Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/B33407204E1A9AE7F95A1E7B194891E7ABAF6CC5CEA77650DFB96B0DE6DC7B8F/0/3133312e3130382e32302e302f32322d3232203d3e20323632323438.roa
File:                     3133312e3130382e32302e302f32322d3232203d3e20323632323438.roa (raw, json)
Hash identifier:          TMAHnlyfXTw5dg9iRKlj9AOqYGyHa0yMvRjU0AQgTJI=
Subject key identifier:   41:74:BF:72:83:E6:B2:1D:AB:5B:B4:92:EE:9E:D8:30:CA:28:29:B9
Certificate issuer:       /CN=325C30A62A28F1CC676DEC2EF97AF660C7A29985
Certificate serial:       7BBE5BFEFCC6F588806CBF1F567008A48614BDEA
Authority key identifier: 32:5C:30:A6:2A:28:F1:CC:67:6D:EC:2E:F9:7A:F6:60:C7:A2:99:85
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/325C30A62A28F1CC676DEC2EF97AF660C7A29985.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/B33407204E1A9AE7F95A1E7B194891E7ABAF6CC5CEA77650DFB96B0DE6DC7B8F/0/3133312e3130382e32302e302f32322d3232203d3e20323632323438.roa
Signing time:             Tue 04 Feb 2025 18:33:10 +0000
ROA not before:           Tue 04 Feb 2025 18:28:10 +0000
ROA not after:            Tue 03 Feb 2026 18:33:10 +0000
asID:                     262248
IP address blocks:        131.108.20.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/B33407204E1A9AE7F95A1E7B194891E7ABAF6CC5CEA77650DFB96B0DE6DC7B8F/0/325C30A62A28F1CC676DEC2EF97AF660C7A29985.crl
                          rsync://repository.lacnic.net/rpki/lacnic/B33407204E1A9AE7F95A1E7B194891E7ABAF6CC5CEA77650DFB96B0DE6DC7B8F/0/325C30A62A28F1CC676DEC2EF97AF660C7A29985.mft
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/325C30A62A28F1CC676DEC2EF97AF660C7A29985.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BCC0665ECF8A97B83E398268D92A255BAE661816.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/BCC0665ECF8A97B83E398268D92A255BAE661816.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Thu 20 Feb 2025 09:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:be:5b:fe:fc:c6:f5:88:80:6c:bf:1f:56:70:08:a4:86:14:bd:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=325C30A62A28F1CC676DEC2EF97AF660C7A29985
        Validity
            Not Before: Feb  4 18:28:10 2025 GMT
            Not After : Feb  3 18:33:10 2026 GMT
        Subject: CN=4174BF7283E6B21DAB5BB492EE9ED830CA2829B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f2:aa:c3:44:af:89:c2:86:91:52:11:09:ae:
                    85:d3:4e:b0:7f:0b:95:0d:ed:10:28:6c:c5:de:4b:
                    89:ef:71:97:3a:67:59:38:16:0e:c2:eb:c9:06:a7:
                    68:aa:7f:7d:ba:e6:a2:67:93:0c:9e:79:6f:a1:92:
                    eb:06:3c:7c:58:d8:8c:2e:1d:6f:99:99:40:2c:02:
                    1c:01:75:97:81:c4:e7:f9:60:f6:0d:8d:5e:f0:44:
                    aa:bf:85:c9:e8:af:87:4b:62:f7:58:0f:ae:35:1f:
                    20:34:45:35:a7:50:7e:cb:e7:1a:67:ac:0a:13:5d:
                    62:8e:c3:1b:e0:f5:3c:e2:d0:b7:d0:b5:89:02:cf:
                    b3:c3:ef:30:17:fd:75:69:e3:45:4f:f4:8c:8b:6a:
                    81:cd:e2:d8:f2:96:c9:d5:47:93:4e:04:bd:d8:50:
                    11:65:d4:5b:5e:5a:dd:ea:38:e5:9e:a1:63:df:f5:
                    38:a6:ea:73:fd:f5:de:86:08:32:d5:e1:83:e2:cd:
                    50:c5:b0:cc:53:41:89:ca:42:d8:76:6b:1a:35:a5:
                    1c:bc:43:c9:66:71:eb:fe:dd:cc:7b:99:20:f3:b2:
                    bb:76:33:96:01:a7:b6:21:cc:72:6b:25:e3:ce:4f:
                    6c:5a:92:78:7f:93:af:be:31:fa:36:a7:1f:5b:b4:
                    6d:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:74:BF:72:83:E6:B2:1D:AB:5B:B4:92:EE:9E:D8:30:CA:28:29:B9
