Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/O37IIkHvklFpsYfqBwKFqe4CfPw.roa
File:                     O37IIkHvklFpsYfqBwKFqe4CfPw.roa (raw, json)
Hash identifier:          OWHsMZ3eVPudI76RfZDcDeGYJmBkWuD09ptFXqjQwUU=
Subject key identifier:   3B:7E:C8:22:41:EF:92:51:69:B1:87:EA:07:02:85:A9:EE:02:7C:FC
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CA64423F50E5B7CC9A184D1475F1C2B7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/O37IIkHvklFpsYfqBwKFqe4CfPw.roa
Signing time:             Fri 10 Mar 2023 07:20:13 +0000
ROA not before:           Fri 10 Mar 2023 07:20:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ca:64:42:3f:50:e5:b7:cc:9a:18:4d:14:75:f1:c2:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 10 07:20:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3b7ec82241ef925169b187ea070285a9ee027cfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:70:c4:6c:95:f1:5f:f6:3e:f7:62:48:e4:6c:
                    25:a5:39:76:a4:3d:e8:1b:a2:33:6e:0c:63:ae:90:
                    8a:43:e8:da:16:2c:26:64:a9:ef:3d:63:48:d1:b3:
                    5a:bd:33:b6:d0:74:97:5b:f0:ad:4c:7f:a1:c7:35:
                    70:e3:53:fe:af:51:4a:df:cf:e2:8c:d6:b7:11:51:
                    7a:7b:dc:10:75:8e:a6:7c:e4:e0:fd:a7:cf:0b:cd:
                    58:b4:cf:7f:92:98:91:69:26:2d:e1:84:9e:c3:fc:
                    bc:5c:54:46:a5:86:55:7c:c4:f5:5d:a1:9b:35:4b:
                    52:d6:f7:48:fb:cb:0a:a4:c1:5f:4a:b6:f5:9a:de:
                    ee:97:af:99:14:11:b2:58:3c:aa:35:0c:08:d4:a2:
                    7b:77:f4:1a:c4:1d:0f:38:51:22:f5:ae:1b:28:92:
                    95:39:ab:3a:59:23:91:5c:1f:92:9a:54:06:21:b9:
                    90:64:4a:25:4b:c4:a3:97:b9:de:68:1a:66:1e:e2:
                    da:08:92:20:1e:bb:63:eb:aa:fc:91:36:b2:55:ac:
                    82:37:ae:10:16:7e:5d:50:59:67:3e:d5:da:4e:51:
                    fe:df:cb:29:39:9a:b4:24:ed:48:73:82:a5:36:dc:
                    83:83:4a:e8:27:58:bd:9d:fe:f6:f0:4f:af:a8:a4:
                    ce:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:7E:C8:22:41:EF:92:51:69:B1:87:EA:07:02:85:A9:EE:02:7C:FC
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/O37IIkHvklFpsYfqBwKFqe4CfPw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:3c:33:df:27:b3:bf:9d:c5:d8:2f:c8:e5:cd:0f:57:c7:49:
         d6:75:33:32:00:e7:6a:99:59:2c:db:3e:71:d9:8b:ce:4e:ef:
         ab:0e:45:24:09:4d:4e:22:43:35:86:a3:c0:c5:ff:fb:65:8f:
         af:e2:a5:2e:45:be:4b:87:5a:3d:f2:72:04:6d:3d:4b:40:65:
         81:c0:3b:d0:ca:39:c9:33:1f:f4:3a:aa:e9:a2:27:5f:a8:b7:
         c5:01:de:9d:62:e7:9a:55:cf:89:f5:a7:32:44:e8:9a:af:b3:
         8b:60:a3:2d:34:1f:99:5d:d6:09:fd:0f:24:8f:e1:ac:4a:f5:
         c6:d2:6f:bf:6e:47:de:bc:4b:43:fe:72:0f:be:31:2f:78:d9:
         3d:e9:1e:4d:5a:23:52:95:fe:be:d5:36:57:97:56:a1:c1:0b:
         54:77:98:16:ba:d8:bc:fd:e0:37:b0:ae:d3:42:78:29:38:0f:
         98:61:ad:70:78:4a:10:2a:7f:92:df:23:ac:95:d8:bc:61:3c:
         90:d9:2f:7b:40:7e:e3:c2:94:7f:7a:43:0d:25:1a:c2:fc:c2:
         61:2e:d6:d5:f1:9a:73:22:48:86:16:f3:c5:76:12:74:b3:77:
         43:63:63:2a:1e:02:fb:b1:4a:f3:1b:78:ba:e0:dc:0e:a7:ce:
         35:c6:ac:3a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbKZEI/UOW3zJoYTRR18cK3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEwMDcyMDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjdlYzgyMjQxZWY5MjUxNjliMTg3ZWEwNzAyODVhOWVlMDI3Y2ZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXDEbJXxX/Y+92JI5GwlpTl2pD3o
G6IzbgxjrpCKQ+jaFiwmZKnvPWNI0bNavTO20HSXW/CtTH+hxzVw41P+r1FK38/i
jNa3EVF6e9wQdY6mfOTg/afPC81YtM9/kpiRaSYt4YSew/y8XFRGpYZVfMT1XaGb
NUtS1vdI+8sKpMFfSrb1mt7ul6+ZFBGyWDyqNQwI1KJ7d/QaxB0POFEi9a4bKJKV
Oas6WSORXB+SmlQGIbmQZEolS8Sjl7neaBpmHuLaCJIgHrtj66r8kTayVayCN64Q
Fn5dUFlnPtXaTlH+38spOZq0JO1Ic4KlNtyDg0roJ1i9nf728E+vqKTOGwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDt+yCJB75JRabGH6gcChanuAnz8MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvTzM3SUlrSHZrbEZwc1lmcUJ3S0ZxZTRDZlB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADE8M98ns7+dxdgvyOXN
D1fHSdZ1MzIA52qZWSzbPnHZi85O76sORSQJTU4iQzWGo8DF//tlj6/ipS5FvkuH
Wj3ycgRtPUtAZYHAO9DKOckzH/Q6qumiJ1+ot8UB3p1i55pVz4n1pzJE6Jqvs4tg
oy00H5ld1gn9DySP4axK9cbSb79uR968S0P+cg++MS942T3pHk1aI1KV/r7VNleX
VqHBC1R3mBa62Lz94DewrtNCeCk4D5hhrXB4ShAqf5LfI6yV2LxhPJDZL3tAfuPC
lH96Qw0lGsL8wmEu1tXxmnMiSIYW88V2EnSzd0NjYyoeAvuxSvMbeLrg3A6nzjXG
rDo=
-----END CERTIFICATE-----