Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mtSTBwJwUEj2HfMvOyj0s5B1DpA.roa
File:                     mtSTBwJwUEj2HfMvOyj0s5B1DpA.roa (raw, json)
Hash identifier:          BaseZARW9qZKIH/OANenV7sw9utbYZSFsOjb356MDNQ=
Subject key identifier:   9A:D4:93:07:02:70:50:48:F6:1D:F3:2F:3B:28:F4:B3:90:75:0E:90
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186AACB60B6666CAB2680A5913B350E470A
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mtSTBwJwUEj2HfMvOyj0s5B1DpA.roa
Signing time:             Sat 04 Mar 2023 04:05:00 +0000
ROA not before:           Sat 04 Mar 2023 04:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
                          2001:67c:64:ffff:0:186:aaca:d64f/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:aa:cb:60:b6:66:6c:ab:26:80:a5:91:3b:35:0e:47:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  4 04:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9ad4930702705048f61df32f3b28f4b390750e90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c0:e4:a4:0c:b8:9c:60:cb:4e:3a:86:ac:3c:
                    c8:98:8a:d9:15:2e:e6:0f:49:3f:e3:4a:57:1b:52:
                    88:c0:91:7a:4c:b5:ed:f3:36:a9:53:0e:f2:0c:14:
                    14:f3:77:3d:df:01:2f:92:3f:be:3b:5f:6f:04:04:
                    62:b1:b2:1b:8f:f1:12:69:1c:a6:35:c4:ef:60:ed:
                    0b:90:d5:fc:74:1c:09:d9:8b:44:b1:c4:5a:77:79:
                    da:dd:70:5c:dd:39:64:64:87:43:22:11:fb:ff:c1:
                    47:40:e8:f0:31:00:ca:4e:e6:7f:6f:28:57:6d:19:
                    c8:1f:4f:75:e4:43:52:48:81:ec:39:ff:e8:7c:c3:
                    40:fc:81:0c:cf:d1:5e:f2:6d:e9:77:3e:d4:e1:71:
                    b6:88:c5:9e:df:c3:7e:5f:d8:98:50:c8:9f:f2:60:
                    3d:6a:a4:82:6b:03:ac:0a:82:18:37:ec:c1:a4:f8:
                    7c:3b:d2:2b:3a:df:ca:60:22:ce:7d:b7:ae:c3:e5:
                    a0:99:b1:3c:93:e0:93:fa:2e:dc:e6:b3:e4:35:de:
                    85:d2:e5:c7:0d:47:62:ba:10:ca:c2:c9:e4:af:e3:
                    b9:2d:f0:c2:32:0a:60:81:ad:7d:69:d9:b4:90:89:
                    04:ab:b2:02:77:98:01:99:66:a4:5d:f7:5b:a0:30:
                    87:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:D4:93:07:02:70:50:48:F6:1D:F3:2F:3B:28:F4:B3:90:75:0E:90
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/mtSTBwJwUEj2HfMvOyj0s5B1DpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:48:a2:12:98:b1:5d:91:74:94:13:8f:c8:03:2a:21:41:38:
         eb:0f:ae:5e:d6:4b:44:56:3c:0f:c0:47:34:f9:f1:fd:e2:15:
         93:f2:8f:5f:8d:2e:84:da:37:ef:53:4c:4b:83:d1:60:42:72:
         75:ba:7d:8b:fe:fe:ac:ee:64:68:32:78:89:8b:80:dd:a2:0e:
         b5:ff:58:b2:0f:67:d7:1b:c9:e0:eb:45:0b:ad:9e:a9:8a:6b:
         d3:40:dd:1f:11:e6:bd:dc:64:60:55:78:71:61:f2:c1:99:2f:
         1d:52:8a:d1:4c:b6:72:b7:71:d5:1c:fc:79:05:64:2a:31:6f:
         9d:15:c3:5e:9b:1e:da:ca:db:4e:55:92:90:e5:43:26:22:d8:
         08:ad:4a:db:f4:2f:df:98:a3:39:fa:72:48:2f:8f:cc:c0:06:
         2f:e4:3e:c2:d8:1b:8d:97:3b:c0:32:45:fd:11:dd:99:e7:38:
         28:c5:0b:64:d2:34:cc:0f:f0:72:94:bc:bb:51:9e:1e:28:46:
         b8:79:87:1e:1b:04:b7:bf:fb:bd:39:34:c4:39:88:1c:ce:b3:
         c9:d3:fb:68:a0:04:f1:6d:b0:be:e9:3e:1e:35:66:85:ba:71:
         31:ce:f8:af:77:53:8b:eb:54:f2:b7:4a:37:00:f1:ab:04:c9:
         34:83:1a:a5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYaqy2C2ZmyrJoClkTs1DkcKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA0MDQwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWQ0OTMwNzAyNzA1MDQ4ZjYxZGYzMmYzYjI4ZjRiMzkwNzUwZTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8DkpAy4nGDLTjqGrDzImIrZFS7m
D0k/40pXG1KIwJF6TLXt8zapUw7yDBQU83c93wEvkj++O19vBARisbIbj/ESaRym
NcTvYO0LkNX8dBwJ2YtEscRad3na3XBc3TlkZIdDIhH7/8FHQOjwMQDKTuZ/byhX
bRnIH0915ENSSIHsOf/ofMNA/IEMz9Fe8m3pdz7U4XG2iMWe38N+X9iYUMif8mA9
aqSCawOsCoIYN+zBpPh8O9IrOt/KYCLOfbeuw+WgmbE8k+CT+i7c5rPkNd6F0uXH
DUdiuhDKwsnkr+O5LfDCMgpgga19adm0kIkEq7ICd5gBmWakXfdboDCHvwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJrUkwcCcFBI9h3zLzso9LOQdQ6QMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbXRTVEJ3SndVRWoySGZNdk95ajBzNUIxRHBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAH9IohKYsV2RdJQTj8gD
KiFBOOsPrl7WS0RWPA/ARzT58f3iFZPyj1+NLoTaN+9TTEuD0WBCcnW6fYv+/qzu
ZGgyeImLgN2iDrX/WLIPZ9cbyeDrRQutnqmKa9NA3R8R5r3cZGBVeHFh8sGZLx1S
itFMtnK3cdUc/HkFZCoxb50Vw16bHtrK205VkpDlQyYi2AitStv0L9+Yozn6ckgv
j8zABi/kPsLYG42XO8AyRf0R3ZnnOCjFC2TSNMwP8HKUvLtRnh4oRrh5hx4bBLe/
+705NMQ5iBzOs8nT+2igBPFtsL7pPh41ZoW6cTHO+K93U4vrVPK3SjcA8asEyTSD
GqU=
-----END CERTIFICATE-----