Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/B2FFDCA30C15CD59970A7E7AFAEC3A91AF4301AC9008B0FFC3B8F9775F56F2FD/0/3230302e332e3136382e302f32312d3234203d3e203131383135.roa
File:                     3230302e332e3136382e302f32312d3234203d3e203131383135.roa (raw, json)
Hash identifier:          oq6MjllycZyKSM7AKLBs4i2jz46jxZoHPOURyRPco24=
Subject key identifier:   1E:CF:85:61:39:C2:F9:C9:BB:1F:D3:85:F6:26:BC:4A:01:2C:5D:BD
Certificate issuer:       /CN=D2F5141990A0252C37D63112FB6ECA5DBC5686B6
Certificate serial:       43C513F3265C62CA135332A36FF339175F586060
Authority key identifier: D2:F5:14:19:90:A0:25:2C:37:D6:31:12:FB:6E:CA:5D:BC:56:86:B6
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D2F5141990A0252C37D63112FB6ECA5DBC5686B6.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/B2FFDCA30C15CD59970A7E7AFAEC3A91AF4301AC9008B0FFC3B8F9775F56F2FD/0/3230302e332e3136382e302f32312d3234203d3e203131383135.roa
Signing time:             Tue 05 Mar 2024 18:22:33 +0000
ROA not before:           Tue 05 Mar 2024 18:17:33 +0000
ROA not after:            Tue 04 Mar 2025 18:22:33 +0000
asID:                     11815
IP address blocks:        200.3.168.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/B2FFDCA30C15CD59970A7E7AFAEC3A91AF4301AC9008B0FFC3B8F9775F56F2FD/0/D2F5141990A0252C37D63112FB6ECA5DBC5686B6.crl
                          rsync://repository.lacnic.net/rpki/lacnic/B2FFDCA30C15CD59970A7E7AFAEC3A91AF4301AC9008B0FFC3B8F9775F56F2FD/0/D2F5141990A0252C37D63112FB6ECA5DBC5686B6.mft
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D2F5141990A0252C37D63112FB6ECA5DBC5686B6.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/BCC0665ECF8A97B83E398268D92A255BAE661816.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Mon 22 Jul 2024 13:18:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:c5:13:f3:26:5c:62:ca:13:53:32:a3:6f:f3:39:17:5f:58:60:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D2F5141990A0252C37D63112FB6ECA5DBC5686B6
        Validity
            Not Before: Mar  5 18:17:33 2024 GMT
            Not After : Mar  4 18:22:33 2025 GMT
        Subject: CN=1ECF856139C2F9C9BB1FD385F626BC4A012C5DBD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:06:ff:8d:d4:3b:2b:28:55:f1:d9:07:49:e7:
                    47:9f:17:22:8f:e2:6e:33:c5:1b:28:4c:8b:37:11:
                    8e:d3:06:27:b1:b4:4b:3d:01:de:89:c0:81:5b:53:
                    0f:9e:ed:25:ae:83:a8:90:ba:c8:3a:40:07:56:f0:
                    a8:9b:54:6f:c9:52:ca:f4:2d:8c:57:dd:35:eb:d9:
                    76:b8:a7:ce:bc:31:81:45:30:97:35:1b:e9:30:f2:
                    db:a5:e3:9f:b6:05:5a:ec:bb:ae:44:c7:63:64:d6:
                    c1:7a:6f:11:cc:d1:41:80:69:ec:48:ce:8b:a4:14:
                    67:61:0b:13:65:45:38:56:31:55:35:9e:c7:2a:71:
                    9a:46:c1:36:55:7d:8e:83:b0:4c:f1:58:83:85:df:
                    63:79:38:ba:76:f7:dd:67:a6:49:2e:11:39:7c:f8:
                    22:06:88:63:75:c9:f4:ae:ec:38:86:40:dc:cd:1c:
                    a2:e0:55:ae:9b:27:0d:fb:f1:cd:03:b0:e0:9b:4c:
                    24:e7:62:e6:0d:c4:f8:7f:1f:09:15:27:bb:67:bd:
                    22:9f:11:3c:b5:35:51:6e:ce:c9:c1:df:85:33:96:
                    aa:03:85:7c:99:18:ad:0b:da:81:a7:ea:cf:26:87:
                    6a:69:a0:e1:c2:c6:53:bc:ea:3b:35:b7:3e:79:82:
                    f5:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:CF:85:61:39:C2:F9:C9:BB:1F:D3:85:F6:26:BC:4A:01:2C:5D:BD
