Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/L6JR8bJ8G1NxtXsj0gCLGTu8XMY.roa
File:                     L6JR8bJ8G1NxtXsj0gCLGTu8XMY.roa (raw, json)
Hash identifier:          gHHwf+qIuelfmaIbZFi5uMb+xbviZ0K371b1xyNiWbo=
Subject key identifier:   2F:A2:51:F1:B2:7C:1B:53:71:B5:7B:23:D2:00:8B:19:3B:BC:5C:C6
Certificate issuer:       /CN=67cfd7fae20d1d34b779dab669b8f0f07c9c34f8
Certificate serial:       018A2931BDAD34757DF670F3EB2BF8CD6336
Authority key identifier: 67:CF:D7:FA:E2:0D:1D:34:B7:79:DA:B6:69:B8:F0:F0:7C:9C:34:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z8_X-uINHTS3edq2abjw8HycNPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/L6JR8bJ8G1NxtXsj0gCLGTu8XMY.roa
Signing time:             Thu 24 Aug 2023 20:17:20 +0000
ROA not before:           Thu 24 Aug 2023 20:17:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207709
IP address blocks:        195.85.207.0/24 maxlen: 24
                          195.85.216.0/24 maxlen: 24
                          185.242.162.0/24 maxlen: 24
                          185.242.161.0/24 maxlen: 24
                          185.242.160.0/24 maxlen: 24
                          185.242.163.0/24 maxlen: 24
                          2.56.152.0/24 maxlen: 24
                          2.56.155.0/24 maxlen: 24
                          2.56.154.0/24 maxlen: 24
                          2.56.153.0/24 maxlen: 24
                          2a09:cfc0::/29 maxlen: 29
                          2a07:af80::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:29:31:bd:ad:34:75:7d:f6:70:f3:eb:2b:f8:cd:63:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67cfd7fae20d1d34b779dab669b8f0f07c9c34f8
        Validity
            Not Before: Aug 24 20:17:20 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2fa251f1b27c1b5371b57b23d2008b193bbc5cc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b6:22:59:a3:a5:da:dd:c6:b5:ac:e6:1f:b2:
                    a0:9f:2a:a6:9a:8d:d6:74:e4:5b:14:aa:67:57:e0:
                    9c:66:1f:3e:b1:f2:24:52:da:8e:15:f2:fe:0c:d2:
                    1b:30:06:02:39:fb:1f:40:95:4a:d1:a1:68:d9:55:
                    78:08:42:cb:bf:91:a7:70:fa:8e:2e:24:8c:e9:be:
                    9c:70:ab:b8:36:ab:a7:cc:1c:45:5d:68:73:c7:77:
                    c8:ed:43:c0:98:f9:12:a3:a3:8a:28:33:54:b2:2c:
                    e8:c7:f6:48:b6:c7:ad:4a:99:b9:3f:39:62:61:d6:
                    b8:5e:bf:98:15:d1:d4:7f:23:ec:50:0e:2a:d9:25:
                    62:eb:69:0c:f8:a7:01:e0:47:0a:8d:cf:10:d7:61:
                    c4:52:c1:26:af:fb:c8:3f:51:37:e9:a2:69:db:6b:
                    19:db:8f:c8:d0:1b:59:8c:77:7a:c2:52:d8:bd:ba:
                    2b:ab:55:9c:36:5d:a4:1b:61:9c:63:c2:9f:bc:9c:
                    bc:d8:9a:f0:33:c2:e5:9c:2c:cc:5f:49:ca:35:6f:
                    13:55:39:19:9c:a3:9f:bf:b1:17:53:ca:e7:fc:12:
                    34:bc:41:be:62:36:d2:0b:13:24:54:1a:87:f2:6f:
                    c0:86:37:c1:af:bc:e7:25:7b:c5:98:d7:97:8c:08:
                    e9:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:A2:51:F1:B2:7C:1B:53:71:B5:7B:23:D2:00:8B:19:3B:BC:5C:C6
            X509v3 Authority Key Identifier:
