Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/342AB48DF24F4D85DAA49BDAB77609E5DB5B37712CFD9DE7A5CE9F98076010F2/0/3133382e3131372e3132392e302f32342d3234203d3e203532333939.roa
File:                     3133382e3131372e3132392e302f32342d3234203d3e203532333939.roa (raw, json)
Hash identifier:          UGbEuJCSuNVxuP4prZyrKIhjBfbBL7xkb1oWWGG6u5k=
Subject key identifier:   11:E9:1E:6D:B5:1A:16:E2:F2:7F:56:F4:B9:F8:38:44:C3:E7:58:0E
Certificate issuer:       /CN=C2B7A28859947C52A387BB628764F91AAA1D05B9
Certificate serial:       7356C2E978E59F415FEC0B3330E48E08AACE54FD
Authority key identifier: C2:B7:A2:88:59:94:7C:52:A3:87:BB:62:87:64:F9:1A:AA:1D:05:B9
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/C2B7A28859947C52A387BB628764F91AAA1D05B9.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/342AB48DF24F4D85DAA49BDAB77609E5DB5B37712CFD9DE7A5CE9F98076010F2/0/3133382e3131372e3132392e302f32342d3234203d3e203532333939.roa
Signing time:             Tue 04 Feb 2025 18:36:02 +0000
ROA not before:           Tue 04 Feb 2025 18:31:02 +0000
ROA not after:            Tue 03 Feb 2026 18:36:02 +0000
asID:                     52399
IP address blocks:        138.117.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/342AB48DF24F4D85DAA49BDAB77609E5DB5B37712CFD9DE7A5CE9F98076010F2/0/C2B7A28859947C52A387BB628764F91AAA1D05B9.crl
                          rsync://repository.lacnic.net/rpki/lacnic/342AB48DF24F4D85DAA49BDAB77609E5DB5B37712CFD9DE7A5CE9F98076010F2/0/C2B7A28859947C52A387BB628764F91AAA1D05B9.mft
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/C2B7A28859947C52A387BB628764F91AAA1D05B9.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/BCC0665ECF8A97B83E398268D92A255BAE661816.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Mon 10 Feb 2025 14:38:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:56:c2:e9:78:e5:9f:41:5f:ec:0b:33:30:e4:8e:08:aa:ce:54:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C2B7A28859947C52A387BB628764F91AAA1D05B9
        Validity
            Not Before: Feb  4 18:31:02 2025 GMT
            Not After : Feb  3 18:36:02 2026 GMT
        Subject: CN=11E91E6DB51A16E2F27F56F4B9F83844C3E7580E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:70:d8:e6:0c:af:86:94:6a:31:ed:0c:95:bc:
                    7a:47:97:9b:f0:42:4b:7b:e2:10:b8:3f:97:68:f6:
                    99:e9:02:55:b8:a8:d2:ee:4e:bf:cb:a1:7b:f6:37:
                    59:b3:95:fd:f1:a5:f5:0d:fb:96:a3:6e:b1:d8:eb:
                    d7:75:cc:75:b9:53:e1:2b:6f:91:cb:5b:1e:84:a0:
                    5a:ff:f4:71:bd:e3:51:bb:51:61:73:6d:d2:3f:e7:
                    aa:4a:b5:3f:b6:40:85:50:78:6c:d0:66:54:56:f2:
                    71:c0:6c:4e:1b:ca:59:59:46:e8:9b:b8:4a:d4:5e:
                    e4:bd:73:d2:ac:ab:e8:5d:bc:6c:d3:b9:23:de:95:
                    18:ec:bd:d3:f1:8f:74:e8:9e:68:14:dc:75:59:eb:
                    6f:c5:ad:22:d6:b3:9e:eb:4e:e5:91:2e:0c:c4:57:
                    5d:6f:98:04:f9:c8:ea:7c:6e:13:69:40:72:9a:d9:
                    6b:82:92:ef:2f:cd:99:e7:25:25:51:e9:a7:ac:05:
                    6a:88:e5:23:e7:49:55:49:ff:29:8a:3d:43:64:02:
                    1b:97:fb:92:0d:4a:6a:6f:ed:2f:34:ef:a3:38:3a:
                    68:63:47:50:cf:bd:47:f5:e8:18:5e:af:4b:01:ce:
                    5d:a8:dd:7e:af:9f:69:56:98:e5:d7:96:cd:65:1e:
                    cd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:E9:1E:6D:B5:1A:16:E2:F2:7F:56:F4:B9:F8:38:44:C3:E7:58:0E
