Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/23164145-0ddb-471b-a93b-b8a31945142c/2d71b036fc21d3518a54447347b3dc170a275caa.roa
File:                     2d71b036fc21d3518a54447347b3dc170a275caa.roa (raw, json)
Hash identifier:          tHmfuc7OUb54s9RHwBT+AyJaQbEabvJ3dw5ppPNsS4Y=
Subject key identifier:   99:63:05:2B:05:77:14:10:25:C7:FA:E3:49:E7:98:2D:30:6F:B0:F1
Certificate issuer:       /CN=2e96ce1c36c0934635fd3e261aecd8e9cb961479
Certificate serial:       0D3FB5
Authority key identifier: 99:9B:FF:77:0E:1E:73:02:96:A0:39:12:90:DA:32:47:11:17:4D:F3
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/2e96ce1c36c0934635fd3e261aecd8e9cb961479.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/23164145-0ddb-471b-a93b-b8a31945142c/2d71b036fc21d3518a54447347b3dc170a275caa.roa
Signing time:             Wed 24 Mar 2021 14:37:15 +0000
ROA not before:           Wed 24 Mar 2021 14:37:15 +0000
ROA not after:            Tue 24 Mar 2026 14:37:15 +0000
asID:                     263831
IP address blocks:        200.33.85.0/24 maxlen: 24
                          2801:1f:2000::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/23164145-0ddb-471b-a93b-b8a31945142c/2e96ce1c36c0934635fd3e261aecd8e9cb961479.crl
                          rsync://repository.lacnic.net/rpki/lacnic/23164145-0ddb-471b-a93b-b8a31945142c/2e96ce1c36c0934635fd3e261aecd8e9cb961479.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/2e96ce1c36c0934635fd3e261aecd8e9cb961479.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Fri 01 Mar 2024 15:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 868277 (0xd3fb5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e96ce1c36c0934635fd3e261aecd8e9cb961479
        Validity
            Not Before: Mar 24 14:37:15 2021 GMT
            Not After : Mar 24 14:37:15 2026 GMT
        Subject: CN=2d71b036fc21d3518a54447347b3dc170a275caa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c4:38:25:18:94:3c:db:a1:09:33:18:df:0d:
                    ea:c4:93:03:ca:83:ee:31:ed:fb:ee:c0:9c:ac:b8:
                    4c:ce:19:4f:39:80:5e:ba:e8:5c:c9:93:bb:96:d7:
                    86:bc:74:ee:41:91:4a:7c:34:6d:13:03:8c:40:57:
                    2a:80:71:68:43:b7:4b:64:5b:5f:e0:b5:e3:43:e7:
                    5b:1e:2d:ad:51:fa:14:3e:85:bf:62:48:70:dd:eb:
                    5c:86:d6:36:4e:e1:90:4f:e9:81:80:8b:39:c5:7a:
                    c7:da:35:ec:a8:3f:22:6e:f2:50:de:03:05:94:22:
                    a1:a0:7a:c3:82:db:ab:d1:fd:32:55:a2:6e:e1:66:
                    10:c8:70:19:63:3f:01:a7:90:50:0b:8e:e8:40:20:
                    fa:87:4b:f3:9e:3e:78:d9:2b:2f:6e:8d:be:76:f2:
                    9f:e1:ba:0f:a6:6c:be:71:8f:94:18:da:c5:64:18:
                    d8:dd:96:60:d9:af:ce:02:6e:a9:22:70:89:eb:c5:
                    a6:df:17:9a:61:09:7f:97:08:15:a7:c7:1d:b4:75:
                    d8:9b:bc:78:49:78:b2:52:3f:b1:e6:f1:f8:0f:c3:
                    f0:40:d5:de:0e:95:83:a6:c7:d2:48:26:7c:44:47:
                    39:86:a7:d5:07:96:6c:2b:ba:ef:6c:80:99:a2:8f:
                    00:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:63:05:2B:05:77:14:10:25:C7:FA:E3:49:E7:98:2D:30:6F:B0:F1
            X509v3 Authority Key Identifier:
