Route Origin Authorization

$ rpki-client -vvf rpki-repo.registro.br/repo/2NP8cPD44TjwfPWPDvpRU3zSxgYJ9YVEWCjaigfceQpt/0/3137302e3235342e3234302e302f32342d3234203d3e20323635333834.roa
File:                     3137302e3235342e3234302e302f32342d3234203d3e20323635333834.roa (raw, json)
Hash identifier:          V/0e23g4mjw9fBs5NjpiXMcIILnanWNLg+Rr6mYaNQ0=
Subject key identifier:   0A:9D:D6:65:C5:49:3E:8E:A2:96:FA:F2:41:A4:8E:E2:3A:83:3C:BF
Certificate issuer:       /CN=1B7A42896A4FBF2E2E2B0494300AB6F0094EF9E5
Certificate serial:       1789E70C3BCA3135080ADA0FD19C1CD0D189A7F2
Authority key identifier: 1B:7A:42:89:6A:4F:BF:2E:2E:2B:04:94:30:0A:B6:F0:09:4E:F9:E5
Authority info access:    rsync://rpki-repo.registro.br/repo/nicbr_repo/1/1B7A42896A4FBF2E2E2B0494300AB6F0094EF9E5.cer
Subject info access:      rsync://rpki-repo.registro.br/repo/2NP8cPD44TjwfPWPDvpRU3zSxgYJ9YVEWCjaigfceQpt/0/3137302e3235342e3234302e302f32342d3234203d3e20323635333834.roa
Signing time:             Tue 29 Apr 2025 22:36:59 +0000
ROA not before:           Tue 29 Apr 2025 22:31:59 +0000
ROA not after:            Tue 28 Apr 2026 22:36:59 +0000
asID:                     265384
IP address blocks:        170.254.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-repo.registro.br/repo/2NP8cPD44TjwfPWPDvpRU3zSxgYJ9YVEWCjaigfceQpt/0/1B7A42896A4FBF2E2E2B0494300AB6F0094EF9E5.crl
                          rsync://rpki-repo.registro.br/repo/2NP8cPD44TjwfPWPDvpRU3zSxgYJ9YVEWCjaigfceQpt/0/1B7A42896A4FBF2E2E2B0494300AB6F0094EF9E5.mft
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/1B7A42896A4FBF2E2E2B0494300AB6F0094EF9E5.cer
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.crl
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.mft
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.cer
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.crl
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/05BAF2939E37DDDE1793A803162A35594ACBB405.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Wed 11 Jun 2025 03:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:89:e7:0c:3b:ca:31:35:08:0a:da:0f:d1:9c:1c:d0:d1:89:a7:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1B7A42896A4FBF2E2E2B0494300AB6F0094EF9E5
        Validity
            Not Before: Apr 29 22:31:59 2025 GMT
            Not After : Apr 28 22:36:59 2026 GMT
        Subject: CN=0A9DD665C5493E8EA296FAF241A48EE23A833CBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:71:45:1e:f3:b0:69:dd:a2:90:14:8d:32:42:
                    0a:d1:72:f8:94:88:b1:42:dc:32:16:2c:20:2b:ab:
                    e3:48:06:5f:d4:04:58:0f:86:08:ae:9d:2d:b7:0c:
                    53:9b:c8:48:e2:76:b8:bf:97:d6:c1:96:29:3b:1e:
                    c7:9c:57:0b:9a:07:6b:b4:cc:7f:2a:cf:83:70:fc:
                    bb:e6:8f:89:05:eb:59:0a:d6:1e:ce:af:9b:53:dd:
                    d0:ca:5f:ef:1e:bf:b2:29:17:58:1e:28:27:25:4b:
                    05:f4:cc:08:e2:5e:ec:97:12:b5:17:c1:cc:7c:96:
                    9a:75:25:33:f4:2e:43:65:15:34:20:21:01:33:64:
                    bb:ae:92:7b:a4:b2:cb:92:34:68:c1:98:6e:43:a0:
                    1f:d5:33:75:01:43:48:5f:8f:84:56:c0:41:03:4f:
                    d8:d6:83:10:a9:6b:36:13:4b:bf:51:34:b7:5d:ec:
                    af:2c:83:87:f8:b4:5a:f8:1c:d5:de:da:93:e4:34:
                    e9:9f:a9:51:b7:4e:aa:b4:dd:31:48:2e:be:b5:68:
                    2d:5f:d9:39:09:cd:ff:a0:3a:bb:cc:d4:85:69:7a:
                    3e:e0:8e:86:8e:06:fe:ec:de:68:d7:bb:e4:f3:c8:
                    8b:77:b5:ab:9e:7a:10:65:35:94:93:0b:b0:06:cb:
                    db:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:9D:D6:65:C5:49:3E:8E:A2:96:FA:F2:41:A4:8E:E2:3A:83:3C:BF