            X509v3 Authority Key Identifier:
                keyid:32:5C:30:A6:2A:28:F1:CC:67:6D:EC:2E:F9:7A:F6:60:C7:A2:99:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/B33407204E1A9AE7F95A1E7B194891E7ABAF6CC5CEA77650DFB96B0DE6DC7B8F/0/325C30A62A28F1CC676DEC2EF97AF660C7A29985.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/325C30A62A28F1CC676DEC2EF97AF660C7A29985.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/B33407204E1A9AE7F95A1E7B194891E7ABAF6CC5CEA77650DFB96B0DE6DC7B8F/0/3133312e3130382e32302e302f32322d3232203d3e20323632323438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.108.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:56:e9:a9:23:2e:f8:0a:c3:f4:68:4d:57:15:dc:3f:a9:39:
         81:ee:3e:81:3a:e5:76:31:cd:b1:90:e1:e1:c8:fa:62:67:ce:
         c3:35:b3:d9:e9:12:09:e0:4f:6e:47:20:3d:4b:a6:fc:54:64:
         9b:ef:dd:7c:19:63:1f:53:15:a7:d4:8c:8c:97:ad:49:1a:14:
         71:0d:be:ad:84:12:c7:7c:71:b9:b6:db:27:92:01:28:3b:d1:
         23:e4:bf:a0:77:2f:6e:16:bc:97:bb:5f:31:df:62:41:8d:5e:
         10:1d:40:2e:fc:5c:ca:4f:d2:76:06:af:4e:75:6d:2d:15:ad:
         03:91:6f:b7:71:58:e0:38:2e:e0:7a:16:ce:cf:a0:b3:40:db:
         15:00:47:0f:53:41:5a:84:4c:c2:2c:6e:97:e0:7f:38:f6:dc:
         1f:1d:97:d0:e8:1e:2a:0a:95:1b:c9:29:3a:dc:2b:18:72:98:
         02:64:8e:ef:ab:12:45:a6:fb:d0:98:ab:0c:71:b8:f9:7c:19:
         bf:e1:29:98:8c:1a:09:11:12:4d:17:a9:3f:7e:bd:30:34:51:
         01:8d:1a:f8:b6:ea:9e:da:6c:ad:4b:41:dd:05:0e:e5:1d:f6:
         6a:ee:1c:3c:0d:47:1e:8f:eb:b9:c9:5e:af:17:e0:9c:d7:05:
         60:a7:77:b0
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUe75b/vzG9YiAbL8fVnAIpIYUveowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzI1QzMwQTYyQTI4RjFDQzY3NkRFQzJFRjk3QUY2NjBD
N0EyOTk4NTAeFw0yNTAyMDQxODI4MTBaFw0yNjAyMDMxODMzMTBaMDMxMTAvBgNV
BAMTKDQxNzRCRjcyODNFNkIyMURBQjVCQjQ5MkVFOUVEODMwQ0EyODI5QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo8qrDRK+JwoaRUhEJroXTTrB/
C5UN7RAobMXeS4nvcZc6Z1k4Fg7C68kGp2iqf3265qJnkwyeeW+hkusGPHxY2Iwu
HW+ZmUAsAhwBdZeBxOf5YPYNjV7wRKq/hcnor4dLYvdYD641HyA0RTWnUH7L5xpn
rAoTXWKOwxvg9Tzi0LfQtYkCz7PD7zAX/XVp40VP9IyLaoHN4tjylsnVR5NOBL3Y
UBFl1FteWt3qOOWeoWPf9Tim6nP99d6GCDLV4YPizVDFsMxTQYnKQth2axo1pRy8
Q8lmcev+3cx7mSDzsrt2M5YBp7YhzHJrJePOT2xaknh/k6++Mfo2px9btG19AgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUQXS/coPmsh2rW7SS7p7YMMooKbkwHwYDVR0j
BBgwFoAUMlwwpioo8cxnbewu+Xr2YMeimYUwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9CMzM0MDcyMDRFMUE5QUU3Rjk1QTFFN0IxOTQ4OTFFN0FC
QUY2Q0M1Q0VBNzc2NTBERkI5NkIwREU2REM3QjhGLzAvMzI1QzMwQTYyQTI4RjFD
QzY3NkRFQzJFRjk3QUY2NjBDN0EyOTk4NS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8zMjVDMzBBNjJBMjhGMUNDNjc2
REVDMkVGOTdBRjY2MEM3QTI5OTg1LmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQjMzNDA3MjA0RTFBOUFFN0Y5NUExRTdCMTk0ODkxRTdBQkFGNkNDNUNF
QTc3NjUwREZCOTZCMERFNkRDN0I4Ri8wLzMxMzMzMTJlMzEzMDM4MmUzMjMwMmUz
MDJmMzIzMjJkMzIzMjIwM2QzZTIwMzIzNjMyMzIzNDM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCg2wU
MA0GCSqGSIb3DQEBCwUAA4IBAQASVumpIy74CsP0aE1XFdw/qTmB7j6BOuV2Mc2x
kOHhyPpiZ87DNbPZ6RIJ4E9uRyA9S6b8VGSb7918GWMfUxWn1IyMl61JGhRxDb6t
hBLHfHG5ttsnkgEoO9Ej5L+gdy9uFryXu18x32JBjV4QHUAu/FzKT9J2Bq9OdW0t
Fa0DkW+3cVjgOC7gehbOz6CzQNsVAEcPU0FahEzCLG6X4H849twfHZfQ6B4qCpUb
ySk63CsYcpgCZI7vqxJFpvvQmKsMcbj5fBm/4SmYjBoJERJNF6k/fr0wNFEBjRr4
tuqe2mytS0HdBQ7lHfZq7hw8DUcej+u5yV6vF+Cc1wVgp3ew
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:08:34 2025 by rpki-client