Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/0a16e5c0-7679-45b3-b31a-abd79f05c08a/652347a1ce98fc8d597e57599753f5f026881a3a.roa
File:                     652347a1ce98fc8d597e57599753f5f026881a3a.roa (raw, json)
Hash identifier:          9dOmrz99qnkhnFDfcgygedut2xNLbDjpi3nBqdkHciA=
Subject key identifier:   BD:E6:AF:27:D0:CD:AD:3F:D3:0C:E4:D5:F0:24:44:DA:72:96:7E:6F
Certificate issuer:       /CN=91b1e48227e2bbda9d2cb732746aa69540bc1c54
Certificate serial:       1A9127
Authority key identifier: 90:4A:D1:DB:DF:7A:3D:25:8B:0C:7C:B1:B4:73:F4:2B:4A:3D:38:3A
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/91b1e48227e2bbda9d2cb732746aa69540bc1c54.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/0a16e5c0-7679-45b3-b31a-abd79f05c08a/652347a1ce98fc8d597e57599753f5f026881a3a.roa
Signing time:             Tue 08 Nov 2022 13:24:08 +0000
ROA not before:           Tue 23 Mar 2021 03:00:00 +0000
ROA not after:            Tue 24 Mar 2026 03:00:00 +0000
asID:                     52320
IP address blocks:        138.0.40.0/22 maxlen: 24
                          138.204.236.0/22 maxlen: 24
                          200.16.68.0/22 maxlen: 24
                          209.127.212.0/24 maxlen: 24
                          2800:6e0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/0a16e5c0-7679-45b3-b31a-abd79f05c08a/91b1e48227e2bbda9d2cb732746aa69540bc1c54.crl
                          rsync://repository.lacnic.net/rpki/lacnic/0a16e5c0-7679-45b3-b31a-abd79f05c08a/91b1e48227e2bbda9d2cb732746aa69540bc1c54.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/91b1e48227e2bbda9d2cb732746aa69540bc1c54.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sun 25 Feb 2024 20:21:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1741095 (0x1a9127)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91b1e48227e2bbda9d2cb732746aa69540bc1c54
        Validity
            Not Before: Mar 23 03:00:00 2021 GMT
            Not After : Mar 24 03:00:00 2026 GMT
        Subject: CN=652347a1ce98fc8d597e57599753f5f026881a3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:9c:3b:7e:c9:bf:20:ec:d4:7c:db:d3:60:4e:
                    9a:28:61:cb:4a:30:6f:6d:db:d8:fd:c3:ae:a3:8c:
                    12:f2:0e:16:2b:31:1c:95:f9:99:02:40:b8:c6:ad:
                    3d:fb:97:5f:05:32:c7:42:6d:db:6d:bd:20:70:bb:
                    4e:8b:f5:63:01:9e:4c:ed:18:5f:8f:95:ed:d7:89:
                    de:53:28:00:ec:07:2b:d4:b4:25:ca:3d:fd:28:e4:
                    15:08:7a:36:bb:c5:81:a9:03:2b:de:cb:71:d1:93:
                    b8:39:b7:bd:e5:a3:a1:43:5d:b3:2d:c4:b6:ab:fc:
                    67:76:23:41:73:a4:fd:61:58:5e:6b:5a:17:33:58:
                    9c:f5:37:37:51:26:03:fb:53:b4:0e:f4:05:a9:f2:
                    a2:44:2f:d6:ea:3f:ec:d3:96:51:e2:ea:b4:20:00:
                    d7:0e:ce:be:09:ee:8f:23:b3:50:44:c1:03:17:b0:
                    cc:77:e7:87:1f:65:3d:21:99:51:a8:39:f5:24:2a:
                    73:d6:ef:36:69:e3:88:a2:d9:64:54:ef:d5:2a:88:
                    4d:0d:17:d8:25:f5:34:1e:d3:c5:cb:1b:f6:f9:0f:
                    ce:d7:24:28:c3:5c:3e:52:13:b0:51:22:18:4b:12:
                    64:52:8a:dc:70:39:4f:c3:be:4f:0b:d1:3b:9c:bc:
                    65:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:E6:AF:27:D0:CD:AD:3F:D3:0C:E4:D5:F0:24:44:DA:72:96:7E:6F
            X509v3 Authority Key Identifier:
