Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P75QwCXjXbIVi8CSe2sHLSOTT58.roa
File:                     P75QwCXjXbIVi8CSe2sHLSOTT58.roa (raw, json)
Hash identifier:          qrMCVsPPKIIEVSQ+iQLda7OeXAt9qbsGz4NTUHSeO0c=
Subject key identifier:   3F:BE:50:C0:25:E3:5D:B2:15:8B:C0:92:7B:6B:07:2D:23:93:4F:9F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CF4F1B92066EFDA9D34F99E19A42A5A3
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P75QwCXjXbIVi8CSe2sHLSOTT58.roa
Signing time:             Sat 11 Mar 2023 06:15:13 +0000
ROA not before:           Sat 11 Mar 2023 06:15:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cf:4f:1b:92:06:6e:fd:a9:d3:4f:99:e1:9a:42:a5:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 11 06:15:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3fbe50c025e35db2158bc0927b6b072d23934f9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:03:55:16:2a:2e:3a:e1:99:8d:d4:8a:20:36:
                    8f:48:c9:eb:de:9b:87:a2:72:f4:cd:68:b8:f0:79:
                    68:08:e0:71:87:7f:8e:b8:dc:cf:35:46:57:ed:dc:
                    82:fb:27:de:be:fa:d5:6a:a3:1b:5b:a0:90:ac:a8:
                    76:f4:c8:a0:84:9b:e3:f5:c8:4a:0e:a9:d1:22:83:
                    57:3d:6b:68:83:32:e6:81:10:0c:81:69:fe:bd:32:
                    95:76:16:03:df:00:24:e0:93:e2:cb:57:65:c9:f4:
                    75:90:ad:8c:85:08:2c:2b:65:5b:a0:80:d8:45:30:
                    3e:aa:7d:fa:8d:25:fc:39:e8:20:ac:ef:fb:1d:b7:
                    06:36:7b:ce:00:0b:3e:86:80:47:0a:86:0c:7c:36:
                    e3:cd:8e:8f:cc:70:5b:c1:72:e0:76:1c:12:bc:dc:
                    b4:f4:e1:29:8d:fa:4d:c9:e6:2c:92:37:61:aa:25:
                    09:33:c9:aa:19:86:38:3b:06:b0:7f:d3:7d:9d:fd:
                    97:d6:5a:b9:cb:c0:c2:29:f5:bc:14:f7:6c:f2:c5:
                    9e:e2:03:e1:d7:17:04:ac:9b:1d:b2:5f:84:2e:f1:
                    09:be:f7:93:d7:21:f4:2a:64:e4:c3:9b:e2:a2:f1:
                    ee:01:c1:3d:e6:07:d5:bd:70:7d:85:5f:20:55:f6:
                    43:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:BE:50:C0:25:E3:5D:B2:15:8B:C0:92:7B:6B:07:2D:23:93:4F:9F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/P75QwCXjXbIVi8CSe2sHLSOTT58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:44:c4:27:0f:01:62:41:21:dc:0d:10:ef:6d:cf:49:7c:ef:
         a8:f9:c9:fd:bb:1a:74:fd:bf:74:64:26:84:f6:52:39:5d:10:
         1d:5d:55:b2:84:65:45:55:7c:6e:09:dc:37:ae:c3:d7:60:7a:
         81:ca:71:3a:76:2a:9b:2a:92:7c:1f:8e:bc:d5:56:ee:b1:2d:
         e8:26:71:c9:e5:d4:a8:88:75:ae:61:08:55:b5:c0:89:0a:e6:
         45:1c:70:41:88:23:cc:a3:f5:07:2c:ee:5b:30:c7:b5:2f:2e:
         db:f3:97:e4:be:8f:d8:7c:d8:5e:19:a2:20:99:fb:92:dd:86:
         b1:08:6d:db:41:2c:e0:89:dd:e1:55:e1:b2:d3:0d:22:d9:99:
         60:0a:11:8e:55:7b:07:15:e4:57:b4:31:d4:aa:7a:cf:46:99:
         42:81:c1:9e:dd:ed:13:f4:eb:6c:68:e8:d2:50:e6:e6:0a:35:
         e2:87:5e:ee:05:ed:7e:29:1c:77:a2:2a:36:b4:9a:da:50:d7:
         80:10:77:33:39:02:77:8c:35:13:c9:0c:1b:cc:e8:f6:7c:7f:
         a4:f4:d8:16:21:5b:a8:9a:34:39:67:46:88:93:0c:85:3f:bf:
         57:09:f1:94:5f:44:8d:3f:74:38:66:e2:03:ec:db:dc:f7:bf:
         93:af:20:78
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbPTxuSBm79qdNPmeGaQqWjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzExMDYxNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmJlNTBjMDI1ZTM1ZGIyMTU4YmMwOTI3YjZiMDcyZDIzOTM0ZjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzANVFiouOuGZjdSKIDaPSMnr3puH
onL0zWi48HloCOBxh3+OuNzPNUZX7dyC+yfevvrVaqMbW6CQrKh29MighJvj9chK
DqnRIoNXPWtogzLmgRAMgWn+vTKVdhYD3wAk4JPiy1dlyfR1kK2MhQgsK2VboIDY
RTA+qn36jSX8OeggrO/7HbcGNnvOAAs+hoBHCoYMfDbjzY6PzHBbwXLgdhwSvNy0
9OEpjfpNyeYskjdhqiUJM8mqGYY4Owawf9N9nf2X1lq5y8DCKfW8FPds8sWe4gPh
1xcErJsdsl+ELvEJvveT1yH0KmTkw5viovHuAcE95gfVvXB9hV8gVfZDUwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD++UMAl412yFYvAkntrBy0jk0+fMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUDc1UXdDWGpYYklWaThDU2Uyc0hMU09UVDU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAIJExCcPAWJBIdwNEO9t
z0l876j5yf27GnT9v3RkJoT2UjldEB1dVbKEZUVVfG4J3Deuw9dgeoHKcTp2Kpsq
knwfjrzVVu6xLegmccnl1KiIda5hCFW1wIkK5kUccEGII8yj9Qcs7lswx7UvLtvz
l+S+j9h82F4ZoiCZ+5LdhrEIbdtBLOCJ3eFV4bLTDSLZmWAKEY5VewcV5Fe0MdSq
es9GmUKBwZ7d7RP062xo6NJQ5uYKNeKHXu4F7X4pHHeiKja0mtpQ14AQdzM5AneM
NRPJDBvM6PZ8f6T02BYhW6iaNDlnRoiTDIU/v1cJ8ZRfRI0/dDhm4gPs29z3v5Ov
IHg=
-----END CERTIFICATE-----