Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/6fb33355-d4a1-4990-9da3-92b5e1f7d647/b2a33e02f82567d93e3ee754438050907186edd9.roa
File:                     b2a33e02f82567d93e3ee754438050907186edd9.roa (raw, json)
Hash identifier:          BY+Lz52jcMQD4ET6keZTku+qxcYip7DRMvZI/UJZeUg=
Subject key identifier:   F8:6C:15:02:B6:67:F5:D4:CE:D5:B1:FB:11:FC:7C:3F:7E:72:15:73
Certificate issuer:       /CN=0e24a41d23e3367713cfe2003ae316a757726ef1
Certificate serial:       0D4951
Authority key identifier: 02:0D:C9:1C:07:B7:91:D4:ED:17:EE:B5:B5:B1:F5:14:09:AA:D3:39
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/0e24a41d23e3367713cfe2003ae316a757726ef1.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/6fb33355-d4a1-4990-9da3-92b5e1f7d647/b2a33e02f82567d93e3ee754438050907186edd9.roa
Signing time:             Wed 24 Mar 2021 14:33:47 +0000
ROA not before:           Wed 24 Mar 2021 14:33:46 +0000
ROA not after:            Tue 24 Mar 2026 14:33:46 +0000
asID:                     265839
IP address blocks:        201.148.104.0/22 maxlen: 24
                          2803:6580::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/6fb33355-d4a1-4990-9da3-92b5e1f7d647/0e24a41d23e3367713cfe2003ae316a757726ef1.crl
                          rsync://repository.lacnic.net/rpki/lacnic/6fb33355-d4a1-4990-9da3-92b5e1f7d647/0e24a41d23e3367713cfe2003ae316a757726ef1.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/0e24a41d23e3367713cfe2003ae316a757726ef1.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Fri 01 Mar 2024 15:12:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 870737 (0xd4951)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e24a41d23e3367713cfe2003ae316a757726ef1
        Validity
            Not Before: Mar 24 14:33:46 2021 GMT
            Not After : Mar 24 14:33:46 2026 GMT
        Subject: CN=b2a33e02f82567d93e3ee754438050907186edd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:2e:91:22:f3:ca:50:2a:c6:b8:88:05:7e:83:
                    71:8a:15:04:56:0b:bb:fa:19:c7:7e:3d:ec:51:a5:
                    a6:13:c6:ad:4a:6a:e0:71:09:ad:ef:32:b6:74:64:
                    0e:5d:cf:1c:0d:76:97:1b:e7:f8:50:b8:d4:59:21:
                    fe:29:8f:53:cf:7c:86:5c:f4:d2:e7:44:bf:dd:b8:
                    d5:e1:5e:15:9f:06:3e:42:6e:5f:78:a5:62:01:5f:
                    fb:c4:5b:aa:22:39:aa:3b:8a:af:6c:11:44:5e:17:
                    65:e7:5b:f8:cf:37:1a:02:d4:23:95:b7:96:52:02:
                    fe:9b:b6:b4:aa:85:f6:70:79:a4:61:e2:9c:02:d7:
                    e2:95:97:0b:22:6e:35:06:9b:d9:fa:4c:6e:f9:8d:
                    ab:31:4c:55:c1:f8:9b:7f:27:4a:8e:c9:a3:52:9c:
                    e9:8b:30:12:78:3a:14:43:c4:e9:98:ce:ea:41:14:
                    5a:92:7c:be:5b:02:68:1e:d6:27:72:71:96:49:dc:
                    aa:f7:f1:5a:55:ab:d6:34:fa:a3:1c:d0:bb:18:4f:
                    27:1d:01:f5:01:c9:2e:d6:00:73:c2:6a:a2:49:ac:
                    2a:2f:ae:4d:07:3d:5f:91:7d:d2:1a:bf:7d:35:c8:
                    01:1a:41:b8:1d:2c:ac:85:3d:b9:3f:f6:88:f9:e6:
                    68:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:6C:15:02:B6:67:F5:D4:CE:D5:B1:FB:11:FC:7C:3F:7E:72:15:73
            X509v3 Authority Key Identifier:
