Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/b565a079-f5da-4db2-9b4a-2d09ad6b68c8/29c5e222d9a7b3edfecce380f448ca401c509cae.roa
File:                     29c5e222d9a7b3edfecce380f448ca401c509cae.roa (raw, json)
Hash identifier:          9AUjqCZLcXQTeBy/Shh0KMR0bsuc5coUpF0ZW/rDRgA=
Subject key identifier:   35:95:DD:BA:44:75:8F:32:D6:C1:57:A4:97:81:2D:3D:2D:CE:FD:4C
Certificate issuer:       /CN=a021501bf713ce344873efb6d039b5bf1e030235
Certificate serial:       0D480E
Authority key identifier: 04:B8:C4:EA:F7:79:2E:CF:D6:C2:01:3D:72:7D:1C:CB:51:E0:0A:D0
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/a021501bf713ce344873efb6d039b5bf1e030235.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/b565a079-f5da-4db2-9b4a-2d09ad6b68c8/29c5e222d9a7b3edfecce380f448ca401c509cae.roa
Signing time:             Wed 24 Mar 2021 14:39:12 +0000
ROA not before:           Wed 24 Mar 2021 14:39:11 +0000
ROA not after:            Tue 24 Mar 2026 14:39:11 +0000
asID:                     264746
IP address blocks:        170.254.28.0/24 maxlen: 24
                          170.254.29.0/24 maxlen: 24
                          170.254.30.0/24 maxlen: 24
                          170.254.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/b565a079-f5da-4db2-9b4a-2d09ad6b68c8/a021501bf713ce344873efb6d039b5bf1e030235.crl
                          rsync://repository.lacnic.net/rpki/lacnic/b565a079-f5da-4db2-9b4a-2d09ad6b68c8/a021501bf713ce344873efb6d039b5bf1e030235.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/a021501bf713ce344873efb6d039b5bf1e030235.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Mon 01 Apr 2024 05:58:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 870414 (0xd480e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a021501bf713ce344873efb6d039b5bf1e030235
        Validity
            Not Before: Mar 24 14:39:11 2021 GMT
            Not After : Mar 24 14:39:11 2026 GMT
        Subject: CN=29c5e222d9a7b3edfecce380f448ca401c509cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:75:c7:40:f8:33:6d:a7:a4:df:53:11:e3:76:
                    79:53:5c:07:90:e5:e3:0b:28:e5:22:2c:8d:b7:c6:
                    5e:99:b1:06:ed:08:8d:d7:a3:d0:79:bd:0d:51:03:
                    ce:35:81:04:f2:84:3e:cc:4f:1e:de:32:83:2f:73:
                    b4:11:99:33:bc:10:a6:ac:98:5c:8a:90:80:3c:51:
                    0f:1b:f3:3e:9f:b9:a4:25:35:94:b9:51:90:17:37:
                    29:b8:24:6d:0f:35:b5:81:5b:0b:c6:e7:d4:47:16:
                    0f:6a:a9:35:86:15:7f:83:2d:6a:6c:a8:3e:3a:ea:
                    76:9c:b7:8d:a9:3c:61:e2:b5:47:22:44:2d:e3:8a:
                    fe:60:df:68:75:8d:e3:e2:8b:f7:3a:3f:e8:16:a3:
                    2b:d4:b8:b4:d8:23:2e:b7:41:8c:eb:64:2d:44:f3:
                    bc:6c:e8:f2:13:62:75:ad:a4:43:6d:c7:61:a9:bf:
                    d3:67:18:0a:e0:83:15:b1:93:63:1e:dc:79:ac:35:
                    11:93:20:82:3b:58:e5:ef:24:49:d0:35:85:86:b6:
                    3b:5d:40:0a:fd:d6:21:1f:c6:12:05:c2:9d:df:d1:
                    21:f3:1c:5d:82:88:bb:1f:6d:d3:23:70:52:ae:40:
                    44:7a:aa:18:b5:7f:26:48:11:c8:da:1d:3c:d5:47:
                    0c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:95:DD:BA:44:75:8F:32:D6:C1:57:A4:97:81:2D:3D:2D:CE:FD:4C
