Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dH1IHghMPI0VqLSN3yqgo8N_cFE.roa
File:                     dH1IHghMPI0VqLSN3yqgo8N_cFE.roa (raw, json)
Hash identifier:          GEWn8e4emYjyRhbF27JQPXisud6auJ/yFUMsCFfNXAE=
Subject key identifier:   74:7D:48:1E:08:4C:3C:8D:15:A8:B4:8D:DF:2A:A0:A3:C3:7F:70:51
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A65194790C91E3850B22E486745A7CE6
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dH1IHghMPI0VqLSN3yqgo8N_cFE.roa
Signing time:             Fri 03 Mar 2023 07:13:29 +0000
ROA not before:           Fri 03 Mar 2023 07:13:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a6:51:94:79:0c:91:e3:85:0b:22:e4:86:74:5a:7c:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  3 07:13:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=747d481e084c3c8d15a8b48ddf2aa0a3c37f7051
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:11:3c:2a:ca:9d:4d:76:14:de:bf:39:2d:d6:
                    9d:4a:7d:91:2c:73:d1:58:93:bb:fb:60:36:30:8d:
                    cb:8a:68:6a:5b:d9:6d:70:ab:ec:f8:42:14:9f:e9:
                    b7:48:f7:73:c1:8a:2b:fa:96:ce:96:6d:a3:19:9b:
                    2a:cd:a5:4f:0c:ce:df:9b:2a:98:bb:20:4b:46:32:
                    f3:f6:e6:c2:fa:41:6e:fc:31:ea:12:3f:2a:fb:28:
                    ab:6e:55:1b:90:da:de:9f:ea:ff:65:63:c8:e9:30:
                    85:c3:4a:42:42:32:77:b5:da:a3:81:40:c0:87:0f:
                    c4:bb:37:26:dc:ad:ae:a3:8f:05:d8:2a:c1:ee:51:
                    17:2d:e9:16:8d:ac:86:b2:85:8b:0a:86:55:a2:39:
                    8e:97:e2:68:d3:71:2d:43:4d:08:fa:da:ef:4c:26:
                    bb:de:a4:05:cb:7d:38:0a:1a:51:3e:2e:08:56:bc:
                    a5:c7:a0:63:94:d6:75:90:3c:76:c7:07:3f:4c:97:
                    51:ff:83:6f:38:53:13:b1:59:6b:d1:ee:66:d7:69:
                    1d:70:e0:27:b7:08:2a:d1:e1:34:dc:9f:bc:95:89:
                    c0:87:56:3f:cd:ab:93:77:fb:21:32:c8:e1:e2:a7:
                    a4:7b:02:67:56:28:9c:40:f1:be:9d:30:79:7e:7b:
                    f8:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:7D:48:1E:08:4C:3C:8D:15:A8:B4:8D:DF:2A:A0:A3:C3:7F:70:51
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/dH1IHghMPI0VqLSN3yqgo8N_cFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:88:1d:b6:60:0b:cf:de:25:24:27:01:1c:fc:8d:11:a1:fb:
         07:6d:b7:75:6e:e0:8d:ee:33:ab:8d:fd:83:b6:11:11:ac:35:
         c0:a6:52:ab:85:15:58:6a:99:25:b1:67:fe:c7:03:d1:6c:20:
         9e:b6:a6:1d:3f:f2:30:d5:90:9e:3e:60:62:11:f9:a2:ff:38:
         0d:ff:ca:80:1b:b3:2a:9d:8e:06:4e:62:66:b7:b3:ea:55:66:
         8a:57:6c:40:dc:80:55:6a:ed:78:3c:78:8e:9e:9f:f0:85:e2:
         70:8a:28:81:df:84:3a:10:ee:eb:55:a4:80:55:6b:d7:81:67:
         bc:29:ca:d4:2a:b1:b7:7f:03:de:2c:d1:c5:39:f3:5f:66:b6:
         c2:ef:b1:47:fa:02:ef:68:cd:40:a5:d4:e9:86:a5:bf:d9:3a:
         4a:89:99:8c:cb:50:04:f7:aa:5b:ff:6b:fc:31:48:da:64:99:
         a4:e5:b0:4b:95:69:46:97:c9:ad:bd:c0:b4:d7:47:03:6b:40:
         ca:05:4c:15:ef:68:64:40:f0:2f:bb:4b:32:8a:06:b4:02:7d:
         a7:30:b9:ee:ce:f9:7d:5c:0a:24:f4:dc:38:77:f0:5c:85:5a:
         45:dc:39:fa:a3:33:7d:36:a9:26:ea:d7:33:4a:fa:46:9b:75:
         f9:64:63:b3
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYamUZR5DJHjhQsi5IZ0WnzmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAzMDcxMzI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDdkNDgxZTA4NGMzYzhkMTVhOGI0OGRkZjJhYTBhM2MzN2Y3MDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRE8KsqdTXYU3r85LdadSn2RLHPR
WJO7+2A2MI3LimhqW9ltcKvs+EIUn+m3SPdzwYor+pbOlm2jGZsqzaVPDM7fmyqY
uyBLRjLz9ubC+kFu/DHqEj8q+yirblUbkNren+r/ZWPI6TCFw0pCQjJ3tdqjgUDA
hw/Euzcm3K2uo48F2CrB7lEXLekWjayGsoWLCoZVojmOl+Jo03EtQ00I+trvTCa7
3qQFy304ChpRPi4IVrylx6BjlNZ1kDx2xwc/TJdR/4NvOFMTsVlr0e5m12kdcOAn
twgq0eE03J+8lYnAh1Y/zauTd/shMsjh4qekewJnViicQPG+nTB5fnv4EwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHR9SB4ITDyNFai0jd8qoKPDf3BRMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZEgxSUhnaE1QSTBWcUxTTjN5cWdvOE5fY0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBABmIHbZgC8/eJSQnARz8
jRGh+wdtt3Vu4I3uM6uN/YO2ERGsNcCmUquFFVhqmSWxZ/7HA9FsIJ62ph0/8jDV
kJ4+YGIR+aL/OA3/yoAbsyqdjgZOYma3s+pVZopXbEDcgFVq7Xg8eI6en/CF4nCK
KIHfhDoQ7utVpIBVa9eBZ7wpytQqsbd/A94s0cU5819mtsLvsUf6Au9ozUCl1OmG
pb/ZOkqJmYzLUAT3qlv/a/wxSNpkmaTlsEuVaUaXya29wLTXRwNrQMoFTBXvaGRA
8C+7SzKKBrQCfacwue7O+X1cCiT03Dh38FyFWkXcOfqjM302qSbq1zNK+kabdflk
Y7M=
-----END CERTIFICATE-----