                keyid:02:0D:C9:1C:07:B7:91:D4:ED:17:EE:B5:B5:B1:F5:14:09:AA:D3:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/0e24a41d23e3367713cfe2003ae316a757726ef1.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/6fb33355-d4a1-4990-9da3-92b5e1f7d647/b2a33e02f82567d93e3ee754438050907186edd9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/6fb33355-d4a1-4990-9da3-92b5e1f7d647/0e24a41d23e3367713cfe2003ae316a757726ef1.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.148.104.0/22
                IPv6:
                  2803:6580::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:c3:c7:aa:a5:6a:11:47:29:db:3a:30:0c:3b:22:15:1b:f8:
         05:0f:eb:81:5f:e6:a7:b6:83:b6:98:c6:13:de:e6:f9:79:da:
         99:45:5a:19:cb:9e:6b:6c:40:72:4c:30:74:b7:cb:a2:4d:94:
         1a:9f:d4:34:c2:af:d8:06:33:d1:f1:db:fd:d5:b9:0e:9f:47:
         df:94:e4:3d:f8:32:b2:c1:78:2d:df:96:92:bb:3d:b1:73:49:
         34:a4:8f:42:3a:39:de:5b:05:87:15:91:28:dd:4e:dc:23:2a:
         cd:fc:5f:19:d2:d4:c5:a8:12:65:96:41:55:3e:9a:4a:3d:6e:
         ac:6c:b2:49:ca:57:b8:46:6e:50:42:c1:d0:e1:dd:ac:15:37:
         88:c3:03:26:7f:ed:b1:e3:92:51:53:65:d2:8f:85:c3:57:58:
         50:4b:9a:1c:f1:94:ff:dc:60:6b:4c:4c:66:c5:e8:d8:17:1e:
         b9:35:72:11:81:ac:cd:ab:22:48:18:79:2b:3f:b0:66:ae:74:
         8c:ad:57:83:0e:36:4e:a0:b3:66:c9:99:6d:5f:a9:35:f5:5f:
         cc:5f:fb:12:7c:56:8f:4b:63:22:d0:85:ef:4c:ed:95:9a:f5:
         8e:c6:f8:85:05:39:fe:7c:65:da:2c:76:35:74:79:12:cb:bf:
         6f:be:71:7c
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIDDUlRMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDBl
MjRhNDFkMjNlMzM2NzcxM2NmZTIwMDNhZTMxNmE3NTc3MjZlZjEwHhcNMjEwMzI0
MTQzMzQ2WhcNMjYwMzI0MTQzMzQ2WjAzMTEwLwYDVQQDEyhiMmEzM2UwMmY4MjU2
N2Q5M2UzZWU3NTQ0MzgwNTA5MDcxODZlZGQ5MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAri6RIvPKUCrGuIgFfoNxihUEVgu7+hnHfj3sUaWmE8atSmrg
cQmt7zK2dGQOXc8cDXaXG+f4ULjUWSH+KY9Tz3yGXPTS50S/3bjV4V4VnwY+Qm5f
eKViAV/7xFuqIjmqO4qvbBFEXhdl51v4zzcaAtQjlbeWUgL+m7a0qoX2cHmkYeKc
AtfilZcLIm41BpvZ+kxu+Y2rMUxVwfibfydKjsmjUpzpizASeDoUQ8TpmM7qQRRa
kny+WwJoHtYncnGWSdyq9/FaVavWNPqjHNC7GE8nHQH1Acku1gBzwmqiSawqL65N
Bz1fkX3SGr99NcgBGkG4HSyshT25P/aI+eZoHQIDAQABo4ICajCCAmYwHQYDVR0O
BBYEFPhsFQK2Z/XUztWx+xH8fD9+chVzMB8GA1UdIwQYMBaAFAINyRwHt5HU7Rfu
tbWx9RQJqtM5MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMGUyNGE0
MWQyM2UzMzY3NzEzY2ZlMjAwM2FlMzE2YTc1NzcyNmVmMS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNmZiMzMzNTUtZDRhMS00OTkwLTlkYTMtOTJiNWUx
ZjdkNjQ3L2IyYTMzZTAyZjgyNTY3ZDkzZTNlZTc1NDQzODA1MDkwNzE4NmVkZDku
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy82ZmIzMzM1NS1kNGExLTQ5OTAtOWRhMy05MmI1
ZTFmN2Q2NDcvMGUyNGE0MWQyM2UzMzY3NzEzY2ZlMjAwM2FlMzE2YTc1NzcyNmVm
MS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAsmUaDANBAIAAjAHAwUAKANlgDANBgkqhkiG9w0BAQsFAAOC
AQEARsPHqqVqEUcp2zowDDsiFRv4BQ/rgV/mp7aDtpjGE97m+XnamUVaGcuea2xA
ckwwdLfLok2UGp/UNMKv2AYz0fHb/dW5Dp9H35TkPfgyssF4Ld+Wkrs9sXNJNKSP
Qjo53lsFhxWRKN1O3CMqzfxfGdLUxagSZZZBVT6aSj1urGyyScpXuEZuUELB0OHd
rBU3iMMDJn/tseOSUVNl0o+Fw1dYUEuaHPGU/9xga0xMZsXo2BceuTVyEYGszasi
SBh5Kz+wZq50jK1Xgw42TqCzZsmZbV+pNfVfzF/7EnxWj0tjItCF70ztlZr1jsb4
hQU5/nxl2ix2NXR5Esu/b75xfA==
-----END CERTIFICATE-----
Generated at Tue Feb 27 22:56:32 2024 by rpki-client on console-ams.rpki-client.org