Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/493fe8dc-9381-4b65-924c-e37d7fc847ad/9409b4992881a16ac2e310bcd09a98182c3b43a4.roa
File:                     9409b4992881a16ac2e310bcd09a98182c3b43a4.roa (raw, json)
Hash identifier:          sitvTqVNJlUUe/a5ZSfFE3IwlIpAHQPJory/JqEj1Es=
Subject key identifier:   FB:E3:A8:54:B5:A3:4A:B9:01:DB:70:42:32:32:8F:F8:A2:07:16:66
Certificate issuer:       /CN=36db2a9dc7f54f37a110e0c2fb87e02babea4634
Certificate serial:       1035C1
Authority key identifier: AD:1E:18:01:5D:B9:7A:96:FA:44:6D:6F:FE:CE:11:50:A8:02:E9:48
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/36db2a9dc7f54f37a110e0c2fb87e02babea4634.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/493fe8dc-9381-4b65-924c-e37d7fc847ad/9409b4992881a16ac2e310bcd09a98182c3b43a4.roa
Signing time:             Wed 18 Jan 2023 03:52:07 +0000
ROA not before:           Tue 17 Jan 2023 03:52:06 +0000
ROA not after:            Tue 18 Jan 2028 03:52:06 +0000
asID:                     28398
IP address blocks:        138.99.148.0/22 maxlen: 22
                          138.99.148.0/24 maxlen: 24
                          138.99.149.0/24 maxlen: 24
                          138.99.150.0/24 maxlen: 24
                          138.99.151.0/24 maxlen: 24
                          2806:206::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/493fe8dc-9381-4b65-924c-e37d7fc847ad/36db2a9dc7f54f37a110e0c2fb87e02babea4634.crl
                          rsync://repository.lacnic.net/rpki/lacnic/493fe8dc-9381-4b65-924c-e37d7fc847ad/36db2a9dc7f54f37a110e0c2fb87e02babea4634.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/36db2a9dc7f54f37a110e0c2fb87e02babea4634.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sat 18 Mar 2023 05:44:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1062337 (0x1035c1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36db2a9dc7f54f37a110e0c2fb87e02babea4634
        Validity
            Not Before: Jan 17 03:52:06 2023 GMT
            Not After : Jan 18 03:52:06 2028 GMT
        Subject: CN=9409b4992881a16ac2e310bcd09a98182c3b43a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2a:e4:34:93:ed:58:ad:1c:3b:f2:23:75:7e:
                    fb:22:1b:51:49:2d:fb:6c:30:be:5a:68:2d:52:14:
                    8e:54:78:7b:95:6e:8e:89:ff:61:86:0b:bb:3b:77:
                    16:8c:65:c7:25:f3:a9:00:37:a5:11:40:b6:17:06:
                    fb:3f:27:ed:b3:ad:ca:1b:dd:08:fa:15:0b:f0:72:
                    f4:20:b1:0f:20:bd:3b:bc:8a:df:52:e9:10:c9:8c:
                    d7:7f:e2:88:0f:b0:2a:de:b4:c6:d3:dc:3d:99:f0:
                    87:4e:c7:b2:30:8d:70:1d:08:fc:df:d5:92:ed:f1:
                    31:44:b5:8f:41:f3:02:48:90:7a:a6:a4:59:b7:fa:
                    d1:67:20:f5:12:36:75:d8:8a:52:6a:6f:46:f6:37:
                    84:c8:b3:12:53:c3:50:80:83:21:fe:37:ff:3b:14:
                    c0:ed:85:9c:a1:b3:4d:9b:b0:cc:b0:16:80:ab:56:
                    19:5c:71:bc:22:b3:28:8f:c0:a5:ee:c6:63:6e:93:
                    1d:56:e5:38:05:63:67:3c:82:87:49:60:d5:b9:01:
                    9a:fd:46:5b:41:5a:19:4f:af:26:2d:b7:20:c5:8d:
                    50:ca:1e:97:09:ea:a2:54:ae:1b:c3:ed:ea:7b:5a:
                    33:84:21:c2:83:71:da:2e:b9:80:bb:68:c3:aa:9d:
                    9c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                FB:E3:A8:54:B5:A3:4A:B9:01:DB:70:42:32:32:8F:F8:A2:07:16:66
