Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TXj52ZeMVpPq8WlJMWKF5_TeA5U.roa
File:                     TXj52ZeMVpPq8WlJMWKF5_TeA5U.roa (raw, json)
Hash identifier:          iaLxogjcaAYfdSAqznM8qYlZLnjr1fW53ChTYD/On04=
Subject key identifier:   4D:78:F9:D9:97:8C:56:93:EA:F1:69:49:31:62:85:E7:F4:DE:03:95
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186B4B9CC620351EA8C6C9A45E4AB87FBB1
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TXj52ZeMVpPq8WlJMWKF5_TeA5U.roa
Signing time:             Mon 06 Mar 2023 02:22:00 +0000
ROA not before:           Mon 06 Mar 2023 02:22:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b4:b9:cc:62:03:51:ea:8c:6c:9a:45:e4:ab:87:fb:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  6 02:22:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4d78f9d9978c5693eaf16949316285e7f4de0395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:51:7e:ce:9c:af:94:ef:77:64:6a:99:09:c2:
                    ae:ec:52:de:4e:74:21:15:f1:6a:11:2e:56:f2:48:
                    47:6f:d1:67:67:d3:0f:6a:68:a5:6d:84:f0:42:c9:
                    46:4e:02:fa:08:cc:de:47:76:d4:fc:b6:50:42:63:
                    a2:20:73:6f:b0:11:e8:67:26:09:07:f8:58:17:85:
                    92:15:b5:7f:d3:3f:83:38:19:e7:c4:52:d4:a5:5e:
                    5a:c9:0c:a1:0f:53:61:a7:07:42:f7:62:d9:2a:4a:
                    7e:b3:0e:cc:8e:07:2e:99:76:60:f9:f3:18:84:1d:
                    c3:e3:e0:21:3e:af:0c:7c:0d:f1:bf:6c:01:c4:38:
                    27:4d:8a:cf:8b:f1:c2:3a:41:05:b2:9a:50:43:b2:
                    06:b7:e1:4b:61:ec:3b:8a:1e:72:84:00:90:78:60:
                    d7:62:a1:47:29:4e:a4:56:96:ff:b9:f9:15:de:31:
                    58:77:5e:99:09:c5:0b:4a:77:c7:43:36:85:c9:95:
                    68:0d:08:ef:34:65:1c:a8:a9:1a:aa:7f:8a:f4:88:
                    7c:bf:18:c4:47:16:6d:43:9e:fa:15:b2:cc:62:b1:
                    25:10:d0:e6:e2:74:fc:85:5a:6b:44:33:ee:7d:a4:
                    ec:91:9e:6b:9b:e1:04:6d:e8:ae:0a:f6:39:dd:7e:
                    ed:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:78:F9:D9:97:8C:56:93:EA:F1:69:49:31:62:85:E7:F4:DE:03:95
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/TXj52ZeMVpPq8WlJMWKF5_TeA5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:bd:03:eb:9b:87:18:f9:cf:03:a9:de:4d:f4:7a:9f:da:00:
         5d:5e:24:21:3e:cf:68:19:71:c5:f2:58:d6:bd:93:65:92:d3:
         e9:41:c0:ef:9e:95:49:0c:b8:aa:83:33:14:47:87:f7:e3:3e:
         59:43:c7:4a:78:3a:26:08:b1:54:3e:79:26:11:2d:67:3d:5d:
         f8:6e:62:49:05:4b:40:b0:72:dc:d7:e9:77:14:f9:ba:19:2b:
         71:cd:cf:22:36:b8:d5:89:43:63:0d:a2:e5:b7:c0:a9:c4:7a:
         6f:7a:bd:9c:23:e6:4b:b2:66:8b:90:6c:30:44:82:8f:79:18:
         56:76:ee:ff:f1:25:fd:f7:5f:9c:93:24:52:8e:31:ef:ca:f3:
         08:0f:93:78:39:36:66:8d:55:5d:84:91:f4:77:c0:f0:2b:f3:
         39:c2:86:1b:49:b7:98:16:d8:f9:28:92:e1:ba:b2:69:35:7a:
         b5:42:cf:e9:08:df:d0:09:3d:17:dc:5d:4d:45:43:a8:e2:5b:
         30:7d:4f:bc:0b:85:0f:48:9f:04:90:fb:05:56:72:94:98:58:
         62:3b:55:40:16:27:8b:49:0c:4b:81:c1:dc:0b:1c:a1:ca:f5:
         80:f2:54:8d:c6:f2:d6:e3:df:34:af:76:f7:dd:dd:3c:90:3e:
         eb:39:63:3f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa0ucxiA1HqjGyaReSrh/uxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA2MDIyMjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDc4ZjlkOTk3OGM1NjkzZWFmMTY5NDkzMTYyODVlN2Y0ZGUwMzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVF+zpyvlO93ZGqZCcKu7FLeTnQh
FfFqES5W8khHb9FnZ9MPamilbYTwQslGTgL6CMzeR3bU/LZQQmOiIHNvsBHoZyYJ
B/hYF4WSFbV/0z+DOBnnxFLUpV5ayQyhD1NhpwdC92LZKkp+sw7MjgcumXZg+fMY
hB3D4+AhPq8MfA3xv2wBxDgnTYrPi/HCOkEFsppQQ7IGt+FLYew7ih5yhACQeGDX
YqFHKU6kVpb/ufkV3jFYd16ZCcULSnfHQzaFyZVoDQjvNGUcqKkaqn+K9Ih8vxjE
RxZtQ576FbLMYrElENDm4nT8hVprRDPufaTskZ5rm+EEbeiuCvY53X7tkQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE14+dmXjFaT6vFpSTFihef03gOVMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvVFhqNTJaZU1WcFBxOFdsSk1XS0Y1X1RlQTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBADq9A+ubhxj5zwOp3k30
ep/aAF1eJCE+z2gZccXyWNa9k2WS0+lBwO+elUkMuKqDMxRHh/fjPllDx0p4OiYI
sVQ+eSYRLWc9XfhuYkkFS0CwctzX6XcU+boZK3HNzyI2uNWJQ2MNouW3wKnEem96
vZwj5kuyZouQbDBEgo95GFZ27v/xJf33X5yTJFKOMe/K8wgPk3g5NmaNVV2EkfR3
wPAr8znChhtJt5gW2PkokuG6smk1erVCz+kI39AJPRfcXU1FQ6jiWzB9T7wLhQ9I
nwSQ+wVWcpSYWGI7VUAWJ4tJDEuBwdwLHKHK9YDyVI3G8tbj3zSvdvfd3TyQPus5
Yz8=
-----END CERTIFICATE-----