Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PuRk3gCixez6eReER7qnXn76_58.roa
File:                     PuRk3gCixez6eReER7qnXn76_58.roa (raw, json)
Hash identifier:          ngHJoA8HaVULS3dWX343QiTsif7C1sLRr/Ib5NKC7DA=
Subject key identifier:   3E:E4:64:DE:00:A2:C5:EC:FA:79:17:84:47:BA:A7:5E:7E:FA:FF:9F
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A321D7AEB0BC5309AEB5F6460B14287F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PuRk3gCixez6eReER7qnXn76_58.roa
Signing time:             Thu 02 Mar 2023 16:22:29 +0000
ROA not before:           Thu 02 Mar 2023 16:22:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a3:21:d7:ae:b0:bc:53:09:ae:b5:f6:46:0b:14:28:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  2 16:22:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3ee464de00a2c5ecfa79178447baa75e7efaff9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:65:33:9d:13:a3:41:cf:f8:52:aa:f8:2b:bc:
                    6a:4c:b2:66:12:d5:8b:36:ba:b8:8c:4e:42:4e:35:
                    c2:e4:94:d9:72:17:28:04:4a:a9:c4:20:08:0f:49:
                    62:6c:7a:61:08:f6:0f:37:49:59:c8:d0:83:64:3e:
                    9a:bb:e5:9b:82:71:84:c9:44:c3:96:00:0c:f3:75:
                    68:ad:14:2f:aa:28:f5:f0:bf:96:2a:f1:24:0c:01:
                    94:c2:ab:89:c3:51:ba:82:66:e9:3a:e4:b3:d0:cb:
                    96:9b:fa:16:1e:b5:de:01:23:8b:45:b4:77:0a:c5:
                    ff:db:c4:c2:6d:47:9c:cd:e7:41:0e:41:cc:63:19:
                    e9:a3:75:96:67:e3:fb:90:15:44:63:0c:ca:a8:6c:
                    71:39:8c:70:dd:7e:c8:56:e2:97:de:c8:02:fe:c8:
                    3f:a7:cc:1d:be:25:ab:90:aa:c2:62:fc:63:ef:37:
                    c5:58:61:c8:00:df:a9:62:c1:a0:fe:5e:0a:6d:5c:
                    47:ce:8c:d2:9a:90:af:ed:03:0b:0a:81:7a:97:23:
                    ff:ef:1f:aa:94:2c:f8:5f:af:09:89:95:f3:79:8a:
                    5c:54:b9:09:e0:32:c3:45:80:41:d0:23:3d:eb:cd:
                    63:6a:c3:d5:74:f2:d2:27:88:05:6a:e3:1e:82:ce:
                    13:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:E4:64:DE:00:A2:C5:EC:FA:79:17:84:47:BA:A7:5E:7E:FA:FF:9F
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/PuRk3gCixez6eReER7qnXn76_58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:fc:e0:ee:2e:ce:0b:d5:52:6a:04:b1:88:e3:d8:e4:4e:f5:
         e9:99:ec:52:04:17:c0:c7:4b:cc:5a:cd:90:0b:18:96:79:e4:
         4b:9c:6c:b0:b5:ec:2b:19:09:4d:66:08:62:64:6e:40:5e:a4:
         d9:d9:6b:b1:bc:a5:f7:44:82:26:31:66:ad:38:b9:fa:d6:83:
         f5:c3:07:92:ad:b1:ed:99:5e:3b:44:f5:79:2e:c1:e0:63:fc:
         68:1c:4c:0c:0e:60:90:d1:60:77:cd:af:66:e3:eb:71:17:2a:
         a7:bd:ed:c3:f1:55:93:99:e6:d8:46:cb:06:3b:f9:e0:3d:6e:
         09:57:3d:22:71:c9:a7:90:8d:72:a4:e1:05:bf:4d:c4:3d:29:
         ca:73:e4:af:85:b8:9b:10:86:45:70:dc:e6:27:c5:4f:4f:11:
         66:60:af:aa:20:84:90:1d:a1:d1:07:c0:21:34:a6:02:42:a7:
         38:8d:8a:e9:35:3d:f3:11:62:72:00:fa:ce:b4:bd:2d:e6:b4:
         48:34:1e:ab:53:cc:63:0b:6c:28:b1:0c:d8:34:b4:39:f0:9f:
         51:65:6c:31:74:3d:0c:51:a9:9b:bb:94:3f:66:0b:7d:34:d0:
         7b:03:7a:62:e3:c3:a3:03:df:c6:91:fd:db:ca:29:2b:7e:19:
         29:5c:f6:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYajIdeusLxTCa619kYLFCh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAyMTYyMjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWU0NjRkZTAwYTJjNWVjZmE3OTE3ODQ0N2JhYTc1ZTdlZmFmZjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWUznROjQc/4Uqr4K7xqTLJmEtWL
Nrq4jE5CTjXC5JTZchcoBEqpxCAID0libHphCPYPN0lZyNCDZD6au+WbgnGEyUTD
lgAM83VorRQvqij18L+WKvEkDAGUwquJw1G6gmbpOuSz0MuWm/oWHrXeASOLRbR3
CsX/28TCbUeczedBDkHMYxnpo3WWZ+P7kBVEYwzKqGxxOYxw3X7IVuKX3sgC/sg/
p8wdviWrkKrCYvxj7zfFWGHIAN+pYsGg/l4KbVxHzozSmpCv7QMLCoF6lyP/7x+q
lCz4X68JiZXzeYpcVLkJ4DLDRYBB0CM9681jasPVdPLSJ4gFauMegs4TwQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD7kZN4AosXs+nkXhEe6p15++v+fMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUHVSazNnQ2l4ZXo2ZVJlRVI3cW5Ybjc2XzU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAE784O4uzgvVUmoEsYjj
2ORO9emZ7FIEF8DHS8xazZALGJZ55EucbLC17CsZCU1mCGJkbkBepNnZa7G8pfdE
giYxZq04ufrWg/XDB5Ktse2ZXjtE9XkuweBj/GgcTAwOYJDRYHfNr2bj63EXKqe9
7cPxVZOZ5thGywY7+eA9bglXPSJxyaeQjXKk4QW/TcQ9Kcpz5K+FuJsQhkVw3OYn
xU9PEWZgr6oghJAdodEHwCE0pgJCpziNiuk1PfMRYnIA+s60vS3mtEg0HqtTzGML
bCixDNg0tDnwn1FlbDF0PQxRqZu7lD9mC3000HsDemLjw6MD38aR/dvKKSt+GSlc
9h0=
-----END CERTIFICATE-----