Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/24b4c77ad7e46bc52e8de75cb42fee0c5f07c84a.roa
File:                     24b4c77ad7e46bc52e8de75cb42fee0c5f07c84a.roa (raw, json)
Hash identifier:          Omu+oVsNxaL9f3pBGH1mRjpDVhuUJLv0lwFs9fk6zGE=
Subject key identifier:   D8:5A:DB:45:65:EB:F7:B0:60:8A:AD:D7:10:83:DB:05:4D:B2:C2:17
Certificate issuer:       /CN=bfbb4d3a6dd5e649a6554c4817ce0ed277429136
Certificate serial:       11A3BB
Authority key identifier: 76:7F:42:4D:48:34:06:C4:20:E5:DF:19:BE:BE:99:3F:72:5A:F7:B6
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/24b4c77ad7e46bc52e8de75cb42fee0c5f07c84a.roa
Signing time:             Mon 27 Nov 2023 19:51:43 +0000
ROA not before:           Mon 27 Nov 2023 19:51:40 +0000
ROA not after:            Thu 27 Nov 2025 19:51:40 +0000
asID:                     22927
IP address blocks:        186.128.0.0/13 maxlen: 24
                          186.56.128.0/17 maxlen: 24
                          186.57.0.0/16 maxlen: 24
                          186.58.0.0/15 maxlen: 24
                          186.60.0.0/14 maxlen: 24
                          186.39.0.0/16 maxlen: 24
                          201.255.0.0/16 maxlen: 24
                          201.250.0.0/16 maxlen: 24
                          181.20.0.0/14 maxlen: 24
                          181.24.0.0/14 maxlen: 24
                          190.172.0.0/14 maxlen: 24
                          190.176.0.0/14 maxlen: 24
                          190.48.0.0/14 maxlen: 24
                          191.80.0.0/14 maxlen: 24
                          191.84.0.0/15 maxlen: 24
                          201.176.0.0/14 maxlen: 24
                          201.180.0.0/15 maxlen: 24
                          2800:380::/32 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1156027 (0x11a3bb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfbb4d3a6dd5e649a6554c4817ce0ed277429136
        Validity
            Not Before: Nov 27 19:51:40 2023 GMT
            Not After : Nov 27 19:51:40 2025 GMT
        Subject: CN=24b4c77ad7e46bc52e8de75cb42fee0c5f07c84a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e6:df:00:88:61:48:f8:49:77:99:d0:bb:9b:
                    5b:ed:02:48:42:7a:2a:e2:fa:b1:36:c3:c8:1e:38:
                    f3:2e:1e:bb:16:19:9d:69:fc:4f:c1:e8:77:cf:31:
                    b4:e8:a7:4d:6d:7b:66:76:01:da:da:ed:a9:99:cb:
                    19:48:18:9d:fa:5a:4d:c1:f7:99:e5:5d:e3:ed:21:
                    47:90:f7:e3:93:0e:7c:85:f6:8f:94:fb:7c:51:de:
                    72:d0:ab:fa:3a:6e:c6:ad:c6:6e:0f:6c:32:7f:cd:
                    27:06:48:26:52:d3:50:a9:b3:4c:c3:d8:8b:df:a8:
                    27:42:bb:17:4c:99:02:ac:36:72:58:35:e9:2b:3c:
                    5a:21:84:b7:d2:82:9d:39:95:7f:70:a0:76:1f:15:
                    dc:9b:23:d4:92:a8:07:20:c7:10:02:e3:20:9d:52:
                    22:28:ac:58:b2:85:a7:7b:12:51:09:00:ae:f0:d0:
                    8d:99:78:cd:1e:05:3d:bd:96:14:45:68:bb:5d:91:
                    b9:3b:a1:74:0b:ea:53:6c:12:6e:e3:ee:ce:97:b6:
                    85:c0:e6:74:31:e5:1d:1e:27:d1:38:65:6a:66:be:
                    4b:61:7a:43:ab:6a:2a:f7:b9:42:37:f1:96:65:0b:
                    77:eb:9d:32:3a:53:89:ac:ca:5d:3d:df:e9:fd:a4:
                    1a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:5A:DB:45:65:EB:F7:B0:60:8A:AD:D7:10:83:DB:05:4D:B2:C2:17
            X509v3 Authority Key Identifier:
