Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/7BA04F3BF61DC0454379E83625D7693221D247D7E77E1CEB2F9E7A49974AB707/0/AS34991.roa
File:                     AS34991.roa (raw, json)
Hash identifier:          40eaT44+hlDsvzq0+LRxw68iB+0cjntz2+HBUoMOklo=
Subject key identifier:   D1:D0:2A:00:C3:94:8E:97:AD:1C:FB:A1:48:9D:2C:23:9E:FC:35:EC
Certificate issuer:       /CN=DB06236B96EE00934FCD39A560E5BC04EB7B9EA4
Certificate serial:       96EC22534E093E1EE4363F178349091874518E
Authority key identifier: DB:06:23:6B:96:EE:00:93:4F:CD:39:A5:60:E5:BC:04:EB:7B:9E:A4
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DB06236B96EE00934FCD39A560E5BC04EB7B9EA4.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/7BA04F3BF61DC0454379E83625D7693221D247D7E77E1CEB2F9E7A49974AB707/0/AS34991.roa
Signing time:             Tue 05 Mar 2024 17:55:25 +0000
ROA not before:           Tue 05 Mar 2024 17:50:25 +0000
ROA not after:            Tue 04 Mar 2025 17:55:25 +0000
asID:                     34991
IP address blocks:        152.204.132.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/7BA04F3BF61DC0454379E83625D7693221D247D7E77E1CEB2F9E7A49974AB707/0/DB06236B96EE00934FCD39A560E5BC04EB7B9EA4.crl
                          rsync://repository.lacnic.net/rpki/lacnic/7BA04F3BF61DC0454379E83625D7693221D247D7E77E1CEB2F9E7A49974AB707/0/DB06236B96EE00934FCD39A560E5BC04EB7B9EA4.mft
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DB06236B96EE00934FCD39A560E5BC04EB7B9EA4.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/BCC0665ECF8A97B83E398268D92A255BAE661816.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sat 23 Nov 2024 22:22:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            96:ec:22:53:4e:09:3e:1e:e4:36:3f:17:83:49:09:18:74:51:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DB06236B96EE00934FCD39A560E5BC04EB7B9EA4
        Validity
            Not Before: Mar  5 17:50:25 2024 GMT
            Not After : Mar  4 17:55:25 2025 GMT
        Subject: CN=D1D02A00C3948E97AD1CFBA1489D2C239EFC35EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:e2:ed:18:0b:e2:21:5b:49:69:4f:65:66:27:
                    0a:9c:ea:41:b0:91:c1:12:cb:2e:c3:6c:05:c4:c1:
                    f1:7c:be:13:ba:79:ab:39:10:d7:03:88:67:27:82:
                    49:02:c6:31:d1:ea:1c:12:b9:89:63:bb:18:0c:37:
                    98:56:43:9f:0b:a4:78:e9:8f:79:24:0b:99:00:e4:
                    8a:8a:19:66:f7:0e:0c:02:a3:b4:0c:14:b7:28:bf:
                    3c:9e:37:3f:90:26:0b:72:f7:8c:50:c4:d5:94:4d:
                    5a:0d:70:e6:21:40:31:7a:a5:8a:a3:78:f2:49:c9:
                    63:52:50:27:06:18:aa:78:e1:41:02:4d:9e:ce:82:
                    ac:17:b7:4c:66:8c:c2:cc:de:aa:fa:bb:47:54:07:
                    c9:12:c7:89:6e:57:6b:5f:57:23:35:3d:0b:68:5a:
                    36:9b:5c:88:c3:4c:9f:55:6d:d8:a9:5d:39:9d:d0:
                    54:0f:da:3c:18:c1:52:59:00:b2:40:e1:f6:13:b6:
                    28:0a:2b:23:f2:a9:9d:a2:eb:11:b2:dc:fc:fe:97:
                    8f:f7:ce:0d:ab:4b:df:a3:17:01:89:4a:d8:d2:46:
                    59:c4:23:e7:e9:9a:9f:d8:f0:a1:03:91:cf:b7:49:
                    10:1d:3d:4f:2a:68:f1:39:be:e7:0f:37:75:20:ad:
                    3b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:D0:2A:00:C3:94:8E:97:AD:1C:FB:A1:48:9D:2C:23:9E:FC:35:EC
            X509v3 Authority Key Identifier:
                keyid:DB:06:23:6B:96:EE:00:93:4F:CD:39:A5:60:E5:BC:04:EB:7B:9E:A4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/7BA04F3BF61DC0454379E83625D7693221D247D7E77E1CEB2F9E7A49974AB707/0/DB06236B96EE00934FCD39A560E5BC04EB7B9EA4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DB06236B96EE00934FCD39A560E5BC04EB7B9EA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/7BA04F3BF61DC0454379E83625D7693221D247D7E77E1CEB2F9E7A49974AB707/0/AS34991.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.204.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:66:3f:ac:bf:60:d5:42:8c:84:6d:48:a5:8f:49:0a:42:cd:
         ec:33:83:f3:64:96:98:aa:9d:96:fb:ef:fc:f4:e2:cc:b1:b8:
         5c:f7:cc:d2:4c:9d:90:fc:03:2a:84:59:d2:c4:5e:8e:85:f1:
         91:1c:ee:83:cb:8f:11:cd:a3:ca:fe:25:3d:20:41:4f:b9:75:
         b8:8a:4c:48:9a:67:a0:62:14:4e:fd:e7:87:1b:da:b5:39:75:
         5a:d5:09:04:82:47:a7:7f:71:a0:77:73:57:fa:84:70:3c:ee:
         88:6b:3e:ed:71:a5:ae:54:4b:81:8e:0c:53:86:8e:30:29:ae:
         2c:38:85:68:d3:d5:59:b8:eb:71:7a:7c:fe:cf:4f:66:e3:7b:
         3a:b3:7b:ad:8e:c1:84:29:c5:d6:70:cf:52:7a:b0:a3:89:30:
         82:e7:b1:b9:7b:34:1f:1f:24:6d:0a:b9:b4:8c:dd:90:29:8b:
         97:e2:a4:de:5d:cb:d1:ce:3e:1c:fb:a7:40:e6:76:33:ed:ee:
         ed:7b:08:38:27:77:e9:88:8b:56:20:3d:63:1c:7b:d5:70:34:
         83:a9:52:e3:41:ab:1b:61:24:16:45:f1:59:37:c5:a7:ea:40:
         cf:08:b2:4e:a8:31:45:61:bc:97:8e:37:ed:30:01:20:6d:42:
         bb:9e:ab:be
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIUAJbsIlNOCT4e5DY/F4NJCRh0UY4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREIwNjIzNkI5NkVFMDA5MzRGQ0QzOUE1NjBFNUJDMDRF
QjdCOUVBNDAeFw0yNDAzMDUxNzUwMjVaFw0yNTAzMDQxNzU1MjVaMDMxMTAvBgNV
BAMTKEQxRDAyQTAwQzM5NDhFOTdBRDFDRkJBMTQ4OUQyQzIzOUVGQzM1RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG4u0YC+IhW0lpT2VmJwqc6kGw
kcESyy7DbAXEwfF8vhO6eas5ENcDiGcngkkCxjHR6hwSuYljuxgMN5hWQ58LpHjp
j3kkC5kA5IqKGWb3DgwCo7QMFLcovzyeNz+QJgty94xQxNWUTVoNcOYhQDF6pYqj
ePJJyWNSUCcGGKp44UECTZ7OgqwXt0xmjMLM3qr6u0dUB8kSx4luV2tfVyM1PQto
WjabXIjDTJ9VbdipXTmd0FQP2jwYwVJZALJA4fYTtigKKyPyqZ2i6xGy3Pz+l4/3
zg2rS9+jFwGJStjSRlnEI+fpmp/Y8KEDkc+3SRAdPU8qaPE5vucPN3UgrTt/AgMB
AAGjggKYMIIClDAdBgNVHQ4EFgQU0dAqAMOUjpetHPuhSJ0sI578NewwHwYDVR0j
BBgwFoAU2wYja5buAJNPzTmlYOW8BOt7nqQwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy83QkEwNEYzQkY2MURDMDQ1NDM3OUU4MzYyNUQ3NjkzMjIx
RDI0N0Q3RTc3RTFDRUIyRjlFN0E0OTk3NEFCNzA3LzAvREIwNjIzNkI5NkVFMDA5
MzRGQ0QzOUE1NjBFNUJDMDRFQjdCOUVBNC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EQjA2MjM2Qjk2RUUwMDkzNEZD
RDM5QTU2MEU1QkMwNEVCN0I5RUE0LmNlcjCBlwYIKwYBBQUHAQsEgYowgYcwgYQG
CCsGAQUFBzALhnhyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy83QkEwNEYzQkY2MURDMDQ1NDM3OUU4MzYyNUQ3NjkzMjIxRDI0N0Q3RTc3
RTFDRUIyRjlFN0E0OTk3NEFCNzA3LzAvQVMzNDk5MS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAZjMhDAN
BgkqhkiG9w0BAQsFAAOCAQEAPWY/rL9g1UKMhG1IpY9JCkLN7DOD82SWmKqdlvvv
/PTizLG4XPfM0kydkPwDKoRZ0sRejoXxkRzug8uPEc2jyv4lPSBBT7l1uIpMSJpn
oGIUTv3nhxvatTl1WtUJBIJHp39xoHdzV/qEcDzuiGs+7XGlrlRLgY4MU4aOMCmu
LDiFaNPVWbjrcXp8/s9PZuN7OrN7rY7BhCnF1nDPUnqwo4kwguexuXs0Hx8kbQq5
tIzdkCmLl+Kk3l3L0c4+HPunQOZ2M+3u7XsIOCd36YiLViA9Yxx71XA0g6lS40Gr
G2EkFkXxWTfFp+pAzwiyTqgxRWG8l4437TABIG1Cu56rvg==
-----END CERTIFICATE-----
Generated at Wed Nov 20 18:42:11 2024 by rpki-client on console-fra.rpki-client.org