Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hngeQSDaYIazOTbNMVuQEok7HmE.roa
File:                     hngeQSDaYIazOTbNMVuQEok7HmE.roa (raw, json)
Hash identifier:          l7mqHA5tHYFtQBrlaXJDT3tYhmWzOi2ELaJMfUeyfxA=
Subject key identifier:   86:78:1E:41:20:DA:60:86:B3:39:36:CD:31:5B:90:12:89:3B:1E:61
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186A42C429D39BBE08C5E6F606D6164AC1D
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hngeQSDaYIazOTbNMVuQEok7HmE.roa
Signing time:             Thu 02 Mar 2023 21:13:29 +0000
ROA not before:           Thu 02 Mar 2023 21:13:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a4:2c:42:9d:39:bb:e0:8c:5e:6f:60:6d:61:64:ac:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  2 21:13:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=86781e4120da6086b33936cd315b9012893b1e61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:13:f2:d8:f1:83:d6:90:ee:5a:53:50:2b:d6:
                    8f:22:c3:25:2e:36:3d:39:11:70:31:c3:4a:1a:b1:
                    c4:7e:d2:22:3a:6f:c5:4b:d2:19:2c:06:99:8e:6f:
                    e0:2b:03:f7:be:2b:b6:30:20:c0:46:16:21:a9:6b:
                    bb:58:98:b2:5d:46:48:06:d9:1f:f0:c1:4d:a9:94:
                    d2:67:05:4d:24:9b:8b:0c:4c:5b:a6:ee:6a:fb:e1:
                    ad:f2:9e:2f:10:b8:63:49:93:35:c0:5d:9f:7f:26:
                    49:0f:88:ca:20:77:c3:a4:e5:eb:ec:64:2a:05:16:
                    ca:09:6c:6e:2f:3c:9b:15:ed:e3:14:2c:b2:1a:9e:
                    29:8b:64:60:60:82:d9:0a:10:d3:d8:ec:03:c9:fa:
                    aa:a6:97:6b:91:82:24:1a:1e:12:ea:59:9d:12:57:
                    99:84:0d:fa:2e:e8:7e:68:a1:bf:77:2c:e0:85:2a:
                    b2:37:48:7c:f1:c0:98:de:89:6d:fa:b4:3d:28:9f:
                    a9:a0:d6:be:e8:2e:9b:ca:70:d4:8a:b0:da:82:2a:
                    19:1e:3b:08:93:ce:3f:3f:c5:2f:c7:bb:48:32:72:
                    9a:25:ad:d0:83:1e:60:37:52:63:68:25:f8:99:94:
                    23:f3:c4:3a:82:78:b2:7a:7e:1c:d2:e8:7e:06:f9:
                    5b:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:78:1E:41:20:DA:60:86:B3:39:36:CD:31:5B:90:12:89:3B:1E:61
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hngeQSDaYIazOTbNMVuQEok7HmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:4a:32:7c:d0:a0:d9:87:3d:12:81:a4:a9:1b:30:6a:12:bb:
         58:96:25:64:10:95:a9:60:84:45:72:06:cf:0b:fb:d0:e8:a0:
         9d:a5:38:9b:63:c1:b1:4b:ee:73:32:e6:a6:cb:69:05:50:bc:
         be:6a:b4:ed:86:ad:58:8b:d5:ba:0e:cd:ef:a6:0b:8e:87:13:
         00:30:41:bc:15:b7:a0:67:e1:fe:2d:e0:d8:1a:82:c1:c5:a5:
         b0:21:a4:53:19:3e:fd:c6:80:52:48:c9:eb:03:75:55:b3:65:
         cc:57:b2:f6:b6:13:c8:b6:e1:8b:19:65:29:88:03:6a:33:b5:
         42:96:5b:ff:6a:3a:6e:96:ff:f9:84:90:0f:cd:65:79:d3:d6:
         a2:22:3f:9e:9c:ff:8d:97:29:a2:73:2e:e1:85:c2:c7:17:cf:
         44:35:07:a6:5f:37:e0:81:39:ec:ac:96:1f:77:7d:46:25:8d:
         95:d9:e0:97:ff:4b:c6:73:9b:e1:08:6a:0e:b8:46:c3:10:4f:
         23:af:e3:d8:b2:92:c0:89:33:eb:16:49:e3:98:a0:0d:d8:e1:
         e7:1e:c4:3e:0f:7e:75:c5:48:5b:35:75:68:1c:e3:3e:ca:18:
         d0:7a:4d:69:2e:18:35:cf:d5:05:6d:f0:31:2c:4b:d3:a5:cc:
         b0:00:a0:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYakLEKdObvgjF5vYG1hZKwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAyMjExMzI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njc4MWU0MTIwZGE2MDg2YjMzOTM2Y2QzMTViOTAxMjg5M2IxZTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohPy2PGD1pDuWlNQK9aPIsMlLjY9
ORFwMcNKGrHEftIiOm/FS9IZLAaZjm/gKwP3viu2MCDARhYhqWu7WJiyXUZIBtkf
8MFNqZTSZwVNJJuLDExbpu5q++Gt8p4vELhjSZM1wF2ffyZJD4jKIHfDpOXr7GQq
BRbKCWxuLzybFe3jFCyyGp4pi2RgYILZChDT2OwDyfqqppdrkYIkGh4S6lmdEleZ
hA36Luh+aKG/dyzghSqyN0h88cCY3olt+rQ9KJ+poNa+6C6bynDUirDagioZHjsI
k84/P8Uvx7tIMnKaJa3Qgx5gN1JjaCX4mZQj88Q6gniyen4c0uh+BvlbmwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIZ4HkEg2mCGszk2zTFbkBKJOx5hMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaG5nZVFTRGFZSWF6T1RiTk1WdVFFb2s3SG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAD5KMnzQoNmHPRKBpKkb
MGoSu1iWJWQQlalghEVyBs8L+9DooJ2lOJtjwbFL7nMy5qbLaQVQvL5qtO2GrViL
1boOze+mC46HEwAwQbwVt6Bn4f4t4NgagsHFpbAhpFMZPv3GgFJIyesDdVWzZcxX
sva2E8i24YsZZSmIA2oztUKWW/9qOm6W//mEkA/NZXnT1qIiP56c/42XKaJzLuGF
wscXz0Q1B6ZfN+CBOeyslh93fUYljZXZ4Jf/S8Zzm+EIag64RsMQTyOv49iyksCJ
M+sWSeOYoA3Y4ecexD4PfnXFSFs1dWgc4z7KGNB6TWkuGDXP1QVt8DEsS9OlzLAA
oKU=
-----END CERTIFICATE-----