Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/40098c8c-7223-4618-b04d-d565dc89dbec/a13f7fb8b4566ff11b0221e301229fcfb711969e.roa
File:                     a13f7fb8b4566ff11b0221e301229fcfb711969e.roa (raw, json)
Hash identifier:          hptKPMlENrlyOXrZaaHzvF/qhz4675yy8zOp2plwimk=
Subject key identifier:   42:9B:C4:1F:61:F1:76:CA:4D:F0:EF:86:59:71:12:BC:21:B2:9F:38
Certificate issuer:       /CN=cbe8f92c5fc5ec893c322ea903d8bd06212c236f
Certificate serial:       12164A
Authority key identifier: FA:1A:F5:12:35:C7:1B:E3:D3:65:03:77:26:E4:FF:07:ED:8E:03:19
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/cbe8f92c5fc5ec893c322ea903d8bd06212c236f.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/40098c8c-7223-4618-b04d-d565dc89dbec/a13f7fb8b4566ff11b0221e301229fcfb711969e.roa
Signing time:             Fri 06 Oct 2023 08:30:00 +0000
ROA not before:           Thu 05 Oct 2023 08:30:00 +0000
ROA not after:            Sat 04 Oct 2025 08:30:00 +0000
asID:                     264697
IP address blocks:        168.232.88.0/22 maxlen: 24
                          2803:5340::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/40098c8c-7223-4618-b04d-d565dc89dbec/cbe8f92c5fc5ec893c322ea903d8bd06212c236f.crl
                          rsync://repository.lacnic.net/rpki/lacnic/40098c8c-7223-4618-b04d-d565dc89dbec/cbe8f92c5fc5ec893c322ea903d8bd06212c236f.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/cbe8f92c5fc5ec893c322ea903d8bd06212c236f.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Mon 26 Feb 2024 16:36:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1185354 (0x12164a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbe8f92c5fc5ec893c322ea903d8bd06212c236f
        Validity
            Not Before: Oct  5 08:30:00 2023 GMT
            Not After : Oct  4 08:30:00 2025 GMT
        Subject: CN=a13f7fb8b4566ff11b0221e301229fcfb711969e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e7:08:0f:2d:4e:01:0e:fe:91:c4:e9:26:de:
                    b2:6b:21:ca:ad:b9:1c:5a:29:45:58:25:01:8f:75:
                    5f:3d:fc:a5:3b:9b:11:c2:a1:05:ad:d8:36:a4:e1:
                    b7:e1:66:20:92:a9:7d:63:59:9f:32:60:9c:a2:80:
                    72:bc:77:bb:c2:6c:8e:4b:9d:0d:7e:64:40:26:4d:
                    63:8a:23:e2:2d:64:f5:1f:63:06:7d:41:ef:14:8b:
                    cc:df:be:f9:ee:80:06:b4:b0:e2:07:d2:02:38:0b:
                    75:81:7e:f9:14:98:d6:55:46:5a:f4:32:e4:9f:7b:
                    14:b3:af:fc:7d:26:86:13:d6:4a:fe:d5:18:ca:86:
                    0a:31:ff:5b:c8:d8:e6:8f:d4:30:6e:cf:2c:5f:3f:
                    f7:ac:fb:4e:d2:84:a9:eb:f3:77:7a:49:e8:51:6a:
                    3f:6b:86:98:5b:db:07:77:80:97:69:22:77:2d:90:
                    a1:02:72:cb:ed:71:a5:38:f6:0b:8f:75:06:a3:76:
                    8c:6f:5a:c1:60:70:be:cd:a8:94:3b:55:13:46:51:
                    19:20:ba:07:b7:d5:83:b4:73:e8:f7:49:92:dc:e8:
                    f4:a5:7c:dd:9e:3b:8e:24:91:75:04:c8:13:17:b0:
                    91:30:ee:43:34:27:46:c0:5e:3f:f0:af:cc:0e:35:
                    4f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:9B:C4:1F:61:F1:76:CA:4D:F0:EF:86:59:71:12:BC:21:B2:9F:38
            X509v3 Authority Key Identifier:
                keyid:FA:1A:F5:12:35:C7:1B:E3:D3:65:03:77:26:E4:FF:07:ED:8E:03:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/cbe8f92c5fc5ec893c322ea903d8bd06212c236f.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/40098c8c-7223-4618-b04d-d565dc89dbec/a13f7fb8b4566ff11b0221e301229fcfb711969e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/40098c8c-7223-4618-b04d-d565dc89dbec/cbe8f92c5fc5ec893c322ea903d8bd06212c236f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.232.88.0/22
                IPv6:
                  2803:5340::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:9a:f1:85:93:44:a2:58:37:df:0a:db:cd:f4:8c:ce:a1:15:
         d3:43:6a:72:d0:10:fc:c7:f6:d0:86:b5:95:f3:d9:d6:21:b8:
         e8:83:0d:d4:18:fe:01:8b:6a:fb:fb:58:15:23:6a:40:ca:20:
         38:7a:f7:b3:a3:b1:b8:cb:1a:a9:b3:4b:bb:17:c5:a5:da:24:
         9d:6d:ed:fa:f8:29:0b:46:85:b5:44:9c:39:a4:ac:3e:cc:68:
         20:1d:ac:f0:74:55:54:09:c5:02:ac:07:fc:37:7c:4e:a6:dc:
         bd:d8:b2:17:50:78:ca:6c:d1:08:a3:cf:0d:66:a1:ee:43:19:
         9e:30:eb:ac:ff:32:6a:ac:3a:12:08:e8:21:1f:4a:42:54:1b:
         38:ce:69:48:9d:2a:36:ad:fa:11:2e:ca:be:06:53:fa:83:00:
         18:e7:e5:5b:54:f9:3d:bc:35:8d:07:49:66:5a:1c:e9:14:43:
         87:64:57:7f:7b:46:09:3b:db:f1:76:e2:41:31:f3:75:b4:58:
         54:19:2c:95:09:36:22:5a:5e:ba:35:8a:7b:2e:95:61:6a:54:
         d9:03:b0:20:d4:90:a4:c7:6b:67:93:3d:05:03:bc:14:6c:d8:
         b3:52:6f:86:ed:ff:eb:dc:2b:63:75:c9:8f:8b:e1:cd:8a:82:
         a1:36:53:b8
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIDEhZKMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNi
ZThmOTJjNWZjNWVjODkzYzMyMmVhOTAzZDhiZDA2MjEyYzIzNmYwHhcNMjMxMDA1
MDgzMDAwWhcNMjUxMDA0MDgzMDAwWjAzMTEwLwYDVQQDEyhhMTNmN2ZiOGI0NTY2
ZmYxMWIwMjIxZTMwMTIyOWZjZmI3MTE5NjllMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAgecIDy1OAQ7+kcTpJt6yayHKrbkcWilFWCUBj3VfPfylO5sR
wqEFrdg2pOG34WYgkql9Y1mfMmCcooByvHe7wmyOS50NfmRAJk1jiiPiLWT1H2MG
fUHvFIvM37757oAGtLDiB9ICOAt1gX75FJjWVUZa9DLkn3sUs6/8fSaGE9ZK/tUY
yoYKMf9byNjmj9Qwbs8sXz/3rPtO0oSp6/N3eknoUWo/a4aYW9sHd4CXaSJ3LZCh
AnLL7XGlOPYLj3UGo3aMb1rBYHC+zaiUO1UTRlEZILoHt9WDtHPo90mS3Oj0pXzd
njuOJJF1BMgTF7CRMO5DNCdGwF4/8K/MDjVP6wIDAQABo4ICajCCAmYwHQYDVR0O
BBYEFEKbxB9h8XbKTfDvhllxErwhsp84MB8GA1UdIwQYMBaAFPoa9RI1xxvj02UD
dybk/wftjgMZMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvY2JlOGY5
MmM1ZmM1ZWM4OTNjMzIyZWE5MDNkOGJkMDYyMTJjMjM2Zi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNDAwOThjOGMtNzIyMy00NjE4LWIwNGQtZDU2NWRj
ODlkYmVjL2ExM2Y3ZmI4YjQ1NjZmZjExYjAyMjFlMzAxMjI5ZmNmYjcxMTk2OWUu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy80MDA5OGM4Yy03MjIzLTQ2MTgtYjA0ZC1kNTY1
ZGM4OWRiZWMvY2JlOGY5MmM1ZmM1ZWM4OTNjMzIyZWE5MDNkOGJkMDYyMTJjMjM2
Zi5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAqjoWDANBAIAAjAHAwUAKANTQDANBgkqhkiG9w0BAQsFAAOC
AQEATZrxhZNEolg33wrbzfSMzqEV00NqctAQ/Mf20Ia1lfPZ1iG46IMN1Bj+AYtq
+/tYFSNqQMogOHr3s6OxuMsaqbNLuxfFpdoknW3t+vgpC0aFtUScOaSsPsxoIB2s
8HRVVAnFAqwH/Dd8TqbcvdiyF1B4ymzRCKPPDWah7kMZnjDrrP8yaqw6EgjoIR9K
QlQbOM5pSJ0qNq36ES7KvgZT+oMAGOflW1T5Pbw1jQdJZloc6RRDh2RXf3tGCTvb
8XbiQTHzdbRYVBkslQk2IlpeujWKey6VYWpU2QOwINSQpMdrZ5M9BQO8FGzYs1Jv
hu3/69wrY3XJj4vhzYqCoTZTuA==
-----END CERTIFICATE-----
Generated at Fri Feb 23 20:08:13 2024 by rpki-client on console-ams.rpki-client.org