Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/efcd4516729132e02824e603d987ca2e688aa468.roa
File:                     efcd4516729132e02824e603d987ca2e688aa468.roa (raw, json)
Hash identifier:          3gHlDldY/CVAglCIbC6Hd59jVd30wWtmLaQonWreld0=
Subject key identifier:   15:83:33:A9:A0:18:1C:A8:1C:C7:F8:11:53:F5:D0:7C:D2:0B:A2:5E
Certificate issuer:       /CN=bfbb4d3a6dd5e649a6554c4817ce0ed277429136
Certificate serial:       11BC64
Authority key identifier: 76:7F:42:4D:48:34:06:C4:20:E5:DF:19:BE:BE:99:3F:72:5A:F7:B6
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/efcd4516729132e02824e603d987ca2e688aa468.roa
Signing time:             Mon 27 Nov 2023 20:27:34 +0000
ROA not before:           Mon 27 Nov 2023 20:27:34 +0000
ROA not after:            Thu 27 Nov 2025 20:27:34 +0000
asID:                     22927
IP address blocks:        186.56.128.0/17 maxlen: 24
                          186.57.0.0/16 maxlen: 24
                          186.58.0.0/15 maxlen: 24
                          186.60.0.0/14 maxlen: 24
                          186.39.0.0/16 maxlen: 24
                          181.20.0.0/14 maxlen: 24
                          181.24.0.0/14 maxlen: 24
                          191.80.0.0/14 maxlen: 24
                          191.84.0.0/15 maxlen: 24
                          201.176.0.0/14 maxlen: 24
                          201.180.0.0/15 maxlen: 24
                          2800:380::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.crl
                          rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Thu 18 Apr 2024 06:11:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1162340 (0x11bc64)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfbb4d3a6dd5e649a6554c4817ce0ed277429136
        Validity
            Not Before: Nov 27 20:27:34 2023 GMT
            Not After : Nov 27 20:27:34 2025 GMT
        Subject: CN=efcd4516729132e02824e603d987ca2e688aa468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fb:c9:a6:72:a7:05:56:eb:23:d2:d1:a9:79:
                    8f:27:32:3f:bb:b0:6c:98:3a:88:7e:7d:76:90:f8:
                    1a:0c:f1:3d:44:d1:8d:5d:f8:4a:84:dd:db:73:e1:
                    71:db:12:a4:1a:ce:c0:7c:be:25:ea:41:db:d0:fe:
                    fe:1a:d7:cc:d4:7e:ef:b7:25:25:13:76:50:d7:c8:
                    5b:a8:2c:70:e9:ee:8e:96:e5:d9:b3:91:bb:40:70:
                    06:55:8f:a6:a3:e7:90:65:d3:d4:09:bf:e7:37:9d:
                    4e:1f:47:3d:6e:78:22:99:98:a9:84:9f:70:7f:b3:
                    3d:dc:c5:46:d9:e3:76:00:93:a3:b2:fe:f1:1d:e1:
                    b4:ef:f7:4c:44:53:7b:b4:20:dc:1f:9b:ba:11:32:
                    33:65:9a:2e:86:37:4a:56:17:08:42:0a:7e:21:ea:
                    c4:ff:17:19:5d:3d:8e:ac:7b:71:bc:bb:19:30:dd:
                    f9:42:cc:a5:19:9e:fd:7f:12:14:7e:38:cb:67:13:
                    29:5c:5c:4d:12:01:f6:3b:94:e7:7e:ce:6a:fd:5a:
                    d8:7e:ab:65:36:d3:7a:eb:b7:c6:f5:a4:24:83:05:
                    4f:4d:a5:e5:4d:61:49:2a:c4:8b:3c:9f:40:e4:69:
                    f1:db:e8:ea:78:98:66:43:f1:84:6d:e6:64:18:43:
                    4b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:83:33:A9:A0:18:1C:A8:1C:C7:F8:11:53:F5:D0:7C:D2:0B:A2:5E
            X509v3 Authority Key Identifier:
                keyid:76:7F:42:4D:48:34:06:C4:20:E5:DF:19:BE:BE:99:3F:72:5A:F7:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/efcd4516729132e02824e603d987ca2e688aa468.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.20.0.0-181.27.255.255
                  186.39.0.0/16
                  186.56.128.0-186.63.255.255
                  191.80.0.0-191.85.255.255
                  201.176.0.0-201.181.255.255
                IPv6:
                  2800:380::/32

    Signature Algorithm: sha256WithRSAEncryption
         12:21:05:03:3d:fc:10:10:d9:35:1c:5d:bb:91:60:17:36:d9:
         a0:9b:53:32:76:a2:1c:f7:17:4d:2b:52:58:d9:72:7f:0d:6b:
         69:ec:c3:16:ee:8f:25:16:74:37:37:99:c3:f5:61:fd:46:dc:
         9d:da:80:d0:51:9d:4c:22:76:2d:47:df:07:ba:d2:e2:82:dd:
         1b:4d:c8:b6:c3:22:7c:9e:d4:b6:c2:62:e5:5d:71:35:e5:30:
         54:4e:47:c6:3c:07:37:4c:84:e0:93:b7:25:78:0f:f5:ff:01:
         09:5e:cf:52:a5:d9:19:d5:e1:3c:21:55:48:4c:d1:2e:2c:72:
         8b:47:33:52:ff:a7:a2:e1:b1:d8:80:b5:d5:99:3e:ca:9c:5d:
         bb:6e:0f:f4:48:64:22:15:f1:ad:ef:d9:c0:06:71:49:c6:cf:
         e0:f6:b2:6d:7e:39:8a:74:60:ab:97:50:fc:54:7a:6b:f6:40:
         f9:7c:8f:b6:2b:bf:dd:60:18:16:4f:56:d1:44:0c:50:aa:97:
         08:ef:43:0c:fa:98:ae:a8:04:75:33:e1:45:0b:f6:09:3d:96:
         25:ec:81:c9:91:6a:f8:54:79:d5:c5:02:fc:a2:44:a1:ed:d7:
         4f:94:0e:dd:b6:9b:87:8a:74:2c:85:02:a5:9d:b8:66:03:70:
         2a:41:3b:94
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIDEbxkMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGJm
YmI0ZDNhNmRkNWU2NDlhNjU1NGM0ODE3Y2UwZWQyNzc0MjkxMzYwHhcNMjMxMTI3
MjAyNzM0WhcNMjUxMTI3MjAyNzM0WjAzMTEwLwYDVQQDEyhlZmNkNDUxNjcyOTEz
MmUwMjgyNGU2MDNkOTg3Y2EyZTY4OGFhNDY4MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArvvJpnKnBVbrI9LRqXmPJzI/u7BsmDqIfn12kPgaDPE9RNGN
XfhKhN3bc+Fx2xKkGs7AfL4l6kHb0P7+GtfM1H7vtyUlE3ZQ18hbqCxw6e6OluXZ
s5G7QHAGVY+mo+eQZdPUCb/nN51OH0c9bngimZiphJ9wf7M93MVG2eN2AJOjsv7x
HeG07/dMRFN7tCDcH5u6ETIzZZouhjdKVhcIQgp+IerE/xcZXT2OrHtxvLsZMN35
QsylGZ79fxIUfjjLZxMpXFxNEgH2O5Tnfs5q/VrYfqtlNtN667fG9aQkgwVPTaXl
TWFJKsSLPJ9A5Gnx2+jqeJhmQ/GEbeZkGENLoQIDAQABo4ICmjCCApYwHQYDVR0O
BBYEFBWDM6mgGByoHMf4EVP10HzSC6JeMB8GA1UdIwQYMBaAFHZ/Qk1INAbEIOXf
Gb6+mT9yWve2MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYmZiYjRk
M2E2ZGQ1ZTY0OWE2NTU0YzQ4MTdjZTBlZDI3NzQyOTEzNi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNTM3NWJjZmMtOGI4Ni00NTJlLTg1MGQtODNjZmUz
YjUwZjA2L2VmY2Q0NTE2NzI5MTMyZTAyODI0ZTYwM2Q5ODdjYTJlNjg4YWE0Njgu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy81Mzc1YmNmYy04Yjg2LTQ1MmUtODUwZC04M2Nm
ZTNiNTBmMDYvYmZiYjRkM2E2ZGQ1ZTY0OWE2NTU0YzQ4MTdjZTBlZDI3NzQyOTEz
Ni5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBeBggrBgEFBQcBBwEB/wRP
ME0wPAQCAAEwNjAKAwMCtRQDAwK1GAMDALonMAsDBAe6OIADAwa6ADAKAwMEv1AD
AwG/VDAKAwMEybADAwHJtDANBAIAAjAHAwUAKAADgDANBgkqhkiG9w0BAQsFAAOC
AQEAEiEFAz38EBDZNRxdu5FgFzbZoJtTMnaiHPcXTStSWNlyfw1raezDFu6PJRZ0
NzeZw/Vh/UbcndqA0FGdTCJ2LUffB7rS4oLdG03ItsMifJ7UtsJi5V1xNeUwVE5H
xjwHN0yE4JO3JXgP9f8BCV7PUqXZGdXhPCFVSEzRLixyi0czUv+nouGx2IC11Zk+
ypxdu24P9EhkIhXxre/ZwAZxScbP4PaybX45inRgq5dQ/FR6a/ZA+XyPtiu/3WAY
Fk9W0UQMUKqXCO9DDPqYrqgEdTPhRQv2CT2WJeyByZFq+FR51cUC/KJEoe3XT5QO
3babh4p0LIUCpZ24ZgNwKkE7lA==
-----END CERTIFICATE-----
Generated at Mon Apr 15 09:53:54 2024 by rpki-client on console-ams.rpki-client.org