Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gw97wzPY3zFBDE6IchaUnUJaPXY.roa
File:                     gw97wzPY3zFBDE6IchaUnUJaPXY.roa (raw, json)
Hash identifier:          N5oLWomaF5Taj9agaZ/25y1ppzFHQDzEmZbyjQWKJcM=
Subject key identifier:   83:0F:7B:C3:33:D8:DF:31:41:0C:4E:88:72:16:94:9D:42:5A:3D:76
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C7CB9477E37CA1279F076955919D6BC5
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gw97wzPY3zFBDE6IchaUnUJaPXY.roa
Signing time:             Thu 09 Mar 2023 19:14:13 +0000
ROA not before:           Thu 09 Mar 2023 19:14:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c7:cb:94:77:e3:7c:a1:27:9f:07:69:55:91:9d:6b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  9 19:14:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=830f7bc333d8df31410c4e887216949d425a3d76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c2:85:d0:f4:7c:55:db:63:e1:30:bf:0e:f6:
                    e5:f1:f7:b2:14:3c:b4:62:a6:34:51:54:c5:b0:5d:
                    95:c3:8f:22:87:99:3c:98:e4:8b:f9:9a:2f:1e:8c:
                    6e:ef:5c:b2:72:a7:b1:b2:06:9d:5b:b0:af:fa:c2:
                    e7:b8:d2:e7:68:8b:49:85:bf:18:ba:bc:71:6c:58:
                    63:35:da:e0:5c:69:38:e4:3e:d8:45:fe:af:54:d4:
                    31:40:e4:50:0d:00:1b:55:96:15:f9:c4:68:d0:e6:
                    65:17:8f:ba:71:f5:57:1e:66:74:0e:f2:8c:32:ca:
                    9d:6d:2c:fe:03:5b:b4:6f:94:67:d3:d9:bf:75:75:
                    80:7a:f9:15:9a:92:09:b3:88:a0:ea:58:c5:c7:93:
                    4c:32:e6:4b:31:fb:e6:94:81:75:f7:8e:7d:64:f2:
                    64:1d:24:65:9f:51:f2:37:af:98:23:58:fb:79:ff:
                    b8:a2:57:6a:3d:5b:6d:91:29:ff:f3:00:4d:61:8a:
                    b0:8e:16:97:d9:4f:29:e1:47:6b:cf:04:f1:f3:68:
                    6f:38:51:a1:83:5e:2e:44:90:d6:6b:cb:03:9d:a1:
                    c5:b7:f3:e2:89:3d:e7:c5:0c:12:37:2d:35:58:ba:
                    30:dc:e0:1a:92:c4:0c:ad:d5:18:95:4e:a3:f0:df:
                    2a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:0F:7B:C3:33:D8:DF:31:41:0C:4E:88:72:16:94:9D:42:5A:3D:76
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/gw97wzPY3zFBDE6IchaUnUJaPXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:95:47:1c:58:d7:b4:de:7a:e2:df:4f:29:02:00:0c:98:f2:
         54:28:8a:b9:e6:e9:2b:24:30:19:83:2d:a5:9d:84:d7:b8:f9:
         e7:18:69:c3:ae:02:f8:76:f1:e9:51:c1:44:43:7f:4d:73:16:
         4d:c2:f9:8c:13:16:a2:7b:40:e7:ae:e3:3e:39:b7:0d:d9:bc:
         89:c1:d3:36:e2:07:b8:0b:7d:91:e1:a5:a0:83:89:fa:02:79:
         68:a5:1e:2c:dd:23:7f:50:a6:83:61:2a:4d:17:4d:18:17:d4:
         8d:05:6b:9e:5e:7a:36:fa:49:8d:a7:6f:43:a4:32:3a:7f:83:
         89:49:93:38:9b:13:db:2c:e1:2a:44:21:80:b5:84:86:0a:6a:
         17:b3:e7:3b:52:4f:6a:5c:e0:00:6f:34:94:79:8d:2b:77:32:
         bf:af:19:4d:5c:f1:87:53:cd:4b:41:3f:08:02:e0:ef:a2:05:
         b2:d0:c3:71:e4:5c:2f:97:f6:c6:0d:30:e6:df:42:64:30:8e:
         61:3c:2b:8c:83:4f:f4:71:f8:00:3b:a5:3f:db:12:de:c8:e0:
         d6:2a:53:44:fc:3c:90:b9:c7:3e:4a:f1:00:07:21:9e:f9:63:
         3f:08:7f:6f:14:17:d3:c8:94:ab:25:c2:7c:3a:56:31:f0:b3:
         36:e1:fb:b9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbHy5R343yhJ58HaVWRnWvFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA5MTkxNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzBmN2JjMzMzZDhkZjMxNDEwYzRlODg3MjE2OTQ5ZDQyNWEzZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMKF0PR8Vdtj4TC/Dvbl8feyFDy0
YqY0UVTFsF2Vw48ih5k8mOSL+ZovHoxu71yycqexsgadW7Cv+sLnuNLnaItJhb8Y
urxxbFhjNdrgXGk45D7YRf6vVNQxQORQDQAbVZYV+cRo0OZlF4+6cfVXHmZ0DvKM
MsqdbSz+A1u0b5Rn09m/dXWAevkVmpIJs4ig6ljFx5NMMuZLMfvmlIF19459ZPJk
HSRln1HyN6+YI1j7ef+4oldqPVttkSn/8wBNYYqwjhaX2U8p4UdrzwTx82hvOFGh
g14uRJDWa8sDnaHFt/PiiT3nxQwSNy01WLow3OAaksQMrdUYlU6j8N8qiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIMPe8Mz2N8xQQxOiHIWlJ1CWj12MB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvZ3c5N3d6UFkzekZCREU2SWNoYVVuVUphUFhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH+VRxxY17TeeuLfTykC
AAyY8lQoirnm6SskMBmDLaWdhNe4+ecYacOuAvh28elRwURDf01zFk3C+YwTFqJ7
QOeu4z45tw3ZvInB0zbiB7gLfZHhpaCDifoCeWilHizdI39QpoNhKk0XTRgX1I0F
a55eejb6SY2nb0OkMjp/g4lJkzibE9ss4SpEIYC1hIYKahez5ztST2pc4ABvNJR5
jSt3Mr+vGU1c8YdTzUtBPwgC4O+iBbLQw3HkXC+X9sYNMObfQmQwjmE8K4yDT/Rx
+AA7pT/bEt7I4NYqU0T8PJC5xz5K8QAHIZ75Yz8If28UF9PIlKslwnw6VjHwszbh
+7k=
-----END CERTIFICATE-----