Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/c33f153fd0a41140e83ed5e49c5d1e17d8412466.roa
File:                     c33f153fd0a41140e83ed5e49c5d1e17d8412466.roa (raw, json)
Hash identifier:          8IEEeSNufU6+aqzCe4VsXsctiebZfZ7unmqNsM/x8xY=
Subject key identifier:   BE:03:FB:4F:6F:86:45:B0:56:30:43:87:2E:E2:67:A8:67:45:10:90
Certificate issuer:       /CN=bfbb4d3a6dd5e649a6554c4817ce0ed277429136
Certificate serial:       121926
Authority key identifier: 76:7F:42:4D:48:34:06:C4:20:E5:DF:19:BE:BE:99:3F:72:5A:F7:B6
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/c33f153fd0a41140e83ed5e49c5d1e17d8412466.roa
Signing time:             Wed 29 Nov 2023 15:25:33 +0000
ROA not before:           Wed 29 Nov 2023 15:25:33 +0000
ROA not after:            Sat 29 Nov 2025 15:25:33 +0000
asID:                     263181
IP address blocks:        201.251.137.0/24 maxlen: 24
                          201.251.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.crl
                          rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Thu 18 Apr 2024 06:11:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1186086 (0x121926)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfbb4d3a6dd5e649a6554c4817ce0ed277429136
        Validity
            Not Before: Nov 29 15:25:33 2023 GMT
            Not After : Nov 29 15:25:33 2025 GMT
        Subject: CN=c33f153fd0a41140e83ed5e49c5d1e17d8412466
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:18:bd:d8:97:97:78:65:d4:fc:6d:df:07:53:
                    8f:79:b4:9e:67:16:e2:87:87:01:b6:92:9a:88:88:
                    eb:14:b0:b5:78:83:f2:b1:ad:3c:68:6b:02:ea:4d:
                    29:9a:02:5e:f2:55:c4:fc:aa:fb:67:b4:59:ec:8b:
                    f1:3f:27:a4:76:fb:7d:43:94:99:15:c8:8e:84:af:
                    0f:02:ff:07:c2:17:24:e2:d9:35:51:65:d7:f9:04:
                    6e:af:f6:2b:55:3c:bc:6c:c7:40:0a:36:3f:64:f2:
                    e5:2c:e1:ae:1d:3f:c4:e6:46:a7:33:7b:77:53:8d:
                    42:af:22:6d:30:76:ba:b0:68:78:59:f1:15:9b:7d:
                    e3:79:a4:47:0d:f7:76:99:aa:b0:fd:07:78:a0:40:
                    e2:e4:01:9b:ac:84:0a:c0:b1:46:0e:f4:ad:34:bd:
                    3b:77:5b:99:8e:b4:c6:8f:42:28:51:99:c8:76:00:
                    a8:af:43:e6:bd:ac:38:83:0d:97:ab:c5:58:02:b5:
                    3f:d0:77:5f:22:71:51:5d:6e:d1:6e:e4:3e:77:99:
                    97:6d:8e:45:b7:71:4e:f7:17:c5:91:70:38:b8:e5:
                    89:5a:54:9e:1c:4d:da:c1:df:73:ec:0a:31:ea:8f:
                    49:e9:46:53:d6:73:16:26:7d:3c:de:4b:1f:78:48:
                    e9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:03:FB:4F:6F:86:45:B0:56:30:43:87:2E:E2:67:A8:67:45:10:90
            X509v3 Authority Key Identifier:
                keyid:76:7F:42:4D:48:34:06:C4:20:E5:DF:19:BE:BE:99:3F:72:5A:F7:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/c33f153fd0a41140e83ed5e49c5d1e17d8412466.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.251.137.0-201.251.138.255

