Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/aa69a975-83a3-4532-a779-5ffb87580309/607cc88c519555257e3bc896f3fd3e9bfc3d09db.roa
File:                     607cc88c519555257e3bc896f3fd3e9bfc3d09db.roa (raw, json)
Hash identifier:          jgeArENLCzoitMv+BsCM92LaDff/qXHTUzgAvVv4+RM=
Subject key identifier:   21:FC:A6:4E:2A:51:85:0C:F9:2A:7A:B7:37:0F:11:86:5E:94:1D:5E
Certificate issuer:       /CN=3300a6efb5b34c79125fce5dc4afa6977a46744f
Certificate serial:       2289CB
Authority key identifier: 62:AA:07:2A:74:5B:AE:77:82:D2:D9:44:76:20:4C:0C:A5:4E:ED:C2
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/3300a6efb5b34c79125fce5dc4afa6977a46744f.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/aa69a975-83a3-4532-a779-5ffb87580309/607cc88c519555257e3bc896f3fd3e9bfc3d09db.roa
Signing time:             Thu 16 Mar 2023 19:31:10 +0000
ROA not before:           Thu 18 Mar 2021 14:35:22 +0000
ROA not after:            Tue 24 Mar 2026 14:35:22 +0000
asID:                     26619
IP address blocks:        190.90.25.0/24 maxlen: 24
                          190.90.26.0/24 maxlen: 24
                          190.90.27.0/24 maxlen: 24
                          190.90.32.0/24 maxlen: 24
                          190.90.33.0/24 maxlen: 24
                          190.90.35.0/24 maxlen: 24
                          190.90.56.0/22 maxlen: 24
                          190.90.155.0/24 maxlen: 24
                          190.90.156.0/22 maxlen: 24
                          190.90.160.0/22 maxlen: 24
                          190.90.164.0/22 maxlen: 24
                          190.90.168.0/22 maxlen: 24
                          190.90.178.0/23 maxlen: 24
                          190.90.180.0/22 maxlen: 24
                          190.90.184.0/24 maxlen: 24
                          190.90.185.0/24 maxlen: 24
                          190.90.186.0/24 maxlen: 24
                          190.90.216.0/23 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2263499 (0x2289cb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3300a6efb5b34c79125fce5dc4afa6977a46744f
        Validity
            Not Before: Mar 18 14:35:22 2021 GMT
            Not After : Mar 24 14:35:22 2026 GMT
        Subject: CN=607cc88c519555257e3bc896f3fd3e9bfc3d09db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:43:d7:68:5a:cc:84:33:7d:f2:2c:bd:35:9c:
                    c8:a4:e0:45:07:a8:c0:8b:bb:b0:6d:9e:c2:c4:70:
                    21:c5:17:98:b1:97:d1:b6:d6:db:55:3c:30:09:d0:
                    ee:15:5b:4c:68:7b:c1:46:4d:b9:79:f2:b0:9f:aa:
                    56:01:5b:54:0c:8d:ed:59:c3:44:41:70:75:9a:42:
                    d1:69:3a:27:92:14:a7:17:3c:8c:48:e8:c2:ed:2e:
                    7e:07:08:a6:f4:dd:5a:9f:2f:6b:d2:ca:64:65:a9:
                    44:70:ef:70:82:81:a5:e6:ef:c1:55:85:80:a5:61:
                    c2:db:6f:b0:a3:87:11:0c:b7:2a:d2:66:b9:bf:04:
                    a6:3f:fc:65:06:6e:25:ed:b6:74:4c:fe:a9:5b:7b:
                    8e:33:8d:3c:e3:0e:b5:10:8f:78:ae:cd:c1:67:db:
                    c0:51:ae:10:34:9d:f9:58:82:c3:7f:86:13:d7:6e:
                    6b:26:18:f0:73:04:1e:80:8f:f9:29:46:d6:33:bc:
                    20:f0:c0:98:50:c4:57:26:b3:3e:a6:2b:5a:df:bf:
                    b6:66:a3:3b:23:9a:be:08:0d:03:42:b0:85:39:19:
                    13:1a:4d:94:87:3d:65:74:cd:e1:64:f6:f6:22:0b:
                    b9:7f:ae:19:0b:5b:f5:16:a4:53:22:b7:97:89:5c:
                    ef:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:FC:A6:4E:2A:51:85:0C:F9:2A:7A:B7:37:0F:11:86:5E:94:1D:5E
            X509v3 Authority Key Identifier:
                keyid:62:AA:07:2A:74:5B:AE:77:82:D2:D9:44:76:20:4C:0C:A5:4E:ED:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/3300a6efb5b34c79125fce5dc4afa6977a46744f.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/aa69a975-83a3-4532-a779-5ffb87580309/607cc88c519555257e3bc896f3fd3e9bfc3d09db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/aa69a975-83a3-4532-a779-5ffb87580309/3300a6efb5b34c79125fce5dc4afa6977a46744f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.90.25.0-190.90.27.255
                  190.90.32.0/23
                  190.90.35.0/24
                  190.90.56.0/22
                  190.90.155.0-190.90.171.255
                  190.90.178.0-190.90.186.255
                  190.90.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:c2:62:9f:e7:2c:88:d6:5f:95:f7:01:f1:fc:82:8b:7f:04:
         96:3c:b6:1a:4c:08:60:6e:a2:3e:8d:5b:e4:b5:35:c7:cc:c3:
         d6:cd:cc:7b:d7:3b:5b:10:ae:0f:66:59:4d:b4:04:ef:ae:aa:
         fb:51:a7:54:3c:1a:67:00:fa:e4:2b:e9:6f:b2:1e:61:ff:0d:
         5f:3a:6b:79:28:ef:e4:2d:62:28:57:4c:1c:b7:85:22:6b:00:
         06:a8:39:56:1b:9c:ca:98:1d:e4:92:04:a4:cc:10:fc:c9:7a:
         e3:98:4d:1c:81:ca:e7:93:a7:b6:2c:20:b9:ed:0f:34:74:be:
         36:05:c4:d5:f3:45:4d:3b:e1:dc:52:51:8f:c5:9d:bd:61:a8:
         36:95:e5:75:88:6c:23:34:5f:23:61:4e:3c:bb:e6:30:86:8a:
         57:58:06:1e:62:b2:ba:d4:fd:a8:fe:17:4d:bf:c1:ed:05:5d:
         67:52:b5:de:e7:bf:d5:c7:89:b9:3d:8d:d1:19:d4:4a:28:07:
         67:ca:ad:44:e7:6f:82:6f:ed:71:f7:d8:c0:46:9e:a0:4d:1f:
         0e:c5:70:b8:d1:3f:3c:b9:9c:92:e2:7a:37:0f:dd:8d:8a:60:
         00:31:38:32:8a:50:50:2c:c6:17:0d:73:18:fe:d8:bc:5a:ec:
         37:ed:d9:ef
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgIDIonLMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDMz
MDBhNmVmYjViMzRjNzkxMjVmY2U1ZGM0YWZhNjk3N2E0Njc0NGYwHhcNMjEwMzE4
MTQzNTIyWhcNMjYwMzI0MTQzNTIyWjAzMTEwLwYDVQQDEyg2MDdjYzg4YzUxOTU1
NTI1N2UzYmM4OTZmM2ZkM2U5YmZjM2QwOWRiMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAg0PXaFrMhDN98iy9NZzIpOBFB6jAi7uwbZ7CxHAhxReYsZfR
ttbbVTwwCdDuFVtMaHvBRk25efKwn6pWAVtUDI3tWcNEQXB1mkLRaTonkhSnFzyM
SOjC7S5+Bwim9N1any9r0spkZalEcO9wgoGl5u/BVYWApWHC22+wo4cRDLcq0ma5
vwSmP/xlBm4l7bZ0TP6pW3uOM4084w61EI94rs3BZ9vAUa4QNJ35WILDf4YT125r
JhjwcwQegI/5KUbWM7wg8MCYUMRXJrM+pita37+2ZqM7I5q+CA0DQrCFORkTGk2U
hz1ldM3hZPb2Igu5f64ZC1v1FqRTIreXiVzvrwIDAQABo4IClzCCApMwHQYDVR0O
BBYEFCH8pk4qUYUM+Sp6tzcPEYZelB1eMB8GA1UdIwQYMBaAFGKqByp0W653gtLZ
RHYgTAylTu3CMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMzMwMGE2
ZWZiNWIzNGM3OTEyNWZjZTVkYzRhZmE2OTc3YTQ2NzQ0Zi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvYWE2OWE5NzUtODNhMy00NTMyLWE3NzktNWZmYjg3
NTgwMzA5LzYwN2NjODhjNTE5NTU1MjU3ZTNiYzg5NmYzZmQzZTliZmMzZDA5ZGIu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9hYTY5YTk3NS04M2EzLTQ1MzItYTc3OS01ZmZi
ODc1ODAzMDkvMzMwMGE2ZWZiNWIzNGM3OTEyNWZjZTVkYzRhZmE2OTc3YTQ2NzQ0
Zi5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBbBggrBgEFBQcBBwEB/wRM
MEowSAQCAAEwQjAMAwQAvloZAwQCvloYAwQBvlogAwQAvlojAwQCvlo4MAwDBAC+
WpsDBAK+WqgwDAMEAb5asgMEAL5augMEAb5a2DANBgkqhkiG9w0BAQsFAAOCAQEA
gMJin+csiNZflfcB8fyCi38Eljy2GkwIYG6iPo1b5LU1x8zD1s3Me9c7WxCuD2ZZ
TbQE766q+1GnVDwaZwD65Cvpb7IeYf8NXzpreSjv5C1iKFdMHLeFImsABqg5Vhuc
ypgd5JIEpMwQ/Ml645hNHIHK55Ontiwgue0PNHS+NgXE1fNFTTvh3FJRj8WdvWGo
NpXldYhsIzRfI2FOPLvmMIaKV1gGHmKyutT9qP4XTb/B7QVdZ1K13ue/1ceJuT2N
0RnUSigHZ8qtROdvgm/tcffYwEaeoE0fDsVwuNE/PLmckuJ6Nw/djYpgADE4MopQ
UCzGFw1zGP7YvFrsN+3Z7w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:38:01 2024 by rpki-client on console-fra.rpki-client.org