Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/b3e5dd9e-bbca-4c49-92f5-8c6751165e92/fbbd7842b165764c8477fb6ba4d0f2bf7eb224bf.roa
File:                     fbbd7842b165764c8477fb6ba4d0f2bf7eb224bf.roa (raw, json)
Hash identifier:          WKnpfgOa2mHjNMXhmZ4cNWKfn5Mhc71rNbv1Pcpt1cM=
Subject key identifier:   7B:9C:D7:35:D6:69:31:D6:34:AD:E4:F7:89:B0:5C:52:85:75:72:B0
Certificate issuer:       /CN=337d330947d264c81b4503df3b1ef67d45cc2dc4
Certificate serial:       1C3A34
Authority key identifier: 61:B6:8D:FD:87:EB:CE:D6:CA:2B:24:E2:AA:8F:F7:07:DA:63:5E:19
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/337d330947d264c81b4503df3b1ef67d45cc2dc4.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/b3e5dd9e-bbca-4c49-92f5-8c6751165e92/fbbd7842b165764c8477fb6ba4d0f2bf7eb224bf.roa
Signing time:             Thu 22 Sep 2022 20:41:10 +0000
ROA not before:           Thu 22 Sep 2022 20:39:18 +0000
ROA not after:            Sun 22 Sep 2024 20:39:18 +0000
asID:                     22368
IP address blocks:        170.80.8.0/23 maxlen: 23
                          170.80.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/b3e5dd9e-bbca-4c49-92f5-8c6751165e92/337d330947d264c81b4503df3b1ef67d45cc2dc4.crl
                          rsync://repository.lacnic.net/rpki/lacnic/b3e5dd9e-bbca-4c49-92f5-8c6751165e92/337d330947d264c81b4503df3b1ef67d45cc2dc4.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/337d330947d264c81b4503df3b1ef67d45cc2dc4.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sat 18 Mar 2023 02:22:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1849908 (0x1c3a34)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=337d330947d264c81b4503df3b1ef67d45cc2dc4
        Validity
            Not Before: Sep 22 20:39:18 2022 GMT
            Not After : Sep 22 20:39:18 2024 GMT
        Subject: CN=fbbd7842b165764c8477fb6ba4d0f2bf7eb224bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:73:d5:00:71:a3:fb:ee:b1:52:fd:27:3e:40:
                    88:53:76:80:4f:04:2c:6a:dc:0b:d3:a6:eb:79:8f:
                    a7:5a:b1:46:6b:8f:34:5d:08:c5:fa:70:c1:0d:0a:
                    73:d8:37:05:53:d3:58:ba:9b:3d:b8:1c:78:d4:c5:
                    1e:c9:48:6a:39:a0:7d:93:e2:17:38:7f:54:47:3d:
                    6a:63:3c:d1:ac:d8:63:37:c1:96:ba:94:9b:18:c4:
                    69:90:6b:78:ac:de:cf:d9:86:58:87:ee:1c:33:27:
                    29:d2:f0:21:77:78:20:7f:32:14:50:25:0c:55:64:
                    0a:ee:f0:8f:eb:60:93:5d:e1:56:d5:df:b4:c9:84:
                    31:43:a4:a6:64:ca:fc:8c:04:36:0e:dd:ae:43:21:
                    e3:19:00:0f:a5:06:d0:7f:8d:43:da:00:cb:2a:c0:
                    92:ea:a3:07:af:01:b1:da:e6:c9:ee:11:6d:06:0b:
                    7b:49:a6:91:75:8f:c0:ec:1a:d8:16:a0:97:f1:df:
                    cf:b6:0e:76:65:d3:81:04:7a:e2:a9:57:ac:83:1e:
                    3f:53:29:a3:99:76:9c:0f:07:29:6f:e0:93:e3:95:
                    72:73:b0:ce:97:06:86:e8:70:53:97:0c:77:d9:01:
                    5e:1b:38:c1:e5:34:d9:ae:4a:3a:0d:87:d6:f5:13:
                    56:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                7B:9C:D7:35:D6:69:31:D6:34:AD:E4:F7:89:B0:5C:52:85:75:72:B0
            X509v3 Authority Key Identifier: 