            X509v3 Authority Key Identifier:
                keyid:04:B8:C4:EA:F7:79:2E:CF:D6:C2:01:3D:72:7D:1C:CB:51:E0:0A:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/a021501bf713ce344873efb6d039b5bf1e030235.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/b565a079-f5da-4db2-9b4a-2d09ad6b68c8/29c5e222d9a7b3edfecce380f448ca401c509cae.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/b565a079-f5da-4db2-9b4a-2d09ad6b68c8/a021501bf713ce344873efb6d039b5bf1e030235.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.254.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:31:5e:da:c3:35:aa:c8:ca:dd:04:1c:9b:d5:07:0b:38:ea:
         b3:90:4c:fc:fb:e6:3e:20:4b:7e:7e:21:80:1e:9d:37:14:80:
         c1:b3:14:3e:2a:7d:07:b7:14:cb:6c:1e:43:41:12:9d:bd:b7:
         58:92:7c:6c:63:ca:97:6b:b2:4b:36:fd:9e:10:02:3a:db:60:
         9c:22:00:75:94:6a:ec:1d:3d:a5:f8:2f:03:15:84:36:84:56:
         f9:97:00:1a:d3:2f:6c:73:6f:4c:0d:86:1d:ef:37:1e:98:15:
         5e:0a:ec:3f:3b:cc:f5:74:16:7e:ca:58:a2:e9:50:f1:28:86:
         3a:01:55:58:db:6c:a6:f2:a5:b9:f5:93:2c:a5:0a:0c:82:a2:
         3f:87:89:32:2c:f6:b1:ea:d9:c6:d0:00:c2:1b:c8:9e:4c:0e:
         e1:f1:5f:50:8a:98:d2:60:6b:0e:60:2b:1f:8c:cb:5b:53:18:
         84:03:87:db:3c:f4:1f:b4:29:3e:dd:85:14:34:34:e7:07:5a:
         1a:c5:91:5a:31:b9:27:f9:07:df:4e:04:0e:9a:45:7d:84:ec:
         76:d6:17:53:64:5a:1c:f7:98:43:c5:d4:5c:56:18:22:ea:99:
         18:e9:f1:dd:ad:73:db:c3:a0:b7:fc:3b:b9:ac:ae:8a:c3:9f:
         6f:cd:ec:76
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIDDUgOMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGEw
MjE1MDFiZjcxM2NlMzQ0ODczZWZiNmQwMzliNWJmMWUwMzAyMzUwHhcNMjEwMzI0
MTQzOTExWhcNMjYwMzI0MTQzOTExWjAzMTEwLwYDVQQDEygyOWM1ZTIyMmQ5YTdi
M2VkZmVjY2UzODBmNDQ4Y2E0MDFjNTA5Y2FlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAtnXHQPgzbaek31MR43Z5U1wHkOXjCyjlIiyNt8ZembEG7QiN
16PQeb0NUQPONYEE8oQ+zE8e3jKDL3O0EZkzvBCmrJhcipCAPFEPG/M+n7mkJTWU
uVGQFzcpuCRtDzW1gVsLxufURxYPaqk1hhV/gy1qbKg+Oup2nLeNqTxh4rVHIkQt
44r+YN9odY3j4ov3Oj/oFqMr1Li02CMut0GM62QtRPO8bOjyE2J1raRDbcdhqb/T
ZxgK4IMVsZNjHtx5rDURkyCCO1jl7yRJ0DWFhrY7XUAK/dYhH8YSBcKd39Eh8xxd
goi7H23TI3BSrkBEeqoYtX8mSBHI2h081UcMSQIDAQABo4ICWzCCAlcwHQYDVR0O
BBYEFDWV3bpEdY8y1sFXpJeBLT0tzv1MMB8GA1UdIwQYMBaAFAS4xOr3eS7P1sIB
PXJ9HMtR4ArQMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYTAyMTUw
MWJmNzEzY2UzNDQ4NzNlZmI2ZDAzOWI1YmYxZTAzMDIzNS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvYjU2NWEwNzktZjVkYS00ZGIyLTliNGEtMmQwOWFk
NmI2OGM4LzI5YzVlMjIyZDlhN2IzZWRmZWNjZTM4MGY0NDhjYTQwMWM1MDljYWUu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9iNTY1YTA3OS1mNWRhLTRkYjItOWI0YS0yZDA5
YWQ2YjY4YzgvYTAyMTUwMWJmNzEzY2UzNDQ4NzNlZmI2ZDAzOWI1YmYxZTAzMDIz
NS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAqr+HDANBgkqhkiG9w0BAQsFAAOCAQEALzFe2sM1qsjK3QQc
m9UHCzjqs5BM/PvmPiBLfn4hgB6dNxSAwbMUPip9B7cUy2weQ0ESnb23WJJ8bGPK
l2uySzb9nhACOttgnCIAdZRq7B09pfgvAxWENoRW+ZcAGtMvbHNvTA2GHe83HpgV
XgrsPzvM9XQWfspYoulQ8SiGOgFVWNtspvKlufWTLKUKDIKiP4eJMiz2serZxtAA
whvInkwO4fFfUIqY0mBrDmArH4zLW1MYhAOH2zz0H7QpPt2FFDQ05wdaGsWRWjG5
J/kH304EDppFfYTsdtYXU2RaHPeYQ8XUXFYYIuqZGOnx3a1z28Ogt/w7uayuisOf
b83sdg==
-----END CERTIFICATE-----
Generated at Fri Mar 29 07:31:00 2024 by rpki-client on console-fra.rpki-client.org