            X509v3 Authority Key Identifier:
                keyid:D2:F5:14:19:90:A0:25:2C:37:D6:31:12:FB:6E:CA:5D:BC:56:86:B6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/B2FFDCA30C15CD59970A7E7AFAEC3A91AF4301AC9008B0FFC3B8F9775F56F2FD/0/D2F5141990A0252C37D63112FB6ECA5DBC5686B6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D2F5141990A0252C37D63112FB6ECA5DBC5686B6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/B2FFDCA30C15CD59970A7E7AFAEC3A91AF4301AC9008B0FFC3B8F9775F56F2FD/0/3230302e332e3136382e302f32312d3234203d3e203131383135.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.3.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         64:8f:38:3a:04:88:46:0f:3e:6e:02:01:96:c4:1f:55:4d:43:
         39:60:40:e2:6a:03:0e:36:20:62:6d:cd:45:54:56:06:d3:19:
         b0:34:51:9e:0c:d7:ff:7e:25:45:e7:a7:05:4f:38:d4:c0:90:
         e2:97:55:62:c5:0b:84:f5:58:47:0a:4d:14:16:90:ae:da:f0:
         92:e6:3a:92:49:88:e9:9c:78:81:32:b8:55:87:c7:ed:26:b4:
         05:09:92:de:eb:03:18:d0:b6:0d:a5:45:15:55:ab:d9:fb:a3:
         2b:73:e7:9e:63:4f:21:9a:26:04:38:4c:ca:7c:53:d3:1e:d5:
         af:cc:cc:23:99:10:ae:37:50:45:53:20:76:f5:2f:80:bc:d6:
         06:3b:82:6b:88:b7:5d:9e:14:47:17:b9:67:38:81:a5:08:6c:
         f1:d9:e6:04:c5:35:64:d0:4b:ba:f4:8a:88:02:8e:78:ad:62:
         71:c5:c6:24:c6:a1:96:cf:ce:fe:ca:6f:26:a5:d9:b1:96:6a:
         b3:5d:ba:4c:bf:83:9c:70:40:dd:57:f3:31:8a:8d:bd:a5:1f:
         88:12:c6:9b:82:84:4d:81:8f:61:d4:64:c1:2f:e8:bb:57:d9:
         dd:91:fa:dc:eb:81:af:5d:f9:b9:59:cf:47:9a:60:68:5f:a0:
         f7:2b:52:91
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUQ8UT8yZcYsoTUzKjb/M5F19YYGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDJGNTE0MTk5MEEwMjUyQzM3RDYzMTEyRkI2RUNBNURC
QzU2ODZCNjAeFw0yNDAzMDUxODE3MzNaFw0yNTAzMDQxODIyMzNaMDMxMTAvBgNV
BAMTKDFFQ0Y4NTYxMzlDMkY5QzlCQjFGRDM4NUY2MjZCQzRBMDEyQzVEQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4Bv+N1DsrKFXx2QdJ50efFyKP
4m4zxRsoTIs3EY7TBiextEs9Ad6JwIFbUw+e7SWug6iQusg6QAdW8KibVG/JUsr0
LYxX3TXr2Xa4p868MYFFMJc1G+kw8tul45+2BVrsu65Ex2Nk1sF6bxHM0UGAaexI
zoukFGdhCxNlRThWMVU1nscqcZpGwTZVfY6DsEzxWIOF32N5OLp2991npkkuETl8
+CIGiGN1yfSu7DiGQNzNHKLgVa6bJw378c0DsOCbTCTnYuYNxPh/HwkVJ7tnvSKf
ETy1NVFuzsnB34UzlqoDhXyZGK0L2oGn6s8mh2ppoOHCxlO86js1tz55gvXRAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUHs+FYTnC+cm7H9OF9ia8SgEsXb0wHwYDVR0j
BBgwFoAU0vUUGZCgJSw31jES+27KXbxWhrYwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9CMkZGRENBMzBDMTVDRDU5OTcwQTdFN0FGQUVDM0E5MUFG
NDMwMUFDOTAwOEIwRkZDM0I4Rjk3NzVGNTZGMkZELzAvRDJGNTE0MTk5MEEwMjUy
QzM3RDYzMTEyRkI2RUNBNURCQzU2ODZCNi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EMkY1MTQxOTkwQTAyNTJDMzdE
NjMxMTJGQjZFQ0E1REJDNTY4NkI2LmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQjJGRkRDQTMwQzE1Q0Q1OTk3MEE3RTdBRkFFQzNBOTFBRjQzMDFBQzkw
MDhCMEZGQzNCOEY5Nzc1RjU2RjJGRC8wLzMyMzAzMDJlMzMyZTMxMzYzODJlMzAy
ZjMyMzEyZDMyMzQyMDNkM2UyMDMxMzEzODMxMzUucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPIA6gwDQYJ
KoZIhvcNAQELBQADggEBAGSPODoEiEYPPm4CAZbEH1VNQzlgQOJqAw42IGJtzUVU
VgbTGbA0UZ4M1/9+JUXnpwVPONTAkOKXVWLFC4T1WEcKTRQWkK7a8JLmOpJJiOmc
eIEyuFWHx+0mtAUJkt7rAxjQtg2lRRVVq9n7oytz555jTyGaJgQ4TMp8U9Me1a/M
zCOZEK43UEVTIHb1L4C81gY7gmuIt12eFEcXuWc4gaUIbPHZ5gTFNWTQS7r0iogC
jnitYnHFxiTGoZbPzv7Kbyal2bGWarNduky/g5xwQN1X8zGKjb2lH4gSxpuChE2B
j2HUZMEv6LtX2d2R+tzrga9d+blZz0eaYGhfoPcrUpE=
-----END CERTIFICATE-----
Generated at Thu Jul 18 20:01:53 2024 by rpki-client on console-fra.rpki-client.org