Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/7D5F66F08A7D1AC141B2D62ED65FAEC9F7C957DD00B84937B5175B638EE52F04/0/34352e3136382e36382e302f32322d3234203d3e203631343636.roa
File:                     34352e3136382e36382e302f32322d3234203d3e203631343636.roa (raw, json)
Hash identifier:          4wKIFxPyOHxB1hVgyvSGGiZwMaZ5/CS/f5kA0eScA4E=
Subject key identifier:   4B:75:69:34:86:34:AD:B3:E5:F4:90:B3:1C:B1:1E:20:65:19:84:FA
Certificate issuer:       /CN=A8D5E43848A8CF388939A53395C03EA7BB10B2EC
Certificate serial:       2DC7337BD8F48F9A4608F0D43867BCC31BC0F150
Authority key identifier: A8:D5:E4:38:48:A8:CF:38:89:39:A5:33:95:C0:3E:A7:BB:10:B2:EC
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A8D5E43848A8CF388939A53395C03EA7BB10B2EC.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/7D5F66F08A7D1AC141B2D62ED65FAEC9F7C957DD00B84937B5175B638EE52F04/0/34352e3136382e36382e302f32322d3234203d3e203631343636.roa
Signing time:             Tue 04 Feb 2025 18:16:44 +0000
ROA not before:           Tue 04 Feb 2025 18:11:44 +0000
ROA not after:            Tue 03 Feb 2026 18:16:44 +0000
asID:                     61466
IP address blocks:        45.168.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/7D5F66F08A7D1AC141B2D62ED65FAEC9F7C957DD00B84937B5175B638EE52F04/0/A8D5E43848A8CF388939A53395C03EA7BB10B2EC.crl
                          rsync://repository.lacnic.net/rpki/lacnic/7D5F66F08A7D1AC141B2D62ED65FAEC9F7C957DD00B84937B5175B638EE52F04/0/A8D5E43848A8CF388939A53395C03EA7BB10B2EC.mft
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A8D5E43848A8CF388939A53395C03EA7BB10B2EC.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/BCC0665ECF8A97B83E398268D92A255BAE661816.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Mon 17 Feb 2025 22:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:c7:33:7b:d8:f4:8f:9a:46:08:f0:d4:38:67:bc:c3:1b:c0:f1:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A8D5E43848A8CF388939A53395C03EA7BB10B2EC
        Validity
            Not Before: Feb  4 18:11:44 2025 GMT
            Not After : Feb  3 18:16:44 2026 GMT
        Subject: CN=4B7569348634ADB3E5F490B31CB11E20651984FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:9f:18:40:30:b1:c7:ef:f4:9a:37:e5:a6:1b:
                    4d:2d:e7:22:a5:e4:01:75:cd:3e:80:39:ab:67:a0:
                    88:d1:a2:6d:79:b2:87:23:fb:d5:77:ac:bf:85:11:
                    fd:ee:ea:92:b0:f1:e0:e9:62:8b:e4:5d:34:1c:09:
                    25:aa:b3:ba:5d:91:f2:b7:88:b0:e2:ba:f5:6c:e1:
                    e3:07:da:c1:98:d4:d7:25:f6:cb:91:1b:73:75:93:
                    af:50:ba:d8:b9:90:20:97:66:26:ef:26:98:5f:1e:
                    54:75:5e:a6:91:40:d5:6f:4f:1e:24:13:f5:59:e9:
                    03:f7:24:9d:2d:67:3b:e5:56:7d:ce:ce:aa:9e:3b:
                    69:7c:1a:14:95:d7:e4:c9:82:01:72:cd:7d:cb:3a:
                    f5:77:cb:08:06:4c:71:61:5b:05:cd:38:77:f2:79:
                    55:0e:6a:fa:30:53:37:f6:8c:ad:1f:10:99:10:51:
                    b0:0f:f2:4f:17:ca:64:92:c2:97:84:17:43:28:fa:
                    a0:e6:0a:bb:a1:3d:23:16:67:24:4a:78:17:10:5d:
                    02:e7:fb:cf:71:ee:c2:a4:d5:f5:fb:be:94:07:a9:
                    81:0c:6c:ca:1b:4e:04:ba:ac:42:6a:90:00:f6:97:
                    cc:9c:6c:e3:e4:47:8f:2d:e5:30:36:22:0c:e6:69:
                    47:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:75:69:34:86:34:AD:B3:E5:F4:90:B3:1C:B1:1E:20:65:19:84:FA