                keyid:67:CF:D7:FA:E2:0D:1D:34:B7:79:DA:B6:69:B8:F0:F0:7C:9C:34:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z8_X-uINHTS3edq2abjw8HycNPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/L6JR8bJ8G1NxtXsj0gCLGTu8XMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/Z8_X-uINHTS3edq2abjw8HycNPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.152.0/22
                  185.242.160.0/22
                  195.85.207.0/24
                  195.85.216.0/24
                IPv6:
                  2a07:af80::/29
                  2a09:cfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:92:e3:b8:97:9f:85:bf:26:4b:81:dd:64:6f:b1:9c:3b:ac:
         ea:b0:c3:94:45:25:6b:43:1d:2c:bc:d2:db:44:d0:27:34:23:
         08:a1:04:97:4a:15:20:c7:28:d2:ef:56:53:da:25:9a:b2:2a:
         92:a3:a8:73:57:26:02:e8:27:14:b8:41:f9:d9:dd:0f:55:6a:
         43:9a:b4:ae:2d:fc:ad:19:ec:d0:01:49:ed:aa:1e:90:a8:7d:
         b0:e1:44:40:a9:e4:87:6b:85:3b:a7:74:d0:1e:e2:9b:95:97:
         64:80:f9:7f:8f:9a:1c:98:4d:df:00:c5:65:40:20:cd:5d:a5:
         9e:0e:c7:db:41:e6:2a:1c:11:82:26:af:21:81:17:00:1b:71:
         1a:fa:9b:83:f3:f9:ea:02:19:71:68:30:d9:1a:c1:50:fd:4f:
         64:fd:2f:40:d0:0d:c5:01:a5:89:54:3e:63:f0:d0:d9:51:5d:
         e9:75:02:40:54:86:3c:81:f9:ff:87:5a:6d:ca:08:06:1c:0a:
         dc:c7:6b:f7:b1:aa:90:63:8f:d3:4e:72:dd:40:68:00:d6:5e:
         43:91:cf:12:6c:c9:f5:39:6c:85:9d:94:6f:cf:d9:51:aa:7d:
         bf:7f:1c:22:bb:ac:ca:59:e3:2a:99:0d:5f:bc:d2:6f:b8:6e:
         ef:7f:95:cc
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYopMb2tNHV99nDz6yv4zWM2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2ZkN2ZhZTIwZDFkMzRiNzc5ZGFiNjY5YjhmMGYwN2M5
YzM0ZjgwHhcNMjMwODI0MjAxNzIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmEyNTFmMWIyN2MxYjUzNzFiNTdiMjNkMjAwOGIxOTNiYmM1Y2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLYiWaOl2t3GtazmH7Kgnyqmmo3W
dORbFKpnV+CcZh8+sfIkUtqOFfL+DNIbMAYCOfsfQJVK0aFo2VV4CELLv5GncPqO
LiSM6b6ccKu4NqunzBxFXWhzx3fI7UPAmPkSo6OKKDNUsizox/ZItsetSpm5Pzli
Yda4Xr+YFdHUfyPsUA4q2SVi62kM+KcB4EcKjc8Q12HEUsEmr/vIP1E36aJp22sZ
24/I0BtZjHd6wlLYvborq1WcNl2kG2GcY8KfvJy82JrwM8LlnCzMX0nKNW8TVTkZ
nKOfv7EXU8rn/BI0vEG+YjbSCxMkVBqH8m/AhjfBr7znJXvFmNeXjAjpJwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFC+iUfGyfBtTcbV7I9IAixk7vFzGMB8GA1UdIwQY
MBaAFGfP1/riDR00t3natmm48PB8nDT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjhfWC11SU5IVFMzZWRxMmFianc4SHljTlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82MjM0M2QtZDkyNC00Mzc4LWExMjEt
MmI2OGFiMmFkMmU5LzEvTDZKUjhiSjhHMU54dFhzajBnQ0xHVHU4WE1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82MjM0M2QtZDkyNC00Mzc4LWExMjEtMmI2OGFiMmFkMmU5
LzEvWjhfWC11SU5IVFMzZWRxMmFianc4SHljTlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQCAjiYAwQC
ufKgAwQAw1XPAwQAw1XYMBQEAgACMA4DBQMqB6+AAwUDKgnPwDANBgkqhkiG9w0B
AQsFAAOCAQEAn5LjuJefhb8mS4HdZG+xnDus6rDDlEUla0MdLLzS20TQJzQjCKEE
l0oVIMco0u9WU9olmrIqkqOoc1cmAugnFLhB+dndD1VqQ5q0ri38rRns0AFJ7aoe
kKh9sOFEQKnkh2uFO6d00B7im5WXZID5f4+aHJhN3wDFZUAgzV2lng7H20HmKhwR
giavIYEXABtxGvqbg/P56gIZcWgw2RrBUP1PZP0vQNANxQGliVQ+Y/DQ2VFd6XUC
QFSGPIH5/4dabcoIBhwK3Mdr97GqkGOP005y3UBoANZeQ5HPEmzJ9TlshZ2Ub8/Z
Uap9v38cIrusylnjKpkNX7zSb7hu73+VzA==
-----END CERTIFICATE-----