Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/lwrL3dIIXO_mCBQdap7KZ_iDBFc.roa
File:                     lwrL3dIIXO_mCBQdap7KZ_iDBFc.roa (raw, json)
Hash identifier:          F6VpIkHy8PT/lwz9faa43UWmWxDgyYUpuXzG7yHnlKI=
Subject key identifier:   97:0A:CB:DD:D2:08:5C:EF:E6:08:14:1D:6A:9E:CA:67:F8:83:04:57
Certificate issuer:       /CN=ded353e2f5d318c348772a8ff105aa70719e4135
Certificate serial:       019421B219E67E9ECA9805F5287E32335EC3
Authority key identifier: DE:D3:53:E2:F5:D3:18:C3:48:77:2A:8F:F1:05:AA:70:71:9E:41:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3tNT4vXTGMNIdyqP8QWqcHGeQTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/lwrL3dIIXO_mCBQdap7KZ_iDBFc.roa
Signing time:             Wed 01 Jan 2025 11:48:27 +0000
ROA not before:           Wed 01 Jan 2025 11:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25627
IP address blocks:        79.170.64.0/22 maxlen: 22
                          79.170.64.0/23 maxlen: 23
                          79.170.65.0/24 maxlen: 24
                          79.170.66.0/23 maxlen: 23
                          79.170.68.0/22 maxlen: 22
                          79.170.68.0/23 maxlen: 23
                          79.170.70.0/23 maxlen: 23
                          79.170.70.0/24 maxlen: 24
                          79.170.71.0/24 maxlen: 24
                          87.237.80.0/23 maxlen: 23
                          87.237.80.0/24 maxlen: 24
                          87.237.81.0/24 maxlen: 24
                          87.237.82.0/23 maxlen: 23
                          87.237.82.0/24 maxlen: 24
                          87.237.83.0/24 maxlen: 24
                          87.237.84.0/22 maxlen: 22
                          87.237.84.0/24 maxlen: 24
                          87.237.86.0/24 maxlen: 24
                          87.237.87.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:19:e6:7e:9e:ca:98:05:f5:28:7e:32:33:5e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ded353e2f5d318c348772a8ff105aa70719e4135
        Validity
            Not Before: Jan  1 11:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=970acbddd2085cefe608141d6a9eca67f8830457
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a9:da:fc:80:8a:b7:ec:05:6a:a5:03:0e:68:
                    8d:e5:c6:b9:78:3b:1b:f5:fa:4b:ea:db:d4:24:09:
                    3e:c3:87:80:16:88:36:6a:e4:95:9a:31:67:ff:fa:
                    34:62:c3:7e:ce:cf:13:32:e6:17:59:45:0d:bc:16:
                    05:60:b2:76:8b:da:ce:d8:9f:b7:11:a6:5e:6e:54:
                    40:01:9e:2a:9e:bf:f0:15:da:d3:71:f5:64:3c:29:
                    97:59:41:c3:be:db:de:e5:85:07:16:64:31:da:4b:
                    f0:1b:ec:df:78:76:b0:4e:83:24:00:5e:19:3b:d8:
                    3b:3f:03:c6:ac:50:d5:87:73:21:ee:6e:1b:e8:cd:
                    78:e7:77:19:72:5b:7e:74:d5:0a:c2:ae:3a:f7:e3:
                    1d:dc:81:89:6d:b0:49:6c:e4:14:56:00:52:d9:69:
                    c4:12:58:92:5a:ad:58:a7:43:e5:e5:ba:eb:99:46:
                    c7:6c:b4:c4:89:98:cd:f7:2e:28:1d:a1:c1:4b:44:
                    1d:1a:f4:5a:67:c7:ac:ee:e2:6e:54:01:f2:2f:94:
                    d0:ae:96:19:6a:42:19:16:e1:60:a5:f8:e3:67:23:
                    14:8f:51:01:1a:a0:0b:3e:4f:e0:f1:f8:5d:4d:b4:
                    e6:59:f9:22:ba:e3:17:05:e1:79:f0:8c:76:76:39:
                    65:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:0A:CB:DD:D2:08:5C:EF:E6:08:14:1D:6A:9E:CA:67:F8:83:04:57
            X509v3 Authority Key Identifier:
                keyid:DE:D3:53:E2:F5:D3:18:C3:48:77:2A:8F:F1:05:AA:70:71:9E:41:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3tNT4vXTGMNIdyqP8QWqcHGeQTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/lwrL3dIIXO_mCBQdap7KZ_iDBFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/cbacce-efbf-4f32-8d88-4e85dabd6474/1/3tNT4vXTGMNIdyqP8QWqcHGeQTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.170.64.0/21
                  87.237.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         24:5d:f3:be:0f:d9:52:fa:fd:c1:eb:8f:78:48:59:4a:00:4d:
         09:78:85:92:b3:72:b7:f9:65:5a:50:17:5e:b0:b2:c4:37:64:
         63:fb:ef:4b:09:b6:c8:d8:8e:85:8d:80:84:84:e2:0f:c7:31:
         3c:aa:b8:be:1c:23:c3:9d:68:8a:47:77:ca:ce:87:20:cd:18:
         c2:9d:fe:1a:ec:ce:16:09:e5:6b:15:16:ab:b3:dd:68:b5:36:
         d8:fe:c0:c3:c0:44:c5:06:13:44:86:12:5f:9b:85:00:f5:c1:
         86:13:f9:d2:9c:e0:f0:68:59:c1:fe:c8:a4:60:59:02:2d:6a:
         78:ea:c8:4e:d6:28:05:2d:16:38:6c:43:55:cc:cf:a4:c1:01:
         16:0b:9d:ef:b2:05:02:5b:02:9a:18:75:dc:75:b3:ae:d7:f5:
         01:94:71:a5:77:68:1b:0e:ed:c7:30:fa:dc:72:71:e3:b0:e1:
         ca:f9:ea:03:3b:55:d3:ec:96:86:da:48:d9:e4:88:86:0a:30:
         62:60:da:2a:5f:11:fc:a0:35:14:eb:24:ef:9f:3a:8f:b5:8e:
         07:67:7d:67:93:df:e3:a3:07:dc:1c:ec:33:6a:3b:ab:7f:b4:
         d9:cc:ed:8c:e9:44:8e:d6:23:79:bf:19:ec:39:f0:be:7c:1d:
         e9:ca:1d:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhshnmfp7KmAX1KH4yM17DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZDM1M2UyZjVkMzE4YzM0ODc3MmE4ZmYxMDVhYTcwNzE5
ZTQxMzUwHhcNMjUwMTAxMTE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzBhY2JkZGQyMDg1Y2VmZTYwODE0MWQ2YTllY2E2N2Y4ODMwNDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqna/ICKt+wFaqUDDmiN5ca5eDsb
9fpL6tvUJAk+w4eAFog2auSVmjFn//o0YsN+zs8TMuYXWUUNvBYFYLJ2i9rO2J+3
EaZeblRAAZ4qnr/wFdrTcfVkPCmXWUHDvtve5YUHFmQx2kvwG+zfeHawToMkAF4Z
O9g7PwPGrFDVh3Mh7m4b6M1453cZclt+dNUKwq469+Md3IGJbbBJbOQUVgBS2WnE
EliSWq1Yp0Pl5brrmUbHbLTEiZjN9y4oHaHBS0QdGvRaZ8es7uJuVAHyL5TQrpYZ
akIZFuFgpfjjZyMUj1EBGqALPk/g8fhdTbTmWfkiuuMXBeF58Ix2djllSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJcKy93SCFzv5ggUHWqeymf4gwRXMB8GA1UdIwQY
MBaAFN7TU+L10xjDSHcqj/EFqnBxnkE1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3ROVDR2WFRHTU5JZHlxUDhRV3FjSEdlUVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9jYmFjY2UtZWZiZi00ZjMyLThkODgt
NGU4NWRhYmQ2NDc0LzEvbHdyTDNkSUlYT19tQ0JRZGFwN0taX2lEQkZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9jYmFjY2UtZWZiZi00ZjMyLThkODgtNGU4NWRhYmQ2NDc0
LzEvM3ROVDR2WFRHTU5JZHlxUDhRV3FjSEdlUVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDT6pAAwQD
V+1QMA0GCSqGSIb3DQEBCwUAA4IBAQAkXfO+D9lS+v3B6494SFlKAE0JeIWSs3K3
+WVaUBdesLLEN2Rj++9LCbbI2I6FjYCEhOIPxzE8qri+HCPDnWiKR3fKzocgzRjC
nf4a7M4WCeVrFRars91otTbY/sDDwETFBhNEhhJfm4UA9cGGE/nSnODwaFnB/sik
YFkCLWp46shO1igFLRY4bENVzM+kwQEWC53vsgUCWwKaGHXcdbOu1/UBlHGld2gb
Du3HMPrccnHjsOHK+eoDO1XT7JaG2kjZ5IiGCjBiYNoqXxH8oDUU6yTvnzqPtY4H
Z31nk9/jowfcHOwzajurf7TZzO2M6USO1iN5vxnsOfC+fB3pyh0Y
-----END CERTIFICATE-----