Route Origin Authorization

$ rpki-client -vvf rpki-repo.registro.br/repo/2JfybCh4P1fahviQCP8NLH9hh4qSKu4GjBCVGe8ZvEeZ/0/3133382e3131382e36382e302f32322d3234203d3e203532353733.roa
File:                     3133382e3131382e36382e302f32322d3234203d3e203532353733.roa (raw, json)
Hash identifier:          vlVpepGgU/ZYdQVXokmCFHMCVQymJJ1FWbyhXDIJTP4=
Subject key identifier:   D1:28:B2:AE:52:CC:30:B2:EE:1E:13:D9:15:86:85:68:86:70:3B:63
Certificate issuer:       /CN=D686F2D1C8D6F0E18200D7BA3B4E138A867E25C7
Certificate serial:       681675B324BA5A94D05822A656DF0CA40BD38B9D
Authority key identifier: D6:86:F2:D1:C8:D6:F0:E1:82:00:D7:BA:3B:4E:13:8A:86:7E:25:C7
Authority info access:    rsync://rpki-repo.registro.br/repo/nicbr_repo/1/D686F2D1C8D6F0E18200D7BA3B4E138A867E25C7.cer
Subject info access:      rsync://rpki-repo.registro.br/repo/2JfybCh4P1fahviQCP8NLH9hh4qSKu4GjBCVGe8ZvEeZ/0/3133382e3131382e36382e302f32322d3234203d3e203532353733.roa
Signing time:             Sat 31 May 2025 14:17:05 +0000
ROA not before:           Sat 31 May 2025 14:12:05 +0000
ROA not after:            Sat 30 May 2026 14:17:05 +0000
asID:                     52573
IP address blocks:        138.118.68.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-repo.registro.br/repo/2JfybCh4P1fahviQCP8NLH9hh4qSKu4GjBCVGe8ZvEeZ/0/D686F2D1C8D6F0E18200D7BA3B4E138A867E25C7.crl
                          rsync://rpki-repo.registro.br/repo/2JfybCh4P1fahviQCP8NLH9hh4qSKu4GjBCVGe8ZvEeZ/0/D686F2D1C8D6F0E18200D7BA3B4E138A867E25C7.mft
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/D686F2D1C8D6F0E18200D7BA3B4E138A867E25C7.cer
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.crl
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.mft
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.cer
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.crl
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/05BAF2939E37DDDE1793A803162A35594ACBB405.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Sat 07 Jun 2025 16:23:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:16:75:b3:24:ba:5a:94:d0:58:22:a6:56:df:0c:a4:0b:d3:8b:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D686F2D1C8D6F0E18200D7BA3B4E138A867E25C7
        Validity
            Not Before: May 31 14:12:05 2025 GMT
            Not After : May 30 14:17:05 2026 GMT
        Subject: CN=D128B2AE52CC30B2EE1E13D91586856886703B63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ef:fb:f0:2b:8a:b2:5e:8e:a3:5d:f3:76:2b:
                    46:f7:f5:1f:e0:50:a5:8a:26:a6:ce:d2:62:69:93:
                    36:05:ad:fc:ed:f0:a6:d4:20:b7:3c:f3:ca:08:07:
                    f3:60:ec:a3:28:14:f5:9a:fc:c4:d1:f8:77:96:26:
                    29:f3:6e:5c:d5:15:0d:f5:3f:61:3e:96:81:b4:a4:
                    ae:b4:28:1a:8b:05:e2:6e:5b:07:ff:8f:40:dd:d8:
                    98:52:e3:03:bc:2c:3a:d3:5e:61:4f:12:1b:cc:ef:
                    fd:98:d1:a0:86:4a:fb:6d:75:9d:fe:26:97:2a:30:
                    5d:28:e6:fc:25:ef:39:78:ed:03:57:a3:dc:33:7d:
                    e6:6b:8b:90:37:10:f3:4a:36:f8:9b:65:86:d4:4b:
                    d4:79:f6:89:19:26:ce:65:d9:16:d8:fc:6e:02:66:
                    f8:e3:73:23:03:36:e6:09:a7:eb:fc:79:0b:16:05:
                    b1:d7:a1:92:cc:a7:61:2b:83:f3:9d:ba:f6:ad:61:
                    e0:45:9a:97:6f:5c:d5:2b:c5:54:92:e7:f2:56:23:
                    ef:39:a9:51:54:80:9f:8a:3e:9f:ee:df:30:bd:83:
                    b5:fc:a4:64:55:c7:0f:a1:f9:d6:fe:e5:db:c0:16:
                    d6:ba:28:79:59:e9:43:dc:e0:2f:19:a5:82:e3:68:
                    fc:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:28:B2:AE:52:CC:30:B2:EE:1E:13:D9:15:86:85:68:86:70:3B:63