                keyid:90:4A:D1:DB:DF:7A:3D:25:8B:0C:7C:B1:B4:73:F4:2B:4A:3D:38:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/91b1e48227e2bbda9d2cb732746aa69540bc1c54.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/0a16e5c0-7679-45b3-b31a-abd79f05c08a/652347a1ce98fc8d597e57599753f5f026881a3a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/0a16e5c0-7679-45b3-b31a-abd79f05c08a/91b1e48227e2bbda9d2cb732746aa69540bc1c54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.0.40.0/22
                  138.204.236.0/22
                  200.16.68.0/22
                  209.127.212.0/24
                IPv6:
                  2800:6e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:86:4c:49:0c:b2:c2:ef:e8:ec:19:6e:07:2c:78:6b:19:58:
         6d:dc:c2:5e:86:56:7d:a2:c2:f5:05:72:f2:5d:c5:e7:7c:8a:
         8d:4a:7a:3d:5a:b8:55:e2:01:8c:ef:8f:3d:b7:e5:56:26:dc:
         6e:4b:e4:51:1d:1a:e9:17:48:04:09:5b:26:bf:18:0a:0b:a9:
         76:0b:b9:91:8b:41:96:48:b4:cc:14:3b:06:0e:66:5d:80:8f:
         ea:ec:4e:c4:68:43:6e:d5:07:9b:e1:13:2f:d2:f5:27:15:71:
         e5:13:ff:2b:3b:39:c0:48:de:4e:58:8c:02:c6:de:b9:90:b4:
         a3:a7:cf:6c:e4:1b:ed:33:6f:b5:20:93:c0:86:9a:d9:c7:e0:
         b6:f5:21:9d:98:f9:27:70:7c:7d:78:38:a4:64:3b:94:e4:f1:
         cf:68:51:20:cb:00:f5:35:62:2f:bd:07:35:64:d2:15:e7:d4:
         bb:7c:fa:e2:8c:c8:06:28:71:d0:2e:27:ce:2a:7b:be:16:15:
         5f:37:f5:ed:e2:55:78:b0:14:b1:14:e4:e5:88:12:12:14:1b:
         d5:22:37:04:cb:52:c8:cc:de:bd:de:88:09:cc:fd:64:ab:88:
         d1:98:89:ce:9e:6f:41:e5:4c:6b:be:74:27:bb:e1:35:2f:2a:
         65:c6:4f:a9
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIDGpEnMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDkx
YjFlNDgyMjdlMmJiZGE5ZDJjYjczMjc0NmFhNjk1NDBiYzFjNTQwHhcNMjEwMzIz
MDMwMDAwWhcNMjYwMzI0MDMwMDAwWjAzMTEwLwYDVQQDEyg2NTIzNDdhMWNlOThm
YzhkNTk3ZTU3NTk5NzUzZjVmMDI2ODgxYTNhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAl5w7fsm/IOzUfNvTYE6aKGHLSjBvbdvY/cOuo4wS8g4WKzEc
lfmZAkC4xq09+5dfBTLHQm3bbb0gcLtOi/VjAZ5M7Rhfj5Xt14neUygA7Acr1LQl
yj39KOQVCHo2u8WBqQMr3stx0ZO4Obe95aOhQ12zLcS2q/xndiNBc6T9YVhea1oX
M1ic9Tc3USYD+1O0DvQFqfKiRC/W6j/s05ZR4uq0IADXDs6+Ce6PI7NQRMEDF7DM
d+eHH2U9IZlRqDn1JCpz1u82aeOIotlkVO/VKohNDRfYJfU0HtPFyxv2+Q/O1yQo
w1w+UhOwUSIYSxJkUorccDlPw75PC9E7nLxlZwIDAQABo4ICfDCCAngwHQYDVR0O
BBYEFL3mryfQza0/0wzk1fAkRNpyln5vMB8GA1UdIwQYMBaAFJBK0dvfej0liwx8
sbRz9CtKPTg6MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvOTFiMWU0
ODIyN2UyYmJkYTlkMmNiNzMyNzQ2YWE2OTU0MGJjMWM1NC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvMGExNmU1YzAtNzY3OS00NWIzLWIzMWEtYWJkNzlm
MDVjMDhhLzY1MjM0N2ExY2U5OGZjOGQ1OTdlNTc1OTk3NTNmNWYwMjY4ODFhM2Eu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy8wYTE2ZTVjMC03Njc5LTQ1YjMtYjMxYS1hYmQ3
OWYwNWMwOGEvOTFiMWU0ODIyN2UyYmJkYTlkMmNiNzMyNzQ2YWE2OTU0MGJjMWM1
NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBABggrBgEFBQcBBwEB/wQx
MC8wHgQCAAEwGAMEAooAKAMEAorM7AMEAsgQRAMEANF/1DANBAIAAjAHAwUAKAAG
4DANBgkqhkiG9w0BAQsFAAOCAQEAbYZMSQyywu/o7BluByx4axlYbdzCXoZWfaLC
9QVy8l3F53yKjUp6PVq4VeIBjO+PPbflVibcbkvkUR0a6RdIBAlbJr8YCgupdgu5
kYtBlki0zBQ7Bg5mXYCP6uxOxGhDbtUHm+ETL9L1JxVx5RP/Kzs5wEjeTliMAsbe
uZC0o6fPbOQb7TNvtSCTwIaa2cfgtvUhnZj5J3B8fXg4pGQ7lOTxz2hRIMsA9TVi
L70HNWTSFefUu3z64ozIBihx0C4nzip7vhYVXzf17eJVeLAUsRTk5YgSEhQb1SI3
BMtSyMzevd6ICcz9ZKuI0ZiJzp5vQeVMa750J7vhNS8qZcZPqQ==
-----END CERTIFICATE-----
Generated at Fri Feb 23 00:16:35 2024 by rpki-client on console-fra.rpki-client.org