            X509v3 Authority Key Identifier: 
                keyid:AD:1E:18:01:5D:B9:7A:96:FA:44:6D:6F:FE:CE:11:50:A8:02:E9:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/36db2a9dc7f54f37a110e0c2fb87e02babea4634.cer

            Subject Information Access: 
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/493fe8dc-9381-4b65-924c-e37d7fc847ad/9409b4992881a16ac2e310bcd09a98182c3b43a4.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/493fe8dc-9381-4b65-924c-e37d7fc847ad/36db2a9dc7f54f37a110e0c2fb87e02babea4634.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.99.148.0/22
                IPv6:
                  2806:206::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:6a:07:1d:e9:71:dc:41:27:75:67:a3:a5:3c:22:dd:d3:19:
         35:9a:b9:e6:8e:1f:0a:83:57:d7:1c:d2:9a:a8:f3:aa:c0:1d:
         bf:12:e4:16:d3:fb:ca:a3:e0:e9:a7:18:7a:d0:0e:bb:5a:b6:
         36:c9:14:ed:73:91:d4:4e:2e:5a:a3:a6:20:3d:13:b1:e7:d3:
         1e:55:45:25:e5:7f:00:c2:6e:31:2a:08:f0:76:03:40:3b:b8:
         61:bf:9d:5a:45:9c:f7:22:09:02:2a:36:05:5e:e0:d3:b8:2f:
         a1:ab:f9:22:df:f6:a8:7d:52:dd:40:6b:59:37:5f:27:ab:2c:
         8a:3d:2f:40:54:f4:fb:7f:05:8e:71:88:30:d0:69:ac:ee:4c:
         48:7d:95:49:4d:51:23:8c:3d:e9:6d:87:34:8f:9c:72:eb:dc:
         b1:1e:39:de:c5:5c:a8:10:e3:c0:c7:a8:c7:cd:ee:71:23:5e:
         8e:80:51:cf:42:af:db:99:3e:58:90:01:18:47:18:44:80:65:
         12:a8:14:96:f4:6a:a2:9b:21:f5:3e:e0:ae:37:e8:24:f8:39:
         f2:ed:7c:13:e7:03:bc:b2:6d:08:72:d7:99:42:6c:6a:bd:04:
         2f:d8:6c:a5:72:c9:fd:35:f0:5d:63:d5:fd:45:21:59:0c:6f:
         a0:42:7d:6a
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIDEDXBMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDM2
ZGIyYTlkYzdmNTRmMzdhMTEwZTBjMmZiODdlMDJiYWJlYTQ2MzQwHhcNMjMwMTE3
MDM1MjA2WhcNMjgwMTE4MDM1MjA2WjAzMTEwLwYDVQQDEyg5NDA5YjQ5OTI4ODFh
MTZhYzJlMzEwYmNkMDlhOTgxODJjM2I0M2E0MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAhirkNJPtWK0cO/IjdX77IhtRSS37bDC+WmgtUhSOVHh7lW6O
if9hhgu7O3cWjGXHJfOpADelEUC2Fwb7Pyfts63KG90I+hUL8HL0ILEPIL07vIrf
UukQyYzXf+KID7Aq3rTG09w9mfCHTseyMI1wHQj839WS7fExRLWPQfMCSJB6pqRZ
t/rRZyD1EjZ12IpSam9G9jeEyLMSU8NQgIMh/jf/OxTA7YWcobNNm7DMsBaAq1YZ
XHG8IrMoj8Cl7sZjbpMdVuU4BWNnPIKHSWDVuQGa/UZbQVoZT68mLbcgxY1Qyh6X
CeqiVK4bw+3qe1ozhCHCg3HaLrmAu2jDqp2cJwIDAQABo4ICajCCAmYwHQYDVR0O
BBYEFPvjqFS1o0q5AdtwQjIyj/iiBxZmMB8GA1UdIwQYMBaAFK0eGAFduXqW+kRt
b/7OEVCoAulIMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMzZkYjJh
OWRjN2Y1NGYzN2ExMTBlMGMyZmI4N2UwMmJhYmVhNDYzNC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNDkzZmU4ZGMtOTM4MS00YjY1LTkyNGMtZTM3ZDdm
Yzg0N2FkLzk0MDliNDk5Mjg4MWExNmFjMmUzMTBiY2QwOWE5ODE4MmMzYjQzYTQu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy80OTNmZThkYy05MzgxLTRiNjUtOTI0Yy1lMzdk
N2ZjODQ3YWQvMzZkYjJhOWRjN2Y1NGYzN2ExMTBlMGMyZmI4N2UwMmJhYmVhNDYz
NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAopjlDANBAIAAjAHAwUAKAYCBjANBgkqhkiG9w0BAQsFAAOC
AQEAgWoHHelx3EEndWejpTwi3dMZNZq55o4fCoNX1xzSmqjzqsAdvxLkFtP7yqPg
6acYetAOu1q2NskU7XOR1E4uWqOmID0TsefTHlVFJeV/AMJuMSoI8HYDQDu4Yb+d
WkWc9yIJAio2BV7g07gvoav5It/2qH1S3UBrWTdfJ6ssij0vQFT0+38FjnGIMNBp
rO5MSH2VSU1RI4w96W2HNI+ccuvcsR453sVcqBDjwMeox83ucSNejoBRz0Kv25k+
WJABGEcYRIBlEqgUlvRqopsh9T7grjfoJPg58u18E+cDvLJtCHLXmUJsar0EL9hs
pXLJ/TXwXWPV/UUhWQxvoEJ9ag==
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:46:27 2023 by rpki-client on console-fra.rpki-client.org