Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RUvIliv9gOEQmHtl4Z12nGTiRY4.roa
File:                     RUvIliv9gOEQmHtl4Z12nGTiRY4.roa (raw, json)
Hash identifier:          DOJT9kINQyn1KGEA9U/90xEtdLMxooFELIV4KM9Yig8=
Subject key identifier:   45:4B:C8:96:2B:FD:80:E1:10:98:7B:65:E1:9D:76:9C:64:E2:45:8E
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C9BAE1D7741AC499EB330655EA7D82E7
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RUvIliv9gOEQmHtl4Z12nGTiRY4.roa
Signing time:             Fri 10 Mar 2023 04:15:13 +0000
ROA not before:           Fri 10 Mar 2023 04:15:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c9:ba:e1:d7:74:1a:c4:99:eb:33:06:55:ea:7d:82:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 10 04:15:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=454bc8962bfd80e110987b65e19d769c64e2458e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b6:a8:2a:2c:18:10:82:b1:5b:01:80:14:b4:
                    c9:c7:e3:e0:78:e3:8b:b2:4c:3d:2d:01:a7:2b:39:
                    67:3b:29:a5:96:71:5b:5e:86:2c:d4:3d:77:30:46:
                    00:3e:9a:db:59:34:23:31:fd:0d:10:ba:20:f4:b4:
                    73:a6:8c:3f:87:37:e4:8a:85:71:50:3f:c1:9b:e0:
                    fd:f2:19:63:7b:9e:6d:64:0a:b3:54:17:9e:54:43:
                    96:25:d4:f7:b2:d7:4d:59:4d:30:c2:97:88:65:4e:
                    54:63:75:c3:2e:8a:52:4f:c3:04:bd:a9:b6:c1:a6:
                    aa:40:3a:49:09:16:7d:92:c0:6e:39:24:22:ca:bb:
                    ae:28:90:c6:80:47:be:9e:0f:62:02:45:7e:6e:eb:
                    45:d8:38:0f:b6:73:f7:51:79:46:d9:a2:90:5c:c4:
                    2a:4b:fc:38:d2:c6:70:c3:50:45:cd:93:c5:ce:ae:
                    1b:3c:3a:bd:ce:1b:f9:95:c5:1d:13:f9:4c:28:a7:
                    b5:62:50:f3:92:e9:4d:ba:d7:4f:fc:ba:1d:88:df:
                    79:a2:14:e8:15:fe:96:02:60:77:c8:f5:e4:bd:e3:
                    63:67:90:3d:d5:98:67:0d:e0:d5:f7:01:ef:b3:b9:
                    a1:4f:42:ec:f3:a6:99:a4:dd:30:bb:1a:1b:e0:f6:
                    b0:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:4B:C8:96:2B:FD:80:E1:10:98:7B:65:E1:9D:76:9C:64:E2:45:8E
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/RUvIliv9gOEQmHtl4Z12nGTiRY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:5b:68:31:98:d5:2b:55:fc:3b:f8:70:fa:bf:fb:d0:cd:36:
         4a:75:10:8a:98:03:64:4b:a9:55:a4:ad:da:20:91:f3:da:02:
         55:7c:ca:8b:d7:bc:7a:c0:e7:02:f6:1f:a3:9d:0a:39:1c:2a:
         e2:75:65:7c:6b:b9:25:37:3a:d4:4a:47:e7:fd:14:ce:2a:c1:
         f9:c2:ca:6a:b3:a1:91:fb:e1:7b:4f:2b:a2:8a:a4:d8:b5:56:
         a3:3c:fc:1e:91:ed:ce:7c:29:90:9a:12:be:f1:51:c8:f0:31:
         ab:8e:31:48:bc:3f:64:fd:66:b8:a0:f9:ea:2a:81:f4:a3:5e:
         2c:06:28:03:98:a3:0a:b3:c5:3f:b0:5c:91:80:e9:fd:45:25:
         19:5b:b8:7b:0e:f1:eb:99:22:96:8d:18:1e:4c:d3:46:1c:e6:
         5d:03:0a:84:77:b5:47:7f:86:f7:df:9a:8f:2b:ec:56:9c:16:
         3c:08:95:3f:aa:67:d4:c8:bb:c9:03:11:13:a0:84:ec:2a:bd:
         2f:16:9e:51:4f:33:65:58:68:ea:11:00:e6:d3:74:28:6c:0f:
         c7:63:b8:26:a3:80:c9:2a:93:0d:b4:1e:46:dd:e9:7d:be:00:
         b5:aa:87:ca:fb:c3:40:7a:11:a5:46:33:79:67:53:1c:f0:c7:
         5a:1d:d3:64
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbJuuHXdBrEmeszBlXqfYLnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzEwMDQxNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTRiYzg5NjJiZmQ4MGUxMTA5ODdiNjVlMTlkNzY5YzY0ZTI0NThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoraoKiwYEIKxWwGAFLTJx+PgeOOL
skw9LQGnKzlnOymllnFbXoYs1D13MEYAPprbWTQjMf0NELog9LRzpow/hzfkioVx
UD/Bm+D98hlje55tZAqzVBeeVEOWJdT3stdNWU0wwpeIZU5UY3XDLopST8MEvam2
waaqQDpJCRZ9ksBuOSQiyruuKJDGgEe+ng9iAkV+butF2DgPtnP3UXlG2aKQXMQq
S/w40sZww1BFzZPFzq4bPDq9zhv5lcUdE/lMKKe1YlDzkulNutdP/LodiN95ohTo
Ff6WAmB3yPXkveNjZ5A91ZhnDeDV9wHvs7mhT0Ls86aZpN0wuxob4PawWwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFEVLyJYr/YDhEJh7ZeGddpxk4kWOMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvUlV2SWxpdjlnT0VRbUh0bDRaMTJuR1RpUlk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAARbaDGY1StV/Dv4cPq/
+9DNNkp1EIqYA2RLqVWkrdogkfPaAlV8yovXvHrA5wL2H6OdCjkcKuJ1ZXxruSU3
OtRKR+f9FM4qwfnCymqzoZH74XtPK6KKpNi1VqM8/B6R7c58KZCaEr7xUcjwMauO
MUi8P2T9Zrig+eoqgfSjXiwGKAOYowqzxT+wXJGA6f1FJRlbuHsO8euZIpaNGB5M
00Yc5l0DCoR3tUd/hvffmo8r7FacFjwIlT+qZ9TIu8kDEROghOwqvS8WnlFPM2VY
aOoRAObTdChsD8djuCajgMkqkw20Hkbd6X2+ALWqh8r7w0B6EaVGM3lnUxzwx1od
02Q=
-----END CERTIFICATE-----