Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/95490ec3-36af-4d63-9b38-c4d83d8fd853/bc9a8011d4ee95e1df46e86cdb389a412a821786.roa
File:                     bc9a8011d4ee95e1df46e86cdb389a412a821786.roa (raw, json)
Hash identifier:          QKnhVFK01w+NOADe81n9SMjS63oq1BV15O6EWGB+jaY=
Subject key identifier:   A6:AD:D6:EC:0F:EF:1B:DA:59:E2:87:04:6E:04:D0:64:2F:CD:A5:FC
Certificate issuer:       /CN=0346440b241d40bd970699e1c0567cf9a1f8b922
Certificate serial:       0BF2A3
Authority key identifier: 30:4A:94:E6:DD:FD:B1:05:A7:94:2B:9E:D6:EB:00:82:65:62:5F:91
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/0346440b241d40bd970699e1c0567cf9a1f8b922.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/95490ec3-36af-4d63-9b38-c4d83d8fd853/bc9a8011d4ee95e1df46e86cdb389a412a821786.roa
Signing time:             Wed 24 Mar 2021 14:44:34 +0000
ROA not before:           Wed 24 Mar 2021 14:44:33 +0000
ROA not after:            Tue 24 Mar 2026 14:44:33 +0000
asID:                     8151
IP address blocks:        187.228.0.0/16 maxlen: 24
                          201.119.0.0/16 maxlen: 24
                          187.225.0.0/16 maxlen: 24
                          187.169.0.0/16 maxlen: 24
                          187.199.0.0/16 maxlen: 24
                          189.242.0.0/16 maxlen: 24
                          189.230.0.0/16 maxlen: 24
                          189.147.0.0/16 maxlen: 24
                          187.168.0.0/16 maxlen: 24
                          201.137.0.0/16 maxlen: 24
                          187.207.0.0/16 maxlen: 24
                          187.214.0.0/16 maxlen: 24
                          201.114.0.0/16 maxlen: 24
                          189.133.0.0/16 maxlen: 24
                          189.151.0.0/16 maxlen: 24
                          189.188.0.0/16 maxlen: 24
                          187.194.96.0/19 maxlen: 24
                          187.229.88.0/21 maxlen: 24
                          187.235.0.0/16 maxlen: 24
                          189.190.0.0/16 maxlen: 24
                          187.212.0.0/16 maxlen: 24
                          187.132.0.0/16 maxlen: 24
                          189.128.0.0/16 maxlen: 24
                          189.148.0.0/16 maxlen: 24
                          187.135.0.0/16 maxlen: 24
                          189.129.0.0/16 maxlen: 24
                          187.171.0.0/16 maxlen: 24
                          189.250.0.0/16 maxlen: 24
                          187.143.0.0/16 maxlen: 24
                          200.78.120.0/21 maxlen: 24
                          201.128.0.0/18 maxlen: 24
                          201.128.64.0/18 maxlen: 24
                          201.136.64.0/18 maxlen: 24
                          201.99.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/95490ec3-36af-4d63-9b38-c4d83d8fd853/0346440b241d40bd970699e1c0567cf9a1f8b922.crl
                          rsync://repository.lacnic.net/rpki/lacnic/95490ec3-36af-4d63-9b38-c4d83d8fd853/0346440b241d40bd970699e1c0567cf9a1f8b922.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/0346440b241d40bd970699e1c0567cf9a1f8b922.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sun 31 Mar 2024 19:38:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 783011 (0xbf2a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0346440b241d40bd970699e1c0567cf9a1f8b922
        Validity
            Not Before: Mar 24 14:44:33 2021 GMT
            Not After : Mar 24 14:44:33 2026 GMT
        Subject: CN=bc9a8011d4ee95e1df46e86cdb389a412a821786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:e6:63:ea:bb:a0:2e:25:63:41:c4:34:1c:3d:
                    ee:86:8a:fd:8a:cb:5c:d2:67:98:da:b1:fd:bb:bf:
                    6b:be:1d:e5:96:f5:c6:d2:89:56:44:aa:84:eb:9f:
                    48:3d:76:e9:f4:00:47:de:84:df:eb:c9:9b:dd:c3:
                    62:88:b8:b2:68:e4:78:57:3e:da:58:c5:eb:fc:e5:
                    35:1d:82:92:50:f2:12:a2:71:48:0c:89:c2:b8:b4:
                    da:20:11:53:38:dc:30:cc:55:f6:de:8e:48:bd:60:
                    62:99:3f:74:53:66:be:1b:69:fe:d8:87:ac:8d:f4:
                    40:0a:e9:78:53:33:a7:ee:63:c8:ed:24:3f:b0:fe:
                    f9:9a:76:2d:b6:7b:d9:8a:ec:d1:bc:a0:a4:b9:1a:
                    8d:89:45:84:5c:66:29:ae:b7:d9:c2:96:32:65:e3:
                    5c:a8:04:ab:a1:bf:ac:92:8d:49:58:36:a9:26:d1:
                    6c:2e:30:b6:f8:64:07:4b:bf:b4:77:b4:34:64:4c:
                    d8:83:82:51:4b:0f:54:ba:14:46:ae:40:17:c5:92:
                    69:f8:70:22:a3:81:c0:1f:24:08:d6:3d:2b:b6:5d:
                    19:8b:6d:9e:18:28:f0:29:35:15:43:11:8b:64:d6:
                    a6:2c:61:6f:25:b8:4c:05:6c:99:d9:c2:a6:c7:d2:
                    53:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:AD:D6:EC:0F:EF:1B:DA:59:E2:87:04:6E:04:D0:64:2F:CD:A5:FC
            X509v3 Authority Key Identifier:
                keyid:30:4A:94:E6:DD:FD:B1:05:A7:94:2B:9E:D6:EB:00:82:65:62:5F:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/0346440b241d40bd970699e1c0567cf9a1f8b922.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/95490ec3-36af-4d63-9b38-c4d83d8fd853/bc9a8011d4ee95e1df46e86cdb389a412a821786.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/95490ec3-36af-4d63-9b38-c4d83d8fd853/0346440b241d40bd970699e1c0567cf9a1f8b922.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  187.132.0.0/16
                  187.135.0.0/16
                  187.143.0.0/16
                  187.168.0.0/15
                  187.171.0.0/16
                  187.194.96.0/19
                  187.199.0.0/16
                  187.207.0.0/16
                  187.212.0.0/16
                  187.214.0.0/16
                  187.225.0.0/16
                  187.228.0.0/16
                  187.229.88.0/21
                  187.235.0.0/16
                  189.128.0.0/15
                  189.133.0.0/16
                  189.147.0.0-189.148.255.255
                  189.151.0.0/16
                  189.188.0.0/16
                  189.190.0.0/16
                  189.230.0.0/16
                  189.242.0.0/16
                  189.250.0.0/16
                  200.78.120.0/21
                  201.99.0.0/16
                  201.114.0.0/16
                  201.119.0.0/16
                  201.128.0.0/17
                  201.136.64.0/18
                  201.137.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7f:7d:5c:73:11:8e:ff:94:a6:a2:fa:a6:ed:a2:97:d4:0a:8a:
         a6:d6:21:d6:ea:6f:61:fd:fe:88:ad:f8:0c:ab:f5:8a:4e:7f:
         61:22:bb:d8:38:68:06:51:4b:a1:96:03:e2:ed:0a:71:81:e0:
         ba:71:7d:91:42:6d:04:dc:a9:b4:fe:f2:4b:08:4a:57:1f:da:
         ba:04:f0:ad:6b:db:62:93:c9:65:bb:0a:6a:9e:a7:85:1a:6e:
         7c:2b:c9:07:2a:ad:bf:f1:18:c4:0a:43:a3:3d:d6:57:1c:3e:
         15:7a:ef:c1:0f:a1:c1:33:e8:8e:57:d6:7a:cf:3c:8b:be:a9:
         76:38:a1:f7:58:81:19:de:90:38:ea:55:ca:cb:7c:51:2c:25:
         41:5c:b2:a4:b7:d3:86:e6:11:27:c3:f1:b6:5a:b8:e7:00:58:
         8a:de:1e:36:33:7a:d2:4a:de:f7:34:7c:d5:a8:53:fe:ae:e4:
         66:6b:43:fa:8d:39:ea:49:79:c9:9a:0c:1c:3b:f6:52:41:76:
         be:14:ec:be:66:ad:eb:ac:2c:1d:d8:5f:f9:e9:ff:79:c7:af:
         83:f5:49:ba:7c:bb:bb:21:8d:cc:a7:e1:02:ad:4f:bd:2f:b7:
         eb:49:02:a8:43:2e:9f:cc:d5:8d:a0:f7:f2:50:a2:4e:34:c8:
         fb:18:76:22
-----BEGIN CERTIFICATE-----
MIIF4TCCBMmgAwIBAgIDC/KjMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDAz
NDY0NDBiMjQxZDQwYmQ5NzA2OTllMWMwNTY3Y2Y5YTFmOGI5MjIwHhcNMjEwMzI0
MTQ0NDMzWhcNMjYwMzI0MTQ0NDMzWjAzMTEwLwYDVQQDEyhiYzlhODAxMWQ0ZWU5
NWUxZGY0NmU4NmNkYjM4OWE0MTJhODIxNzg2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAheZj6rugLiVjQcQ0HD3uhor9istc0meY2rH9u79rvh3llvXG
0olWRKqE659IPXbp9ABH3oTf68mb3cNiiLiyaOR4Vz7aWMXr/OU1HYKSUPISonFI
DInCuLTaIBFTONwwzFX23o5IvWBimT90U2a+G2n+2IesjfRACul4UzOn7mPI7SQ/
sP75mnYttnvZiuzRvKCkuRqNiUWEXGYprrfZwpYyZeNcqASrob+sko1JWDapJtFs
LjC2+GQHS7+0d7Q0ZEzYg4JRSw9UuhRGrkAXxZJp+HAio4HAHyQI1j0rtl0Zi22e
GCjwKTUVQxGLZNamLGFvJbhMBWyZ2cKmx9JTswIDAQABo4IC/DCCAvgwHQYDVR0O
BBYEFKat1uwP7xvaWeKHBG4E0GQvzaX8MB8GA1UdIwQYMBaAFDBKlObd/bEFp5Qr
ntbrAIJlYl+RMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMDM0NjQ0
MGIyNDFkNDBiZDk3MDY5OWUxYzA1NjdjZjlhMWY4YjkyMi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvOTU0OTBlYzMtMzZhZi00ZDYzLTliMzgtYzRkODNk
OGZkODUzL2JjOWE4MDExZDRlZTk1ZTFkZjQ2ZTg2Y2RiMzg5YTQxMmE4MjE3ODYu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy85NTQ5MGVjMy0zNmFmLTRkNjMtOWIzOC1jNGQ4
M2Q4ZmQ4NTMvMDM0NjQ0MGIyNDFkNDBiZDk3MDY5OWUxYzA1NjdjZjlhMWY4Yjky
Mi5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCBvwYIKwYBBQUHAQcBAf8E
ga8wgawwgakEAgABMIGiAwMAu4QDAwC7hwMDALuPAwMBu6gDAwC7qwMEBbvCYAMD
ALvHAwMAu88DAwC71AMDALvWAwMAu+EDAwC75AMEA7vlWAMDALvrAwMBvYADAwC9
hTAKAwMAvZMDAwC9lAMDAL2XAwMAvbwDAwC9vgMDAL3mAwMAvfIDAwC9+gMEA8hO
eAMDAMljAwMAyXIDAwDJdwMEB8mAAAMEBsmIQAMDAMmJMA0GCSqGSIb3DQEBCwUA
A4IBAQB/fVxzEY7/lKai+qbtopfUCoqm1iHW6m9h/f6IrfgMq/WKTn9hIrvYOGgG
UUuhlgPi7QpxgeC6cX2RQm0E3Km0/vJLCEpXH9q6BPCta9tik8lluwpqnqeFGm58
K8kHKq2/8RjECkOjPdZXHD4Veu/BD6HBM+iOV9Z6zzyLvql2OKH3WIEZ3pA46lXK
y3xRLCVBXLKkt9OG5hEnw/G2WrjnAFiK3h42M3rSSt73NHzVqFP+ruRma0P6jTnq
SXnJmgwcO/ZSQXa+FOy+Zq3rrCwd2F/56f95x6+D9Um6fLu7IY3Mp+ECrU+9L7fr
SQKoQy6fzNWNoPfyUKJONMj7GHYi
-----END CERTIFICATE-----
Generated at Thu Mar 28 21:30:47 2024 by rpki-client on console-ams.rpki-client.org