Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/le_tqLOyHpn0g1elw_FVQK5VbOc.roa
File:                     le_tqLOyHpn0g1elw_FVQK5VbOc.roa (raw, json)
Hash identifier:          anHiAF7o6KhXJ0X3daigPgeaARBiJc8KONVE/xuT+Ms=
Subject key identifier:   95:EF:ED:A8:B3:B2:1E:99:F4:83:57:A5:C3:F1:55:40:AE:55:6C:E7
Certificate issuer:       /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial:       018B313282E59A2175AE813E4289848A4F90
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/le_tqLOyHpn0g1elw_FVQK5VbOc.roa
Signing time:             Sun 15 Oct 2023 02:37:55 +0000
ROA not before:           Sun 15 Oct 2023 02:37:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     7018
IP address blocks:        89.37.188.0/22 maxlen: 24
                          195.133.202.0/23 maxlen: 24
                          195.133.208.0/23 maxlen: 24
                          194.88.96.0/21 maxlen: 24
                          89.37.216.0/23 maxlen: 24
                          84.234.24.0/22 maxlen: 24
                          62.112.0.0/21 maxlen: 24
                          62.112.12.0/23 maxlen: 24
                          86.105.104.0/22 maxlen: 24
                          194.58.64.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:31:32:82:e5:9a:21:75:ae:81:3e:42:89:84:8a:4f:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
        Validity
            Not Before: Oct 15 02:37:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=95efeda8b3b21e99f48357a5c3f15540ae556ce7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c3:26:f9:f3:dd:1d:37:9e:6b:b9:2e:40:88:
                    b5:29:0c:82:7f:d9:60:82:9f:4f:97:38:3b:9b:eb:
                    4a:7e:94:8c:e9:18:9c:37:ec:15:a1:b6:48:a7:5b:
                    bc:df:4e:f6:e4:76:cd:ac:58:e8:17:1c:0e:6f:b2:
                    f2:ca:0c:53:eb:7a:07:76:4c:27:e3:4b:1a:c8:08:
                    02:66:eb:1e:86:8d:68:5d:ba:51:15:48:7f:cd:2a:
                    77:fa:d3:9a:ba:d8:43:6c:f8:8a:12:e3:4d:02:91:
                    1c:ca:8b:29:83:53:2a:a1:cf:49:a4:c1:df:75:69:
                    ed:aa:30:6d:15:85:1c:8e:ad:5a:af:3e:5b:0d:ff:
                    0d:1d:c4:32:6d:24:27:ae:57:ab:5e:53:13:33:61:
                    4f:b7:67:de:20:45:bd:c8:65:bb:23:61:1f:52:63:
                    ef:23:51:ef:91:c1:85:11:b6:87:45:a6:a8:e7:43:
                    c8:c2:c7:62:98:4a:e7:98:c2:b6:32:4c:d2:bc:10:
                    01:7b:67:4d:18:19:7f:c3:28:66:43:02:38:d6:bd:
                    f6:33:8c:2b:17:13:04:62:e3:24:ad:c8:f2:d6:0d:
                    63:af:df:de:41:3b:9d:e0:43:7a:f8:1b:9c:75:04:
                    d9:e1:73:de:b2:c0:48:60:9c:a8:a6:e6:56:4f:b6:
                    28:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:EF:ED:A8:B3:B2:1E:99:F4:83:57:A5:C3:F1:55:40:AE:55:6C:E7
