Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hs-YD453edHr2RMPx7K0eh3-8aQ.roa
File:                     hs-YD453edHr2RMPx7K0eh3-8aQ.roa (raw, json)
Hash identifier:          c8RbRXp15YJ+OaUos/+T/d7DtHUh81KjR0K07Txlv7Q=
Subject key identifier:   86:CF:98:0F:8E:77:79:D1:EB:D9:13:0F:C7:B2:B4:7A:1D:FE:F1:A4
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       01869FA2783B494B195DFE2BC5287541782E
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hs-YD453edHr2RMPx7K0eh3-8aQ.roa
Signing time:             Thu 02 Mar 2023 00:04:30 +0000
ROA not before:           Thu 02 Mar 2023 00:04:30 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9fa2:58fa/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:9f:a2:78:3b:49:4b:19:5d:fe:2b:c5:28:75:41:78:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  2 00:04:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=86cf980f8e7779d1ebd9130fc7b2b47a1dfef1a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:02:e4:2a:4b:1f:48:b0:ba:51:46:a6:52:b4:
                    aa:b6:b9:4c:f1:f5:44:d3:25:50:90:ef:4a:a2:14:
                    fe:f3:48:10:d8:b9:70:74:ac:e2:c6:e7:1f:3d:aa:
                    1d:2f:7e:6e:f6:b0:1c:3d:05:84:2a:02:69:ef:89:
                    71:0a:cc:0f:b8:05:e6:f1:31:dd:9d:ac:97:f4:36:
                    c5:0f:bb:98:aa:fd:53:d8:31:44:5b:02:4f:8d:5a:
                    e3:89:d3:8b:b3:b4:b9:7f:cf:89:5b:94:0c:fd:85:
                    23:08:9f:a3:bb:d6:eb:6b:e1:71:96:1b:cb:85:40:
                    c7:94:b0:c7:58:c6:3b:fc:fb:1a:2a:d9:0d:09:0c:
                    db:93:c2:7a:1e:ad:3a:28:fd:ff:c0:b2:47:49:9a:
                    4b:0f:ed:96:38:3a:ea:3c:20:f2:5c:78:86:6d:c5:
                    07:47:1c:3f:93:2e:21:4e:89:c6:51:6b:9b:7c:86:
                    0d:be:fb:34:ea:7f:67:7b:9d:b0:10:e0:3f:19:2e:
                    6c:97:cc:ce:17:e1:04:33:65:dc:c5:50:c2:ea:67:
                    8c:96:52:b9:b5:a6:f3:4c:c0:29:14:24:ff:11:1c:
                    25:e1:f9:1c:f5:34:9f:ed:30:8d:8a:50:fb:23:88:
                    30:22:ac:09:32:c6:5e:d3:fd:84:31:00:b1:1a:f4:
                    c5:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:CF:98:0F:8E:77:79:D1:EB:D9:13:0F:C7:B2:B4:7A:1D:FE:F1:A4
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/hs-YD453edHr2RMPx7K0eh3-8aQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:ac:d2:e5:57:e8:f9:2c:fe:5a:f0:29:87:db:85:b2:12:c0:
         d7:55:0f:2c:8d:1c:7d:3b:f0:68:36:e9:13:ae:7f:3d:04:a4:
         07:72:b1:93:15:93:3f:8d:76:ac:a5:32:77:48:3e:67:ae:1d:
         67:49:85:dd:4c:5a:87:8a:09:55:31:43:25:0a:fb:c3:e5:b7:
         31:32:28:4c:56:b0:01:63:fc:a7:b5:f2:b5:b5:dd:f3:07:da:
         56:55:0a:b7:39:78:a4:bf:d5:a8:d3:45:4c:6b:9a:47:f9:de:
         54:34:4c:1a:19:a7:81:54:eb:f4:31:3a:04:1f:dc:b5:a7:95:
         32:44:b0:d0:dc:47:a6:08:9a:92:34:66:cd:ae:2a:e5:c9:78:
         cc:bc:3c:16:eb:06:98:03:99:23:5d:74:6c:50:76:7d:e2:b6:
         22:1c:9c:44:ea:02:dd:36:fe:dc:db:d0:e9:13:68:fd:cf:75:
         eb:f7:34:da:c4:01:8d:5e:13:74:23:78:45:dc:a4:3b:96:61:
         09:20:85:03:bd:8f:8a:e0:16:3b:49:7b:a1:6c:0b:8a:50:e6:
         e6:a7:ac:13:c8:b5:25:2c:57:f0:2a:b0:23:ee:c3:fb:6f:98:
         f2:73:f9:21:04:e7:2b:88:e2:4d:39:57:d4:e8:b1:6e:01:ad:
         c0:e5:9d:db
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYafong7SUsZXf4rxSh1QXguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzAyMDAwNDMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNmOTgwZjhlNzc3OWQxZWJkOTEzMGZjN2IyYjQ3YTFkZmVmMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgLkKksfSLC6UUamUrSqtrlM8fVE
0yVQkO9KohT+80gQ2LlwdKzixucfPaodL35u9rAcPQWEKgJp74lxCswPuAXm8THd
nayX9DbFD7uYqv1T2DFEWwJPjVrjidOLs7S5f8+JW5QM/YUjCJ+ju9bra+FxlhvL
hUDHlLDHWMY7/PsaKtkNCQzbk8J6Hq06KP3/wLJHSZpLD+2WODrqPCDyXHiGbcUH
Rxw/ky4hTonGUWubfIYNvvs06n9ne52wEOA/GS5sl8zOF+EEM2XcxVDC6meMllK5
tabzTMApFCT/ERwl4fkc9TSf7TCNilD7I4gwIqwJMsZe0/2EMQCxGvTFcQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIbPmA+Od3nR69kTD8eytHod/vGkMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvaHMtWUQ0NTNlZEhyMlJNUHg3SzBlaDMtOGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAGes0uVX6Pks/lrwKYfb
hbISwNdVDyyNHH078Gg26ROufz0EpAdysZMVkz+NdqylMndIPmeuHWdJhd1MWoeK
CVUxQyUK+8PltzEyKExWsAFj/Ke18rW13fMH2lZVCrc5eKS/1ajTRUxrmkf53lQ0
TBoZp4FU6/QxOgQf3LWnlTJEsNDcR6YImpI0Zs2uKuXJeMy8PBbrBpgDmSNddGxQ
dn3itiIcnETqAt02/tzb0OkTaP3Pdev3NNrEAY1eE3QjeEXcpDuWYQkghQO9j4rg
FjtJe6FsC4pQ5uanrBPItSUsV/AqsCPuw/tvmPJz+SEE5yuI4k05V9TosW4BrcDl
nds=
-----END CERTIFICATE-----