Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vSVq-M6D_yqHJdmlQ8mz_l_F3As.roa
File:                     vSVq-M6D_yqHJdmlQ8mz_l_F3As.roa (raw, json)
Hash identifier:          F2bTHkHzuarTPxmRKxpyn1wB13E2r8z/HXdkwOspNQI=
Subject key identifier:   BD:25:6A:F8:CE:83:FF:2A:87:25:D9:A5:43:C9:B3:FE:5F:C5:DC:0B
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186C0B87A32DE10584B7CD10D3D76FB09AA
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vSVq-M6D_yqHJdmlQ8mz_l_F3As.roa
Signing time:             Wed 08 Mar 2023 10:16:00 +0000
ROA not before:           Wed 08 Mar 2023 10:16:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c0:b8:7a:32:de:10:58:4b:7c:d1:0d:3d:76:fb:09:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar  8 10:16:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bd256af8ce83ff2a8725d9a543c9b3fe5fc5dc0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:a0:29:df:7b:13:3d:30:1b:82:30:2a:5f:59:
                    84:84:1c:64:60:ca:85:67:d5:84:ff:35:f4:9b:8c:
                    c3:47:71:36:4e:44:57:b0:98:80:f9:02:82:69:32:
                    da:d1:fe:ca:9e:e7:f8:db:12:83:c3:a5:29:fd:25:
                    c4:3c:a7:9e:31:9d:84:f3:28:5f:16:ea:6f:5e:b8:
                    fb:ae:cb:7a:15:45:40:f2:2f:19:56:0c:f9:e4:df:
                    47:da:0c:6e:61:09:b9:64:6b:b8:af:8f:62:54:59:
                    76:4a:44:e5:3b:0e:df:a3:f5:1c:5d:94:bc:47:d0:
                    f8:f2:53:15:7a:b5:78:47:f5:32:01:9d:55:4d:f3:
                    dc:2b:56:bc:04:3f:8d:39:f7:af:f3:43:41:b9:a4:
                    a3:3c:14:18:14:93:18:10:ea:ae:3c:5f:61:ca:88:
                    31:42:ef:8a:58:12:d5:21:fe:f0:92:1d:60:72:4c:
                    23:be:4f:22:42:d7:ea:ff:ef:a7:12:69:3d:42:39:
                    77:9b:f5:20:89:b7:10:a6:bf:55:4f:c2:ac:90:0d:
                    e5:d8:f6:7c:97:7c:09:70:aa:12:2f:f6:4c:5a:a3:
                    ec:6f:0e:f8:8b:d1:0e:2f:a5:c6:fa:82:3e:39:60:
                    e0:82:0f:16:a7:80:8e:7a:07:7e:6a:a8:de:72:30:
                    ed:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:25:6A:F8:CE:83:FF:2A:87:25:D9:A5:43:C9:B3:FE:5F:C5:DC:0B
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/vSVq-M6D_yqHJdmlQ8mz_l_F3As.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:9f:dd:6b:d2:cb:10:da:f8:8b:78:fd:49:39:fc:7d:86:08:
         76:fc:cb:0c:6d:03:37:90:cb:dd:40:c2:d3:a3:1c:1f:5c:98:
         ab:bf:85:27:60:bc:d2:bb:5b:41:23:b6:0a:bd:f1:4a:16:47:
         53:84:f0:67:c6:44:f9:c2:d7:8e:e6:41:39:57:cb:02:b0:61:
         01:17:c2:99:06:40:88:a2:89:d6:11:c9:68:7c:b2:4f:de:2b:
         0a:cd:d8:c2:18:69:a2:2c:51:2a:9d:cc:4d:92:44:ee:93:8a:
         19:ef:d1:3a:00:8d:cb:cf:21:ab:1d:c1:5e:ed:95:3e:04:63:
         7c:af:e0:00:99:4a:60:cf:40:92:9e:ee:37:1d:c5:a5:4e:69:
         fb:2e:42:d6:3e:66:aa:57:c8:f8:8c:6d:fd:88:ac:94:89:7b:
         b9:f6:16:72:77:1b:b1:05:8c:af:bf:98:66:14:cc:eb:1a:f6:
         44:3b:f1:3f:e8:73:38:86:8d:a5:b9:83:6d:7a:81:19:94:2b:
         c2:12:6f:43:e4:66:45:23:20:f0:8e:95:e3:25:6c:47:e8:09:
         6d:df:74:46:01:5e:b1:6a:d0:ab:a2:4f:7b:cd:7b:8d:7c:16:
         08:d4:29:70:3c:91:a5:ab:81:b3:24:db:44:08:3b:03:02:e7:
         88:f2:62:1d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbAuHoy3hBYS3zRDT12+wmqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzA4MTAxNjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDI1NmFmOGNlODNmZjJhODcyNWQ5YTU0M2M5YjNmZTVmYzVkYzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6Ap33sTPTAbgjAqX1mEhBxkYMqF
Z9WE/zX0m4zDR3E2TkRXsJiA+QKCaTLa0f7Knuf42xKDw6Up/SXEPKeeMZ2E8yhf
FupvXrj7rst6FUVA8i8ZVgz55N9H2gxuYQm5ZGu4r49iVFl2SkTlOw7fo/UcXZS8
R9D48lMVerV4R/UyAZ1VTfPcK1a8BD+NOfev80NBuaSjPBQYFJMYEOquPF9hyogx
Qu+KWBLVIf7wkh1gckwjvk8iQtfq/++nEmk9Qjl3m/UgibcQpr9VT8KskA3l2PZ8
l3wJcKoSL/ZMWqPsbw74i9EOL6XG+oI+OWDggg8Wp4COegd+aqjecjDtmQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFL0lavjOg/8qhyXZpUPJs/5fxdwLMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvdlNWcS1NNkRfeXFISmRtbFE4bXpfbF9GM0FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAKGf3WvSyxDa+It4/Uk5
/H2GCHb8ywxtAzeQy91AwtOjHB9cmKu/hSdgvNK7W0Ejtgq98UoWR1OE8GfGRPnC
147mQTlXywKwYQEXwpkGQIiiidYRyWh8sk/eKwrN2MIYaaIsUSqdzE2SRO6Tihnv
0ToAjcvPIasdwV7tlT4EY3yv4ACZSmDPQJKe7jcdxaVOafsuQtY+ZqpXyPiMbf2I
rJSJe7n2FnJ3G7EFjK+/mGYUzOsa9kQ78T/ocziGjaW5g216gRmUK8ISb0PkZkUj
IPCOleMlbEfoCW3fdEYBXrFq0KuiT3vNe418FgjUKXA8kaWrgbMk20QIOwMC54jy
Yh0=
-----END CERTIFICATE-----