:
                    88:32:b3:6e:63:48:ef:7e:f2:9b:22:6b:7d:bc:69:
                    e7:c4:fb:43:44:d3:c1:95:18:86:d0:db:b2:78:bc:
                    8b:51:9b:ee:5a:e6:52:f1:16:a3:a2:f3:59:94:9f:
                    72:e8:42:5d:be:a7:2d:82:b1:a5:e5:cc:4e:18:1e:
                    73:d0:27:68:01:2e:5b:51:ce:6e:ee:89:99:63:08:
                    c9:5c:26:04:aa:64:e6:d6:73:2f:65:0c:2f:44:f8:
                    cc:65:ca:1a:02:16:57:34:ba:bd:fd:c4:39:17:e1:
                    b3:82:1d:71:f3:b6:d7:57:66:99:e3:ff:6f:74:1b:
                    34:e6:a2:2e:cc:11:5f:a9:e5:ec:dd:75:9c:3c:cf:
                    f6:9f:2b:d0:15:dd:2d:a3:b1:de:8a:ff:49:25:a8:
                    d8:3b:fc:77:06:4a:11:86:60:5a:b0:4b:b8:5f:80:
                    f6:b8:2b:a0:53:22:6f:8a:14:b1:d8:eb:ab:a0:c3:
                    25:ee:91:08:c2:2c:ad:72:c3:58:6f:f8:37:08:b7:
                    f9:d9:31:4a:8a:9b:8c:a1:05:39:84:b5:a3:fe:27:
                    3f:2b:e9:5b:d5:d0:3f:29:fe:32:20:bf:bf:96:97:
                    87:86:63:e7:e2:c6:82:c8:e5:5c:36:ef:92:9a:7d:
                    b9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:1E:70:63:DF:A5:D0:08:03:30:0D:18:1A:83:4F:75:5A:BA:E6:94
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/Kh5wY9-l0AgDMA0YGoNPdVq65pQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:a0:a6:43:61:fd:65:05:a4:79:53:ff:6a:ea:c5:09:e2:e7:
         c6:ff:91:a2:0e:d0:3f:dd:13:5c:78:b0:e2:30:5c:f6:04:3c:
         96:01:95:dd:b7:a8:db:ce:7c:a1:6e:b5:8c:5a:d9:29:20:25:
         c1:a8:95:45:88:f4:fc:d4:c0:90:2b:0b:ed:07:25:76:e6:0b:
         ef:7e:c4:86:93:3d:a2:fd:de:b7:e3:cb:c7:86:e1:62:31:01:
         9b:e3:6b:c2:9b:9e:80:c5:b7:77:85:f2:4e:35:a4:5e:d0:6b:
         01:01:9e:5b:b4:06:04:d0:b6:cf:df:d4:5b:2e:dd:54:be:3d:
         63:50:95:76:f9:65:61:d8:f5:4f:4e:e4:5d:b5:15:c9:c1:8c:
         2b:45:9f:20:89:ed:71:26:2a:39:5b:84:40:1f:28:ff:39:ce:
         75:ad:46:26:d6:77:bf:6f:b0:0c:1c:ac:23:a8:a5:d5:20:f6:
         1c:6a:39:b3:ad:66:d4:36:d7:15:03:d5:68:f9:96:56:40:d6:
         28:c3:fe:c6:6d:b7:19:c0:25:3d:95:42:6c:f5:f4:e0:a5:f7:
         61:84:d4:30:2d:f5:36:8e:43:61:25:06:2b:42:99:41:fb:26:
         53:04:40:0a:e6:86:d3:aa:1d:12:6b:a3:14:e3:e4:93:99:a9:
         7f:1b:b4:9c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYapivKOnWXeBqM2XtjQp6kyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMjIxNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTFlNzA2M2RmYTVkMDA4MDMzMDBkMTgxYTgzNGY3NTVhYmFlNjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLCWHdN1rx1Y4X/gzRaIMrNuY0jv
fvKbImt9vGnnxPtDRNPBlRiG0NuyeLyLUZvuWuZS8RajovNZlJ9y6EJdvqctgrGl
5cxOGB5z0CdoAS5bUc5u7omZYwjJXCYEqmTm1nMvZQwvRPjMZcoaAhZXNLq9/cQ5
F+Gzgh1x87bXV2aZ4/9vdBs05qIuzBFfqeXs3XWcPM/2nyvQFd0to7Heiv9JJajY
O/x3BkoRhmBasEu4X4D2uCugUyJvihSx2OuroMMl7pEIwiytcsNYb/g3CLf52TFK
ipuMoQU5hLWj/ic/K+lb1dA/Kf4yIL+/lpeHhmPn4saCyOVcNu+Smn25jQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCoecGPfpdAIAzANGBqDT3VauuaUMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvS2g1d1k5LWwwQWdETUEwWUdvTlBkVnE2NXBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACugpkNh/WUFpHlT/2rq
xQni58b/kaIO0D/dE1x4sOIwXPYEPJYBld23qNvOfKFutYxa2SkgJcGolUWI9PzU
wJArC+0HJXbmC+9+xIaTPaL93rfjy8eG4WIxAZvja8KbnoDFt3eF8k41pF7QawEB
nlu0BgTQts/f1Fsu3VS+PWNQlXb5ZWHY9U9O5F21FcnBjCtFnyCJ7XEmKjlbhEAf
KP85znWtRibWd79vsAwcrCOopdUg9hxqObOtZtQ21xUD1Wj5llZA1ijD/sZttxnA
JT2VQmz19OCl92GE1DAt9TaOQ2ElBitCmUH7JlMEQArmhtOqHRJroxTj5JOZqX8b
tJw=
-----END CERTIFICATE-----