Route Origin Authorization

$ rpki-client -vvf rpki-repo.registro.br/repo/3KpJ5uP6qLk2iHW9gWepTDxax6jVvtuQYhFudw9r8Tcy/2/AS28258.roa
File:                     AS28258.roa (raw, json)
Hash identifier:          OSeAyjCLW+agvgDlAqDGYQqXKTtUhLhrfncO5pDXxIY=
Subject key identifier:   D7:C5:D9:BA:01:63:1D:8F:D1:14:9C:81:B7:74:13:F7:AF:D3:FE:9C
Certificate issuer:       /CN=D7B86B5B6E0677EED89A37670E1D04CE759EFB26
Certificate serial:       49704DABA4C781123D995A5C1F3E7D60B0167602
Authority key identifier: D7:B8:6B:5B:6E:06:77:EE:D8:9A:37:67:0E:1D:04:CE:75:9E:FB:26
Authority info access:    rsync://rpki-repo.registro.br/repo/nicbr_repo/1/D7B86B5B6E0677EED89A37670E1D04CE759EFB26.cer
Subject info access:      rsync://rpki-repo.registro.br/repo/3KpJ5uP6qLk2iHW9gWepTDxax6jVvtuQYhFudw9r8Tcy/2/AS28258.roa
Signing time:             Tue 23 Jul 2024 12:10:37 +0000
ROA not before:           Tue 23 Jul 2024 12:05:37 +0000
ROA not after:            Tue 22 Jul 2025 12:10:37 +0000
asID:                     28258
IP address blocks:        138.117.72.0/22 maxlen: 24
                          143.255.252.0/23 maxlen: 23
                          168.227.196.0/22 maxlen: 24
                          170.246.208.0/22 maxlen: 24
                          177.104.64.0/19 maxlen: 24
                          177.126.224.0/20 maxlen: 24
                          186.235.96.0/20 maxlen: 24
                          187.16.176.0/20 maxlen: 24
                          187.73.72.0/23 maxlen: 23
                          187.85.80.0/20 maxlen: 24
                          190.108.96.0/19 maxlen: 24
                          2804:2484::/32 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:70:4d:ab:a4:c7:81:12:3d:99:5a:5c:1f:3e:7d:60:b0:16:76:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D7B86B5B6E0677EED89A37670E1D04CE759EFB26
        Validity
            Not Before: Jul 23 12:05:37 2024 GMT
            Not After : