Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/5D2665180959F31AB0FC833CCD759F5CA6CA5B61674D8A7B78E7EE072ADAA739/0/3133382e302e3132302e302f32332d3234203d3e20323732303134.roa
File:                     3133382e302e3132302e302f32332d3234203d3e20323732303134.roa (raw, json)
Hash identifier:          zsYF8RdHZpsPYU6WUqXPnJGEgH6S95x2bmux4mj9zZE=
Subject key identifier:   9F:71:11:8D:4C:DC:0D:1B:ED:84:95:F3:AC:FA:B1:4F:7E:52:ED:B8
Certificate issuer:       /CN=2DCCD1347B8E4A264380CB0C336092CD0A179491
Certificate serial:       111C28AB64358A1430D905A43580F4A797E67E18
Authority key identifier: 2D:CC:D1:34:7B:8E:4A:26:43:80:CB:0C:33:60:92:CD:0A:17:94:91
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/2DCCD1347B8E4A264380CB0C336092CD0A179491.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/5D2665180959F31AB0FC833CCD759F5CA6CA5B61674D8A7B78E7EE072ADAA739/0/3133382e302e3132302e302f32332d3234203d3e20323732303134.roa
Signing time:             Tue 04 Feb 2025 18:02:25 +0000
ROA not before:           Tue 04 Feb 2025 17:57:25 +0000
ROA not after:            Tue 03 Feb 2026 18:02:25 +0000
asID:                     272014
IP address blocks:        138.0.120.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/5D2665180959F31AB0FC833CCD759F5CA6CA5B61674D8A7B78E7EE072ADAA739/0/2DCCD1347B8E4A264380CB0C336092CD0A179491.crl
                          rsync://repository.lacnic.net/rpki/lacnic/5D2665180959F31AB0FC833CCD759F5CA6CA5B61674D8A7B78E7EE072ADAA739/0/2DCCD1347B8E4A264380CB0C336092CD0A179491.mft
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/2DCCD1347B8E4A264380CB0C336092CD0A179491.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/BCC0665ECF8A97B83E398268D92A255BAE661816.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Mon 17 Feb 2025 11:58:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:1c:28:ab:64:35:8a:14:30:d9:05:a4:35:80:f4:a7:97:e6:7e:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2DCCD1347B8E4A264380CB0C336092CD0A179491
        Validity
            Not Before: Feb  4 17:57:25 2025 GMT
            Not After : Feb  3 18:02:25 2026 GMT
        Subject: CN=9F71118D4CDC0D1BED8495F3ACFAB14F7E52EDB8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ca:29:66:0a:eb:1d:47:68:a2:0d:5d:1a:b0:
                    ef:73:4b:0b:87:6c:d3:0d:9a:8d:71:91:aa:4d:bf:
                    24:80:93:5a:4a:32:eb:1f:06:ef:77:48:ae:58:04:
                    28:95:9e:f1:77:47:c5:86:be:54:27:54:9c:71:0e:
                    b9:e6:9f:85:5d:9f:d8:e0:2c:81:d7:86:ab:4c:77:
                    10:3c:44:01:54:ef:d2:d5:74:b0:94:05:49:51:52:
                    55:d7:62:a3:f9:d4:f7:43:97:85:94:c3:16:00:60:
                    95:05:a4:04:37:d8:1d:82:5a:a1:a4:df:bf:a2:b0:
                    71:c1:f4:11:98:c3:9b:b7:f5:df:81:5d:81:1b:7c:
                    68:65:f4:98:7a:59:4e:63:11:7b:07:9e:78:13:0e:
                    f3:b0:e5:bc:a1:cc:9c:c0:79:af:d8:1e:7a:1c:36:
                    ca:c6:61:ec:c4:2b:7c:5a:e2:50:98:b5:40:7b:03:
                    aa:3d:01:dd:f4:ac:14:5b:a4:1b:f0:2c:41:ee:79:
                    80:dd:bd:8b:c9:92:da:7a:83:b0:41:70:17:8d:e6:
                    40:9f:f1:f4:93:d1:31:d1:a6:0a:d4:82:7f:f6:7e:
                    f6:3f:26:f8:35:6f:24:68:be:68:8a:06:6c:b8:18:
                    3c:e0:0a:ea:32:f4:e6:35:c4:05:7f:a4:16:0c:93:
                    c9:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:71:11:8D:4C:DC:0D:1B:ED:84:95:F3:AC:FA:B1:4F:7E:52:ED:B8
