Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/1a646a5a-e03b-48ec-8ec3-8065cce10e9e/7a7955bb65a38387e55a5957f00e7ed730e3e79e.roa
File:                     7a7955bb65a38387e55a5957f00e7ed730e3e79e.roa (raw, json)
Hash identifier:          o/padiSbZ2Ghm8iDPds/1Y7Vtei0GMNoYrz+zhKWrZ4=
Subject key identifier:   5F:1E:13:BF:C7:AD:46:39:8D:F5:21:A7:B5:E9:8A:76:54:F1:84:99
Certificate issuer:       /CN=7aab3a1b1d30b14b6d9a3fe39cefe867d60ff350
Certificate serial:       0E1EA2
Authority key identifier: 5F:58:C6:83:CE:D5:C8:0E:0F:DF:DB:14:B9:1D:DC:AF:3C:E2:AB:2B
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/7aab3a1b1d30b14b6d9a3fe39cefe867d60ff350.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/1a646a5a-e03b-48ec-8ec3-8065cce10e9e/7a7955bb65a38387e55a5957f00e7ed730e3e79e.roa
Signing time:             Wed 24 Mar 2021 14:42:05 +0000
ROA not before:           Wed 24 Mar 2021 14:42:05 +0000
ROA not after:            Tue 24 Mar 2026 14:42:05 +0000
asID:                     20299
IP address blocks:        200.30.133.0/24 maxlen: 24
                          200.30.139.0/24 maxlen: 24
                          200.30.140.0/22 maxlen: 24
                          200.30.144.0/22 maxlen: 24
                          200.30.148.0/23 maxlen: 24
                          200.30.154.0/24 maxlen: 24
                          200.30.159.0/24 maxlen: 24
                          200.30.160.0/24 maxlen: 24
                          200.30.166.0/23 maxlen: 24
                          200.30.172.0/24 maxlen: 24
                          200.30.174.0/23 maxlen: 24
                          200.30.176.0/24 maxlen: 24
                          200.30.181.0/24 maxlen: 24
                          200.30.186.0/24 maxlen: 24
                          200.30.188.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 925346 (0xe1ea2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aab3a1b1d30b14b6d9a3fe39cefe867d60ff350
        Validity
            Not Before: Mar 24 14:42:05 2021 GMT
            Not After : Mar 24 14:42:05 2026 GMT
        Subject: CN=7a7955bb65a38387e55a5957f00e7ed730e3e79e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:00:70:7b:bb:61:2a:b8:d1:1b:82:7e:b5:86:
                    1c:4a:02:b2:ff:16:b6:1b:29:60:3e:38:17:26:5d:
                    c1:10:1c:4a:a9:b5:91:c1:b4:ab:02:38:e7:0b:e8:
                    3e:30:18:28:25:e4:81:8f:cc:0e:24:d6:74:42:56:
                    a8:a9:50:c7:88:04:e3:c5:75:b7:ea:53:bd:7d:92:
                    4a:37:a3:3d:f5:c4:db:dc:4a:4b:d3:f0:33:70:95:
                    98:1d:2c:16:bd:50:08:bf:29:2d:bb:22:50:8f:5a:
                    c2:6d:f4:9a:fa:ab:ff:56:7b:3f:a5:8c:94:fb:d6:
                    b4:43:42:73:bf:fc:a0:c9:d7:44:0e:87:5e:ce:98:
                    e4:7d:45:52:fe:cd:fc:76:9a:0c:d9:16:19:28:c2:
                    48:af:f8:e9:3d:5c:57:b0:0f:0d:ea:d4:ec:4e:96:
                    12:78:0a:e5:3f:40:20:b0:d5:b7:f5:bc:96:55:27:
                    68:ed:0a:cc:20:cd:5f:e1:76:8e:14:fe:79:82:c5:
                    70:02:4c:65:59:48:9e:18:bb:85:e4:24:11:48:09:
                    bb:0b:a7:b4:12:6c:df:6c:89:63:8f:9e:1b:50:91:
                    42:8f:cc:d6:c5:65:f4:b3:df:6a:de:9a:4e:84:3e:
                    92:68:37:d6:14:c9:e6:15:fc:60:f2:36:31:e0:ea:
                    61:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:1E:13:BF:C7:AD:46:39:8D:F5:21:A7:B5:E9:8A:76:54:F1:84:99
            X509v3 Authority Key Identifier:
                keyid:5F:58:C6:83:CE:D5:C8:0E:0F:DF:DB:14:B9:1D:DC:AF:3C:E2:AB:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/7aab3a1b1d30b14b6d9a3fe39cefe867d60ff350.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/1a646a5a-e03b-48ec-8ec3-8065cce10e9e/7a7955bb65a38387e55a5957f00e7ed730e3e79e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/1a646a5a-e03b-48ec-8ec3-8065cce10e9e/7aab3a1b1d30b14b6d9a3fe39cefe867d60ff350.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.30.133.0/24
                  200.30.139.0-200.30.149.255
                  200.30.154.0/24
                  200.30.159.0-200.30.160.255
                  200.30.166.0/23
                  200.30.172.0/24
                  200.30.174.0-200.30.176.255
                  200.30.181.0/24
                  200.30.186.0/24
                  200.30.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:b3:04:0b:c4:4d:2b:f2:1d:d3:21:c7:53:8a:e1:51:36:25:
         ad:0b:f0:08:3a:a9:1b:0b:0f:e4:89:8d:da:65:25:28:9f:c7:
         a8:39:32:b8:d2:8d:1c:a4:f5:e0:05:55:c4:af:f5:3d:ed:72:
         f8:f7:8f:39:3f:22:dc:33:f0:e3:39:0f:26:61:5e:f7:36:d2:
         d8:d9:55:7a:4e:a1:30:82:78:7d:74:88:56:b3:61:b2:4f:b6:
         e2:7e:8e:d0:bd:35:af:31:32:76:50:bd:eb:6b:13:3d:61:60:
         6d:cc:03:35:f0:e7:d4:22:ee:24:ff:20:fe:ab:c8:bb:6a:f4:
         2e:ef:e7:f0:ba:ad:33:29:5a:f5:c7:23:15:3d:a9:e3:61:b4:
         59:aa:4a:80:b9:8d:ee:3b:b2:3d:bf:71:45:a2:84:4e:b7:5f:
         71:5e:fb:f8:81:c6:d9:e4:12:91:3e:6a:22:db:49:21:1c:ac:
         03:57:25:b3:68:a1:86:9b:0d:76:43:51:f5:eb:c9:b8:96:a4:
         e9:51:49:9d:47:09:84:07:ef:76:a9:f1:fc:c4:5f:05:50:4e:
         bf:ca:71:87:ab:3e:c2:bb:1d:a6:fd:af:09:0b:04:9e:b5:ee:
         b6:48:a1:73:e5:b0:ee:b3:c5:49:1d:c0:78:8b:e7:b5:3d:b8:
         6f:b5:60:af
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIDDh6iMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDdh
YWIzYTFiMWQzMGIxNGI2ZDlhM2ZlMzljZWZlODY3ZDYwZmYzNTAwHhcNMjEwMzI0
MTQ0MjA1WhcNMjYwMzI0MTQ0MjA1WjAzMTEwLwYDVQQDEyg3YTc5NTViYjY1YTM4
Mzg3ZTU1YTU5NTdmMDBlN2VkNzMwZTNlNzllMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAkwBwe7thKrjRG4J+tYYcSgKy/xa2GylgPjgXJl3BEBxKqbWR
wbSrAjjnC+g+MBgoJeSBj8wOJNZ0QlaoqVDHiATjxXW36lO9fZJKN6M99cTb3EpL
0/AzcJWYHSwWvVAIvyktuyJQj1rCbfSa+qv/Vns/pYyU+9a0Q0Jzv/ygyddEDode
zpjkfUVS/s38dpoM2RYZKMJIr/jpPVxXsA8N6tTsTpYSeArlP0AgsNW39byWVSdo
7QrMIM1f4XaOFP55gsVwAkxlWUieGLuF5CQRSAm7C6e0EmzfbIljj54bUJFCj8zW
xWX0s99q3ppOhD6SaDfWFMnmFfxg8jYx4OphSwIDAQABo4ICqTCCAqUwHQYDVR0O
BBYEFF8eE7/HrUY5jfUhp7XpinZU8YSZMB8GA1UdIwQYMBaAFF9YxoPO1cgOD9/b
FLkd3K884qsrMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvN2FhYjNh
MWIxZDMwYjE0YjZkOWEzZmUzOWNlZmU4NjdkNjBmZjM1MC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvMWE2NDZhNWEtZTAzYi00OGVjLThlYzMtODA2NWNj
ZTEwZTllLzdhNzk1NWJiNjVhMzgzODdlNTVhNTk1N2YwMGU3ZWQ3MzBlM2U3OWUu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy8xYTY0NmE1YS1lMDNiLTQ4ZWMtOGVjMy04MDY1
Y2NlMTBlOWUvN2FhYjNhMWIxZDMwYjE0YjZkOWEzZmUzOWNlZmU4NjdkNjBmZjM1
MC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBtBggrBgEFBQcBBwEB/wRe
MFwwWgQCAAEwVAMEAMgehTAMAwQAyB6LAwQByB6UAwQAyB6aMAwDBADIHp8DBADI
HqADBAHIHqYDBADIHqwwDAMEAcgergMEAMgesAMEAMgetQMEAMgeugMEAMgevDAN
BgkqhkiG9w0BAQsFAAOCAQEAJLMEC8RNK/Id0yHHU4rhUTYlrQvwCDqpGwsP5ImN
2mUlKJ/HqDkyuNKNHKT14AVVxK/1Pe1y+PePOT8i3DPw4zkPJmFe9zbS2NlVek6h
MIJ4fXSIVrNhsk+24n6O0L01rzEydlC962sTPWFgbcwDNfDn1CLuJP8g/qvIu2r0
Lu/n8LqtMyla9ccjFT2p42G0WapKgLmN7juyPb9xRaKETrdfcV77+IHG2eQSkT5q
IttJIRysA1cls2ihhpsNdkNR9evJuJak6VFJnUcJhAfvdqnx/MRfBVBOv8pxh6s+
wrsdpv2vCQsEnrXutkihc+Ww7rPFSR3AeIvntT24b7Vgrw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:01 2024 by rpki-client on console-ams.rpki-client.org