Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Pfx3IJh8SuElodyre5q4vdzq78M.roa
File:                     Pfx3IJh8SuElodyre5q4vdzq78M.roa (raw, json)
Hash identifier:          pUe6+x949j+TBdOr3Idd7yIOOOdJWyWlO510vjWutko=
Subject key identifier:   3D:FC:77:20:98:7C:4A:E1:25:A1:DC:AB:7B:9A:B8:BD:DC:EA:EF:C3
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       0194222004BC3131F8C18017F73CEBE44FA8
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Pfx3IJh8SuElodyre5q4vdzq78M.roa
Signing time:             Wed 01 Jan 2025 13:48:31 +0000
ROA not before:           Wed 01 Jan 2025 13:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207710
IP address blocks:        185.81.174.0/24 maxlen: 24
                          185.81.184.0/24 maxlen: 24
                          185.81.187.0/24 maxlen: 24
                          185.89.104.0/23 maxlen: 24
                          185.89.108.0/22 maxlen: 24
                          185.95.101.0/24 maxlen: 24
                          185.95.102.0/23 maxlen: 24
                          185.96.38.0/24 maxlen: 24
                          185.97.1.0/24 maxlen: 24
                          185.97.3.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:04:bc:31:31:f8:c1:80:17:f7:3c:eb:e4:4f:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  1 13:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3dfc7720987c4ae125a1dcab7b9ab8bddceaefc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:b6:ff:a1:77:14:af:ce:78:3e:63:ed:13:b1:
                    93:67:4b:f7:85:6c:98:69:97:22:ba:93:32:92:b4:
                    84:4d:87:f1:0d:03:61:5d:e4:e2:fa:42:de:90:9b:
                    bd:b5:5d:f9:dd:25:dc:66:ce:ef:68:3b:27:7c:e2:
                    e0:71:17:87:cf:7d:8e:ca:61:79:e3:6d:64:b3:ac:
                    1f:7d:e7:2f:7b:a1:3f:41:be:25:b8:9b:c4:6e:11:
                    a4:72:ee:c3:f5:23:aa:d7:cd:61:32:2f:07:59:1f:
                    43:37:33:46:e1:20:8e:3a:c1:f8:82:e8:dc:d7:76:
                    d1:79:79:35:5d:1b:de:bd:69:71:11:c7:67:61:06:
                    5f:9d:ea:18:8e:80:ba:ff:af:e6:f3:9c:c5:f3:7e:
                    5b:d2:1b:48:25:35:4b:a3:ac:f5:cc:97:11:96:da:
                    c2:9f:18:a6:e2:12:43:ab:a3:97:73:f3:0a:99:5c:
                    ae:22:ae:c6:d5:53:f2:8b:89:a9:71:a2:3b:e5:d9:
                    ad:e6:43:8f:a2:ee:e4:5c:ef:97:09:58:a0:9f:71:
                    b7:f1:29:b1:9a:89:d0:5f:89:31:99:b3:ce:42:a3:
                    f1:65:b6:8f:15:3a:bc:44:c3:0f:08:71:ad:32:cf:
                    aa:0c:43:73:b3:6e:87:3a:6f:89:ad:91:f1:22:b3:
                    31:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:FC:77:20:98:7C:4A:E1:25:A1:DC:AB:7B:9A:B8:BD:DC:EA:EF:C3
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/Pfx3IJh8SuElodyre5q4vdzq78M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.174.0/24
                  185.81.184.0/24
                  185.81.187.0/24
                  185.89.104.0/23
                  185.89.108.0/22
                  185.95.101.0-185.95.103.255
                  185.96.38.0/24
                  185.97.1.0/24
                  185.97.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:fe:24:90:79:cf:fc:4b:a6:98:b3:e1:cd:df:75:a9:2c:66:
         d7:e3:0a:2a:53:e7:30:44:74:5d:f4:b5:02:38:42:6d:68:c2:
         74:94:99:47:44:eb:8d:8c:00:73:1e:3d:12:0a:22:b0:08:b6:
         e7:3f:1f:27:14:09:da:7d:17:64:d9:4e:66:52:6d:bb:7b:94:
         40:9e:75:86:2e:eb:fd:16:da:d4:c1:21:42:4b:36:b6:66:36:
         d2:f9:76:d9:9f:ac:f3:d5:99:92:0b:45:60:04:ba:ec:04:c7:
         59:a9:ad:97:c6:f4:97:af:67:19:6e:51:65:72:fe:a5:70:8d:
         1e:92:41:15:f1:31:23:08:2f:dd:63:aa:43:c1:41:ca:7d:50:
         f5:4d:20:ef:74:d2:a2:52:84:b7:3e:0a:61:0b:ef:cf:cd:0f:
         14:bd:6d:18:9a:b9:c7:51:2f:9e:cc:78:83:a5:da:64:c9:2b:
         89:0c:aa:f4:14:73:e8:8a:4d:44:21:6b:52:b5:60:64:69:fb:
         ce:24:99:c7:6e:5e:d1:f4:c9:9a:db:3a:df:60:01:dd:c2:09:
         ba:9b:6f:04:7f:61:0e:22:73:9e:a8:b5:8d:ef:53:66:fc:47:
         5f:26:51:8e:74:13:b7:86:85:b7:bc:79:7c:a2:b1:33:2d:47:
         aa:19:62:49
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQiIAS8MTH4wYAX9zzr5E+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjUwMTAxMTM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGZjNzcyMDk4N2M0YWUxMjVhMWRjYWI3YjlhYjhiZGRjZWFlZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9bb/oXcUr854PmPtE7GTZ0v3hWyY
aZciupMykrSETYfxDQNhXeTi+kLekJu9tV353SXcZs7vaDsnfOLgcReHz32OymF5
421ks6wffecve6E/Qb4luJvEbhGkcu7D9SOq181hMi8HWR9DNzNG4SCOOsH4gujc
13bReXk1XRvevWlxEcdnYQZfneoYjoC6/6/m85zF835b0htIJTVLo6z1zJcRltrC
nxim4hJDq6OXc/MKmVyuIq7G1VPyi4mpcaI75dmt5kOPou7kXO+XCVign3G38Smx
monQX4kxmbPOQqPxZbaPFTq8RMMPCHGtMs+qDENzs26HOm+JrZHxIrMxfwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFD38dyCYfErhJaHcq3uauL3c6u/DMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvUGZ4M0lKaDhTdUVsb2R5cmU1cTR2ZHpxNzhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAuVGuAwQA
uVG4AwQAuVG7AwQBuVloAwQCuVlsMAwDBAC5X2UDBAO5X2ADBAC5YCYDBAC5YQED
BAC5YQMwDQYJKoZIhvcNAQELBQADggEBAH/+JJB5z/xLppiz4c3fdaksZtfjCipT
5zBEdF30tQI4Qm1ownSUmUdE642MAHMePRIKIrAItuc/HycUCdp9F2TZTmZSbbt7
lECedYYu6/0W2tTBIUJLNrZmNtL5dtmfrPPVmZILRWAEuuwEx1mprZfG9JevZxlu
UWVy/qVwjR6SQRXxMSMIL91jqkPBQcp9UPVNIO900qJShLc+CmEL78/NDxS9bRia
ucdRL57MeIOl2mTJK4kMqvQUc+iKTUQha1K1YGRp+84kmcduXtH0yZrbOt9gAd3C
CbqbbwR/YQ4ic56otY3vU2b8R18mUY50E7eGhbe8eXyisTMtR6oZYkk=
-----END CERTIFICATE-----