            X509v3 Authority Key Identifier:
                keyid:1B:7A:42:89:6A:4F:BF:2E:2E:2B:04:94:30:0A:B6:F0:09:4E:F9:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.registro.br/repo/2NP8cPD44TjwfPWPDvpRU3zSxgYJ9YVEWCjaigfceQpt/0/1B7A42896A4FBF2E2E2B0494300AB6F0094EF9E5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-repo.registro.br/repo/nicbr_repo/1/1B7A42896A4FBF2E2E2B0494300AB6F0094EF9E5.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-repo.registro.br/repo/2NP8cPD44TjwfPWPDvpRU3zSxgYJ9YVEWCjaigfceQpt/0/3137302e3235342e3234302e302f32342d3234203d3e20323635333834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.254.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:04:39:72:0d:ec:07:e4:59:9d:13:e4:41:3d:09:bf:38:93:
         c0:30:ce:07:2f:b7:55:5c:ae:6b:12:24:f8:4a:60:bc:6b:28:
         95:35:72:7b:90:bc:9a:66:e5:b0:08:51:ac:fc:4d:e4:eb:7d:
         79:e3:00:01:8a:89:23:73:46:87:ba:e6:74:b3:10:64:6b:66:
         ba:18:fc:06:b9:54:d6:4b:1c:38:7b:a5:44:57:d8:e2:1c:71:
         c7:d3:5b:17:0b:18:b1:80:ab:b4:26:35:23:1d:5e:46:65:10:
         cb:95:c0:de:20:08:0b:3c:ed:d9:1e:87:14:3c:f1:de:e6:e2:
         ca:dc:36:7b:91:1a:70:fc:5b:76:fb:92:94:29:bc:4e:da:01:
         d3:fb:6f:9a:25:54:8b:10:d6:ef:a0:bb:37:ee:f1:cd:20:1c:
         57:b1:e4:2e:bf:be:13:b8:e2:92:b3:ba:28:c8:d0:27:e2:5e:
         ea:bd:e9:fd:27:97:af:0b:30:ae:22:fe:b0:f0:e7:3d:6a:c4:
         4d:64:43:9f:e5:f1:96:5e:54:f1:cc:fc:fb:a5:dd:d8:40:17:
         ef:97:b2:2e:3a:6b:9e:7b:c1:f3:69:c5:fb:1a:bf:13:a8:be:
         d3:6e:97:00:46:ee:22:69:c5:e7:b9:f2:1d:c5:75:09:aa:73:
         44:a9:5b:38
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIUF4nnDDvKMTUICtoP0Zwc0NGJp/IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMUI3QTQyODk2QTRGQkYyRTJFMkIwNDk0MzAwQUI2RjAw
OTRFRjlFNTAeFw0yNTA0MjkyMjMxNTlaFw0yNjA0MjgyMjM2NTlaMDMxMTAvBgNV
BAMTKDBBOURENjY1QzU0OTNFOEVBMjk2RkFGMjQxQTQ4RUUyM0E4MzNDQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRcUUe87Bp3aKQFI0yQgrRcviU
iLFC3DIWLCArq+NIBl/UBFgPhgiunS23DFObyEjidri/l9bBlik7HsecVwuaB2u0
zH8qz4Nw/Lvmj4kF61kK1h7Or5tT3dDKX+8ev7IpF1geKCclSwX0zAjiXuyXErUX
wcx8lpp1JTP0LkNlFTQgIQEzZLuuknukssuSNGjBmG5DoB/VM3UBQ0hfj4RWwEED
T9jWgxCpazYTS79RNLdd7K8sg4f4tFr4HNXe2pPkNOmfqVG3Tqq03TFILr61aC1f
2TkJzf+gOrvM1IVpej7gjoaOBv7s3mjXu+TzyIt3taueehBlNZSTC7AGy9v3AgMB
AAGjggJTMIICTzAdBgNVHQ4EFgQUCp3WZcVJPo6ilvryQaSO4jqDPL8wHwYDVR0j
BBgwFoAUG3pCiWpPvy4uKwSUMAq28AlO+eUwDgYDVR0PAQH/BAQDAgeAMIGUBgNV
HR8EgYwwgYkwgYaggYOggYCGfnJzeW5jOi8vcnBraS1yZXBvLnJlZ2lzdHJvLmJy
L3JlcG8vMk5QOGNQRDQ0VGp3ZlBXUER2cFJVM3pTeGdZSjlZVkVXQ2phaWdmY2VR
cHQvMC8xQjdBNDI4OTZBNEZCRjJFMkUyQjA0OTQzMDBBQjZGMDA5NEVGOUU1LmNy
bDB4BggrBgEFBQcBAQRsMGowaAYIKwYBBQUHMAKGXHJzeW5jOi8vcnBraS1yZXBv
LnJlZ2lzdHJvLmJyL3JlcG8vbmljYnJfcmVwby8xLzFCN0E0Mjg5NkE0RkJGMkUy
RTJCMDQ5NDMwMEFCNkYwMDk0RUY5RTUuY2VyMIGwBggrBgEFBQcBCwSBozCBoDCB
nQYIKwYBBQUHMAuGgZByc3luYzovL3Jwa2ktcmVwby5yZWdpc3Ryby5ici9yZXBv
LzJOUDhjUEQ0NFRqd2ZQV1BEdnBSVTN6U3hnWUo5WVZFV0NqYWlnZmNlUXB0LzAv
MzEzNzMwMmUzMjM1MzQyZTMyMzQzMDJlMzAyZjMyMzQyZDMyMzQyMDNkM2UyMDMy
MzYzNTMzMzgzNC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEF
BQcBBwEB/wQQMA4wDAQCAAEwBgMEAKr+8DANBgkqhkiG9w0BAQsFAAOCAQEAbwQ5
cg3sB+RZnRPkQT0JvziTwDDOBy+3VVyuaxIk+EpgvGsolTVye5C8mmblsAhRrPxN
5Ot9eeMAAYqJI3NGh7rmdLMQZGtmuhj8BrlU1kscOHulRFfY4hxxx9NbFwsYsYCr
tCY1Ix1eRmUQy5XA3iAICzzt2R6HFDzx3ubiytw2e5EacPxbdvuSlCm8TtoB0/tv
miVUixDW76C7N+7xzSAcV7HkLr++E7jikrO6KMjQJ+Je6r3p/SeXrwswriL+sPDn
PWrETWRDn+Xxll5U8cz8+6Xd2EAX75eyLjprnnvB82nF+xq/E6i+026XAEbuImnF
57nyHcV1CapzRKlbOA==
-----END CERTIFICATE-----
Generated at Tue Jun 10 20:15:01 2025 by rpki-client