Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/_v9m_6-AzRKESuBC0qX3BAdYLaw.roa
File:                     _v9m_6-AzRKESuBC0qX3BAdYLaw.roa (raw, json)
Hash identifier:          hOQmy094LkBdQ/Kb4gntqEGnwRcIp1TZUPE24NQKvEw=
Subject key identifier:   FE:FF:66:FF:AF:80:CD:12:84:4A:E0:42:D2:A5:F7:04:07:58:2D:AC
Certificate issuer:       /CN=67cfd7fae20d1d34b779dab669b8f0f07c9c34f8
Certificate serial:       018878D0874E03B380C63032903DBBDFE219
Authority key identifier: 67:CF:D7:FA:E2:0D:1D:34:B7:79:DA:B6:69:B8:F0:F0:7C:9C:34:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z8_X-uINHTS3edq2abjw8HycNPg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/_v9m_6-AzRKESuBC0qX3BAdYLaw.roa
Signing time:             Thu 01 Jun 2023 21:15:11 +0000
ROA not before:           Thu 01 Jun 2023 21:15:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207709
IP address blocks:        195.85.207.0/24 maxlen: 24
                          195.85.216.0/24 maxlen: 24
                          185.242.162.0/24 maxlen: 24
                          185.242.161.0/24 maxlen: 24
                          185.242.160.0/24 maxlen: 24
                          185.242.163.0/24 maxlen: 24
                          2.56.152.0/24 maxlen: 24
                          2.56.155.0/24 maxlen: 24
                          2.56.154.0/24 maxlen: 24
                          2.56.153.0/24 maxlen: 24
                          2a09:cfc0::/29 maxlen: 29
                          2a07:af80::/29 maxlen: 29

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:78:d0:87:4e:03:b3:80:c6:30:32:90:3d:bb:df:e2:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67cfd7fae20d1d34b779dab669b8f0f07c9c34f8
        Validity
            Not Before: Jun  1 21:15:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=feff66ffaf80cd12844ae042d2a5f70407582dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:08:ec:9f:13:6b:89:20:42:c9:81:a2:ea:72:
                    85:fb:7f:18:f1:4b:bb:d0:b9:37:ad:dd:05:b1:c1:
                    14:c0:73:21:a8:92:6d:c4:ae:36:10:da:4d:d6:92:
                    f3:d0:5d:b8:d1:fb:5d:99:d7:2a:0f:19:33:bb:1f:
                    ba:c7:9f:69:b5:8c:07:3b:6e:86:b7:9e:3a:42:27:
                    78:ce:0b:11:db:d1:9f:2d:3e:cd:00:a5:c6:78:d3:
                    3a:81:83:ab:06:07:3a:3f:89:14:43:da:85:42:2b:
                    d6:61:d2:3f:08:f5:80:76:2c:24:09:6a:11:8a:37:
                    c0:2f:17:3a:e4:52:e5:99:17:39:41:9b:61:88:f3:
                    7f:53:63:a7:10:fc:24:e9:c6:4b:47:ec:e6:41:4d:
                    5a:95:b3:1e:ee:84:bc:2e:40:d0:20:7c:49:ee:b8:
                    1a:4b:34:3f:1e:9a:c0:23:96:b1:50:4e:ac:47:56:
                    e3:83:d8:e1:c3:ff:a6:ab:aa:78:20:b5:5c:77:7a:
                    1b:c2:10:f4:a8:09:f8:32:42:c5:6a:ce:bb:88:84:
                    5d:11:bd:3d:dd:26:b8:fd:fe:a4:bb:a4:bb:6c:8d:
                    a9:98:4c:84:0c:21:23:ea:a4:6e:8f:69:ac:78:db:
                    03:07:ff:be:d4:11:f6:dc:6d:1a:1b:b0:2b:01:dc:
                    02:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:FF:66:FF:AF:80:CD:12:84:4A:E0:42:D2:A5:F7:04:07:58:2D:AC
            X509v3 Authority Key Identifier:
                keyid:67:CF:D7:FA:E2:0D:1D:34:B7:79:DA:B6:69:B8:F0:F0:7C:9C:34:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z8_X-uINHTS3edq2abjw8HycNPg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/_v9m_6-AzRKESuBC0qX3BAdYLaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/62343d-d924-4378-a121-2b68ab2ad2e9/1/Z8_X-uINHTS3edq2abjw8HycNPg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.152.0/22
                  185.242.160.0/22
                  195.85.207.0/24
                  195.85.216.0/24
                IPv6:
                  2a07:af80::/29
                  2a09:cfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:1f:b0:b3:92:8d:82:4a:1a:96:39:2e:f1:db:3b:1d:6e:51:
         14:c6:84:90:18:e6:49:86:70:6a:e0:12:21:1e:7a:3d:87:61:
         22:aa:2b:bc:4a:be:77:a6:5c:99:5b:02:d2:37:0b:9a:5f:c1:
         67:1a:98:21:f2:0e:ac:9e:1c:7b:77:12:35:10:e3:1f:45:a9:
         bb:c9:b9:3c:45:f8:06:a7:4c:b7:ec:b7:0a:21:42:46:e8:74:
         31:70:d9:4f:e9:18:0c:8a:6e:93:0e:6a:13:2f:cc:d2:85:3e:
         ef:56:65:ce:1e:0d:2d:e8:08:59:b2:53:8b:15:6c:f9:86:fd:
         9a:c6:a1:71:7e:26:7c:4c:87:e9:ec:dd:23:80:c3:fb:e5:60:
         79:16:40:d0:ce:34:72:25:af:bf:87:59:4c:80:05:d4:80:28:
         62:c0:db:5a:64:6b:d1:f5:47:54:91:e5:09:9a:16:fc:04:f3:
         63:7b:95:94:18:7e:8f:96:7f:82:73:13:29:8a:f6:89:d2:2f:
         e0:ca:0f:54:0f:20:c0:64:40:78:8b:c8:77:51:25:22:fb:86:
         0f:c1:b2:f1:95:c4:c5:d0:1f:a7:7d:3e:71:7e:f1:4e:4c:a5:
         d6:0b:72:0d:b7:50:b8:08:ec:a7:12:81:db:89:77:62:5e:54:
         9f:b4:2c:95
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYh40IdOA7OAxjAykD273+IZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2ZkN2ZhZTIwZDFkMzRiNzc5ZGFiNjY5YjhmMGYwN2M5
YzM0ZjgwHhcNMjMwNjAxMjExNTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWZmNjZmZmFmODBjZDEyODQ0YWUwNDJkMmE1ZjcwNDA3NTgyZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgjsnxNriSBCyYGi6nKF+38Y8Uu7
0Lk3rd0FscEUwHMhqJJtxK42ENpN1pLz0F240ftdmdcqDxkzux+6x59ptYwHO26G
t546Qid4zgsR29GfLT7NAKXGeNM6gYOrBgc6P4kUQ9qFQivWYdI/CPWAdiwkCWoR
ijfALxc65FLlmRc5QZthiPN/U2OnEPwk6cZLR+zmQU1albMe7oS8LkDQIHxJ7rga
SzQ/HprAI5axUE6sR1bjg9jhw/+mq6p4ILVcd3obwhD0qAn4MkLFas67iIRdEb09
3Sa4/f6ku6S7bI2pmEyEDCEj6qRuj2mseNsDB/++1BH23G0aG7ArAdwC/wIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFP7/Zv+vgM0ShErgQtKl9wQHWC2sMB8GA1UdIwQY
MBaAFGfP1/riDR00t3natmm48PB8nDT4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjhfWC11SU5IVFMzZWRxMmFianc4SHljTlBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC82MjM0M2QtZDkyNC00Mzc4LWExMjEt
MmI2OGFiMmFkMmU5LzEvX3Y5bV82LUF6UktFU3VCQzBxWDNCQWRZTGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC82MjM0M2QtZDkyNC00Mzc4LWExMjEtMmI2OGFiMmFkMmU5
LzEvWjhfWC11SU5IVFMzZWRxMmFianc4SHljTlBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQCAjiYAwQC
ufKgAwQAw1XPAwQAw1XYMBQEAgACMA4DBQMqB6+AAwUDKgnPwDANBgkqhkiG9w0B
AQsFAAOCAQEAVR+ws5KNgkoaljku8ds7HW5RFMaEkBjmSYZwauASIR56PYdhIqor
vEq+d6ZcmVsC0jcLml/BZxqYIfIOrJ4ce3cSNRDjH0Wpu8m5PEX4BqdMt+y3CiFC
Ruh0MXDZT+kYDIpukw5qEy/M0oU+71Zlzh4NLegIWbJTixVs+Yb9msahcX4mfEyH
6ezdI4DD++VgeRZA0M40ciWvv4dZTIAF1IAoYsDbWmRr0fVHVJHlCZoW/ATzY3uV
lBh+j5Z/gnMTKYr2idIv4MoPVA8gwGRAeIvId1ElIvuGD8Gy8ZXExdAfp30+cX7x
Tkyl1gtyDbdQuAjspxKB24l3Yl5Un7QslQ==
-----END CERTIFICATE-----