Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vN4Yk3WUUlA_nHdpOzxnJ9dzio0.roa
File:                     vN4Yk3WUUlA_nHdpOzxnJ9dzio0.roa (raw, json)
Hash identifier:          08A4icC15W388i2ItkcR4G/C5g7CRdt3sdlYQ8VqzU0=
Subject key identifier:   BC:DE:18:93:75:94:52:50:3F:9C:77:69:3B:3C:67:27:D7:73:8A:8D
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186CE05847BBCADD697DD6CF55A8A944A58
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vN4Yk3WUUlA_nHdpOzxnJ9dzio0.roa
Signing time:             Sat 11 Mar 2023 00:15:13 +0000
ROA not before:           Sat 11 Mar 2023 00:15:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:ce:05:84:7b:bc:ad:d6:97:dd:6c:f5:5a:8a:94:4a:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 11 00:15:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bcde1893759452503f9c77693b3c6727d7738a8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:75:c1:de:dd:6f:eb:dd:54:8b:13:f7:82:e3:
                    c9:20:da:fa:39:e0:a2:f3:40:ea:84:48:b6:2b:6a:
                    bd:f4:9a:82:e3:e8:be:dd:c3:6b:38:57:f0:dc:31:
                    68:11:73:32:8a:16:3f:1a:13:e2:b1:a9:05:ac:ec:
                    ac:42:7d:c0:40:91:bb:dd:18:e7:d9:b4:a7:09:34:
                    21:4b:5e:49:9a:d1:a8:6d:f7:21:ec:81:4c:51:fd:
                    63:0d:73:ff:80:4a:9f:a1:a5:2b:07:fe:7a:c9:a5:
                    d8:19:dd:00:53:17:fb:cd:96:85:3e:74:b1:4f:28:
                    27:9b:90:cc:43:e3:1c:29:73:75:34:cd:fe:dc:de:
                    dc:6b:c3:99:c3:dc:22:23:a6:8c:9b:f7:78:52:cf:
                    1f:9c:0d:40:fa:71:4c:43:0e:8d:74:f7:84:e0:5d:
                    1c:48:02:0c:10:b0:c0:7a:e4:d7:37:68:31:3f:0b:
                    06:ce:f1:2e:17:e2:fb:93:61:ad:b7:d4:f3:df:69:
                    af:ad:e2:5b:4b:d8:68:c4:41:d3:40:c4:01:83:48:
                    e4:3f:9d:ab:20:7d:f5:08:f2:c8:f0:df:41:2f:7a:
                    45:e2:ec:31:bd:1d:e7:c6:c5:c3:1b:80:83:b3:18:
                    3d:73:96:27:10:23:7c:25:74:a4:1e:02:99:29:2e:
                    2f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:DE:18:93:75:94:52:50:3F:9C:77:69:3B:3C:67:27:D7:73:8A:8D
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vN4Yk3WUUlA_nHdpOzxnJ9dzio0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:1b:31:10:c4:a9:ee:f5:b9:47:f4:c2:99:37:46:ba:6b:55:
         a3:1c:77:3c:89:88:70:69:9d:ad:1f:e8:f9:eb:1c:89:6e:7f:
         2b:71:45:fa:a8:7c:44:42:cc:81:84:b8:26:34:72:b6:91:9d:
         1b:65:7c:19:e3:b3:61:52:3a:14:af:23:4e:ab:90:95:be:5c:
         a0:a1:2b:b1:31:87:88:53:e9:e5:ca:42:17:bc:1c:09:df:29:
         9d:92:aa:e6:32:71:32:ed:fc:3c:56:53:3d:85:38:23:2e:b8:
         9e:1c:f7:ce:15:20:20:4b:c1:cd:3a:a8:5a:9a:16:b1:33:f7:
         09:65:cb:4d:71:26:ae:eb:38:4f:22:5a:c5:da:72:28:89:c9:
         15:f5:17:73:eb:9e:05:31:40:f3:4c:32:1d:85:bf:74:44:8f:
         97:12:8d:06:54:b4:ec:5c:53:34:3e:3f:ab:9a:75:55:d6:a5:
         57:2e:fc:cc:8f:e7:81:2e:26:55:37:12:96:b2:d6:39:d3:4d:
         56:ea:00:9d:eb:21:43:fb:d6:b2:51:d3:c3:24:74:4b:b1:ae:
         2c:3d:87:2a:df:89:b8:53:af:3f:82:ae:32:fd:b6:d9:30:ae:
         2d:f9:12:be:66:39:d7:95:3f:e0:ef:07:38:80:c3:d6:0a:c7:
         3f:2f:3c:20
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbOBYR7vK3Wl91s9VqKlEpYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzExMDAxNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2RlMTg5Mzc1OTQ1MjUwM2Y5Yzc3NjkzYjNjNjcyN2Q3NzM4YThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3XB3t1v691UixP3guPJINr6OeCi
80DqhEi2K2q99JqC4+i+3cNrOFfw3DFoEXMyihY/GhPisakFrOysQn3AQJG73Rjn
2bSnCTQhS15JmtGobfch7IFMUf1jDXP/gEqfoaUrB/56yaXYGd0AUxf7zZaFPnSx
Tygnm5DMQ+McKXN1NM3+3N7ca8OZw9wiI6aMm/d4Us8fnA1A+nFMQw6NdPeE4F0c
SAIMELDAeuTXN2gxPwsGzvEuF+L7k2Gtt9Tz32mvreJbS9hoxEHTQMQBg0jkP52r
IH31CPLI8N9BL3pF4uwxvR3nxsXDG4CDsxg9c5YnECN8JXSkHgKZKS4vCQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLzeGJN1lFJQP5x3aTs8ZyfXc4qNMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdk40WWszV1VVbEFfbkhkcE96eG5KOWR6aW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBACgbMRDEqe71uUf0wpk3
RrprVaMcdzyJiHBpna0f6PnrHIlufytxRfqofERCzIGEuCY0craRnRtlfBnjs2FS
OhSvI06rkJW+XKChK7Exh4hT6eXKQhe8HAnfKZ2SquYycTLt/DxWUz2FOCMuuJ4c
984VICBLwc06qFqaFrEz9wlly01xJq7rOE8iWsXaciiJyRX1F3PrngUxQPNMMh2F
v3REj5cSjQZUtOxcUzQ+P6uadVXWpVcu/MyP54EuJlU3Epay1jnTTVbqAJ3rIUP7
1rJR08MkdEuxriw9hyrfibhTrz+CrjL9ttkwri35Er5mOdeVP+DvBziAw9YKxz8v
PCA=
-----END CERTIFICATE-----