Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/4976c3a5c56596779e497b9e7946822a9e16a6ba.roa
File:                     4976c3a5c56596779e497b9e7946822a9e16a6ba.roa (raw, json)
Hash identifier:          bINh0sMi4HkkeWslfqC5m3NFGL7J5dL4T4bZb4+uo3Y=
Subject key identifier:   4E:63:39:0F:BA:76:6D:69:43:6E:78:02:20:8E:40:E0:DA:57:60:A3
Certificate issuer:       /CN=eec9334789d4fb97b0c0aa483563906a5d69b4c2
Certificate serial:       1A0C3F
Authority key identifier: 08:91:AA:C4:91:82:BB:0E:06:78:FA:DA:78:35:8C:58:DF:34:5C:CB
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/eec9334789d4fb97b0c0aa483563906a5d69b4c2.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/4976c3a5c56596779e497b9e7946822a9e16a6ba.roa
Signing time:             Tue 08 Nov 2022 20:22:19 +0000
ROA not before:           Tue 23 Mar 2021 14:31:57 +0000
ROA not after:            Tue 24 Mar 2026 14:31:57 +0000
asID:                     264630
IP address blocks:        170.210.240.0/22 maxlen: 24
                          2800:110:2200::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/eec9334789d4fb97b0c0aa483563906a5d69b4c2.crl
                          rsync://repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/eec9334789d4fb97b0c0aa483563906a5d69b4c2.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/eec9334789d4fb97b0c0aa483563906a5d69b4c2.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sat 18 Mar 2023 02:22:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1707071 (0x1a0c3f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eec9334789d4fb97b0c0aa483563906a5d69b4c2
        Validity
            Not Before: Mar 23 14:31:57 2021 GMT
            Not After : Mar 24 14:31:57 2026 GMT
        Subject: CN=4976c3a5c56596779e497b9e7946822a9e16a6ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ff:8e:ca:77:ea:19:fb:16:98:da:b1:f8:16:
                    6d:09:41:3c:ea:7e:dc:55:d3:84:4b:6c:05:71:90:
                    fa:05:47:4a:b5:71:9d:06:10:d3:86:30:90:96:64:
                    bf:51:a0:e1:29:f5:b0:75:7b:bd:c9:f4:6f:7c:3b:
                    b4:30:76:76:bb:99:6a:7a:19:87:58:94:74:51:bf:
                    76:8f:07:7d:56:05:3d:37:e4:7e:74:26:1b:95:65:
                    b4:18:52:68:b8:d7:ea:f1:c5:fd:4c:d9:5d:46:1a:
                    5d:18:57:31:e2:8a:be:1a:18:20:b4:59:0d:e5:81:
                    b0:2d:5b:e2:33:1c:a4:1e:2b:f8:7e:3e:63:c9:25:
                    21:b9:0e:a8:49:24:16:1c:07:e7:dd:58:a3:d3:b7:
                    0a:19:9c:b6:74:8a:37:68:cd:f0:b4:bf:e3:89:28:
                    9b:a6:8f:46:fe:27:91:54:f3:bb:64:e1:0e:9f:8e:
                    73:06:9c:be:f1:bc:57:52:aa:17:ad:eb:ce:86:7f:
                    b1:9e:7c:c4:08:29:3d:a9:36:f4:fb:e8:b1:25:cb:
                    ff:48:d7:da:12:2a:d7:31:cc:e7:ac:cc:ba:23:6a:
                    97:ad:a4:c1:ed:9c:1e:16:74:6a:f9:17:ba:13:a4:
                    e0:79:8d:e7:ea:cd:db:1a:64:6f:71:20:d9:00:38:
                    d4:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                4E:63:39:0F:BA:76:6D:69:43:6E:78:02:20:8E:40:E0:DA:57:60:A3
            X509v3 Authority Key Identifier: 
                keyid:08:91:AA:C4:91:82:BB:0E:06:78:FA:DA:78:35:8C:58:DF:34:5C:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access: 
