Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/5ecd2eb4-6487-4b0e-a489-e1d63564bee6/04f1b6956d2b2eba42169b8123d9dd478764789a.roa
File:                     04f1b6956d2b2eba42169b8123d9dd478764789a.roa (raw, json)
Hash identifier:          LQ+iEFO8YrLiYwbpNcgKUXC/rspnS1ZkW+ARzF37Un8=
Subject key identifier:   6E:27:B8:80:AE:11:5A:B6:2D:E1:33:AB:9F:5C:6A:E5:80:09:A8:78
Certificate issuer:       /CN=2a234a7b53d24b6272623544bf02f8d638997781
Certificate serial:       16E2B2
Authority key identifier: 80:E5:BF:B2:D6:E6:9A:A6:8D:AE:56:9B:06:44:59:9C:22:FD:D1:00
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/2a234a7b53d24b6272623544bf02f8d638997781.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/5ecd2eb4-6487-4b0e-a489-e1d63564bee6/04f1b6956d2b2eba42169b8123d9dd478764789a.roa
Signing time:             Sat 30 Apr 2022 16:16:09 +0000
ROA not before:           Tue 26 Apr 2022 03:00:00 +0000
ROA not after:            Fri 26 Apr 2024 03:00:00 +0000
asID:                     269960
IP address blocks:        170.82.36.0/23 maxlen: 24
                          170.82.38.0/24 maxlen: 24
                          170.82.37.0/24 maxlen: 24
                          170.82.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/5ecd2eb4-6487-4b0e-a489-e1d63564bee6/2a234a7b53d24b6272623544bf02f8d638997781.crl
                          rsync://repository.lacnic.net/rpki/lacnic/5ecd2eb4-6487-4b0e-a489-e1d63564bee6/2a234a7b53d24b6272623544bf02f8d638997781.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/2a234a7b53d24b6272623544bf02f8d638997781.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sun 31 Mar 2024 12:22:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1499826 (0x16e2b2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a234a7b53d24b6272623544bf02f8d638997781
        Validity
            Not Before: Apr 26 03:00:00 2022 GMT
            Not After : Apr 26 03:00:00 2024 GMT
        Subject: CN=04f1b6956d2b2eba42169b8123d9dd478764789a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:89:3a:6c:b1:fe:3f:49:18:49:37:d2:9a:7e:
                    35:28:17:c1:cf:1b:d4:f7:f6:75:d9:d7:9b:0d:55:
                    60:22:f5:68:e4:08:46:d0:fe:68:01:73:8e:cf:dc:
                    65:01:e9:3a:02:5c:13:20:74:ca:70:dc:f5:ab:18:
                    3c:24:15:cc:02:72:94:24:4a:3c:af:a6:3c:ae:13:
                    21:95:06:02:8a:be:9e:e2:d5:1e:13:79:85:bf:61:
                    c9:2c:61:10:0b:ff:b1:8e:33:32:ec:ad:64:d0:fd:
                    54:da:3f:13:bd:4f:68:91:c0:51:f3:82:83:9f:95:
                    0f:bb:34:25:b6:65:40:66:f2:d7:08:3c:ca:1a:ed:
                    69:7f:5e:b9:af:4f:83:b9:dc:d3:e9:89:68:8e:98:
                    a3:7a:fb:a7:6c:b0:c4:bf:fa:5c:c2:90:08:94:08:
                    7c:df:7e:56:1e:ec:b7:ac:ce:6c:71:96:b8:ef:33:
                    c6:cf:d3:21:3a:67:d3:65:8b:bd:42:66:ac:f0:df:
                    85:02:fa:91:59:04:45:2e:5b:87:88:d1:ed:d5:74:
                    0b:d2:35:3e:5c:38:08:f7:98:b9:01:59:06:87:f3:
                    ca:fc:c8:38:ec:4d:c0:56:72:f2:18:23:ea:22:c1:
                    33:01:98:b5:62:1f:21:4a:f9:75:47:3d:e9:72:a9:
                    b0:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:27:B8:80:AE:11:5A:B6:2D:E1:33:AB:9F:5C:6A:E5:80:09:A8:78
