Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/3d0cd2b9386573e6dafa8036dba1292728c33238.roa
File:                     3d0cd2b9386573e6dafa8036dba1292728c33238.roa (raw, json)
Hash identifier:          Z4/e+91ZtsWHwWx0A2l16YV84fwa0lGFtGhRoM8LH+Y=
Subject key identifier:   66:3A:6A:70:1A:83:87:44:1D:C7:DE:EE:AA:23:FB:EC:69:42:BC:F8
Certificate issuer:       /CN=bfbb4d3a6dd5e649a6554c4817ce0ed277429136
Certificate serial:       125A31
Authority key identifier: 76:7F:42:4D:48:34:06:C4:20:E5:DF:19:BE:BE:99:3F:72:5A:F7:B6
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/3d0cd2b9386573e6dafa8036dba1292728c33238.roa
Signing time:             Wed 29 Nov 2023 15:51:44 +0000
ROA not before:           Wed 29 Nov 2023 15:51:44 +0000
ROA not after:            Sat 29 Nov 2025 15:51:44 +0000
asID:                     22927
IP address blocks:        201.254.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.crl
                          rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Thu 18 Apr 2024 06:11:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1202737 (0x125a31)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfbb4d3a6dd5e649a6554c4817ce0ed277429136
        Validity
            Not Before: Nov 29 15:51:44 2023 GMT
            Not After : Nov 29 15:51:44 2025 GMT
        Subject: CN=3d0cd2b9386573e6dafa8036dba1292728c33238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c5:17:a9:85:04:48:36:a2:39:99:37:34:e6:
                    9a:37:97:ae:a1:6d:ff:21:de:e6:a8:72:8f:4b:2d:
                    8d:47:ec:cf:01:6c:a8:a3:b5:26:79:bc:1d:e0:9d:
                    cb:ed:8c:37:56:f8:55:3e:d6:c2:ff:f0:ec:09:60:
                    f9:4f:fc:df:73:52:14:87:69:e3:51:54:86:c2:4b:
                    c1:d9:34:be:6c:45:3c:5f:cc:0d:99:9d:dd:fd:ab:
                    82:f0:1c:f6:98:a4:65:00:1b:5c:8e:8d:95:a1:0f:
                    81:24:e8:f0:64:c3:41:72:b3:bd:4a:c2:25:24:25:
                    f3:30:72:b4:3f:85:23:9d:f5:96:ad:0d:54:06:9f:
                    98:73:62:df:9a:6d:49:98:ad:2f:d6:51:c7:2e:fa:
                    3a:fc:eb:d2:c8:4b:4c:9c:5a:e7:c4:b3:cd:98:22:
                    ae:bb:08:f1:93:87:56:81:f8:af:25:f9:35:bf:b9:
                    b8:16:44:b5:27:c7:3c:9f:d3:93:3d:77:21:38:50:
                    4d:19:54:4f:f4:ae:4d:b3:57:92:9f:e4:42:f4:b5:
                    75:a8:81:78:42:1b:7e:49:8e:c9:ec:4d:e4:d7:f2:
                    68:25:85:30:62:ac:67:22:4b:5e:51:cb:99:91:ae:
                    59:e4:f8:cf:3c:30:c6:c0:db:4c:2a:2d:96:1e:97:
                    a0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:3A:6A:70:1A:83:87:44:1D:C7:DE:EE:AA:23:FB:EC:69:42:BC:F8
            X509v3 Authority Key Identifier:
                keyid:76:7F:42:4D:48:34:06:C4:20:E5:DF:19:BE:BE:99:3F:72:5A:F7:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/3d0cd2b9386573e6dafa8036dba1292728c33238.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.254.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         69:28:19:47:93:40:26:02:ab:05:05:b2:99:5b:3e:16:f4:90:
         0e:c1:c1:38:4f:c3:43:2f:47:4f:a5:f3:89:fc:82:a3:62:ca:
         27:aa:02:4f:91:ae:2c:31:d5:d0:d2:84:15:68:e5:06:cf:74:
         bc:c6:22:e4:51:4b:31:b5:43:40:8e:f7:1d:01:37:e1:73:eb:
         91:4c:80:d0:19:5e:eb:2a:ca:99:fe:0f:86:ff:33:46:9a:60:
         c8:4c:7f:47:81:99:cc:a4:31:91:ab:15:f6:11:ac:62:49:b4:
         d8:7b:ad:6a:73:86:3b:1d:b8:29:14:a3:29:83:8f:a2:28:50:
         df:6d:9d:60:51:87:44:46:35:41:60:07:23:e0:61:d0:d6:74:
         ad:0e:e1:a4:51:b0:53:fe:5b:ea:80:4e:56:74:fa:e5:ba:ef:
         26:dc:3c:c8:0e:b4:c6:9a:aa:bd:0e:95:e5:47:e5:3c:68:3c:
         ba:b1:0b:49:7f:4d:c8:90:a3:d2:a1:b0:28:8d:40:c9:a8:dc:
         04:76:19:6f:9f:0e:02:30:d3:93:ff:7f:e7:11:9b:f9:0b:cb:
         e6:a7:e8:d4:67:21:b6:b3:4b:36:d9:82:a1:74:0d:0d:67:e9:
         bb:3d:6d:46:de:2e:b5:51:be:e6:90:3f:52:b6:11:7d:e8:67:
         1e:70:3a:ba
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgIDEloxMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGJm
YmI0ZDNhNmRkNWU2NDlhNjU1NGM0ODE3Y2UwZWQyNzc0MjkxMzYwHhcNMjMxMTI5
MTU1MTQ0WhcNMjUxMTI5MTU1MTQ0WjAzMTEwLwYDVQQDEygzZDBjZDJiOTM4NjU3
M2U2ZGFmYTgwMzZkYmExMjkyNzI4YzMzMjM4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAjsUXqYUESDaiOZk3NOaaN5euoW3/Id7mqHKPSy2NR+zPAWyo
o7Umebwd4J3L7Yw3VvhVPtbC//DsCWD5T/zfc1IUh2njUVSGwkvB2TS+bEU8X8wN
mZ3d/auC8Bz2mKRlABtcjo2VoQ+BJOjwZMNBcrO9SsIlJCXzMHK0P4UjnfWWrQ1U
Bp+Yc2Lfmm1JmK0v1lHHLvo6/OvSyEtMnFrnxLPNmCKuuwjxk4dWgfivJfk1v7m4
FkS1J8c8n9OTPXchOFBNGVRP9K5Ns1eSn+RC9LV1qIF4Qht+SY7J7E3k1/JoJYUw
YqxnIkteUcuZka5Z5PjPPDDGwNtMKi2WHpegvwIDAQABo4ICWjCCAlYwHQYDVR0O
BBYEFGY6anAag4dEHcfe7qoj++xpQrz4MB8GA1UdIwQYMBaAFHZ/Qk1INAbEIOXf
Gb6+mT9yWve2MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYmZiYjRk
M2E2ZGQ1ZTY0OWE2NTU0YzQ4MTdjZTBlZDI3NzQyOTEzNi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNTM3NWJjZmMtOGI4Ni00NTJlLTg1MGQtODNjZmUz
YjUwZjA2LzNkMGNkMmI5Mzg2NTczZTZkYWZhODAzNmRiYTEyOTI3MjhjMzMyMzgu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy81Mzc1YmNmYy04Yjg2LTQ1MmUtODUwZC04M2Nm
ZTNiNTBmMDYvYmZiYjRkM2E2ZGQ1ZTY0OWE2NTU0YzQ4MTdjZTBlZDI3NzQyOTEz
Ni5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQP
MA0wCwQCAAEwBQMDAMn+MA0GCSqGSIb3DQEBCwUAA4IBAQBpKBlHk0AmAqsFBbKZ
Wz4W9JAOwcE4T8NDL0dPpfOJ/IKjYsonqgJPka4sMdXQ0oQVaOUGz3S8xiLkUUsx
tUNAjvcdATfhc+uRTIDQGV7rKsqZ/g+G/zNGmmDITH9HgZnMpDGRqxX2EaxiSbTY
e61qc4Y7HbgpFKMpg4+iKFDfbZ1gUYdERjVBYAcj4GHQ1nStDuGkUbBT/lvqgE5W
dPrluu8m3DzIDrTGmqq9DpXlR+U8aDy6sQtJf03IkKPSobAojUDJqNwEdhlvnw4C
MNOT/3/nEZv5C8vmp+jUZyG2s0s22YKhdA0NZ+m7PW1G3i61Ub7mkD9SthF96Gce
cDq6
-----END CERTIFICATE-----
Generated at Mon Apr 15 09:53:54 2024 by rpki-client on console-ams.rpki-client.org