Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/4dc2c07a-8c7e-47c7-ae90-ccd71487ce10/9a485218fe5d90483e3626c54aef8db54eb9672d.roa
File:                     9a485218fe5d90483e3626c54aef8db54eb9672d.roa (raw, json)
Hash identifier:          LBE1uVm1XNDFylQU6xmoJkXb+5LW1eIOgttL6YohySE=
Subject key identifier:   72:15:CD:76:8C:73:B0:4E:B3:DD:5D:78:0E:E6:2E:61:2E:76:B6:D0
Certificate issuer:       /CN=aae8cbe9904f103232c002483204f9f2ae04d026
Certificate serial:       11456D
Authority key identifier: 9E:21:FA:B8:72:9D:E9:86:5D:D4:D6:5F:DF:3F:B0:D3:CD:37:19:34
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/aae8cbe9904f103232c002483204f9f2ae04d026.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/4dc2c07a-8c7e-47c7-ae90-ccd71487ce10/9a485218fe5d90483e3626c54aef8db54eb9672d.roa
Signing time:             Fri 13 Aug 2021 15:00:34 +0000
ROA not before:           Fri 13 Aug 2021 15:00:21 +0000
ROA not after:            Thu 13 Aug 2026 15:00:21 +0000
asID:                     28006
IP address blocks:        200.125.136.0/23 maxlen: 24
                          200.125.138.0/23 maxlen: 23
                          200.125.133.0/24 maxlen: 24
                          200.125.134.0/24 maxlen: 24
                          200.125.140.0/24 maxlen: 24
                          200.125.142.0/24 maxlen: 24
                          200.125.144.0/24 maxlen: 24
                          200.125.145.0/24 maxlen: 24
                          200.125.147.0/24 maxlen: 24
                          200.125.149.0/24 maxlen: 24
                          200.125.150.0/24 maxlen: 24
                          200.125.151.0/24 maxlen: 24
                          200.125.152.0/24 maxlen: 24
                          200.125.153.0/24 maxlen: 24
                          200.125.154.0/24 maxlen: 24
                          200.125.155.0/24 maxlen: 24
                          200.125.157.0/24 maxlen: 24
                          200.125.158.0/24 maxlen: 24
                          200.125.159.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1131885 (0x11456d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aae8cbe9904f103232c002483204f9f2ae04d026
        Validity
            Not Before: Aug 13 15:00:21 2021 GMT
            Not After : Aug 13 15:00:21 2026 GMT
        Subject: CN=9a485218fe5d90483e3626c54aef8db54eb9672d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:19:cd:84:83:2c:df:fa:a5:60:d7:91:7f:7d:
                    67:b2:3b:d3:3e:03:fd:60:9b:e7:ae:0d:d2:77:5b:
                    52:10:69:38:ba:97:ff:86:eb:27:54:af:5e:80:77:
                    91:d2:66:99:8f:84:43:6a:e4:04:ee:2f:33:e1:50:
                    c7:d2:ed:d9:e3:59:0e:8c:5b:c2:94:b0:20:05:a5:
                    29:6b:b2:68:7b:38:74:19:b0:d6:1f:bc:94:bd:11:
                    77:e4:9b:0d:67:18:e3:32:31:38:a4:a0:39:f6:ee:
                    66:61:da:af:a3:da:0a:96:b9:6b:12:64:cb:8d:dd:
                    62:f2:92:8d:a1:26:75:20:bf:dc:ea:ea:59:9a:80:
                    c2:de:8c:6b:06:cc:1f:50:43:31:af:d8:03:cc:42:
                    d2:8d:4e:d2:df:8c:02:d5:d5:f0:6a:83:2e:e4:f8:
                    77:c6:0c:cf:fe:8d:22:0a:f7:d9:a5:5b:04:17:5e:
                    88:86:5a:34:7a:87:90:9c:f1:5a:61:d8:39:2a:0b:
                    d6:67:53:3c:e9:19:6f:fa:a4:60:f0:31:7c:b1:00:
                    69:4b:de:d1:96:c8:a6:d9:c8:75:b8:1e:bf:4d:72:
                    81:0a:a7:5e:4c:b0:21:ee:96:bf:7d:cc:f0:69:b7:
                    8d:a5:ff:bd:e9:7b:f2:85:8c:51:c0:4a:3b:a7:e0:
                    b4:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:15:CD:76:8C:73:B0:4E:B3:DD:5D:78:0E:E6:2E:61:2E:76:B6:D0