            X509v3 Authority Key Identifier:
                keyid:D6:86:F2:D1:C8:D6:F0:E1:82:00:D7:BA:3B:4E:13:8A:86:7E:25:C7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.registro.br/repo/2JfybCh4P1fahviQCP8NLH9hh4qSKu4GjBCVGe8ZvEeZ/0/D686F2D1C8D6F0E18200D7BA3B4E138A867E25C7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-repo.registro.br/repo/nicbr_repo/1/D686F2D1C8D6F0E18200D7BA3B4E138A867E25C7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-repo.registro.br/repo/2JfybCh4P1fahviQCP8NLH9hh4qSKu4GjBCVGe8ZvEeZ/0/3133382e3131382e36382e302f32322d3234203d3e203532353733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.118.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:3d:25:77:c7:71:12:1d:93:8f:46:4d:77:5a:f4:6e:0f:02:
         4e:43:d9:11:95:91:2e:7d:6c:3e:5d:4a:b0:ce:f2:55:4a:d6:
         29:3b:a0:fe:b3:fd:6b:7a:5a:cc:76:e7:4c:ee:7c:45:61:1a:
         98:7a:33:a7:8d:90:5d:ee:e7:3f:04:4e:8b:6f:1a:3d:4b:77:
         14:37:ab:02:83:1a:1a:10:f3:6d:ae:41:2a:1b:79:eb:cf:cf:
         2d:0f:8e:66:00:4d:42:3a:ba:b3:c9:6c:06:60:7a:f0:58:45:
         58:a6:e1:c1:ae:eb:10:55:2c:8a:67:27:26:b7:0b:56:fb:95:
         0b:69:95:31:b4:e5:44:89:0d:33:88:1b:86:9b:22:fc:dd:5e:
         41:67:ad:a8:d3:9c:7b:ac:db:f2:9f:d9:ba:75:a6:78:63:38:
         9a:a0:a6:0e:63:43:72:d7:69:30:f1:31:d5:41:ad:04:83:37:
         60:50:cc:c6:90:53:8d:9a:05:fe:c1:7b:fc:82:72:a5:21:75:
         2d:78:bd:86:cd:9f:7a:4f:3b:ca:d2:80:96:cc:1d:e4:52:87:
         c5:8b:0a:38:b1:c9:e4:82:e5:86:32:af:70:5c:6e:4c:3e:88:
         3c:8c:c1:7c:2b:fb:74:0f:5e:1b:fb:2c:0c:51:bd:7a:92:be:
         65:86:64:19
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgIUaBZ1syS6WpTQWCKmVt8MpAvTi50wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDY4NkYyRDFDOEQ2RjBFMTgyMDBEN0JBM0I0RTEzOEE4
NjdFMjVDNzAeFw0yNTA1MzExNDEyMDVaFw0yNjA1MzAxNDE3MDVaMDMxMTAvBgNV
BAMTKEQxMjhCMkFFNTJDQzMwQjJFRTFFMTNEOTE1ODY4NTY4ODY3MDNCNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCm7/vwK4qyXo6jXfN2K0b39R/g
UKWKJqbO0mJpkzYFrfzt8KbUILc888oIB/Ng7KMoFPWa/MTR+HeWJinzblzVFQ31
P2E+loG0pK60KBqLBeJuWwf/j0Dd2JhS4wO8LDrTXmFPEhvM7/2Y0aCGSvttdZ3+
JpcqMF0o5vwl7zl47QNXo9wzfeZri5A3EPNKNvibZYbUS9R59okZJs5l2RbY/G4C
ZvjjcyMDNuYJp+v8eQsWBbHXoZLMp2Erg/OduvatYeBFmpdvXNUrxVSS5/JWI+85
qVFUgJ+KPp/u3zC9g7X8pGRVxw+h+db+5dvAFta6KHlZ6UPc4C8ZpYLjaPx7AgMB
AAGjggJPMIICSzAdBgNVHQ4EFgQU0SiyrlLMMLLuHhPZFYaFaIZwO2MwHwYDVR0j
BBgwFoAU1oby0cjW8OGCANe6O04TioZ+JccwDgYDVR0PAQH/BAQDAgeAMIGUBgNV
HR8EgYwwgYkwgYaggYOggYCGfnJzeW5jOi8vcnBraS1yZXBvLnJlZ2lzdHJvLmJy
L3JlcG8vMkpmeWJDaDRQMWZhaHZpUUNQOE5MSDloaDRxU0t1NEdqQkNWR2U4WnZF
ZVovMC9ENjg2RjJEMUM4RDZGMEUxODIwMEQ3QkEzQjRFMTM4QTg2N0UyNUM3LmNy
bDB4BggrBgEFBQcBAQRsMGowaAYIKwYBBQUHMAKGXHJzeW5jOi8vcnBraS1yZXBv
LnJlZ2lzdHJvLmJyL3JlcG8vbmljYnJfcmVwby8xL0Q2ODZGMkQxQzhENkYwRTE4
MjAwRDdCQTNCNEUxMzhBODY3RTI1QzcuY2VyMIGsBggrBgEFBQcBCwSBnzCBnDCB
mQYIKwYBBQUHMAuGgYxyc3luYzovL3Jwa2ktcmVwby5yZWdpc3Ryby5ici9yZXBv
LzJKZnliQ2g0UDFmYWh2aVFDUDhOTEg5aGg0cVNLdTRHakJDVkdlOFp2RWVaLzAv
MzEzMzM4MmUzMTMxMzgyZTM2MzgyZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNTMy
MzUzNzMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQCinZEMA0GCSqGSIb3DQEBCwUAA4IBAQAnPSV3x3ES
HZOPRk13WvRuDwJOQ9kRlZEufWw+XUqwzvJVStYpO6D+s/1relrMdudM7nxFYRqY
ejOnjZBd7uc/BE6Lbxo9S3cUN6sCgxoaEPNtrkEqG3nrz88tD45mAE1COrqzyWwG
YHrwWEVYpuHBrusQVSyKZycmtwtW+5ULaZUxtOVEiQ0ziBuGmyL83V5BZ62o05x7
rNvyn9m6daZ4YziaoKYOY0Ny12kw8THVQa0EgzdgUMzGkFONmgX+wXv8gnKlIXUt
eL2GzZ96TzvK0oCWzB3kUofFiwo4scnkguWGMq9wXG5MPog8jMF8K/t0D14b+ywM
Ub16kr5lhmQZ
-----END CERTIFICATE-----
Generated at Fri Jun 6 20:20:49 2025 by rpki-client