Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/F_S1-HVlHBiPhfpzm28gARLeUWk.roa
File:                     F_S1-HVlHBiPhfpzm28gARLeUWk.roa (raw, json)
Hash identifier:          aN1dLgnxMgpbNfDslQSgOLWqoc8r4F1qVZEsLrhzYJ8=
Subject key identifier:   17:F4:B5:F8:75:65:1C:18:8F:85:FA:73:9B:6F:20:01:12:DE:51:69
Certificate issuer:       /CN=72047be15b275902dcf617dc3d0e16dc1f308022
Certificate serial:       0186DEEF0F6B8E5CA5939DF3F556AE9DE7BB
Authority key identifier: 72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/F_S1-HVlHBiPhfpzm28gARLeUWk.roa
Signing time:             Tue 14 Mar 2023 07:04:14 +0000
ROA not before:           Tue 14 Mar 2023 07:04:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64:ffff:0:186:d20f:1e28/128 maxlen: 128
                          2001:67c:64:ffff:0:186:a1c7:a442/128 maxlen: 128
                          2001:67c:64:ffff:0:186:92f9:8437/128 maxlen: 128
                          2001:67c:64:ffff:0:186:59e5:727c/128 maxlen: 128
                          2001:67c:64:ffff:0:186:deef:905/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6f5a:adbb/128 maxlen: 128
                          2001:67c:64:ffff:0:186:7ecd:cc90/128 maxlen: 128
                          2001:67c:64:ffff:0:186:6e7e:de02/128 maxlen: 128
                          2001:67c:64:ffff:0:186:9e58:8c82/128 maxlen: 128
                          2001:67c:64:ffff:0:186:cfe9:cd16/128 maxlen: 128
                          2001:67c:64::/48 maxlen: 48
                          2001:67c:64:ffff:0:186:c678:c9dc/128 maxlen: 128
                          2001:67c:64:ffff:0:186:620c:ed81/128 maxlen: 128
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:de:ef:0f:6b:8e:5c:a5:93:9d:f3:f5:56:ae:9d:e7:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72047be15b275902dcf617dc3d0e16dc1f308022
        Validity
            Not Before: Mar 14 07:04:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=17f4b5f875651c188f85fa739b6f200112de5169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:2b:78:e8:69:d8:21:bc:70:23:b6:99:a9:09:
                    c8:3a:53:37:2f:69:d7:34:b5:f4:8e:62:ee:46:0f:
                    62:1a:07:07:af:02:8a:80:9e:46:ab:77:fa:70:c1:
                    fe:a5:39:28:a2:bf:2a:da:2e:da:df:0c:1a:36:71:
                    79:69:59:33:65:b7:cb:0b:6c:3c:9e:17:a9:15:20:
                    cf:c3:d7:a9:6e:7d:ae:58:64:ef:6e:2b:91:f3:50:
                    e3:5b:f1:4f:4f:fe:a3:ed:1d:38:d7:b9:a3:82:41:
                    fa:0e:1b:64:f1:01:fa:ac:2b:18:70:d8:05:7e:4c:
                    43:fb:a8:da:12:58:d9:60:bd:e9:72:69:13:00:6c:
                    77:c7:cd:9e:bf:82:ae:74:6a:00:aa:26:5b:66:f1:
                    a0:27:31:2e:aa:e9:23:c5:17:7e:9b:d3:b9:15:ec:
                    7a:44:e4:ae:6b:ed:c3:e3:4d:b1:ff:d1:5a:8c:d0:
                    c8:2c:2c:1e:56:92:1f:c4:02:7d:62:55:59:be:ce:
                    89:fe:ae:0e:39:19:ea:17:07:86:d4:7c:f8:8b:0b:
                    23:22:ea:92:8c:97:67:66:91:a2:77:a7:76:ff:9b:
                    39:49:fe:e0:2a:40:24:7b:26:5a:49:57:4c:54:ef:
                    47:d2:db:2c:d2:d3:73:74:65:c7:01:46:26:13:23:
                    46:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:F4:B5:F8:75:65:1C:18:8F:85:FA:73:9B:6F:20:01:12:DE:51:69
            X509v3 Authority Key Identifier:
                keyid:72:04:7B:E1:5B:27:59:02:DC:F6:17:DC:3D:0E:16:DC:1F:30:80:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cgR74VsnWQLc9hfcPQ4W3B8wgCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/F_S1-HVlHBiPhfpzm28gARLeUWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/798447-21f4-45ab-99dc-1abe3ac10aa6/1/cgR74VsnWQLc9hfcPQ4W3B8wgCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:3b:44:c6:00:ac:4e:1d:12:17:9a:d4:05:da:76:b9:8c:7d:
         8c:eb:30:f7:2e:4c:7b:b3:4e:13:55:92:0c:d8:3d:25:2c:d9:
         f2:b6:5d:ce:9c:84:ba:3b:bd:a8:26:3c:9b:74:2c:bc:43:50:
         95:77:69:f4:6f:7d:2f:1f:eb:90:7d:4a:5f:0e:26:49:51:a8:
         b0:d8:db:2f:77:63:8e:3d:8a:a7:0f:0f:f7:b7:e9:5a:1c:f5:
         0c:94:68:fe:45:ee:cf:71:76:6f:a2:dc:a4:26:58:ff:4d:1e:
         d4:cd:71:f6:4f:fa:83:2f:de:04:a4:09:aa:99:e7:2c:84:f8:
         dc:12:9f:5e:74:03:75:1b:44:9d:b0:57:3a:4b:bb:5e:f9:e9:
         80:a6:d3:11:a4:ec:a2:87:6a:63:32:28:58:4c:f8:2f:0a:ea:
         a1:f1:ac:e5:92:b7:87:07:9c:e1:86:c3:d0:0a:1f:48:e8:14:
         b4:93:18:9a:85:7b:c6:ba:c2:6c:38:09:e5:34:2c:8a:46:31:
         09:73:b6:14:af:80:cc:9c:f4:7e:d8:5d:6a:19:5b:41:78:46:
         f9:4f:df:db:da:d6:af:a6:86:24:70:9c:8c:3c:de:81:37:14:
         0a:50:61:48:27:ec:f8:6c:e3:de:59:0a:ab:71:9d:5b:b9:88:
         9c:24:54:51
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYbe7w9rjlylk53z9Vaunee7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMDQ3YmUxNWIyNzU5MDJkY2Y2MTdkYzNkMGUxNmRjMWYz
MDgwMjIwHhcNMjMwMzE0MDcwNDE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2Y0YjVmODc1NjUxYzE4OGY4NWZhNzM5YjZmMjAwMTEyZGU1MTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSt46GnYIbxwI7aZqQnIOlM3L2nX
NLX0jmLuRg9iGgcHrwKKgJ5Gq3f6cMH+pTkoor8q2i7a3wwaNnF5aVkzZbfLC2w8
nhepFSDPw9epbn2uWGTvbiuR81DjW/FPT/6j7R0417mjgkH6Dhtk8QH6rCsYcNgF
fkxD+6jaEljZYL3pcmkTAGx3x82ev4KudGoAqiZbZvGgJzEuqukjxRd+m9O5Fex6
ROSua+3D402x/9FajNDILCweVpIfxAJ9YlVZvs6J/q4OORnqFweG1Hz4iwsjIuqS
jJdnZpGid6d2/5s5Sf7gKkAkeyZaSVdMVO9H0tss0tNzdGXHAUYmEyNGIQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBf0tfh1ZRwYj4X6c5tvIAES3lFpMB8GA1UdIwQY
MBaAFHIEe+FbJ1kC3PYX3D0OFtwfMIAiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMt
MWFiZTNhYzEwYWE2LzEvRl9TMS1IVmxIQmlQaGZwem0yOGdBUkxlVVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS83OTg0NDctMjFmNC00NWFiLTk5ZGMtMWFiZTNhYzEwYWE2
LzEvY2dSNzRWc25XUUxjOWhmY1BRNFczQjh3Z0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAEQ7RMYArE4dEhea1AXa
drmMfYzrMPcuTHuzThNVkgzYPSUs2fK2Xc6chLo7vagmPJt0LLxDUJV3afRvfS8f
65B9Sl8OJklRqLDY2y93Y449iqcPD/e36Voc9QyUaP5F7s9xdm+i3KQmWP9NHtTN
cfZP+oMv3gSkCaqZ5yyE+NwSn150A3UbRJ2wVzpLu1756YCm0xGk7KKHamMyKFhM
+C8K6qHxrOWSt4cHnOGGw9AKH0joFLSTGJqFe8a6wmw4CeU0LIpGMQlzthSvgMyc
9H7YXWoZW0F4RvlP39va1q+mhiRwnIw83oE3FApQYUgn7Phs495ZCqtxnVu5iJwk
VFE=
-----END CERTIFICATE-----