            X509v3 Authority Key Identifier:
                keyid:2D:CC:D1:34:7B:8E:4A:26:43:80:CB:0C:33:60:92:CD:0A:17:94:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/5D2665180959F31AB0FC833CCD759F5CA6CA5B61674D8A7B78E7EE072ADAA739/0/2DCCD1347B8E4A264380CB0C336092CD0A179491.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/2DCCD1347B8E4A264380CB0C336092CD0A179491.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/5D2665180959F31AB0FC833CCD759F5CA6CA5B61674D8A7B78E7EE072ADAA739/0/3133382e302e3132302e302f32332d3234203d3e20323732303134.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.0.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:14:52:46:e2:1b:3c:f0:be:46:55:67:2c:8a:6b:12:9a:e0:
         3c:15:3e:fb:15:d6:90:0b:74:08:11:45:37:e0:f9:15:ce:4a:
         48:67:44:8e:48:6a:e8:e6:4a:7f:14:e7:96:ab:2b:1e:4c:10:
         40:0c:4b:81:83:d8:5b:0a:80:dc:50:ce:74:ce:f5:cb:4f:e0:
         3a:d2:ae:e1:13:69:e2:b3:bb:48:dc:c7:c4:dc:e2:87:82:b0:
         7a:c9:5e:f2:52:82:97:0d:34:f0:30:29:ce:d4:86:bf:96:20:
         66:b1:5e:42:ec:d0:bd:13:88:f8:43:de:95:71:18:a5:ed:44:
         4f:01:27:3d:52:95:3f:26:b2:04:c0:9a:df:04:d1:f9:07:6e:
         6c:d6:aa:47:5a:a1:52:e4:5d:d7:24:16:7e:8d:81:5c:14:5a:
         47:cd:c1:73:74:4b:61:cc:94:46:78:9c:85:11:ac:3e:35:88:
         d8:6b:b4:01:f1:ae:f8:4c:19:27:13:83:c7:2a:cd:62:88:51:
         3b:e1:e9:97:e2:62:d8:57:95:95:66:0d:5a:80:41:82:88:1d:
         a1:2d:ed:ee:e8:eb:27:6f:52:f4:7c:72:5b:2b:ba:2b:d0:26:
         03:b0:27:1c:90:57:7b:62:4a:2a:cd:10:ab:14:33:a5:e3:a6:
         e8:13:d8:1d
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUERwoq2Q1ihQw2QWkNYD0p5fmfhgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkRDQ0QxMzQ3QjhFNEEyNjQzODBDQjBDMzM2MDkyQ0Qw
QTE3OTQ5MTAeFw0yNTAyMDQxNzU3MjVaFw0yNjAyMDMxODAyMjVaMDMxMTAvBgNV
BAMTKDlGNzExMThENENEQzBEMUJFRDg0OTVGM0FDRkFCMTRGN0U1MkVEQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuyilmCusdR2iiDV0asO9zSwuH
bNMNmo1xkapNvySAk1pKMusfBu93SK5YBCiVnvF3R8WGvlQnVJxxDrnmn4Vdn9jg
LIHXhqtMdxA8RAFU79LVdLCUBUlRUlXXYqP51PdDl4WUwxYAYJUFpAQ32B2CWqGk
37+isHHB9BGYw5u39d+BXYEbfGhl9Jh6WU5jEXsHnngTDvOw5byhzJzAea/YHnoc
NsrGYezEK3xa4lCYtUB7A6o9Ad30rBRbpBvwLEHueYDdvYvJktp6g7BBcBeN5kCf
8fST0THRpgrUgn/2fvY/Jvg1byRovmiKBmy4GDzgCuoy9OY1xAV/pBYMk8kTAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQUn3ERjUzcDRvthJXzrPqxT35S7bgwHwYDVR0j
BBgwFoAULczRNHuOSiZDgMsMM2CSzQoXlJEwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy81RDI2NjUxODA5NTlGMzFBQjBGQzgzM0NDRDc1OUY1Q0E2
Q0E1QjYxNjc0RDhBN0I3OEU3RUUwNzJBREFBNzM5LzAvMkRDQ0QxMzQ3QjhFNEEy
NjQzODBDQjBDMzM2MDkyQ0QwQTE3OTQ5MS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yRENDRDEzNDdCOEU0QTI2NDM4
MENCMEMzMzYwOTJDRDBBMTc5NDkxLmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvNUQyNjY1MTgwOTU5RjMxQUIwRkM4MzNDQ0Q3NTlGNUNBNkNBNUI2MTY3
NEQ4QTdCNzhFN0VFMDcyQURBQTczOS8wLzMxMzMzODJlMzAyZTMxMzIzMDJlMzAy
ZjMyMzMyZDMyMzQyMDNkM2UyMDMyMzczMjMwMzEzNC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAYoAeDAN
BgkqhkiG9w0BAQsFAAOCAQEAWBRSRuIbPPC+RlVnLIprEprgPBU++xXWkAt0CBFF
N+D5Fc5KSGdEjkhq6OZKfxTnlqsrHkwQQAxLgYPYWwqA3FDOdM71y0/gOtKu4RNp
4rO7SNzHxNzih4Kwesle8lKClw008DApztSGv5YgZrFeQuzQvROI+EPelXEYpe1E
TwEnPVKVPyayBMCa3wTR+QdubNaqR1qhUuRd1yQWfo2BXBRaR83Bc3RLYcyURnic
hRGsPjWI2Gu0AfGu+EwZJxODxyrNYohRO+Hpl+Ji2FeVlWYNWoBBgogdoS3t7ujr
J29S9HxyWyu6K9AmA7AnHJBXe2JKKs0QqxQzpeOm6BPYHQ==
-----END CERTIFICATE-----
Generated at Thu Feb 13 20:27:10 2025 by rpki-client