            X509v3 Authority Key Identifier:
                keyid:A8:D5:E4:38:48:A8:CF:38:89:39:A5:33:95:C0:3E:A7:BB:10:B2:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/7D5F66F08A7D1AC141B2D62ED65FAEC9F7C957DD00B84937B5175B638EE52F04/0/A8D5E43848A8CF388939A53395C03EA7BB10B2EC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A8D5E43848A8CF388939A53395C03EA7BB10B2EC.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/7D5F66F08A7D1AC141B2D62ED65FAEC9F7C957DD00B84937B5175B638EE52F04/0/34352e3136382e36382e302f32322d3234203d3e203631343636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.168.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:7d:14:76:57:e5:85:ca:e3:16:8f:50:6f:46:47:a5:87:c7:
         91:8d:c3:12:5a:8b:97:75:8a:e3:e4:af:08:9b:28:7d:66:6a:
         88:49:f9:f6:82:ec:f6:cb:4a:ff:f8:4c:43:b2:7e:f3:9c:4f:
         23:9b:ab:7f:25:15:99:ad:cd:48:0d:1b:8e:77:89:4a:30:72:
         28:ae:35:d0:83:aa:c3:44:9d:99:9b:86:eb:a7:cd:b4:5f:d3:
         d9:c3:ba:00:3d:34:62:e6:75:b7:1b:7d:47:10:56:a6:8d:29:
         d1:ea:8b:d4:b2:2e:dc:ca:12:a5:29:5d:62:9e:c5:08:ba:2c:
         89:69:71:40:9e:19:d4:e4:3c:b7:fa:fe:b1:e1:b4:e7:f9:5c:
         96:ff:a9:32:21:b5:84:ea:06:97:68:4a:06:c5:ef:36:4e:18:
         a0:00:24:45:84:3e:63:5d:ad:63:84:6f:95:5b:c7:c2:11:21:
         78:7b:9f:82:3b:56:7e:f3:dc:d0:14:76:e6:08:df:6c:a9:1c:
         ab:1e:46:61:0d:76:45:bd:c7:14:f0:da:0e:d0:21:5a:65:77:
         67:36:5e:db:62:f2:22:54:4e:43:1e:0f:41:1f:79:0c:23:fa:
         cc:40:54:93:e5:d6:f1:02:46:42:92:fa:68:cf:3a:a6:bd:18:
         39:b3:a2:91
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIULccze9j0j5pGCPDUOGe8wxvA8VAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQThENUU0Mzg0OEE4Q0YzODg5MzlBNTMzOTVDMDNFQTdC
QjEwQjJFQzAeFw0yNTAyMDQxODExNDRaFw0yNjAyMDMxODE2NDRaMDMxMTAvBgNV
BAMTKDRCNzU2OTM0ODYzNEFEQjNFNUY0OTBCMzFDQjExRTIwNjUxOTg0RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6nxhAMLHH7/SaN+WmG00t5yKl
5AF1zT6AOatnoIjRom15socj+9V3rL+FEf3u6pKw8eDpYovkXTQcCSWqs7pdkfK3
iLDiuvVs4eMH2sGY1Ncl9suRG3N1k69Quti5kCCXZibvJphfHlR1XqaRQNVvTx4k
E/VZ6QP3JJ0tZzvlVn3OzqqeO2l8GhSV1+TJggFyzX3LOvV3ywgGTHFhWwXNOHfy
eVUOavowUzf2jK0fEJkQUbAP8k8XymSSwpeEF0Mo+qDmCruhPSMWZyRKeBcQXQLn
+89x7sKk1fX7vpQHqYEMbMobTgS6rEJqkAD2l8ycbOPkR48t5TA2IgzmaUcNAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUS3VpNIY0rbPl9JCzHLEeIGUZhPowHwYDVR0j
BBgwFoAUqNXkOEiozziJOaUzlcA+p7sQsuwwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy83RDVGNjZGMDhBN0QxQUMxNDFCMkQ2MkVENjVGQUVDOUY3
Qzk1N0REMDBCODQ5MzdCNTE3NUI2MzhFRTUyRjA0LzAvQThENUU0Mzg0OEE4Q0Yz
ODg5MzlBNTMzOTVDMDNFQTdCQjEwQjJFQy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9BOEQ1RTQzODQ4QThDRjM4ODkz
OUE1MzM5NUMwM0VBN0JCMTBCMkVDLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvN0Q1RjY2RjA4QTdEMUFDMTQxQjJENjJFRDY1RkFFQzlGN0M5NTdERDAw
Qjg0OTM3QjUxNzVCNjM4RUU1MkYwNC8wLzM0MzUyZTMxMzYzODJlMzYzODJlMzAy
ZjMyMzIyZDMyMzQyMDNkM2UyMDM2MzEzNDM2MzYucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItqEQwDQYJ
KoZIhvcNAQELBQADggEBAHR9FHZX5YXK4xaPUG9GR6WHx5GNwxJai5d1iuPkrwib
KH1maohJ+faC7PbLSv/4TEOyfvOcTyObq38lFZmtzUgNG453iUowciiuNdCDqsNE
nZmbhuunzbRf09nDugA9NGLmdbcbfUcQVqaNKdHqi9SyLtzKEqUpXWKexQi6LIlp
cUCeGdTkPLf6/rHhtOf5XJb/qTIhtYTqBpdoSgbF7zZOGKAAJEWEPmNdrWOEb5Vb
x8IRIXh7n4I7Vn7z3NAUduYI32ypHKseRmENdkW9xxTw2g7QIVpld2c2Xtti8iJU
TkMeD0EfeQwj+sxAVJPl1vECRkKS+mjPOqa9GDmzopE=
-----END CERTIFICATE-----
Generated at Thu Feb 13 19:00:26 2025 by rpki-client