Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/3bebcfa8-49bf-4460-94a2-977e59ab6849/cb91baa7d564443b9fc8ae7e2810795de1e164ca.roa
File:                     cb91baa7d564443b9fc8ae7e2810795de1e164ca.roa (raw, json)
Hash identifier:          tWBfwTlQN1N3VEB/MIE7fWSiupvXJpwvDbmtm8xaC7o=
Subject key identifier:   D9:26:7D:A7:1A:41:63:AD:E3:A2:76:64:DF:D3:10:DC:8E:C3:15:65
Certificate issuer:       /CN=bcae9c743eec0954d88147787d8e521760114b89
Certificate serial:       09D0E6
Authority key identifier: F8:EA:89:3C:CE:8D:25:CF:80:FD:09:5C:AC:C8:87:F1:C8:17:A8:8D
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bcae9c743eec0954d88147787d8e521760114b89.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/3bebcfa8-49bf-4460-94a2-977e59ab6849/cb91baa7d564443b9fc8ae7e2810795de1e164ca.roa
Signing time:             Wed 18 Aug 2021 14:31:57 +0000
ROA not before:           Wed 18 Aug 2021 14:31:57 +0000
ROA not after:            Tue 18 Aug 2026 14:31:57 +0000
asID:                     270026
IP address blocks:        189.127.166.0/23 maxlen: 24
                          2803:f9e0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/3bebcfa8-49bf-4460-94a2-977e59ab6849/bcae9c743eec0954d88147787d8e521760114b89.crl
                          rsync://repository.lacnic.net/rpki/lacnic/3bebcfa8-49bf-4460-94a2-977e59ab6849/bcae9c743eec0954d88147787d8e521760114b89.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bcae9c743eec0954d88147787d8e521760114b89.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sun 31 Mar 2024 19:38:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 643302 (0x9d0e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcae9c743eec0954d88147787d8e521760114b89
        Validity
            Not Before: Aug 18 14:31:57 2021 GMT
            Not After : Aug 18 14:31:57 2026 GMT
        Subject: CN=cb91baa7d564443b9fc8ae7e2810795de1e164ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:41:3d:7d:03:aa:b3:bb:70:d4:9a:11:6d:0b:
                    ca:0f:88:01:74:8e:c0:bf:c9:01:c4:8e:51:5a:19:
                    1d:10:83:bb:a1:a6:f4:a5:ef:78:64:61:6f:45:55:
                    7d:0d:22:c1:ad:11:2e:f6:b8:6e:e5:ab:ee:6f:75:
                    73:ab:80:f8:c0:2b:df:82:7e:3a:8b:b8:f0:5d:46:
                    61:60:ee:d7:af:1a:54:a7:5e:02:74:4a:6d:31:68:
                    ad:a7:e7:8d:9b:7a:a5:3c:cd:68:a7:78:8d:de:c6:
                    4a:56:f0:56:e1:99:4c:c4:4d:05:20:48:e9:92:56:
                    b2:73:c2:ee:f7:ed:de:56:c9:a7:de:ce:85:24:c8:
                    ed:7b:32:65:48:48:96:20:62:05:8d:6e:78:5b:36:
                    e0:73:58:8e:c0:08:0b:cf:b3:93:3c:2d:f5:fd:c6:
                    2c:7d:d8:c4:52:a3:0d:19:2b:4c:d3:da:9f:a0:e2:
                    da:31:c7:a6:b3:a5:a6:47:ab:8e:88:03:33:8e:d5:
                    06:e7:b3:f3:92:c0:28:39:b2:09:05:c7:7a:60:01:
                    c8:1e:3f:77:e1:96:ed:12:75:ab:2f:00:0c:2c:c9:
                    8e:86:f2:f8:cf:65:92:b3:98:e5:17:42:c6:9b:80:
                    03:58:0b:cb:d9:d5:96:0f:9d:0e:56:37:b5:64:9f:
                    fb:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:26:7D:A7:1A:41:63:AD:E3:A2:76:64:DF:D3:10:DC:8E:C3:15:65
            X509v3 Authority Key Identifier:
                keyid:F8:EA:89:3C:CE:8D:25:CF:80:FD:09:5C:AC:C8:87:F1:C8:17:A8:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bcae9c743eec0954d88147787d8e521760114b89.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/3bebcfa8-49bf-4460-94a2-977e59ab6849/cb91baa7d564443b9fc8ae7e2810795de1e164ca.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/3bebcfa8-49bf-4460-94a2-977e59ab6849/bcae9c743eec0954d88147787d8e521760114b89.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.127.166.0/23
                IPv6:
                  2803:f9e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:8e:ae:23:00:ef:b5:c2:60:89:ba:5a:0f:ed:c6:79:c0:bc:
         0b:a6:b6:03:52:40:c1:2a:3b:77:a2:76:0e:58:63:c4:a4:00:
         7c:08:c8:1c:a4:7b:f3:cb:55:9f:a2:98:ff:01:c7:1e:2d:e7:
         d6:42:c8:9b:a6:ac:40:56:4a:f3:ec:b2:02:cd:39:30:81:5f:
         8f:0d:13:61:5b:ad:90:82:f5:d6:92:d1:26:34:70:30:70:5e:
         55:ff:d2:4c:9e:27:4d:56:eb:d7:89:3b:dc:e6:1f:8d:b3:fc:
         b4:d7:b9:6c:db:ff:6b:a1:a2:9e:e8:89:b0:94:8a:ad:91:53:
         fb:fd:b1:5e:c6:17:e0:a7:3a:ee:11:85:98:1f:b0:64:6a:5c:
         b6:68:7a:98:17:dd:a2:cc:c0:8c:1d:4c:38:a9:44:3c:78:c1:
         2a:6c:59:50:2c:ec:d5:e5:ef:3f:6f:d8:c5:10:ca:49:31:f6:
         f0:6b:0b:6d:68:b2:89:5f:3b:30:fd:cb:a5:24:62:06:30:fc:
         8a:f2:7e:02:c9:1d:b3:1d:df:df:03:1b:c2:c4:51:ed:d0:b3:
         fc:e0:b6:7d:a9:66:64:eb:46:cc:94:fd:55:6b:7f:8e:91:f3:
         0b:f8:42:4a:1a:72:e8:05:12:de:ec:c6:f8:0a:c2:95:5c:71:
         14:50:b3:e9
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIDCdDmMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGJj
YWU5Yzc0M2VlYzA5NTRkODgxNDc3ODdkOGU1MjE3NjAxMTRiODkwHhcNMjEwODE4
MTQzMTU3WhcNMjYwODE4MTQzMTU3WjAzMTEwLwYDVQQDEyhjYjkxYmFhN2Q1NjQ0
NDNiOWZjOGFlN2UyODEwNzk1ZGUxZTE2NGNhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqkE9fQOqs7tw1JoRbQvKD4gBdI7Av8kBxI5RWhkdEIO7oab0
pe94ZGFvRVV9DSLBrREu9rhu5avub3Vzq4D4wCvfgn46i7jwXUZhYO7XrxpUp14C
dEptMWitp+eNm3qlPM1op3iN3sZKVvBW4ZlMxE0FIEjpklayc8Lu9+3eVsmn3s6F
JMjtezJlSEiWIGIFjW54Wzbgc1iOwAgLz7OTPC31/cYsfdjEUqMNGStM09qfoOLa
Mcems6WmR6uOiAMzjtUG57PzksAoObIJBcd6YAHIHj934ZbtEnWrLwAMLMmOhvL4
z2WSs5jlF0LGm4ADWAvL2dWWD50OVje1ZJ/71QIDAQABo4ICajCCAmYwHQYDVR0O
BBYEFNkmfacaQWOt46J2ZN/TENyOwxVlMB8GA1UdIwQYMBaAFPjqiTzOjSXPgP0J
XKzIh/HIF6iNMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYmNhZTlj
NzQzZWVjMDk1NGQ4ODE0Nzc4N2Q4ZTUyMTc2MDExNGI4OS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvM2JlYmNmYTgtNDliZi00NDYwLTk0YTItOTc3ZTU5
YWI2ODQ5L2NiOTFiYWE3ZDU2NDQ0M2I5ZmM4YWU3ZTI4MTA3OTVkZTFlMTY0Y2Eu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy8zYmViY2ZhOC00OWJmLTQ0NjAtOTRhMi05Nzdl
NTlhYjY4NDkvYmNhZTljNzQzZWVjMDk1NGQ4ODE0Nzc4N2Q4ZTUyMTc2MDExNGI4
OS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAb1/pjANBAIAAjAHAwUAKAP54DANBgkqhkiG9w0BAQsFAAOC
AQEAoI6uIwDvtcJgibpaD+3GecC8C6a2A1JAwSo7d6J2DlhjxKQAfAjIHKR788tV
n6KY/wHHHi3n1kLIm6asQFZK8+yyAs05MIFfjw0TYVutkIL11pLRJjRwMHBeVf/S
TJ4nTVbr14k73OYfjbP8tNe5bNv/a6GinuiJsJSKrZFT+/2xXsYX4Kc67hGFmB+w
ZGpctmh6mBfdoszAjB1MOKlEPHjBKmxZUCzs1eXvP2/YxRDKSTH28GsLbWiyiV87
MP3LpSRiBjD8ivJ+Askdsx3f3wMbwsRR7dCz/OC2falmZOtGzJT9VWt/jpHzC/hC
Shpy6AUS3uzG+ArClVxxFFCz6Q==
-----END CERTIFICATE-----
Generated at Fri Mar 29 03:42:36 2024 by rpki-client on console-fra.rpki-client.org