Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/B141EB61AA977898F5638128056510257A1EB4F18042E353CE2EF886E8D20983/0/3136382e3232382e3130382e302f32322d3234203d3e203134303830.roa
File:                     3136382e3232382e3130382e302f32322d3234203d3e203134303830.roa (raw, json)
Hash identifier:          ZqUXHagWJ535CDjPOHd3IB9BZC+VPPeuEEECAo9uZRE=
Subject key identifier:   1B:25:A0:6E:A2:D7:C1:F1:4F:A7:93:40:12:EF:09:04:7C:6B:73:BE
Certificate issuer:       /CN=CFEC95C042F718CFDEFD38BC85C4AFBA3E7A9AF8
Certificate serial:       76CB99DA76F940F84382FDB6B8F79C4A8310CE34
Authority key identifier: CF:EC:95:C0:42:F7:18:CF:DE:FD:38:BC:85:C4:AF:BA:3E:7A:9A:F8
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/CFEC95C042F718CFDEFD38BC85C4AFBA3E7A9AF8.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/B141EB61AA977898F5638128056510257A1EB4F18042E353CE2EF886E8D20983/0/3136382e3232382e3130382e302f32322d3234203d3e203134303830.roa
Signing time:             Tue 05 Mar 2024 18:21:10 +0000
ROA not before:           Tue 05 Mar 2024 18:16:10 +0000
ROA not after:            Tue 04 Mar 2025 18:21:10 +0000
asID:                     14080
IP address blocks:        168.228.108.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/B141EB61AA977898F5638128056510257A1EB4F18042E353CE2EF886E8D20983/0/CFEC95C042F718CFDEFD38BC85C4AFBA3E7A9AF8.crl
                          rsync://repository.lacnic.net/rpki/lacnic/B141EB61AA977898F5638128056510257A1EB4F18042E353CE2EF886E8D20983/0/CFEC95C042F718CFDEFD38BC85C4AFBA3E7A9AF8.mft
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/CFEC95C042F718CFDEFD38BC85C4AFBA3E7A9AF8.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/BCC0665ECF8A97B83E398268D92A255BAE661816.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sat 07 Dec 2024 09:18:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:cb:99:da:76:f9:40:f8:43:82:fd:b6:b8:f7:9c:4a:83:10:ce:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CFEC95C042F718CFDEFD38BC85C4AFBA3E7A9AF8
        Validity
            Not Before: Mar  5 18:16:10 2024 GMT
            Not After : Mar  4 18:21:10 2025 GMT
        Subject: CN=1B25A06EA2D7C1F14FA7934012EF09047C6B73BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d2:d1:ac:36:99:ba:65:f5:53:e0:c1:9b:f6:
                    e8:42:34:aa:22:11:02:a9:30:a1:a8:d3:19:6b:bd:
                    c2:06:84:04:92:6a:29:9e:10:ec:14:c4:36:40:be:
                    cb:b1:f7:ff:50:74:b8:b6:cf:33:9a:1e:87:86:5c:
                    8f:87:37:85:d5:e6:8f:29:b2:d7:80:ac:d7:9a:76:
                    e6:d7:a4:e1:5c:85:47:dc:b1:5e:c8:bd:3c:85:d8:
                    d9:5c:2a:67:50:4d:05:ff:4e:ee:50:ac:a9:c8:9d:
                    a5:21:d3:e7:60:5a:54:d1:75:99:f8:30:1b:a9:54:
                    26:84:9c:8b:a8:ce:1d:a1:14:7f:8c:d0:cb:56:64:
                    37:3a:96:5f:b5:40:47:e7:28:87:86:b6:93:e3:eb:
                    4d:c3:f2:3b:c9:7a:e9:b6:71:e6:5e:f6:21:1e:2b:
                    be:24:8a:f6:87:ab:31:44:6f:97:a2:e4:b6:5f:12:
                    82:0d:1f:74:7d:1b:67:05:3f:59:b9:63:83:9b:b9:
                    fb:51:e8:d9:e9:ad:8c:be:58:c5:cf:93:b4:ab:6b:
                    60:0c:bc:9b:8f:44:ba:18:ea:4b:27:66:02:0f:dd:
                    f4:fe:ea:66:51:51:60:fb:21:cb:c3:8e:17:49:17:
                    57:07:4c:5a:43:62:c3:fc:53:d2:3e:a4:a1:32:8d:
                    1c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:25:A0:6E:A2:D7:C1:F1:4F:A7:93:40:12:EF:09:04:7C:6B:73:BE
