Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/21c8ed93-6fb9-42bd-86b3-7595efa88bfe/dbeb4a2c9101fd158db59e7dc953e78a9622f805.roa
File:                     dbeb4a2c9101fd158db59e7dc953e78a9622f805.roa (raw, json)
Hash identifier:          gTNr/YlN1whh/ZKKy7LfYDWjhJvA1Hp0jXZxPu0GrP8=
Subject key identifier:   CB:65:4C:9A:1A:CA:42:90:94:2F:0A:63:CB:59:07:37:8F:C6:73:65
Certificate issuer:       /CN=37043f262df2eb062b3237cb4f189b08823ce138
Certificate serial:       217867
Authority key identifier: 34:D4:85:26:6C:78:F8:0C:9F:41:63:82:5F:3F:15:7B:E5:86:2A:EC
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/37043f262df2eb062b3237cb4f189b08823ce138.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/21c8ed93-6fb9-42bd-86b3-7595efa88bfe/dbeb4a2c9101fd158db59e7dc953e78a9622f805.roa
Signing time:             Fri 16 Jun 2023 18:42:23 +0000
ROA not before:           Thu 15 Jun 2023 18:42:23 +0000
ROA not after:            Mon 16 Jun 2025 18:42:23 +0000
asID:                     264814
IP address blocks:        170.238.200.0/22 maxlen: 24
                          2803:ecc0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/21c8ed93-6fb9-42bd-86b3-7595efa88bfe/37043f262df2eb062b3237cb4f189b08823ce138.crl
                          rsync://repository.lacnic.net/rpki/lacnic/21c8ed93-6fb9-42bd-86b3-7595efa88bfe/37043f262df2eb062b3237cb4f189b08823ce138.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/37043f262df2eb062b3237cb4f189b08823ce138.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Mon 26 Feb 2024 16:36:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2193511 (0x217867)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37043f262df2eb062b3237cb4f189b08823ce138
        Validity
            Not Before: Jun 15 18:42:23 2023 GMT
            Not After : Jun 16 18:42:23 2025 GMT
        Subject: CN=dbeb4a2c9101fd158db59e7dc953e78a9622f805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:51:10:c2:17:e2:51:7f:83:ec:c5:13:e6:9f:
                    cc:17:9e:52:55:dc:d3:3b:66:9e:6c:ce:f6:e3:44:
                    d2:83:23:1d:a9:6f:75:35:f8:e9:7e:2d:d1:63:d1:
                    d4:8d:81:cc:62:91:cc:6e:c2:ad:43:01:fe:18:b9:
                    a3:2b:a7:1c:88:2e:8f:53:56:79:e1:75:52:8a:c7:
                    d5:a2:35:cb:7b:7a:30:01:20:99:3f:0a:0b:80:b4:
                    fc:4b:23:94:98:92:2d:9d:7e:b4:c3:7e:dc:1f:a9:
                    ae:f2:d5:78:86:5d:9a:90:4d:fa:fa:de:a2:af:00:
                    5b:9f:5a:e1:b6:b0:b3:86:21:44:8d:ad:c5:54:d7:
                    65:bf:12:24:89:43:d9:a7:0a:27:9f:c5:7a:1c:a4:
                    7a:a5:95:af:36:1d:57:3f:a9:c2:80:98:35:65:d0:
                    b1:90:24:8e:57:61:d2:9e:4c:e7:78:88:fd:8f:72:
                    14:70:16:6a:63:cc:4b:53:81:aa:53:42:48:20:5d:
                    fc:94:04:4f:02:34:1e:83:19:a0:bc:7d:d9:19:5e:
                    81:a5:d1:6a:c0:04:c9:49:69:5a:fe:99:5e:3c:9d:
                    98:4e:b2:08:2a:27:36:71:95:d6:7f:86:32:c6:40:
                    3e:63:35:42:64:37:f9:15:1d:11:04:b2:02:40:8e:
                    45:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:65:4C:9A:1A:CA:42:90:94:2F:0A:63:CB:59:07:37:8F:C6:73:65
            X509v3 Authority Key Identifier:
                keyid:34:D4:85:26:6C:78:F8:0C:9F:41:63:82:5F:3F:15:7B:E5:86:2A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/37043f262df2eb062b3237cb4f189b08823ce138.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/21c8ed93-6fb9-42bd-86b3-7595efa88bfe/dbeb4a2c9101fd158db59e7dc953e78a9622f805.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/21c8ed93-6fb9-42bd-86b3-7595efa88bfe/37043f262df2eb062b3237cb4f189b08823ce138.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.238.200.0/22
                IPv6:
                  2803:ecc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:c8:94:6b:b9:53:c4:b3:9a:00:ce:aa:f5:cb:13:7d:45:e3:
         e3:66:98:c7:54:29:3a:11:8a:63:b6:1f:6a:4a:eb:b9:2c:d9:
         31:51:07:ff:e2:cd:32:e2:f5:3d:4c:44:02:f5:91:b6:e5:28:
         19:93:7b:f5:d8:fc:31:03:27:96:86:eb:a2:88:90:fc:ce:a1:
         33:ed:9c:06:c7:33:c7:9c:64:88:f8:47:c3:f7:c0:2b:03:45:
         9b:5f:71:38:84:80:76:71:e4:93:f1:35:6d:7a:04:58:82:4b:
         ca:d1:60:e0:92:95:91:64:b4:5a:5a:f1:e2:ec:96:d8:fb:95:
         4f:fc:5a:0b:a9:c5:da:9c:b5:18:82:bc:e1:1a:f1:19:ce:93:
         06:1b:d7:32:8c:0a:19:76:fa:80:92:72:3c:19:db:9f:af:27:
         d5:be:d9:5f:30:29:c0:13:72:2d:a8:53:f4:f6:66:71:6e:6e:
         5a:1c:8f:fd:0b:f1:4d:2c:48:06:63:1f:fd:e2:b8:6b:0b:48:
         45:04:c5:74:40:f8:b8:5f:9b:52:2c:2d:4e:48:bb:0a:1c:b9:
         3b:a2:92:b8:43:17:7e:7e:a7:ff:9e:4b:7c:03:55:cc:f9:ba:
         90:d1:56:a5:60:d0:2b:27:13:46:42:c1:3d:b6:f1:14:bf:e9:
         9e:93:94:e1
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIDIXhnMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDM3
MDQzZjI2MmRmMmViMDYyYjMyMzdjYjRmMTg5YjA4ODIzY2UxMzgwHhcNMjMwNjE1
MTg0MjIzWhcNMjUwNjE2MTg0MjIzWjAzMTEwLwYDVQQDEyhkYmViNGEyYzkxMDFm
ZDE1OGRiNTllN2RjOTUzZTc4YTk2MjJmODA1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAo1EQwhfiUX+D7MUT5p/MF55SVdzTO2aebM7240TSgyMdqW91
Nfjpfi3RY9HUjYHMYpHMbsKtQwH+GLmjK6cciC6PU1Z54XVSisfVojXLe3owASCZ
PwoLgLT8SyOUmJItnX60w37cH6mu8tV4hl2akE36+t6irwBbn1rhtrCzhiFEja3F
VNdlvxIkiUPZpwonn8V6HKR6pZWvNh1XP6nCgJg1ZdCxkCSOV2HSnkzneIj9j3IU
cBZqY8xLU4GqU0JIIF38lARPAjQegxmgvH3ZGV6BpdFqwATJSWla/plePJ2YTrII
Kic2cZXWf4YyxkA+YzVCZDf5FR0RBLICQI5FmQIDAQABo4ICajCCAmYwHQYDVR0O
BBYEFMtlTJoaykKQlC8KY8tZBzePxnNlMB8GA1UdIwQYMBaAFDTUhSZsePgMn0Fj
gl8/FXvlhirsMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMzcwNDNm
MjYyZGYyZWIwNjJiMzIzN2NiNGYxODliMDg4MjNjZTEzOC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvMjFjOGVkOTMtNmZiOS00MmJkLTg2YjMtNzU5NWVm
YTg4YmZlL2RiZWI0YTJjOTEwMWZkMTU4ZGI1OWU3ZGM5NTNlNzhhOTYyMmY4MDUu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy8yMWM4ZWQ5My02ZmI5LTQyYmQtODZiMy03NTk1
ZWZhODhiZmUvMzcwNDNmMjYyZGYyZWIwNjJiMzIzN2NiNGYxODliMDg4MjNjZTEz
OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAqruyDANBAIAAjAHAwUAKAPswDANBgkqhkiG9w0BAQsFAAOC
AQEAJciUa7lTxLOaAM6q9csTfUXj42aYx1QpOhGKY7YfakrruSzZMVEH/+LNMuL1
PUxEAvWRtuUoGZN79dj8MQMnlobrooiQ/M6hM+2cBsczx5xkiPhHw/fAKwNFm19x
OISAdnHkk/E1bXoEWIJLytFg4JKVkWS0Wlrx4uyW2PuVT/xaC6nF2py1GIK84Rrx
Gc6TBhvXMowKGXb6gJJyPBnbn68n1b7ZXzApwBNyLahT9PZmcW5uWhyP/QvxTSxI
BmMf/eK4awtIRQTFdED4uF+bUiwtTki7Chy5O6KSuEMXfn6n/55LfANVzPm6kNFW
pWDQKycTRkLBPbbxFL/pnpOU4Q==
-----END CERTIFICATE-----
Generated at Fri Feb 23 20:08:09 2024 by rpki-client on console-ams.rpki-client.org