            X509v3 Authority Key Identifier:
                keyid:80:E5:BF:B2:D6:E6:9A:A6:8D:AE:56:9B:06:44:59:9C:22:FD:D1:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/2a234a7b53d24b6272623544bf02f8d638997781.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/5ecd2eb4-6487-4b0e-a489-e1d63564bee6/04f1b6956d2b2eba42169b8123d9dd478764789a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/5ecd2eb4-6487-4b0e-a489-e1d63564bee6/2a234a7b53d24b6272623544bf02f8d638997781.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.82.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:19:bd:87:1f:c5:a7:a1:58:73:88:ec:6b:71:f1:9f:95:82:
         00:ea:1f:23:02:65:39:0e:b7:9d:f9:f9:37:b9:0a:3c:36:ed:
         96:12:5f:c5:24:55:00:84:57:cb:4a:cc:5b:34:6a:84:74:96:
         d2:86:fe:39:65:78:09:7b:eb:be:d3:b0:78:e8:b5:cd:b0:e0:
         77:f9:11:c3:eb:c5:7f:21:c1:aa:29:0e:68:20:bc:96:a0:e6:
         ad:1e:84:e7:a2:c1:9d:cb:43:4c:da:a4:23:7b:32:1e:01:e0:
         42:02:73:d9:de:8b:78:99:eb:e2:43:68:76:a2:49:72:50:fe:
         ca:49:43:58:81:0b:d7:cc:51:38:2c:97:ac:70:38:c1:b8:2f:
         31:6c:d1:39:e1:b2:b2:4a:90:a0:19:41:92:b4:93:5d:bd:9b:
         d2:01:4d:8c:7b:e2:11:19:e3:57:7b:06:76:9b:40:07:e5:ba:
         da:e6:1a:2e:42:27:5b:f8:4a:9a:3a:1b:73:90:eb:0d:2d:a4:
         c1:6a:20:8d:39:67:23:95:4a:c0:4b:d4:15:1c:ee:cd:1e:d0:
         5a:7d:69:c0:5f:6f:46:ba:9a:70:38:51:d6:1e:7c:e8:7b:af:
         be:7e:54:2d:2b:1a:f0:5e:37:f2:ad:24:fe:40:a0:b0:df:06:
         97:07:cd:be
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIDFuKyMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDJh
MjM0YTdiNTNkMjRiNjI3MjYyMzU0NGJmMDJmOGQ2Mzg5OTc3ODEwHhcNMjIwNDI2
MDMwMDAwWhcNMjQwNDI2MDMwMDAwWjAzMTEwLwYDVQQDEygwNGYxYjY5NTZkMmIy
ZWJhNDIxNjliODEyM2Q5ZGQ0Nzg3NjQ3ODlhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAuIk6bLH+P0kYSTfSmn41KBfBzxvU9/Z12debDVVgIvVo5AhG
0P5oAXOOz9xlAek6AlwTIHTKcNz1qxg8JBXMAnKUJEo8r6Y8rhMhlQYCir6e4tUe
E3mFv2HJLGEQC/+xjjMy7K1k0P1U2j8TvU9okcBR84KDn5UPuzQltmVAZvLXCDzK
Gu1pf165r0+DudzT6YlojpijevunbLDEv/pcwpAIlAh8335WHuy3rM5scZa47zPG
z9MhOmfTZYu9Qmas8N+FAvqRWQRFLluHiNHt1XQL0jU+XDgI95i5AVkGh/PK/Mg4
7E3AVnLyGCPqIsEzAZi1Yh8hSvl1Rz3pcqmwwQIDAQABo4ICWzCCAlcwHQYDVR0O
BBYEFG4nuICuEVq2LeEzq59cauWACah4MB8GA1UdIwQYMBaAFIDlv7LW5pqmja5W
mwZEWZwi/dEAMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMmEyMzRh
N2I1M2QyNGI2MjcyNjIzNTQ0YmYwMmY4ZDYzODk5Nzc4MS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNWVjZDJlYjQtNjQ4Ny00YjBlLWE0ODktZTFkNjM1
NjRiZWU2LzA0ZjFiNjk1NmQyYjJlYmE0MjE2OWI4MTIzZDlkZDQ3ODc2NDc4OWEu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy81ZWNkMmViNC02NDg3LTRiMGUtYTQ4OS1lMWQ2
MzU2NGJlZTYvMmEyMzRhN2I1M2QyNGI2MjcyNjIzNTQ0YmYwMmY4ZDYzODk5Nzc4
MS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAqpSJDANBgkqhkiG9w0BAQsFAAOCAQEAfhm9hx/Fp6FYc4js
a3Hxn5WCAOofIwJlOQ63nfn5N7kKPDbtlhJfxSRVAIRXy0rMWzRqhHSW0ob+OWV4
CXvrvtOweOi1zbDgd/kRw+vFfyHBqikOaCC8lqDmrR6E56LBnctDTNqkI3syHgHg
QgJz2d6LeJnr4kNodqJJclD+yklDWIEL18xROCyXrHA4wbgvMWzROeGyskqQoBlB
krSTXb2b0gFNjHviERnjV3sGdptAB+W62uYaLkInW/hKmjobc5DrDS2kwWogjTln
I5VKwEvUFRzuzR7QWn1pwF9vRrqacDhR1h586Huvvn5ULSsa8F438q0k/kCgsN8G
lwfNvg==
-----END CERTIFICATE-----
Generated at Thu Mar 28 14:02:42 2024 by rpki-client on console-fra.rpki-client.org