Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/9B12F8A8F8A7520384EB4FE0F6AC8D6A63CF385341AE87BEEF7EDCD17D5CB05B/0/3133382e3132312e3130382e302f32322d3234203d3e20323639393933.roa
File:                     3133382e3132312e3130382e302f32322d3234203d3e20323639393933.roa (raw, json)
Hash identifier:          9LcHN89jsUlXk+0SD4XrnEzyD9Ugz8emv6iKk3ANSTk=
Subject key identifier:   C7:19:F7:FE:F8:BC:9B:4E:EB:F7:79:B5:FA:57:04:B5:49:19:9B:6C
Certificate issuer:       /CN=A12FD7F3F9F470030B9FCC2CF4E7EE20F82F894A
Certificate serial:       51293608828F71F79ACBF313020692719B7D24AE
Authority key identifier: A1:2F:D7:F3:F9:F4:70:03:0B:9F:CC:2C:F4:E7:EE:20:F8:2F:89:4A
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A12FD7F3F9F470030B9FCC2CF4E7EE20F82F894A.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/9B12F8A8F8A7520384EB4FE0F6AC8D6A63CF385341AE87BEEF7EDCD17D5CB05B/0/3133382e3132312e3130382e302f32322d3234203d3e20323639393933.roa
Signing time:             Tue 05 Mar 2024 18:09:25 +0000
ROA not before:           Tue 05 Mar 2024 18:04:25 +0000
ROA not after:            Tue 04 Mar 2025 18:09:25 +0000
asID:                     269993
IP address blocks:        138.121.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/9B12F8A8F8A7520384EB4FE0F6AC8D6A63CF385341AE87BEEF7EDCD17D5CB05B/0/A12FD7F3F9F470030B9FCC2CF4E7EE20F82F894A.crl
                          rsync://repository.lacnic.net/rpki/lacnic/9B12F8A8F8A7520384EB4FE0F6AC8D6A63CF385341AE87BEEF7EDCD17D5CB05B/0/A12FD7F3F9F470030B9FCC2CF4E7EE20F82F894A.mft
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A12FD7F3F9F470030B9FCC2CF4E7EE20F82F894A.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/BCC0665ECF8A97B83E398268D92A255BAE661816.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Mon 22 Jul 2024 13:18:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:29:36:08:82:8f:71:f7:9a:cb:f3:13:02:06:92:71:9b:7d:24:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A12FD7F3F9F470030B9FCC2CF4E7EE20F82F894A
        Validity
            Not Before: Mar  5 18:04:25 2024 GMT
            Not After : Mar  4 18:09:25 2025 GMT
        Subject: CN=C719F7FEF8BC9B4EEBF779B5FA5704B549199B6C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:95:c2:37:32:9f:72:03:7b:df:05:b3:95:d6:
                    85:00:ca:99:9f:5b:09:06:57:50:ce:82:11:d0:0b:
                    72:4b:5d:53:34:bb:58:00:57:34:79:4f:15:71:22:
                    1c:0b:15:3a:6a:f3:72:e5:6c:e0:e1:42:7f:d6:8f:
                    7d:87:de:93:89:39:16:db:c8:2f:17:b2:d5:2c:ad:
                    7b:79:37:a9:f3:33:b4:9f:e3:99:bf:a8:95:29:d6:
                    e8:77:b8:5c:40:32:34:a3:11:b4:94:bb:65:8b:6c:
                    93:54:1d:33:ee:9c:2d:cf:3b:29:60:f9:bb:c5:90:
                    0c:79:6b:e6:3a:c2:aa:66:c6:6b:de:f2:d8:0f:76:
                    7f:23:eb:9e:0c:a4:7a:3e:21:ad:1e:70:a9:51:33:
                    45:37:7c:36:b8:94:cd:9c:14:d2:22:d8:42:97:75:
                    32:d1:91:ee:e8:d7:a5:8c:ba:89:30:95:e9:4f:e7:
                    da:6f:1b:68:1f:f3:4f:d0:b6:86:c5:b3:9a:02:da:
                    f4:bf:5e:14:e6:bd:35:3f:35:a5:5a:29:96:d0:46:
                    6c:47:9b:8f:c1:36:26:c5:46:b1:e2:05:79:fc:c5:
                    7f:e9:9f:a4:b9:57:1e:60:2f:7d:6d:fa:0a:5c:e3:
                    e9:7b:24:de:06:46:dd:15:8c:06:2c:bc:99:2a:df:
                    81:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:19:F7:FE:F8:BC:9B:4E:EB:F7:79:B5:FA:57:04:B5:49:19:9B:6C
            X509v3 Authority Key Identifier:
                keyid:A1:2F:D7:F3:F9:F4:70:03:0B:9F:CC:2C:F4:E7:EE:20:F8:2F:89:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/9B12F8A8F8A7520384EB4FE0F6AC8D6A63CF385341AE87BEEF7EDCD17D5CB05B/0/A12FD7F3F9F470030B9FCC2CF4E7EE20F82F894A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A12FD7F3F9F470030B9FCC2CF4E7EE20F82F894A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/9B12F8A8F8A7520384EB4FE0F6AC8D6A63CF385341AE87BEEF7EDCD17D5CB05B/0/3133382e3132312e3130382e302f32322d3234203d3e20323639393933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.121.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:ad:65:65:f8:2f:2d:1f:d9:9f:1a:d3:12:13:b3:0d:a9:ca:
         fc:92:f9:d4:0a:3d:78:b8:9e:1e:6e:74:68:e7:fd:bb:5b:7f:
         d3:f1:9c:21:7d:ca:86:70:50:8b:b9:b6:ba:c4:cc:c9:2f:c9:
         2e:13:3c:d6:00:b7:69:0f:5e:c2:2e:fe:ed:fd:4a:0f:58:da:
         5b:35:b0:ad:5b:bd:e3:a7:d3:74:2a:67:ad:f4:07:f5:90:83:
         01:22:b3:f3:8d:cd:32:28:e0:06:c7:b5:f9:ad:e2:bc:30:4c:
         82:b2:fc:e3:98:a7:5e:f1:f1:7d:6b:1a:17:a9:19:5f:2a:ad:
         fc:78:bb:6c:ab:95:b5:9d:2e:07:41:f1:53:af:fb:8e:c6:47:
         08:dc:3d:00:da:ce:31:c6:0e:18:1f:7c:61:ce:6b:f9:33:ab:
         3a:ff:6e:15:41:db:d8:65:09:5b:c3:e8:45:7c:0b:46:89:5e:
         52:b5:37:99:20:3f:02:b4:6b:23:29:50:1a:c5:83:2b:f0:ba:
         f2:7b:dd:fd:c9:2d:dd:85:ca:53:d2:2b:1d:fc:49:4d:88:5c:
         31:68:8a:d9:8f:85:ab:c4:77:e3:a2:cf:11:ca:48:85:10:fc:
         ae:e4:8a:97:84:4a:bf:2c:25:38:d2:e3:f5:49:70:e9:05:37:
         c2:e0:ac:72
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIUUSk2CIKPcfeay/MTAgaScZt9JK4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTEyRkQ3RjNGOUY0NzAwMzBCOUZDQzJDRjRFN0VFMjBG
ODJGODk0QTAeFw0yNDAzMDUxODA0MjVaFw0yNTAzMDQxODA5MjVaMDMxMTAvBgNV
BAMTKEM3MTlGN0ZFRjhCQzlCNEVFQkY3NzlCNUZBNTcwNEI1NDkxOTlCNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQColcI3Mp9yA3vfBbOV1oUAypmf
WwkGV1DOghHQC3JLXVM0u1gAVzR5TxVxIhwLFTpq83LlbODhQn/Wj32H3pOJORbb
yC8XstUsrXt5N6nzM7Sf45m/qJUp1uh3uFxAMjSjEbSUu2WLbJNUHTPunC3POylg
+bvFkAx5a+Y6wqpmxmve8tgPdn8j654MpHo+Ia0ecKlRM0U3fDa4lM2cFNIi2EKX
dTLRke7o16WMuokwlelP59pvG2gf80/QtobFs5oC2vS/XhTmvTU/NaVaKZbQRmxH
m4/BNibFRrHiBXn8xX/pn6S5Vx5gL31t+gpc4+l7JN4GRt0VjAYsvJkq34HHAgMB
AAGjggLMMIICyDAdBgNVHQ4EFgQUxxn3/vi8m07r93m1+lcEtUkZm2wwHwYDVR0j
BBgwFoAUoS/X8/n0cAMLn8ws9OfuIPgviUowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy85QjEyRjhBOEY4QTc1MjAzODRFQjRGRTBGNkFDOEQ2QTYz
Q0YzODUzNDFBRTg3QkVFRjdFRENEMTdENUNCMDVCLzAvQTEyRkQ3RjNGOUY0NzAw
MzBCOUZDQzJDRjRFN0VFMjBGODJGODk0QS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9BMTJGRDdGM0Y5RjQ3MDAzMEI5
RkNDMkNGNEU3RUUyMEY4MkY4OTRBLmNlcjCBywYIKwYBBQUHAQsEgb4wgbswgbgG
CCsGAQUFBzALhoGrcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvOUIxMkY4QThGOEE3NTIwMzg0RUI0RkUwRjZBQzhENkE2M0NGMzg1MzQx
QUU4N0JFRUY3RURDRDE3RDVDQjA1Qi8wLzMxMzMzODJlMzEzMjMxMmUzMTMwMzgy
ZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMjM2MzkzOTM5MzMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKK
eWwwDQYJKoZIhvcNAQELBQADggEBAGGtZWX4Ly0f2Z8a0xITsw2pyvyS+dQKPXi4
nh5udGjn/btbf9PxnCF9yoZwUIu5trrEzMkvyS4TPNYAt2kPXsIu/u39Sg9Y2ls1
sK1bveOn03QqZ630B/WQgwEis/ONzTIo4AbHtfmt4rwwTIKy/OOYp17x8X1rGhep
GV8qrfx4u2yrlbWdLgdB8VOv+47GRwjcPQDazjHGDhgffGHOa/kzqzr/bhVB29hl
CVvD6EV8C0aJXlK1N5kgPwK0ayMpUBrFgyvwuvJ73f3JLd2FylPSKx38SU2IXDFo
itmPhavEd+OizxHKSIUQ/K7kipeESr8sJTjS4/VJcOkFN8LgrHI=
-----END CERTIFICATE-----
Generated at Thu Jul 18 15:13:24 2024 by rpki-client on console-fra.rpki-client.org