Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nfn5PWyXSmo2TDs6fA4E8NLFAks.roa
File:                     nfn5PWyXSmo2TDs6fA4E8NLFAks.roa (raw, json)
Hash identifier:          7x2BUoP03v4G0ncMXpn1tG6aiPEmFO++lKDV7GaBjzY=
Subject key identifier:   9D:F9:F9:3D:6C:97:4A:6A:36:4C:3B:3A:7C:0E:04:F0:D2:C5:02:4B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186BD808087E79555A8ADF6C6098792FD21
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nfn5PWyXSmo2TDs6fA4E8NLFAks.roa
Signing time:             Tue 07 Mar 2023 19:16:00 +0000
ROA not before:           Tue 07 Mar 2023 19:16:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bd:80:80:87:e7:95:55:a8:ad:f6:c6:09:87:92:fd:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  7 19:16:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9df9f93d6c974a6a364c3b3a7c0e04f0d2c5024b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7b:a0:07:a9:9e:2b:59:9c:07:32:b8:7b:39:
                    a9:0d:ff:57:a5:6a:0b:36:f1:26:1d:37:ea:31:3b:
                    92:d2:39:4c:ad:a9:bc:b0:56:53:f4:4c:76:82:04:
                    59:2e:95:49:19:26:77:a2:c0:92:02:fa:25:f3:49:
                    89:0d:ff:ec:e3:7d:10:66:88:c1:96:26:25:56:31:
                    71:92:bc:9f:f1:32:cc:ac:00:7c:c3:12:8a:77:26:
                    1c:bc:13:06:80:52:69:c2:f7:1a:de:ba:27:aa:61:
                    15:14:59:c8:6c:67:4a:93:9d:2a:eb:4c:09:2e:25:
                    7b:f1:b6:f8:c9:22:0a:a7:ce:d5:31:9e:78:de:15:
                    d5:60:da:9f:b8:2e:c3:75:5d:92:90:a5:fc:be:c6:
                    15:e5:60:08:3f:e1:99:a8:63:73:88:3f:aa:e3:74:
                    72:86:12:1c:e1:31:48:ad:4a:34:90:fc:a2:1c:86:
                    27:8f:51:b6:cd:a1:0d:98:d5:dc:bd:29:71:53:e5:
                    a3:77:81:10:66:6e:4f:88:b5:c3:54:5e:1f:d8:2e:
                    90:ea:31:a1:42:36:05:d0:5d:45:7d:5a:47:35:4f:
                    0f:96:77:aa:36:89:f3:ba:59:63:34:43:f6:c0:0b:
                    7a:06:1c:8c:d6:fd:89:36:80:b6:84:ca:ea:4e:d4:
                    0f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:F9:F9:3D:6C:97:4A:6A:36:4C:3B:3A:7C:0E:04:F0:D2:C5:02:4B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/nfn5PWyXSmo2TDs6fA4E8NLFAks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:68:a6:cb:31:96:3f:7a:bd:e3:c7:5f:8d:48:7a:50:12:b1:
         8c:22:9e:cc:ff:6f:97:f6:cb:4b:5d:6c:6b:87:ea:14:bc:69:
         bc:6f:75:fc:b4:ce:ab:97:03:28:dd:bd:31:df:a8:89:ee:9e:
         31:35:cf:dc:02:87:c2:fa:6c:1a:ee:6a:ec:9a:3b:c7:88:99:
         c8:28:d1:b4:27:4e:cf:00:80:f1:34:ab:74:30:01:ca:56:90:
         80:03:1c:33:85:1a:59:10:ba:95:6c:f6:f1:c0:21:7f:48:d8:
         fe:b3:c8:f8:04:1f:32:e8:8c:b6:67:75:f1:a3:57:04:0b:f2:
         df:41:50:c4:c7:62:f7:3a:e6:af:cc:76:24:c7:c9:f6:c4:bd:
         8f:56:4b:bb:7e:ba:51:dc:dd:38:8e:02:de:f1:11:1c:ab:a1:
         fc:24:e8:e6:df:27:31:3f:89:e0:7e:80:c6:82:7d:9b:8e:f7:
         74:0b:7d:0a:fe:0e:ad:38:80:77:a5:3f:76:ac:cb:34:ee:1a:
         57:dd:78:ae:9c:a4:f2:02:68:f5:10:35:a8:50:0c:70:33:c8:
         c9:04:fc:26:d2:1b:f1:b9:75:05:50:b6:78:7c:fc:9e:66:9c:
         b7:91:df:1e:a8:ea:c2:74:33:78:b2:aa:36:a7:57:58:08:1f:
         c1:9e:a6:35
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYa9gICH55VVqK32xgmHkv0hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA3MTkxNjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGY5ZjkzZDZjOTc0YTZhMzY0YzNiM2E3YzBlMDRmMGQyYzUwMjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3ugB6meK1mcBzK4ezmpDf9XpWoL
NvEmHTfqMTuS0jlMram8sFZT9Ex2ggRZLpVJGSZ3osCSAvol80mJDf/s430QZojB
liYlVjFxkryf8TLMrAB8wxKKdyYcvBMGgFJpwvca3ronqmEVFFnIbGdKk50q60wJ
LiV78bb4ySIKp87VMZ543hXVYNqfuC7DdV2SkKX8vsYV5WAIP+GZqGNziD+q43Ry
hhIc4TFIrUo0kPyiHIYnj1G2zaENmNXcvSlxU+Wjd4EQZm5PiLXDVF4f2C6Q6jGh
QjYF0F1FfVpHNU8PlneqNonzulljNEP2wAt6BhyM1v2JNoC2hMrqTtQP1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ35+T1sl0pqNkw7OnwOBPDSxQJLMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvbmZuNVBXeVhTbW8yVERzNmZBNEU4TkxGQWtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAHpopssxlj96vePHX41I
elASsYwinsz/b5f2y0tdbGuH6hS8abxvdfy0zquXAyjdvTHfqInunjE1z9wCh8L6
bBruauyaO8eImcgo0bQnTs8AgPE0q3QwAcpWkIADHDOFGlkQupVs9vHAIX9I2P6z
yPgEHzLojLZndfGjVwQL8t9BUMTHYvc65q/MdiTHyfbEvY9WS7t+ulHc3TiOAt7x
ERyrofwk6ObfJzE/ieB+gMaCfZuO93QLfQr+Dq04gHelP3asyzTuGlfdeK6cpPIC
aPUQNahQDHAzyMkE/CbSG/G5dQVQtnh8/J5mnLeR3x6o6sJ0M3iyqjanV1gIH8Ge
pjU=
-----END CERTIFICATE-----