            X509v3 Authority Key Identifier:
                keyid:C2:B7:A2:88:59:94:7C:52:A3:87:BB:62:87:64:F9:1A:AA:1D:05:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/342AB48DF24F4D85DAA49BDAB77609E5DB5B37712CFD9DE7A5CE9F98076010F2/0/C2B7A28859947C52A387BB628764F91AAA1D05B9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/C2B7A28859947C52A387BB628764F91AAA1D05B9.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/342AB48DF24F4D85DAA49BDAB77609E5DB5B37712CFD9DE7A5CE9F98076010F2/0/3133382e3131372e3132392e302f32342d3234203d3e203532333939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.117.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:69:56:73:70:4a:40:81:85:33:36:53:63:a9:00:48:64:49:
         af:7e:e4:ba:75:fc:43:fb:1a:c1:c3:fe:12:d0:f2:af:98:33:
         a6:34:83:89:2a:08:e1:86:a3:0e:c0:17:88:1a:f3:9a:01:1c:
         0b:82:87:c1:3a:ce:4b:84:6d:e6:f9:9a:e8:2a:5f:7c:10:2e:
         fe:f9:aa:33:13:f7:c3:d4:1d:af:b3:60:7f:b8:6b:63:37:3d:
         b3:21:aa:75:06:bc:54:92:4d:36:73:82:ab:06:c0:4f:6e:0c:
         68:fc:88:7c:b0:2e:50:41:1e:28:a6:92:25:90:8c:98:8b:cc:
         f7:da:a3:65:03:c1:20:bc:01:b0:87:89:ef:fe:6a:df:c8:7e:
         d3:1a:81:75:7e:4b:ff:26:d9:50:a1:c4:e1:87:3c:87:4b:46:
         f2:83:0b:06:b9:41:4b:9f:de:7c:4e:f6:37:22:07:b9:c9:d1:
         f9:34:71:1f:3c:5c:c0:1c:59:42:63:dc:70:13:78:fd:ad:6b:
         b2:8c:2b:6e:cd:a8:5a:80:48:29:14:90:d1:42:e7:b1:e9:8b:
         cb:60:e4:76:59:89:80:fb:8b:b0:79:60:28:66:c3:2b:07:c9:
         73:b0:d0:03:d3:6f:19:d9:0f:f0:b4:af:e7:1b:da:2c:0f:9f:
         b1:f5:ce:b0
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUc1bC6Xjln0Ff7AszMOSOCKrOVP0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzJCN0EyODg1OTk0N0M1MkEzODdCQjYyODc2NEY5MUFB
QTFEMDVCOTAeFw0yNTAyMDQxODMxMDJaFw0yNjAyMDMxODM2MDJaMDMxMTAvBgNV
BAMTKDExRTkxRTZEQjUxQTE2RTJGMjdGNTZGNEI5RjgzODQ0QzNFNzU4MEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjcNjmDK+GlGox7QyVvHpHl5vw
Qkt74hC4P5do9pnpAlW4qNLuTr/LoXv2N1mzlf3xpfUN+5ajbrHY69d1zHW5U+Er
b5HLWx6EoFr/9HG941G7UWFzbdI/56pKtT+2QIVQeGzQZlRW8nHAbE4byllZRuib
uErUXuS9c9Ksq+hdvGzTuSPelRjsvdPxj3TonmgU3HVZ62/FrSLWs57rTuWRLgzE
V11vmAT5yOp8bhNpQHKa2WuCku8vzZnnJSVR6aesBWqI5SPnSVVJ/ymKPUNkAhuX
+5INSmpv7S8076M4OmhjR1DPvUf16Bher0sBzl2o3X6vn2lWmOXXls1lHs2DAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUEekebbUaFuLyf1b0ufg4RMPnWA4wHwYDVR0j
BBgwFoAUwreiiFmUfFKjh7tih2T5GqodBbkwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zNDJBQjQ4REYyNEY0RDg1REFBNDlCREFCNzc2MDlFNURC
NUIzNzcxMkNGRDlERTdBNUNFOUY5ODA3NjAxMEYyLzAvQzJCN0EyODg1OTk0N0M1
MkEzODdCQjYyODc2NEY5MUFBQTFEMDVCOS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9DMkI3QTI4ODU5OTQ3QzUyQTM4
N0JCNjI4NzY0RjkxQUFBMUQwNUI5LmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMzQyQUI0OERGMjRGNEQ4NURBQTQ5QkRBQjc3NjA5RTVEQjVCMzc3MTJD
RkQ5REU3QTVDRTlGOTgwNzYwMTBGMi8wLzMxMzMzODJlMzEzMTM3MmUzMTMyMzky
ZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNTMyMzMzOTM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAinWB
MA0GCSqGSIb3DQEBCwUAA4IBAQCdaVZzcEpAgYUzNlNjqQBIZEmvfuS6dfxD+xrB
w/4S0PKvmDOmNIOJKgjhhqMOwBeIGvOaARwLgofBOs5LhG3m+ZroKl98EC7++aoz
E/fD1B2vs2B/uGtjNz2zIap1BrxUkk02c4KrBsBPbgxo/Ih8sC5QQR4oppIlkIyY
i8z32qNlA8EgvAGwh4nv/mrfyH7TGoF1fkv/JtlQocThhzyHS0bygwsGuUFLn958
TvY3Ige5ydH5NHEfPFzAHFlCY9xwE3j9rWuyjCtuzahagEgpFJDRQuex6YvLYOR2
WYmA+4uweWAoZsMrB8lzsNAD028Z2Q/wtK/nG9osD5+x9c6w
-----END CERTIFICATE-----
Generated at Sun Feb 9 13:37:36 2025 by rpki-client