            X509v3 Authority Key Identifier:
                keyid:9E:21:FA:B8:72:9D:E9:86:5D:D4:D6:5F:DF:3F:B0:D3:CD:37:19:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/aae8cbe9904f103232c002483204f9f2ae04d026.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/4dc2c07a-8c7e-47c7-ae90-ccd71487ce10/9a485218fe5d90483e3626c54aef8db54eb9672d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/4dc2c07a-8c7e-47c7-ae90-ccd71487ce10/aae8cbe9904f103232c002483204f9f2ae04d026.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.125.133.0-200.125.134.255
                  200.125.136.0-200.125.140.255
                  200.125.142.0/24
                  200.125.144.0/23
                  200.125.147.0/24
                  200.125.149.0-200.125.155.255
                  200.125.157.0-200.125.159.255

    Signature Algorithm: sha256WithRSAEncryption
         7f:83:03:af:92:0f:2e:94:95:d1:b8:25:c6:18:e2:ed:76:79:
         b7:25:8d:4c:91:2b:d4:b8:58:1f:65:ba:76:9f:c7:bf:ce:02:
         4f:58:a8:79:f1:94:0a:6d:0e:9f:88:87:1b:8b:71:4a:ca:6b:
         f7:af:5a:a1:ed:27:aa:b4:47:dc:9e:c8:c1:91:f3:97:d9:7d:
         f7:13:d7:44:1d:45:1f:d6:f5:08:8b:b1:e9:05:cb:cf:b5:d0:
         df:eb:37:9c:ca:15:c9:2f:c3:83:2c:df:5e:7d:72:bc:d3:c3:
         90:af:fe:72:a4:37:50:34:a6:39:19:e6:a4:96:a4:9e:b5:14:
         03:93:99:7b:5e:82:70:75:9e:be:2d:55:f5:93:46:42:3b:17:
         80:62:ba:33:95:a1:c2:db:27:57:c2:28:3b:86:6c:46:95:04:
         42:e7:a6:81:d8:e3:f8:3a:12:b3:63:56:c3:f5:3b:a7:02:c9:
         30:31:bf:94:6d:ea:8c:92:d9:ba:85:f0:73:f3:61:cf:b3:02:
         4a:2f:ae:78:70:d8:75:c0:3b:7e:ec:a4:73:a2:2f:9f:9f:60:
         13:2d:a7:6f:0f:15:ad:29:c1:c2:6d:89:38:8a:2a:a3:c0:52:
         2d:fd:0f:9e:29:12:5b:68:22:b9:cf:3b:f9:27:be:90:42:94:
         f0:bd:59:dd
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgIDEUVtMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGFh
ZThjYmU5OTA0ZjEwMzIzMmMwMDI0ODMyMDRmOWYyYWUwNGQwMjYwHhcNMjEwODEz
MTUwMDIxWhcNMjYwODEzMTUwMDIxWjAzMTEwLwYDVQQDEyg5YTQ4NTIxOGZlNWQ5
MDQ4M2UzNjI2YzU0YWVmOGRiNTRlYjk2NzJkMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAhhnNhIMs3/qlYNeRf31nsjvTPgP9YJvnrg3Sd1tSEGk4upf/
husnVK9egHeR0maZj4RDauQE7i8z4VDH0u3Z41kOjFvClLAgBaUpa7Joezh0GbDW
H7yUvRF35JsNZxjjMjE4pKA59u5mYdqvo9oKlrlrEmTLjd1i8pKNoSZ1IL/c6upZ
moDC3oxrBswfUEMxr9gDzELSjU7S34wC1dXwaoMu5Ph3xgzP/o0iCvfZpVsEF16I
hlo0eoeQnPFaYdg5KgvWZ1M86Rlv+qRg8DF8sQBpS97Rlsim2ch1uB6/TXKBCqde
TLAh7pa/fczwabeNpf+96XvyhYxRwEo7p+C0zwIDAQABo4ICnzCCApswHQYDVR0O
BBYEFHIVzXaMc7BOs91deA7mLmEudrbQMB8GA1UdIwQYMBaAFJ4h+rhynemGXdTW
X98/sNPNNxk0MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYWFlOGNi
ZTk5MDRmMTAzMjMyYzAwMjQ4MzIwNGY5ZjJhZTA0ZDAyNi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNGRjMmMwN2EtOGM3ZS00N2M3LWFlOTAtY2NkNzE0
ODdjZTEwLzlhNDg1MjE4ZmU1ZDkwNDgzZTM2MjZjNTRhZWY4ZGI1NGViOTY3MmQu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy80ZGMyYzA3YS04YzdlLTQ3YzctYWU5MC1jY2Q3
MTQ4N2NlMTAvYWFlOGNiZTk5MDRmMTAzMjMyYzAwMjQ4MzIwNGY5ZjJhZTA0ZDAy
Ni5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBjBggrBgEFBQcBBwEB/wRU
MFIwUAQCAAEwSjAMAwQAyH2FAwQAyH2GMAwDBAPIfYgDBADIfYwDBADIfY4DBAHI
fZADBADIfZMwDAMEAMh9lQMEAsh9mDAMAwQAyH2dAwQFyH2AMA0GCSqGSIb3DQEB
CwUAA4IBAQB/gwOvkg8ulJXRuCXGGOLtdnm3JY1MkSvUuFgfZbp2n8e/zgJPWKh5
8ZQKbQ6fiIcbi3FKymv3r1qh7SeqtEfcnsjBkfOX2X33E9dEHUUf1vUIi7HpBcvP
tdDf6zecyhXJL8ODLN9efXK808OQr/5ypDdQNKY5GeaklqSetRQDk5l7XoJwdZ6+
LVX1k0ZCOxeAYrozlaHC2ydXwig7hmxGlQRC56aB2OP4OhKzY1bD9TunAskwMb+U
beqMktm6hfBz82HPswJKL654cNh1wDt+7KRzoi+fn2ATLadvDxWtKcHCbYk4iiqj
wFIt/Q+eKRJbaCK5zzv5J76QQpTwvVnd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:41 2024 by rpki-client on console-ams.rpki-client.org