            X509v3 Authority Key Identifier:
                keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/le_tqLOyHpn0g1elw_FVQK5VbOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.112.0.0/21
                  62.112.12.0/23
                  84.234.24.0/22
                  86.105.104.0/22
                  89.37.188.0/22
                  89.37.216.0/23
                  194.58.64.0/23
                  194.88.96.0/21
                  195.133.202.0/23
                  195.133.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:6c:2a:19:71:a0:2e:db:ba:d4:c5:0b:16:ed:07:1e:8f:95:
         ac:ec:1e:19:15:75:ce:7e:65:90:f4:f7:4e:55:cb:6c:6e:85:
         d3:6f:b9:f6:44:91:66:1c:6c:5c:eb:87:79:52:83:b7:f6:85:
         26:98:73:21:67:e2:4a:55:52:a9:59:31:bf:7f:16:68:58:3b:
         58:97:4b:29:2c:b5:c9:3f:10:3a:ff:4b:c7:8b:05:2c:00:6c:
         61:23:71:fa:3f:42:9d:be:ce:1a:de:8a:34:92:83:71:81:fb:
         50:24:39:8d:12:e7:f5:dd:48:ca:aa:32:84:7b:2f:8e:3e:a9:
         50:a6:f9:39:43:88:05:40:82:61:49:34:af:27:02:d8:ad:ef:
         2f:0f:22:1a:d4:c1:96:f4:98:81:3c:0d:9e:f2:71:6e:aa:45:
         fd:84:55:66:54:57:78:6f:f7:1d:be:81:da:54:2e:ae:c0:e1:
         bd:73:86:d5:f9:4a:03:b5:75:49:27:86:b3:4f:25:48:80:a7:
         ca:4a:43:30:61:8e:fd:d3:50:d0:dd:06:ef:7a:20:aa:b9:9b:
         39:11:8f:b7:2e:22:91:9d:b4:28:f7:61:dc:e9:db:b7:c2:dc:
         9d:04:e6:af:af:35:89:df:76:56:87:3e:07:4f:f6:61:24:29:
         b0:57:d8:c9
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYsxMoLlmiF1roE+QomEik+QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMDE1MDIzNzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWVmZWRhOGIzYjIxZTk5ZjQ4MzU3YTVjM2YxNTU0MGFlNTU2Y2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosMm+fPdHTeea7kuQIi1KQyCf9lg
gp9Plzg7m+tKfpSM6RicN+wVobZIp1u830725HbNrFjoFxwOb7LyygxT63oHdkwn
40sayAgCZuseho1oXbpRFUh/zSp3+tOauthDbPiKEuNNApEcyospg1Mqoc9JpMHf
dWntqjBtFYUcjq1arz5bDf8NHcQybSQnrlerXlMTM2FPt2feIEW9yGW7I2EfUmPv
I1HvkcGFEbaHRaao50PIwsdimErnmMK2MkzSvBABe2dNGBl/wyhmQwI41r32M4wr
FxMEYuMkrcjy1g1jr9/eQTud4EN6+BucdQTZ4XPessBIYJyopuZWT7YoGQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJXv7aizsh6Z9INXpcPxVUCuVWznMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvbGVfdHFMT3lIcG4wZzFlbHdfRlZRSzVWYk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQDPnAAAwQB
PnAMAwQCVOoYAwQCVmloAwQCWSW8AwQBWSXYAwQBwjpAAwQDwlhgAwQBw4XKAwQB
w4XQMA0GCSqGSIb3DQEBCwUAA4IBAQB1bCoZcaAu27rUxQsW7Qcej5Ws7B4ZFXXO
fmWQ9PdOVctsboXTb7n2RJFmHGxc64d5UoO39oUmmHMhZ+JKVVKpWTG/fxZoWDtY
l0spLLXJPxA6/0vHiwUsAGxhI3H6P0Kdvs4a3oo0koNxgftQJDmNEuf13UjKqjKE
ey+OPqlQpvk5Q4gFQIJhSTSvJwLYre8vDyIa1MGW9JiBPA2e8nFuqkX9hFVmVFd4
b/cdvoHaVC6uwOG9c4bV+UoDtXVJJ4azTyVIgKfKSkMwYY7901DQ3QbveiCquZs5
EY+3LiKRnbQo92Hc6du3wtydBOavrzWJ33ZWhz4HT/ZhJCmwV9jJ
-----END CERTIFICATE-----