                keyid:76:7F:42:4D:48:34:06:C4:20:E5:DF:19:BE:BE:99:3F:72:5A:F7:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/24b4c77ad7e46bc52e8de75cb42fee0c5f07c84a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.20.0.0-181.27.255.255
                  186.39.0.0/16
                  186.56.128.0-186.63.255.255
                  186.128.0.0/13
                  190.48.0.0/14
                  190.172.0.0-190.179.255.255
                  191.80.0.0-191.85.255.255
                  201.176.0.0-201.181.255.255
                  201.250.0.0/16
                  201.255.0.0/16
                IPv6:
                  2800:380::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:ba:39:eb:79:71:46:f6:b1:56:8a:db:ef:4c:8a:69:2e:78:
         26:b6:77:70:b2:fc:b3:9c:d5:14:33:a2:8f:5c:02:46:1e:c0:
         e7:28:f7:5c:b0:99:77:52:45:43:57:e3:82:9e:7a:e1:f7:eb:
         fd:84:30:32:f0:0d:b9:ca:57:b2:eb:25:5b:dd:a7:97:c8:16:
         54:0d:99:57:0b:3b:bd:73:30:bc:6f:5e:90:8e:ce:71:03:03:
         ba:b0:be:38:7f:3e:ad:58:c9:09:f5:55:8c:1a:7a:ce:f9:79:
         f5:bc:82:6c:c0:f9:b3:33:94:c5:b4:b2:f3:11:e1:93:0c:d0:
         38:43:72:7c:fc:2d:3b:fa:dd:c3:a6:ee:10:4c:d0:09:0a:49:
         c3:d0:66:8c:51:af:19:a5:47:34:f3:23:b7:35:dd:e5:40:7f:
         42:b2:c2:61:23:2d:b9:99:2a:27:4c:7d:34:16:56:27:b8:41:
         57:d7:01:8d:8d:42:f6:1c:be:ee:9f:77:46:cf:d3:a5:10:0d:
         19:22:53:38:ff:9b:ff:96:56:d5:25:0c:6a:18:b0:2d:53:69:
         4a:f1:88:63:05:6e:d0:38:61:3c:6c:db:a4:d9:87:e6:4f:25:
         cd:0f:6c:8e:4f:b9:e1:53:0d:f3:5b:1a:fc:1d:69:bf:d1:b9:
         e3:43:4a:d6
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIDEaO7MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGJm
YmI0ZDNhNmRkNWU2NDlhNjU1NGM0ODE3Y2UwZWQyNzc0MjkxMzYwHhcNMjMxMTI3
MTk1MTQwWhcNMjUxMTI3MTk1MTQwWjAzMTEwLwYDVQQDEygyNGI0Yzc3YWQ3ZTQ2
YmM1MmU4ZGU3NWNiNDJmZWUwYzVmMDdjODRhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA0ebfAIhhSPhJd5nQu5tb7QJIQnoq4vqxNsPIHjjzLh67Fhmd
afxPweh3zzG06KdNbXtmdgHa2u2pmcsZSBid+lpNwfeZ5V3j7SFHkPfjkw58hfaP
lPt8Ud5y0Kv6Om7GrcZuD2wyf80nBkgmUtNQqbNMw9iL36gnQrsXTJkCrDZyWDXp
KzxaIYS30oKdOZV/cKB2HxXcmyPUkqgHIMcQAuMgnVIiKKxYsoWnexJRCQCu8NCN
mXjNHgU9vZYURWi7XZG5O6F0C+pTbBJu4+7Ol7aFwOZ0MeUdHifROGVqZr5LYXpD
q2oq97lCN/GWZQt3650yOlOJrMpdPd/p/aQanwIDAQABo4ICujCCArYwHQYDVR0O
BBYEFNha20Vl6/ewYIqt1xCD2wVNssIXMB8GA1UdIwQYMBaAFHZ/Qk1INAbEIOXf
Gb6+mT9yWve2MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYmZiYjRk
M2E2ZGQ1ZTY0OWE2NTU0YzQ4MTdjZTBlZDI3NzQyOTEzNi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNTM3NWJjZmMtOGI4Ni00NTJlLTg1MGQtODNjZmUz
YjUwZjA2LzI0YjRjNzdhZDdlNDZiYzUyZThkZTc1Y2I0MmZlZTBjNWYwN2M4NGEu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy81Mzc1YmNmYy04Yjg2LTQ1MmUtODUwZC04M2Nm
ZTNiNTBmMDYvYmZiYjRkM2E2ZGQ1ZTY0OWE2NTU0YzQ4MTdjZTBlZDI3NzQyOTEz
Ni5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB+BggrBgEFBQcBBwEB/wRv
MG0wXAQCAAEwVjAKAwMCtRQDAwK1GAMDALonMAsDBAe6OIADAwa6AAMDA7qAAwMC
vjAwCgMDAr6sAwMCvrAwCgMDBL9QAwMBv1QwCgMDBMmwAwMBybQDAwDJ+gMDAMn/
MA0EAgACMAcDBQAoAAOAMA0GCSqGSIb3DQEBCwUAA4IBAQCAujnreXFG9rFWitvv
TIppLngmtndwsvyznNUUM6KPXAJGHsDnKPdcsJl3UkVDV+OCnnrh9+v9hDAy8A25
yley6yVb3aeXyBZUDZlXCzu9czC8b16Qjs5xAwO6sL44fz6tWMkJ9VWMGnrO+Xn1
vIJswPmzM5TFtLLzEeGTDNA4Q3J8/C07+t3Dpu4QTNAJCknD0GaMUa8ZpUc08yO3
Nd3lQH9CssJhIy25mSonTH00FlYnuEFX1wGNjUL2HL7un3dGz9OlEA0ZIlM4/5v/
llbVJQxqGLAtU2lK8YhjBW7QOGE8bNuk2YfmTyXND2yOT7nhUw3zWxr8HWm/0bnj
Q0rW
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:43 2024 by rpki-client on console-ams.rpki-client.org