            X509v3 Authority Key Identifier:
                keyid:CF:EC:95:C0:42:F7:18:CF:DE:FD:38:BC:85:C4:AF:BA:3E:7A:9A:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/B141EB61AA977898F5638128056510257A1EB4F18042E353CE2EF886E8D20983/0/CFEC95C042F718CFDEFD38BC85C4AFBA3E7A9AF8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/CFEC95C042F718CFDEFD38BC85C4AFBA3E7A9AF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/B141EB61AA977898F5638128056510257A1EB4F18042E353CE2EF886E8D20983/0/3136382e3232382e3130382e302f32322d3234203d3e203134303830.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.228.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:b9:ee:5c:c0:89:2f:36:ec:92:a0:dd:13:31:c3:44:78:74:
         5f:42:f5:d8:e5:d4:9e:d8:40:a3:ce:37:6f:55:5f:79:46:6e:
         ba:34:9a:24:12:47:60:bf:a9:c2:08:72:4e:16:42:c4:d5:88:
         46:be:eb:24:3c:31:aa:9a:4b:a5:f6:0f:5a:e3:b1:f2:df:3e:
         f8:11:f1:0e:50:83:05:e5:90:61:49:49:de:3d:a2:cf:aa:7f:
         10:a3:45:ce:ca:08:87:d4:97:cd:57:49:0c:5b:30:09:ae:6e:
         62:f4:63:70:66:5b:52:a0:33:a8:43:27:86:c3:20:22:0a:ec:
         44:e5:65:33:c2:d8:49:82:8d:dd:05:92:f4:bf:3b:0b:fa:47:
         7c:e9:6a:91:e4:ed:7b:02:e7:13:62:9e:95:13:6f:4b:72:b3:
         49:48:d2:a8:bc:c7:4c:4c:66:68:0b:95:b8:5e:cf:0f:71:b7:
         21:6c:3e:3d:7c:c8:a1:79:70:a2:8e:e9:ff:ee:c6:7a:f8:c5:
         a9:0b:96:d2:09:b9:64:fd:03:d8:5f:a4:50:1a:24:15:23:e8:
         b9:1a:3d:06:15:3c:c6:9b:24:78:26:9b:29:10:31:19:04:e3:
         7e:4a:fb:b6:f5:1f:cd:9f:96:7e:2c:70:7f:4f:c9:b7:53:e8:
         5a:68:32:fb
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUdsuZ2nb5QPhDgv22uPecSoMQzjQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0ZFQzk1QzA0MkY3MThDRkRFRkQzOEJDODVDNEFGQkEz
RTdBOUFGODAeFw0yNDAzMDUxODE2MTBaFw0yNTAzMDQxODIxMTBaMDMxMTAvBgNV
BAMTKDFCMjVBMDZFQTJEN0MxRjE0RkE3OTM0MDEyRUYwOTA0N0M2QjczQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy0tGsNpm6ZfVT4MGb9uhCNKoi
EQKpMKGo0xlrvcIGhASSaimeEOwUxDZAvsux9/9QdLi2zzOaHoeGXI+HN4XV5o8p
steArNeadubXpOFchUfcsV7IvTyF2NlcKmdQTQX/Tu5QrKnInaUh0+dgWlTRdZn4
MBupVCaEnIuozh2hFH+M0MtWZDc6ll+1QEfnKIeGtpPj603D8jvJeum2ceZe9iEe
K74kivaHqzFEb5ei5LZfEoINH3R9G2cFP1m5Y4ObuftR6NnprYy+WMXPk7Sra2AM
vJuPRLoY6ksnZgIP3fT+6mZRUWD7IcvDjhdJF1cHTFpDYsP8U9I+pKEyjRxDAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUGyWgbqLXwfFPp5NAEu8JBHxrc74wHwYDVR0j
BBgwFoAUz+yVwEL3GM/e/Ti8hcSvuj56mvgwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9CMTQxRUI2MUFBOTc3ODk4RjU2MzgxMjgwNTY1MTAyNTdB
MUVCNEYxODA0MkUzNTNDRTJFRjg4NkU4RDIwOTgzLzAvQ0ZFQzk1QzA0MkY3MThD
RkRFRkQzOEJDODVDNEFGQkEzRTdBOUFGOC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9DRkVDOTVDMDQyRjcxOENGREVG
RDM4QkM4NUM0QUZCQTNFN0E5QUY4LmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQjE0MUVCNjFBQTk3Nzg5OEY1NjM4MTI4MDU2NTEwMjU3QTFFQjRGMTgw
NDJFMzUzQ0UyRUY4ODZFOEQyMDk4My8wLzMxMzYzODJlMzIzMjM4MmUzMTMwMzgy
ZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMTM0MzAzODMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqORs
MA0GCSqGSIb3DQEBCwUAA4IBAQBeue5cwIkvNuySoN0TMcNEeHRfQvXY5dSe2ECj
zjdvVV95Rm66NJokEkdgv6nCCHJOFkLE1YhGvuskPDGqmkul9g9a47Hy3z74EfEO
UIMF5ZBhSUnePaLPqn8Qo0XOygiH1JfNV0kMWzAJrm5i9GNwZltSoDOoQyeGwyAi
CuxE5WUzwthJgo3dBZL0vzsL+kd86WqR5O17AucTYp6VE29LcrNJSNKovMdMTGZo
C5W4Xs8PcbchbD49fMiheXCijun/7sZ6+MWpC5bSCblk/QPYX6RQGiQVI+i5Gj0G
FTzGmyR4JpspEDEZBON+Svu29R/Nn5Z+LHB/T8m3U+haaDL7
-----END CERTIFICATE-----
Generated at Tue Dec 3 14:23:58 2024 by rpki-client on console-fra.rpki-client.org