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/eec9334789d4fb97b0c0aa483563906a5d69b4c2.cer

            Subject Information Access: 
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/4976c3a5c56596779e497b9e7946822a9e16a6ba.roa

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/eec9334789d4fb97b0c0aa483563906a5d69b4c2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.210.240.0/22
                IPv6:
                  2800:110:2200::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:56:bc:79:45:9d:3e:ee:0f:b8:b6:c0:33:40:9a:19:ee:ab:
         db:fd:c0:08:89:cd:68:0c:c9:86:a0:69:d9:95:13:1b:66:2f:
         99:fd:1e:9c:54:67:4d:c1:97:df:b2:b6:af:f4:5c:cf:8d:25:
         fb:4d:bc:90:50:b9:32:5b:8b:58:5e:5e:0b:e5:59:1f:c7:7d:
         46:69:f7:d3:6f:54:7e:0b:9e:5c:66:d1:fb:bf:35:78:f9:a6:
         d8:15:4e:26:a6:ad:3e:84:19:c8:ee:87:38:c3:de:91:ab:44:
         ca:88:a9:89:55:f2:4f:0f:fd:08:5d:0a:1c:99:e6:79:a2:36:
         cf:ea:8d:74:7a:e5:3c:f5:86:b2:ac:90:39:fa:f2:b8:4f:f7:
         88:c5:f1:e1:af:0a:df:4d:4f:0a:39:e7:b1:94:74:52:bc:30:
         65:f5:82:15:eb:a2:40:ed:e3:b4:69:01:bb:d8:7e:b6:6a:f0:
         94:80:05:7d:e5:aa:2b:12:2b:56:e1:ee:13:a6:48:34:cc:ed:
         2f:4b:13:e5:52:46:74:1c:bc:ca:1b:1c:9f:ba:48:8b:8d:06:
         b4:95:3f:7c:09:d6:82:64:25:bd:08:1a:6b:27:ea:58:b0:f6:
         19:5c:7b:de:b0:a1:c6:5a:17:b4:40:63:65:92:bf:7f:71:a4:
         41:f6:bf:d7
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIDGgw/MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGVl
YzkzMzQ3ODlkNGZiOTdiMGMwYWE0ODM1NjM5MDZhNWQ2OWI0YzIwHhcNMjEwMzIz
MTQzMTU3WhcNMjYwMzI0MTQzMTU3WjAzMTEwLwYDVQQDEyg0OTc2YzNhNWM1NjU5
Njc3OWU0OTdiOWU3OTQ2ODIyYTllMTZhNmJhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA5/+OynfqGfsWmNqx+BZtCUE86n7cVdOES2wFcZD6BUdKtXGd
BhDThjCQlmS/UaDhKfWwdXu9yfRvfDu0MHZ2u5lqehmHWJR0Ub92jwd9VgU9N+R+
dCYblWW0GFJouNfq8cX9TNldRhpdGFcx4oq+GhggtFkN5YGwLVviMxykHiv4fj5j
ySUhuQ6oSSQWHAfn3Vij07cKGZy2dIo3aM3wtL/jiSibpo9G/ieRVPO7ZOEOn45z
Bpy+8bxXUqoXrevOhn+xnnzECCk9qTb0++ixJcv/SNfaEirXMcznrMy6I2qXraTB
7ZweFnRq+Re6E6TgeY3n6s3bGmRvcSDZADjUtQIDAQABo4ICbDCCAmgwHQYDVR0O
BBYEFE5jOQ+6dm1pQ254AiCOQODaV2CjMB8GA1UdIwQYMBaAFAiRqsSRgrsOBnj6
2ng1jFjfNFzLMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvZWVjOTMz
NDc4OWQ0ZmI5N2IwYzBhYTQ4MzU2MzkwNmE1ZDY5YjRjMi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvZjhkNWJlNGQtZTc1MS00YzcwLTk2NmItY2ZmNWVk
N2JmNWJlLzQ5NzZjM2E1YzU2NTk2Nzc5ZTQ5N2I5ZTc5NDY4MjJhOWUxNmE2YmEu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9mOGQ1YmU0ZC1lNzUxLTRjNzAtOTY2Yi1jZmY1
ZWQ3YmY1YmUvZWVjOTMzNDc4OWQ0ZmI5N2IwYzBhYTQ4MzU2MzkwNmE1ZDY5YjRj
Mi5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAqrS8DAPBAIAAjAJAwcAKAABECIAMA0GCSqGSIb3DQEBCwUA
A4IBAQBoVrx5RZ0+7g+4tsAzQJoZ7qvb/cAIic1oDMmGoGnZlRMbZi+Z/R6cVGdN
wZffsrav9FzPjSX7TbyQULkyW4tYXl4L5Vkfx31GaffTb1R+C55cZtH7vzV4+abY
FU4mpq0+hBnI7oc4w96Rq0TKiKmJVfJPD/0IXQocmeZ5ojbP6o10euU89YayrJA5
+vK4T/eIxfHhrwrfTU8KOeexlHRSvDBl9YIV66JA7eO0aQG72H62avCUgAV95aor
EitW4e4Tpkg0zO0vSxPlUkZ0HLzKGxyfukiLjQa0lT98CdaCZCW9CBprJ+pYsPYZ
XHvesKHGWhe0QGNlkr9/caRB9r/X
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:35:26 2023 by rpki-client on console-ams.rpki-client.org