Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QuZIhuTFdnXSZbtf68iZ4G6uxKE.roa
File:                     QuZIhuTFdnXSZbtf68iZ4G6uxKE.roa (raw, json)
Hash identifier:          ts6zDJKc1ya5bVbeqTnrszLeMlL/O0SuAmt2my0bawI=
Subject key identifier:   42:E6:48:86:E4:C5:76:75:D2:65:BB:5F:EB:C8:99:E0:6E:AE:C4:A1
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B36C8CB379BFCA65DD1BD3EFF02FF54F
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QuZIhuTFdnXSZbtf68iZ4G6uxKE.roa
Signing time:             Sun 05 Mar 2023 20:18:00 +0000
ROA not before:           Sun 05 Mar 2023 20:18:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b3:6c:8c:b3:79:bf:ca:65:dd:1b:d3:ef:f0:2f:f5:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  5 20:18:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=42e64886e4c57675d265bb5febc899e06eaec4a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:cc:fe:ff:6d:cb:2c:a0:de:55:be:d1:f5:44:
                    31:26:de:fa:e0:bb:76:54:80:98:5b:6a:8f:c9:09:
                    7d:fc:37:26:5c:ad:8c:72:ff:81:02:6f:b9:ca:19:
                    b0:8f:55:f3:bc:30:94:e5:60:99:40:ee:37:3d:23:
                    ae:e6:e8:0f:d9:4d:e5:c5:64:50:b8:6d:14:c9:ef:
                    34:73:12:3f:f3:37:36:74:b6:3c:11:21:64:75:db:
                    64:50:60:87:04:8f:0c:ce:d9:42:02:3b:9a:ba:f1:
                    e9:82:af:2b:91:bf:66:c0:53:be:fb:eb:01:cb:0e:
                    a1:ad:fa:d2:48:7b:46:b2:67:e2:4d:80:e8:69:e6:
                    cb:e3:13:c0:62:94:87:55:53:cf:d8:6b:ac:60:bf:
                    18:5b:27:94:59:eb:e5:dc:d5:ea:91:f6:7f:fc:98:
                    7d:b2:6d:5f:f3:f7:bb:6a:14:f1:1f:05:17:7a:4a:
                    57:94:30:94:49:8d:9a:0f:77:ea:27:73:b7:aa:b3:
                    d8:22:87:85:3f:02:f9:5b:f5:30:58:71:89:17:05:
                    f8:5d:8d:e3:5b:d5:f8:10:94:07:9e:10:5a:49:b6:
                    82:42:da:7d:58:38:57:8a:0f:75:9d:ac:fe:bf:99:
                    b1:9b:d1:a3:bc:60:e9:a7:6d:82:bb:cf:c4:fa:f4:
                    ea:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:E6:48:86:E4:C5:76:75:D2:65:BB:5F:EB:C8:99:E0:6E:AE:C4:A1
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/QuZIhuTFdnXSZbtf68iZ4G6uxKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:54:a7:06:b4:c4:ce:26:57:c9:17:85:46:ab:1d:57:22:ee:
         b1:c1:a5:36:2e:29:eb:9d:ce:8c:26:34:ec:11:37:e5:e4:94:
         8e:98:8a:a7:59:cc:ec:29:a6:82:28:3e:f1:ef:1d:1a:ac:3a:
         ac:4e:cc:39:4e:ba:cc:72:e6:56:8e:81:8c:59:ab:84:2e:00:
         6d:9d:fa:3d:47:25:b2:58:76:62:fe:e7:ef:a4:fc:c4:b8:0b:
         22:fd:40:1e:4d:2d:b5:a9:0d:4b:10:41:a8:d4:bb:93:33:2b:
         cb:27:30:5e:0c:44:a5:19:ca:87:08:1a:c5:df:ea:d5:b4:d4:
         34:df:e7:ec:2d:1f:78:3e:8b:d2:62:0d:84:ed:31:15:e9:ad:
         17:35:5d:0c:3b:ab:be:20:65:d0:4d:b7:8d:36:ba:ce:d9:1c:
         76:89:b5:0b:c8:f2:8d:5f:d2:d2:04:55:ab:5a:0b:cb:bd:24:
         15:0b:38:ac:f6:c6:37:de:fc:b6:f1:e4:e3:01:ae:c1:26:e4:
         f4:1e:25:3e:f1:92:42:98:c4:4f:65:81:b3:2f:bd:0e:f1:f8:
         82:7f:e8:b5:14:98:0a:41:9a:83:3c:21:05:f6:bb:b3:63:aa:
         0a:80:a3:35:71:7c:45:6e:f9:0e:43:55:ae:b0:53:4b:10:f2:
         ae:a9:ec:03
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYazbIyzeb/KZd0b0+/wL/VPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA1MjAxODAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmU2NDg4NmU0YzU3Njc1ZDI2NWJiNWZlYmM4OTllMDZlYWVjNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMz+/23LLKDeVb7R9UQxJt764Lt2
VICYW2qPyQl9/DcmXK2Mcv+BAm+5yhmwj1XzvDCU5WCZQO43PSOu5ugP2U3lxWRQ
uG0Uye80cxI/8zc2dLY8ESFkddtkUGCHBI8MztlCAjuauvHpgq8rkb9mwFO+++sB
yw6hrfrSSHtGsmfiTYDoaebL4xPAYpSHVVPP2GusYL8YWyeUWevl3NXqkfZ//Jh9
sm1f8/e7ahTxHwUXekpXlDCUSY2aD3fqJ3O3qrPYIoeFPwL5W/UwWHGJFwX4XY3j
W9X4EJQHnhBaSbaCQtp9WDhXig91naz+v5mxm9GjvGDpp22Cu8/E+vTqzwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFELmSIbkxXZ10mW7X+vImeBursShMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUXVaSWh1VEZkblhTWmJ0ZjY4aVo0RzZ1eEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGJUpwa0xM4mV8kXhUar
HVci7rHBpTYuKeudzowmNOwRN+XklI6YiqdZzOwppoIoPvHvHRqsOqxOzDlOusxy
5laOgYxZq4QuAG2d+j1HJbJYdmL+5++k/MS4CyL9QB5NLbWpDUsQQajUu5MzK8sn
MF4MRKUZyocIGsXf6tW01DTf5+wtH3g+i9JiDYTtMRXprRc1XQw7q74gZdBNt402
us7ZHHaJtQvI8o1f0tIEVataC8u9JBULOKz2xjfe/Lbx5OMBrsEm5PQeJT7xkkKY
xE9lgbMvvQ7x+IJ/6LUUmApBmoM8IQX2u7NjqgqAozVxfEVu+Q5DVa6wU0sQ8q6p
7AM=
-----END CERTIFICATE-----