                keyid:61:B6:8D:FD:87:EB:CE:D6:CA:2B:24:E2:AA:8F:F7:07:DA:63:5E:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/337d330947d264c81b4503df3b1ef67d45cc2dc4.cer

            Subject Information Access: 
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/b3e5dd9e-bbca-4c49-92f5-8c6751165e92/fbbd7842b165764c8477fb6ba4d0f2bf7eb224bf.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/b3e5dd9e-bbca-4c49-92f5-8c6751165e92/337d330947d264c81b4503df3b1ef67d45cc2dc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.80.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:89:f0:20:63:4c:88:73:90:07:ff:41:65:81:9d:57:00:79:
         3e:d6:4a:79:5d:15:a1:f0:13:89:d8:f9:1b:f9:e2:63:4a:65:
         1c:51:dd:6b:99:fe:02:50:66:5f:56:c0:96:fb:fb:5e:12:02:
         38:05:93:9a:72:bb:fe:04:8a:e3:6a:e2:13:4a:ae:13:1e:c8:
         01:f6:7e:cb:14:57:81:98:9d:35:19:70:97:85:d2:61:b0:08:
         e4:4d:d6:b3:11:31:26:cb:58:6f:07:08:bc:59:7f:51:41:87:
         0e:ce:fa:a0:96:28:05:1a:55:27:a9:12:03:66:d3:f8:52:61:
         f3:f7:92:bf:1e:3f:06:a8:04:f8:49:b1:86:30:f2:6b:69:1d:
         91:2a:56:01:e4:6e:59:f1:f9:e7:41:05:25:c1:20:55:f6:c5:
         6b:af:12:9c:48:94:19:8c:46:d2:ca:64:a0:2d:0a:3a:c9:05:
         fc:b8:ba:38:ec:b8:6c:3b:4f:c8:72:9f:5f:c5:98:cb:96:ee:
         5d:83:b4:c1:92:43:f4:09:ae:ee:e8:39:d4:f2:12:43:9d:d5:
         2f:8b:a2:55:04:97:c4:9b:d2:b4:09:be:38:bf:0a:b4:c2:c3:
         04:70:9f:a3:ad:c8:62:2f:88:10:d5:ba:0c:68:f6:63:1e:33:
         87:fa:c6:29
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIDHDo0MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDMz
N2QzMzA5NDdkMjY0YzgxYjQ1MDNkZjNiMWVmNjdkNDVjYzJkYzQwHhcNMjIwOTIy
MjAzOTE4WhcNMjQwOTIyMjAzOTE4WjAzMTEwLwYDVQQDEyhmYmJkNzg0MmIxNjU3
NjRjODQ3N2ZiNmJhNGQwZjJiZjdlYjIyNGJmMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnnPVAHGj++6xUv0nPkCIU3aATwQsatwL06breY+nWrFGa480
XQjF+nDBDQpz2DcFU9NYups9uBx41MUeyUhqOaB9k+IXOH9URz1qYzzRrNhjN8GW
upSbGMRpkGt4rN7P2YZYh+4cMycp0vAhd3ggfzIUUCUMVWQK7vCP62CTXeFW1d+0
yYQxQ6SmZMr8jAQ2Dt2uQyHjGQAPpQbQf41D2gDLKsCS6qMHrwGx2ubJ7hFtBgt7
SaaRdY/A7BrYFqCX8d/Ptg52ZdOBBHriqVesgx4/UymjmXacDwcpb+CT45Vyc7DO
lwaG6HBTlwx32QFeGzjB5TTZrko6DYfW9RNWIQIDAQABo4ICWzCCAlcwHQYDVR0O
BBYEFHuc1zXWaTHWNK3k94mwXFKFdXKwMB8GA1UdIwQYMBaAFGG2jf2H687Wyisk
4qqP9wfaY14ZMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMzM3ZDMz
MDk0N2QyNjRjODFiNDUwM2RmM2IxZWY2N2Q0NWNjMmRjNC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvYjNlNWRkOWUtYmJjYS00YzQ5LTkyZjUtOGM2NzUx
MTY1ZTkyL2ZiYmQ3ODQyYjE2NTc2NGM4NDc3ZmI2YmE0ZDBmMmJmN2ViMjI0YmYu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9iM2U1ZGQ5ZS1iYmNhLTRjNDktOTJmNS04YzY3
NTExNjVlOTIvMzM3ZDMzMDk0N2QyNjRjODFiNDUwM2RmM2IxZWY2N2Q0NWNjMmRj
NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAqpQCDANBgkqhkiG9w0BAQsFAAOCAQEAGYnwIGNMiHOQB/9B
ZYGdVwB5PtZKeV0VofATidj5G/niY0plHFHda5n+AlBmX1bAlvv7XhICOAWTmnK7
/gSK42riE0quEx7IAfZ+yxRXgZidNRlwl4XSYbAI5E3WsxExJstYbwcIvFl/UUGH
Ds76oJYoBRpVJ6kSA2bT+FJh8/eSvx4/BqgE+EmxhjDya2kdkSpWAeRuWfH550EF
JcEgVfbFa68SnEiUGYxG0spkoC0KOskF/Li6OOy4bDtPyHKfX8WYy5buXYO0wZJD
9Amu7ug51PISQ53VL4uiVQSXxJvStAm+OL8KtMLDBHCfo63IYi+IENW6DGj2Yx4z
h/rGKQ==
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:35:07 2023 by rpki-client on console-ams.rpki-client.org