                keyid:99:9B:FF:77:0E:1E:73:02:96:A0:39:12:90:DA:32:47:11:17:4D:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/2e96ce1c36c0934635fd3e261aecd8e9cb961479.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/23164145-0ddb-471b-a93b-b8a31945142c/2d71b036fc21d3518a54447347b3dc170a275caa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/23164145-0ddb-471b-a93b-b8a31945142c/2e96ce1c36c0934635fd3e261aecd8e9cb961479.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.33.85.0/24
                IPv6:
                  2801:1f:2000::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:15:f3:93:37:26:ba:d1:a9:c4:0d:30:f1:e1:25:6b:aa:9c:
         41:3f:22:53:bb:45:bb:5d:03:bd:fa:75:f9:74:51:b8:8d:6b:
         7c:c6:13:01:31:f7:3e:4e:65:8c:3b:80:75:ab:6b:71:39:00:
         de:51:87:a3:4a:c2:cc:d3:f3:e2:89:f6:38:45:6a:77:8c:68:
         cb:30:29:9e:f1:71:f1:18:52:7a:54:bd:53:fc:a5:27:ba:b6:
         c9:16:25:1d:10:e5:c6:19:c5:6f:88:ea:49:58:22:bc:2e:a7:
         77:1d:9e:1d:dd:aa:04:4e:ec:97:6e:28:26:0e:c1:26:83:99:
         e1:5b:30:4d:be:12:d6:4d:00:00:42:e0:01:41:ea:d8:ce:93:
         78:9f:d7:f0:72:df:0f:52:28:f3:22:ee:70:23:00:ad:17:f5:
         82:44:c5:e0:d6:22:08:af:7c:0f:76:0c:d9:7f:66:d9:86:3e:
         d5:4b:ec:b2:7e:88:23:e1:23:11:c7:af:f8:f8:e6:9f:ea:01:
         ad:e4:03:b1:21:b5:66:9f:7d:5a:b2:f6:ab:cd:27:b5:ea:72:
         29:e3:8d:5a:be:0a:b4:6d:8c:fe:e8:3c:9a:9f:a0:95:cb:a5:
         cd:4e:8f:2b:71:e4:ce:14:58:d9:6d:d1:33:95:07:9c:9b:3f:
         9b:a8:6b:fa
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIDDT+1MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDJl
OTZjZTFjMzZjMDkzNDYzNWZkM2UyNjFhZWNkOGU5Y2I5NjE0NzkwHhcNMjEwMzI0
MTQzNzE1WhcNMjYwMzI0MTQzNzE1WjAzMTEwLwYDVQQDEygyZDcxYjAzNmZjMjFk
MzUxOGE1NDQ0NzM0N2IzZGMxNzBhMjc1Y2FhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAksQ4JRiUPNuhCTMY3w3qxJMDyoPuMe377sCcrLhMzhlPOYBe
uuhcyZO7lteGvHTuQZFKfDRtEwOMQFcqgHFoQ7dLZFtf4LXjQ+dbHi2tUfoUPoW/
Ykhw3etchtY2TuGQT+mBgIs5xXrH2jXsqD8ibvJQ3gMFlCKhoHrDgtur0f0yVaJu
4WYQyHAZYz8Bp5BQC47oQCD6h0vznj542Ssvbo2+dvKf4boPpmy+cY+UGNrFZBjY
3ZZg2a/OAm6pInCJ68Wm3xeaYQl/lwgVp8cdtHXYm7x4SXiyUj+x5vH4D8PwQNXe
DpWDpsfSSCZ8REc5hqfVB5ZsK7rvbICZoo8A1QIDAQABo4ICbDCCAmgwHQYDVR0O
BBYEFJljBSsFdxQQJcf640nnmC0wb7DxMB8GA1UdIwQYMBaAFJmb/3cOHnMClqA5
EpDaMkcRF03zMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMmU5NmNl
MWMzNmMwOTM0NjM1ZmQzZTI2MWFlY2Q4ZTljYjk2MTQ3OS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvMjMxNjQxNDUtMGRkYi00NzFiLWE5M2ItYjhhMzE5
NDUxNDJjLzJkNzFiMDM2ZmMyMWQzNTE4YTU0NDQ3MzQ3YjNkYzE3MGEyNzVjYWEu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy8yMzE2NDE0NS0wZGRiLTQ3MWItYTkzYi1iOGEz
MTk0NTE0MmMvMmU5NmNlMWMzNmMwOTM0NjM1ZmQzZTI2MWFlY2Q4ZTljYjk2MTQ3
OS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAMghVTAPBAIAAjAJAwcAKAEAHyAAMA0GCSqGSIb3DQEBCwUA
A4IBAQCiFfOTNya60anEDTDx4SVrqpxBPyJTu0W7XQO9+nX5dFG4jWt8xhMBMfc+
TmWMO4B1q2txOQDeUYejSsLM0/PiifY4RWp3jGjLMCme8XHxGFJ6VL1T/KUnurbJ
FiUdEOXGGcVviOpJWCK8Lqd3HZ4d3aoETuyXbigmDsEmg5nhWzBNvhLWTQAAQuAB
QerYzpN4n9fwct8PUijzIu5wIwCtF/WCRMXg1iIIr3wPdgzZf2bZhj7VS+yyfogj
4SMRx6/4+Oaf6gGt5AOxIbVmn31asvarzSe16nIp441avgq0bYz+6Dyan6CVy6XN
To8rceTOFFjZbdEzlQecmz+bqGv6
-----END CERTIFICATE-----
Generated at Tue Feb 27 21:52:48 2024 by rpki-client on console-fra.rpki-client.org