    Signature Algorithm: sha256WithRSAEncryption
         39:b2:f5:96:0e:e2:df:2b:01:a8:e1:43:0e:29:bf:c8:ec:b9:
         24:af:cd:3f:e7:a7:bf:cf:03:6f:7e:19:8a:42:e3:c6:9e:98:
         07:e0:c4:94:e9:93:f7:a2:31:e6:4b:14:59:73:6a:9d:e2:69:
         63:91:f1:e7:c6:18:3a:2e:44:bc:d4:30:f3:01:92:7c:bf:17:
         39:a6:4a:31:75:e0:0c:fc:36:ab:9a:18:14:66:6d:76:7a:61:
         08:10:c4:2a:4a:c3:58:79:78:dc:a1:0e:5b:bb:be:f9:a0:b9:
         b8:ab:b1:2b:aa:b7:5e:2f:8e:e8:9b:ed:ca:91:dd:a0:0b:d6:
         a0:34:ae:b8:08:19:f4:f5:c4:83:9e:c7:86:51:68:c1:0f:58:
         63:ba:e7:93:05:e0:33:35:4d:68:32:79:67:85:e2:8d:67:47:
         4a:17:f5:df:77:aa:90:32:36:3d:91:d1:7d:a3:24:57:6b:da:
         fb:22:01:ae:15:4a:2b:d9:71:6c:bc:dc:ab:69:f7:fe:b8:ec:
         82:e7:6f:bc:33:92:c9:a6:fb:97:01:a7:a1:38:d0:92:b7:0d:
         d6:81:85:65:b8:a0:4e:33:40:05:82:e5:fd:e0:c6:86:8c:3d:
         ba:1a:95:6d:98:7a:a2:c3:b7:4c:50:2f:b7:f8:ac:55:55:d9:
         65:d2:81:84
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgIDEhkmMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGJm
YmI0ZDNhNmRkNWU2NDlhNjU1NGM0ODE3Y2UwZWQyNzc0MjkxMzYwHhcNMjMxMTI5
MTUyNTMzWhcNMjUxMTI5MTUyNTMzWjAzMTEwLwYDVQQDEyhjMzNmMTUzZmQwYTQx
MTQwZTgzZWQ1ZTQ5YzVkMWUxN2Q4NDEyNDY2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAuRi92JeXeGXU/G3fB1OPebSeZxbih4cBtpKaiIjrFLC1eIPy
sa08aGsC6k0pmgJe8lXE/Kr7Z7RZ7IvxPyekdvt9Q5SZFciOhK8PAv8Hwhck4tk1
UWXX+QRur/YrVTy8bMdACjY/ZPLlLOGuHT/E5kanM3t3U41CryJtMHa6sGh4WfEV
m33jeaRHDfd2maqw/Qd4oEDi5AGbrIQKwLFGDvStNL07d1uZjrTGj0IoUZnIdgCo
r0Pmvaw4gw2Xq8VYArU/0HdfInFRXW7RbuQ+d5mXbY5Ft3FO9xfFkXA4uOWJWlSe
HE3awd9z7Aox6o9J6UZT1nMWJn083ksfeEjpDQIDAQABo4ICYzCCAl8wHQYDVR0O
BBYEFL4D+09vhkWwVjBDhy7iZ6hnRRCQMB8GA1UdIwQYMBaAFHZ/Qk1INAbEIOXf
Gb6+mT9yWve2MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYmZiYjRk
M2E2ZGQ1ZTY0OWE2NTU0YzQ4MTdjZTBlZDI3NzQyOTEzNi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNTM3NWJjZmMtOGI4Ni00NTJlLTg1MGQtODNjZmUz
YjUwZjA2L2MzM2YxNTNmZDBhNDExNDBlODNlZDVlNDljNWQxZTE3ZDg0MTI0NjYu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy81Mzc1YmNmYy04Yjg2LTQ1MmUtODUwZC04M2Nm
ZTNiNTBmMDYvYmZiYjRkM2E2ZGQ1ZTY0OWE2NTU0YzQ4MTdjZTBlZDI3NzQyOTEz
Ni5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQY
MBYwFAQCAAEwDjAMAwQAyfuJAwQAyfuKMA0GCSqGSIb3DQEBCwUAA4IBAQA5svWW
DuLfKwGo4UMOKb/I7Lkkr80/56e/zwNvfhmKQuPGnpgH4MSU6ZP3ojHmSxRZc2qd
4mljkfHnxhg6LkS81DDzAZJ8vxc5pkoxdeAM/DarmhgUZm12emEIEMQqSsNYeXjc
oQ5bu775oLm4q7ErqrdeL47om+3Kkd2gC9agNK64CBn09cSDnseGUWjBD1hjuueT
BeAzNU1oMnlnheKNZ0dKF/Xfd6qQMjY9kdF9oyRXa9r7IgGuFUor2XFsvNyraff+
uOyC52+8M5LJpvuXAaehONCStw3WgYVluKBOM0AFguX94MaGjD26GpVtmHqiw7dM
UC+3+KxVVdll0oGE
-----END CERTIFICATE-----
Generated at Mon Apr 15 09:53:54 2024 by rpki-client on console-ams.rpki-client.org