Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/8af2a3dc94c7a582ff349cb8691e98f37525a1db.roa
File:                     8af2a3dc94c7a582ff349cb8691e98f37525a1db.roa (raw, json)
Hash identifier:          EbQYgRfsNfaR92bF7HhpezxYVshdQuZWsTq+ZFDuJ+c=
Subject key identifier:   C6:27:F8:77:C9:48:2A:9F:C8:37:22:36:E0:58:B2:32:43:AC:D2:AD
Certificate issuer:       /CN=eec9334789d4fb97b0c0aa483563906a5d69b4c2
Certificate serial:       1F18AC
Authority key identifier: 08:91:AA:C4:91:82:BB:0E:06:78:FA:DA:78:35:8C:58:DF:34:5C:CB
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/eec9334789d4fb97b0c0aa483563906a5d69b4c2.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/8af2a3dc94c7a582ff349cb8691e98f37525a1db.roa
Signing time:             Wed 26 Apr 2023 17:24:42 +0000
ROA not before:           Tue 25 Apr 2023 17:24:40 +0000
ROA not after:            Sat 26 Apr 2025 17:24:40 +0000
asID:                     28068
IP address blocks:        170.210.168.0/21 maxlen: 24
                          2800:110:3400::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/eec9334789d4fb97b0c0aa483563906a5d69b4c2.crl
                          rsync://repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/eec9334789d4fb97b0c0aa483563906a5d69b4c2.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/eec9334789d4fb97b0c0aa483563906a5d69b4c2.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Mon 01 Apr 2024 05:58:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2037932 (0x1f18ac)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eec9334789d4fb97b0c0aa483563906a5d69b4c2
        Validity
            Not Before: Apr 25 17:24:40 2023 GMT
            Not After : Apr 26 17:24:40 2025 GMT
        Subject: CN=8af2a3dc94c7a582ff349cb8691e98f37525a1db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:81:7b:7e:72:1c:8d:dc:e4:55:09:19:f9:1f:
                    35:ce:1b:46:40:f9:38:bb:c1:a0:9b:27:f0:7a:46:
                    ed:ef:55:15:0c:bd:95:a4:65:54:bd:54:e5:3f:9c:
                    52:98:a2:c1:6b:0c:de:26:b3:8e:cc:53:40:f8:4f:
                    93:c0:d6:de:69:c3:f5:2e:5e:48:54:5f:40:73:8e:
                    a8:39:46:51:fb:5f:21:65:db:bb:93:50:90:52:18:
                    17:f0:f1:47:85:38:b9:60:30:14:10:a2:38:c1:52:
                    4e:ed:29:a0:af:5f:b7:db:b8:1b:97:40:f0:33:7c:
                    84:d7:51:4b:a8:84:fc:a1:43:ea:82:e2:8c:33:fc:
                    ea:ef:a6:5e:9d:c5:24:d7:0a:e8:18:9f:6c:c4:54:
                    50:90:5e:7f:8e:ac:ac:bd:48:63:0c:7c:3c:6d:4c:
                    19:f5:6b:30:54:a4:75:ff:55:b8:6b:45:e8:6d:8c:
                    03:b5:09:8e:88:e6:92:f0:08:e0:32:77:9b:07:f5:
                    bc:a8:4f:e9:ba:97:8d:e0:ca:85:20:6b:50:2d:24:
                    b2:d0:79:12:cb:28:af:5e:ec:eb:1e:47:ff:3d:a4:
                    c4:ac:17:7b:e0:12:f7:2f:52:b9:28:b0:de:1f:54:
                    e8:d9:9b:1c:ec:76:d9:12:7f:26:a8:1b:fd:54:ab:
                    26:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:27:F8:77:C9:48:2A:9F:C8:37:22:36:E0:58:B2:32:43:AC:D2:AD
            X509v3 Authority Key Identifier:
                keyid:08:91:AA:C4:91:82:BB:0E:06:78:FA:DA:78:35:8C:58:DF:34:5C:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/eec9334789d4fb97b0c0aa483563906a5d69b4c2.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/8af2a3dc94c7a582ff349cb8691e98f37525a1db.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/f8d5be4d-e751-4c70-966b-cff5ed7bf5be/eec9334789d4fb97b0c0aa483563906a5d69b4c2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.210.168.0/21
                IPv6:
                  2800:110:3400::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:70:b3:97:08:c2:de:e9:51:72:b6:18:76:b8:67:8c:fd:ca:
         4a:1f:be:19:6e:62:7b:4e:0e:6f:73:6e:5e:6a:04:88:37:35:
         61:bc:b2:63:01:ee:fe:f5:e9:ee:bf:ef:2f:86:14:1f:e5:de:
         3d:30:53:f4:2d:8b:24:4d:f7:a6:ce:5c:02:b3:f8:4a:10:3a:
         f2:68:dd:ee:57:77:0d:d0:c4:ad:ee:eb:4f:83:cf:e5:4a:97:
         f9:0f:bf:ba:89:83:01:bc:56:d9:f1:f7:92:e0:52:c8:34:bc:
         b0:e5:42:65:bb:6a:0d:ab:42:6d:77:49:c3:54:e2:6a:b2:12:
         e4:cd:b6:84:c6:a1:55:76:fd:44:ff:ca:d4:a5:4e:1d:d9:b7:
         4a:38:e2:20:82:2e:a2:72:96:f6:de:e8:81:14:39:40:e4:4e:
         f3:0f:fa:7d:6c:35:3b:a8:14:ff:fc:31:2b:78:f0:77:a8:9b:
         f2:68:b2:30:33:c0:97:43:50:ea:5c:70:26:97:33:66:1a:f2:
         90:d2:d7:0a:a4:20:33:2d:45:64:0e:8e:aa:5a:51:94:5e:fa:
         43:0c:d8:7f:c0:37:1b:ff:b9:bf:59:fa:e6:99:a5:b2:1c:0d:
         af:67:5c:36:73:8b:c6:50:6a:6b:de:69:91:a5:64:6c:c8:15:
         17:30:04:60
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIDHxisMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGVl
YzkzMzQ3ODlkNGZiOTdiMGMwYWE0ODM1NjM5MDZhNWQ2OWI0YzIwHhcNMjMwNDI1
MTcyNDQwWhcNMjUwNDI2MTcyNDQwWjAzMTEwLwYDVQQDEyg4YWYyYTNkYzk0Yzdh
NTgyZmYzNDljYjg2OTFlOThmMzc1MjVhMWRiMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAl4F7fnIcjdzkVQkZ+R81zhtGQPk4u8Ggmyfwekbt71UVDL2V
pGVUvVTlP5xSmKLBawzeJrOOzFNA+E+TwNbeacP1Ll5IVF9Ac46oOUZR+18hZdu7
k1CQUhgX8PFHhTi5YDAUEKI4wVJO7Smgr1+327gbl0DwM3yE11FLqIT8oUPqguKM
M/zq76ZencUk1wroGJ9sxFRQkF5/jqysvUhjDHw8bUwZ9WswVKR1/1W4a0XobYwD
tQmOiOaS8AjgMnebB/W8qE/pupeN4MqFIGtQLSSy0HkSyyivXuzrHkf/PaTErBd7
4BL3L1K5KLDeH1To2Zsc7HbZEn8mqBv9VKsmQwIDAQABo4ICbDCCAmgwHQYDVR0O
BBYEFMYn+HfJSCqfyDciNuBYsjJDrNKtMB8GA1UdIwQYMBaAFAiRqsSRgrsOBnj6
2ng1jFjfNFzLMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvZWVjOTMz
NDc4OWQ0ZmI5N2IwYzBhYTQ4MzU2MzkwNmE1ZDY5YjRjMi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvZjhkNWJlNGQtZTc1MS00YzcwLTk2NmItY2ZmNWVk
N2JmNWJlLzhhZjJhM2RjOTRjN2E1ODJmZjM0OWNiODY5MWU5OGYzNzUyNWExZGIu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9mOGQ1YmU0ZC1lNzUxLTRjNzAtOTY2Yi1jZmY1
ZWQ3YmY1YmUvZWVjOTMzNDc4OWQ0ZmI5N2IwYzBhYTQ4MzU2MzkwNmE1ZDY5YjRj
Mi5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEA6rSqDAPBAIAAjAJAwcAKAABEDQAMA0GCSqGSIb3DQEBCwUA
A4IBAQAmcLOXCMLe6VFythh2uGeM/cpKH74ZbmJ7Tg5vc25eagSINzVhvLJjAe7+
9enuv+8vhhQf5d49MFP0LYskTfemzlwCs/hKEDryaN3uV3cN0MSt7utPg8/lSpf5
D7+6iYMBvFbZ8feS4FLINLyw5UJlu2oNq0Jtd0nDVOJqshLkzbaExqFVdv1E/8rU
pU4d2bdKOOIggi6icpb23uiBFDlA5E7zD/p9bDU7qBT//DErePB3qJvyaLIwM8CX
Q1DqXHAmlzNmGvKQ0tcKpCAzLUVkDo6qWlGUXvpDDNh/wDcb/7m/WfrmmaWyHA2v
Z1w2c4vGUGpr3mmRpWRsyBUXMARg
-----END CERTIFICATE-----
Generated at Fri Mar 29 08:55:33 2024 by rpki-client on console-fra.rpki-client.org