Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/fc524ae6-c071-4e6d-ac1f-543f832b44ba/029fd168b83d97ed694bfe4dcde35249f1b7488e.roa
File:                     029fd168b83d97ed694bfe4dcde35249f1b7488e.roa (raw, json)
Hash identifier:          cUSKRSIpd+/tmmmyvfyN64RYMljYaqrHbfLIL8O0464=
Subject key identifier:   F2:E0:C1:F7:CC:00:F7:FC:0B:69:82:3E:DC:E7:75:0F:75:92:F8:30
Certificate issuer:       /CN=352d81fa9c316172ab509381cae6f178b33dd2cc
Certificate serial:       045DDC
Authority key identifier: 55:92:9C:88:99:11:A6:44:7C:15:78:37:C7:EF:1C:49:9F:E5:74:78
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/352d81fa9c316172ab509381cae6f178b33dd2cc.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/fc524ae6-c071-4e6d-ac1f-543f832b44ba/029fd168b83d97ed694bfe4dcde35249f1b7488e.roa
Signing time:             Wed 24 Mar 2021 14:32:33 +0000
ROA not before:           Wed 24 Mar 2021 14:32:33 +0000
ROA not after:            Tue 24 Mar 2026 14:32:33 +0000
asID:                     264630
IP address blocks:        200.106.248.0/21 maxlen: 21
                          2801:0:190::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://repository.lacnic.net/rpki/lacnic/fc524ae6-c071-4e6d-ac1f-543f832b44ba/352d81fa9c316172ab509381cae6f178b33dd2cc.crl
                          rsync://repository.lacnic.net/rpki/lacnic/fc524ae6-c071-4e6d-ac1f-543f832b44ba/352d81fa9c316172ab509381cae6f178b33dd2cc.mft
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/352d81fa9c316172ab509381cae6f178b33dd2cc.cer
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.crl
                          rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.mft
                          rsync://repository.lacnic.net/rpki/lacnic/ff14e9055d5afaa37fbe20f4a26bd13c8f18d79a.cer
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.crl
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sun 31 Mar 2024 03:49:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 286172 (0x45ddc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352d81fa9c316172ab509381cae6f178b33dd2cc
        Validity
            Not Before: Mar 24 14:32:33 2021 GMT
            Not After : Mar 24 14:32:33 2026 GMT
        Subject: CN=029fd168b83d97ed694bfe4dcde35249f1b7488e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:27:c1:17:11:87:9c:a8:92:42:28:d1:21:50:
                    89:54:b4:58:3b:7e:8a:73:9f:09:e9:27:5b:36:06:
                    17:6b:2e:67:48:63:fe:c1:fd:b1:2a:e6:e7:e3:0d:
                    07:97:33:67:31:19:ce:8e:8d:ef:6b:af:67:ea:40:
                    0b:bb:b1:67:23:70:df:b6:05:50:e6:42:6e:27:2f:
                    1b:d3:85:94:67:23:1d:c6:35:04:bc:ba:da:0c:7e:
                    4f:9f:eb:0e:56:73:0b:71:81:76:1d:ff:f9:e2:b8:
                    1a:cd:89:63:d9:60:17:9a:42:02:f3:de:57:a8:89:
                    e2:eb:db:ae:bc:d9:fc:1a:55:5d:1b:26:bf:d5:ed:
                    7e:1c:fc:99:dc:c9:17:7a:9d:bb:e0:bb:3e:3d:9b:
                    ab:c1:3c:00:af:2b:bb:22:0d:b7:1d:5d:22:e2:30:
                    da:7a:65:e7:d1:33:2b:3a:f8:5a:64:28:9f:40:cd:
                    8f:39:39:f0:7c:dd:35:c1:27:05:3b:c1:f8:f6:83:
                    ea:cf:48:20:e2:9a:1c:c9:76:66:cc:1e:a9:e2:d0:
                    34:3e:8a:13:8d:34:e1:0d:32:25:db:a0:8d:4d:3f:
                    f8:5d:b5:74:c2:53:30:30:54:71:51:62:68:2e:76:
                    28:7f:36:67:b3:2d:7f:b0:d5:9d:fc:30:ea:41:b8:
                    79:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:E0:C1:F7:CC:00:F7:FC:0B:69:82:3E:DC:E7:75:0F:75:92:F8:30
            X509v3 Authority Key Identifier:
                keyid:55:92:9C:88:99:11:A6:44:7C:15:78:37:C7:EF:1C:49:9F:E5:74:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/352d81fa9c316172ab509381cae6f178b33dd2cc.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/fc524ae6-c071-4e6d-ac1f-543f832b44ba/029fd168b83d97ed694bfe4dcde35249f1b7488e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/fc524ae6-c071-4e6d-ac1f-543f832b44ba/352d81fa9c316172ab509381cae6f178b33dd2cc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.106.248.0/21
                IPv6:
                  2801:0:190::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:c2:5c:e1:27:c0:49:ca:41:e8:8e:7e:41:bc:3b:fa:f5:74:
         98:bc:b8:33:db:7a:67:e8:d7:28:9b:de:7a:b0:dd:25:c8:71:
         43:7b:e1:6f:0f:95:a7:09:83:0a:73:c9:83:e0:a5:06:cd:3d:
         e8:17:b8:61:0d:7b:32:78:d4:8d:e4:71:97:31:53:c0:7a:89:
         ec:c7:24:6e:67:88:87:5b:25:0f:20:f6:9c:0b:f0:8e:93:27:
         7b:62:d1:41:fa:c5:e4:b8:99:1b:d4:7a:6f:88:4b:5d:88:f5:
         af:12:87:cf:61:8e:fd:1b:e2:99:18:43:8a:4f:8d:a4:6c:c8:
         35:7c:bb:9e:88:ed:3b:13:db:af:3c:d6:dd:7d:ae:d6:b0:33:
         d6:45:f3:c8:46:f2:6e:d4:fb:ac:55:2e:06:c2:95:71:34:44:
         80:5e:0f:e0:38:c4:f9:77:9c:f3:3f:04:25:58:8a:64:d8:4d:
         38:7b:b3:0e:5e:ea:6a:b2:65:36:8b:3c:4d:ce:01:e5:3b:7b:
         3e:19:bd:09:bc:a3:f2:83:31:d9:e4:3d:fa:3a:75:26:d4:a3:
         cc:67:66:76:04:c5:8a:95:78:bd:a3:ac:ec:4e:54:e9:8f:a0:
         0a:82:e2:50:0b:f1:95:38:8e:5f:1e:c5:87:77:3a:9b:c4:91:
         bd:72:0e:11
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgIDBF3cMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDM1
MmQ4MWZhOWMzMTYxNzJhYjUwOTM4MWNhZTZmMTc4YjMzZGQyY2MwHhcNMjEwMzI0
MTQzMjMzWhcNMjYwMzI0MTQzMjMzWjAzMTEwLwYDVQQDEygwMjlmZDE2OGI4M2Q5
N2VkNjk0YmZlNGRjZGUzNTI0OWYxYjc0ODhlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqCfBFxGHnKiSQijRIVCJVLRYO36Kc58J6SdbNgYXay5nSGP+
wf2xKubn4w0HlzNnMRnOjo3va69n6kALu7FnI3DftgVQ5kJuJy8b04WUZyMdxjUE
vLraDH5Pn+sOVnMLcYF2Hf/54rgazYlj2WAXmkIC895XqIni69uuvNn8GlVdGya/
1e1+HPyZ3MkXep274Ls+PZurwTwAryu7Ig23HV0i4jDaemXn0TMrOvhaZCifQM2P
OTnwfN01wScFO8H49oPqz0gg4pocyXZmzB6p4tA0PooTjTThDTIl26CNTT/4XbV0
wlMwMFRxUWJoLnYofzZnsy1/sNWd/DDqQbh5LwIDAQABo4ICbDCCAmgwHQYDVR0O
BBYEFPLgwffMAPf8C2mCPtzndQ91kvgwMB8GA1UdIwQYMBaAFFWSnIiZEaZEfBV4
N8fvHEmf5XR4MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMzUyZDgx
ZmE5YzMxNjE3MmFiNTA5MzgxY2FlNmYxNzhiMzNkZDJjYy5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvZmM1MjRhZTYtYzA3MS00ZTZkLWFjMWYtNTQzZjgz
MmI0NGJhLzAyOWZkMTY4YjgzZDk3ZWQ2OTRiZmU0ZGNkZTM1MjQ5ZjFiNzQ4OGUu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9mYzUyNGFlNi1jMDcxLTRlNmQtYWMxZi01NDNm
ODMyYjQ0YmEvMzUyZDgxZmE5YzMxNjE3MmFiNTA5MzgxY2FlNmYxNzhiMzNkZDJj
Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEA8hq+DAPBAIAAjAJAwcAKAEAAAGQMA0GCSqGSIb3DQEBCwUA
A4IBAQBawlzhJ8BJykHojn5BvDv69XSYvLgz23pn6Ncom956sN0lyHFDe+FvD5Wn
CYMKc8mD4KUGzT3oF7hhDXsyeNSN5HGXMVPAeonsxyRuZ4iHWyUPIPacC/COkyd7
YtFB+sXkuJkb1HpviEtdiPWvEofPYY79G+KZGEOKT42kbMg1fLueiO07E9uvPNbd
fa7WsDPWRfPIRvJu1PusVS4GwpVxNESAXg/gOMT5d5zzPwQlWIpk2E04e7MOXupq
smU2izxNzgHlO3s+Gb0JvKPygzHZ5D36OnUm1KPMZ2Z2BMWKlXi9o6zsTlTpj6AK
guJQC/GVOI5fHsWHdzqbxJG9cg4R
-----END CERTIFICATE-----
Generated at Thu Mar 28 06:01:10 2024 by rpki-client on console-fra.rpki-client.org