Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/4b152099-c1a1-44f6-9856-7daaeb3fd59e/9ec494bb8fbc57cfea14073560e5c8817788fd56.roa
File:                     9ec494bb8fbc57cfea14073560e5c8817788fd56.roa (raw, json)
Hash identifier:          VxcH06pUqhL+bNOe+SJ0ox+P0vIGYHUU7rILPS1DvOA=
Subject key identifier:   E0:03:F8:08:74:40:C0:9C:5B:A1:CB:B3:B6:0B:F6:9C:64:09:DD:87
Certificate issuer:       /CN=cef9aa9384c1285b595d5d1c9bba5d693217df5c
Certificate serial:       0D71DA
Authority key identifier: D8:5F:CD:C2:99:4C:C0:F3:B5:2F:B3:B0:3E:11:C9:F3:49:0D:83:A0
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/cef9aa9384c1285b595d5d1c9bba5d693217df5c.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/4b152099-c1a1-44f6-9856-7daaeb3fd59e/9ec494bb8fbc57cfea14073560e5c8817788fd56.roa
Signing time:             Wed 24 Mar 2021 14:38:21 +0000
ROA not before:           Wed 24 Mar 2021 14:38:21 +0000
ROA not after:            Tue 24 Mar 2026 14:38:21 +0000
asID:                     264605
IP address blocks:        138.255.248.0/22 maxlen: 24
                          170.245.164.0/22 maxlen: 24
                          170.254.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/4b152099-c1a1-44f6-9856-7daaeb3fd59e/cef9aa9384c1285b595d5d1c9bba5d693217df5c.crl
                          rsync://repository.lacnic.net/rpki/lacnic/4b152099-c1a1-44f6-9856-7daaeb3fd59e/cef9aa9384c1285b595d5d1c9bba5d693217df5c.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/cef9aa9384c1285b595d5d1c9bba5d693217df5c.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sun 31 Mar 2024 19:38:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 881114 (0xd71da)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cef9aa9384c1285b595d5d1c9bba5d693217df5c
        Validity
            Not Before: Mar 24 14:38:21 2021 GMT
            Not After : Mar 24 14:38:21 2026 GMT
        Subject: CN=9ec494bb8fbc57cfea14073560e5c8817788fd56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d3:8f:8c:6c:4a:c8:46:f7:e2:03:84:ba:1e:
                    9d:db:ee:99:33:cf:37:7e:25:3f:52:f9:81:4f:39:
                    70:f5:b9:83:26:9f:57:e1:cb:ad:ed:31:0e:1e:c7:
                    78:55:e8:2d:f8:78:a6:75:ce:35:a8:2e:41:81:ed:
                    5c:e4:3e:9d:d2:41:bf:b5:22:17:a5:f8:ce:96:1a:
                    9e:33:18:e1:bd:8e:93:68:e8:4a:68:0f:53:5c:bb:
                    0a:93:9c:89:e8:35:1b:34:df:69:d3:8d:4d:b6:18:
                    64:66:51:b6:19:36:6c:49:87:56:7e:aa:f7:ed:36:
                    64:cb:26:3f:a4:1a:27:88:69:45:13:13:15:4b:6c:
                    d6:52:64:b4:6b:69:e2:51:5e:62:65:32:fd:57:6b:
                    b8:e9:79:aa:23:58:89:fa:35:50:0a:00:1f:5c:e2:
                    8b:d8:b9:81:76:2d:56:9e:8f:6d:13:fa:e1:2a:2e:
                    4a:5b:d8:5f:5e:1c:c2:97:c3:90:b1:93:70:ed:4e:
                    46:1c:48:ba:84:e5:66:d1:a6:97:c9:65:9f:de:b9:
                    ea:c0:6d:69:68:73:df:e0:31:e0:15:2f:49:9f:80:
                    1c:21:69:b3:12:86:8f:fe:28:fc:12:60:27:15:01:
                    2c:18:63:7f:79:79:17:3c:b5:21:ce:da:ba:62:3b:
                    de:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:03:F8:08:74:40:C0:9C:5B:A1:CB:B3:B6:0B:F6:9C:64:09:DD:87
            X509v3 Authority Key Identifier:
                keyid:D8:5F:CD:C2:99:4C:C0:F3:B5:2F:B3:B0:3E:11:C9:F3:49:0D:83:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/cef9aa9384c1285b595d5d1c9bba5d693217df5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/4b152099-c1a1-44f6-9856-7daaeb3fd59e/9ec494bb8fbc57cfea14073560e5c8817788fd56.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/4b152099-c1a1-44f6-9856-7daaeb3fd59e/cef9aa9384c1285b595d5d1c9bba5d693217df5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.255.248.0/22
                  170.245.164.0/22
                  170.254.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         22:b9:ad:27:a0:b5:bf:4d:4d:10:7a:c9:ec:7e:7d:5b:08:4d:
         75:08:02:d8:9e:0c:72:e2:4c:a8:a3:eb:5f:4c:6d:01:13:0c:
         c5:a2:c8:c9:96:01:53:01:38:5d:11:12:10:8b:44:58:75:f3:
         fa:b2:20:ce:84:1b:cc:ce:4d:a1:b2:e5:07:6b:3f:8e:ee:b8:
         d7:68:06:d4:66:07:c4:4f:9e:bf:00:6f:6f:d1:c1:e5:77:35:
         ed:cf:b3:37:a7:60:13:db:ec:10:e3:82:ab:c8:0e:f7:17:e8:
         38:e2:1c:ec:49:97:16:89:0b:20:6c:39:d6:db:c3:d4:db:4f:
         93:50:40:f2:d4:e4:c5:de:a1:b8:ed:c4:70:86:13:f4:0c:41:
         94:fb:29:57:ca:48:30:54:5e:71:c9:18:b3:7c:eb:a5:59:da:
         4c:d2:c7:72:2b:03:40:72:3d:1d:d5:48:ae:42:ff:c1:9a:50:
         92:55:b4:62:7f:4c:aa:8a:eb:7e:70:5c:04:39:c4:99:48:09:
         c4:08:5c:8a:18:3e:7a:98:2a:5d:dc:6c:27:79:77:32:fc:6c:
         03:3a:46:42:66:b8:20:64:bf:a0:0d:87:28:38:dc:4c:4b:94:
         14:e8:d3:e5:d3:5c:ec:2a:25:ad:bf:17:2e:b4:f9:73:b6:60:
         39:ef:de:82
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgIDDXHaMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNl
ZjlhYTkzODRjMTI4NWI1OTVkNWQxYzliYmE1ZDY5MzIxN2RmNWMwHhcNMjEwMzI0
MTQzODIxWhcNMjYwMzI0MTQzODIxWjAzMTEwLwYDVQQDEyg5ZWM0OTRiYjhmYmM1
N2NmZWExNDA3MzU2MGU1Yzg4MTc3ODhmZDU2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAh9OPjGxKyEb34gOEuh6d2+6ZM883fiU/UvmBTzlw9bmDJp9X
4cut7TEOHsd4Vegt+Himdc41qC5Bge1c5D6d0kG/tSIXpfjOlhqeMxjhvY6TaOhK
aA9TXLsKk5yJ6DUbNN9p041NthhkZlG2GTZsSYdWfqr37TZkyyY/pBoniGlFExMV
S2zWUmS0a2niUV5iZTL9V2u46XmqI1iJ+jVQCgAfXOKL2LmBdi1Wno9tE/rhKi5K
W9hfXhzCl8OQsZNw7U5GHEi6hOVm0aaXyWWf3rnqwG1paHPf4DHgFS9Jn4AcIWmz
EoaP/ij8EmAnFQEsGGN/eXkXPLUhztq6YjvezQIDAQABo4ICZzCCAmMwHQYDVR0O
BBYEFOAD+Ah0QMCcW6HLs7YL9pxkCd2HMB8GA1UdIwQYMBaAFNhfzcKZTMDztS+z
sD4RyfNJDYOgMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvY2VmOWFh
OTM4NGMxMjg1YjU5NWQ1ZDFjOWJiYTVkNjkzMjE3ZGY1Yy5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNGIxNTIwOTktYzFhMS00NGY2LTk4NTYtN2RhYWVi
M2ZkNTllLzllYzQ5NGJiOGZiYzU3Y2ZlYTE0MDczNTYwZTVjODgxNzc4OGZkNTYu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy80YjE1MjA5OS1jMWExLTQ0ZjYtOTg1Ni03ZGFh
ZWIzZmQ1OWUvY2VmOWFhOTM4NGMxMjg1YjU5NWQ1ZDFjOWJiYTVkNjkzMjE3ZGY1
Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQc
MBowGAQCAAEwEgMEAor/+AMEAqr1pAMEAqr+QDANBgkqhkiG9w0BAQsFAAOCAQEA
IrmtJ6C1v01NEHrJ7H59WwhNdQgC2J4McuJMqKPrX0xtARMMxaLIyZYBUwE4XRES
EItEWHXz+rIgzoQbzM5NobLlB2s/ju6412gG1GYHxE+evwBvb9HB5Xc17c+zN6dg
E9vsEOOCq8gO9xfoOOIc7EmXFokLIGw51tvD1NtPk1BA8tTkxd6huO3EcIYT9AxB
lPspV8pIMFRecckYs3zrpVnaTNLHcisDQHI9HdVIrkL/wZpQklW0Yn9MqorrfnBc
BDnEmUgJxAhcihg+epgqXdxsJ3l3MvxsAzpGQma4IGS/oA2HKDjcTEuUFOjT5dNc
7Colrb8XLrT5c7ZgOe/egg==
-----END CERTIFICATE-----
Generated at Fri Mar 29 02:33:33 2024 by rpki-client on console-fra.rpki-client.org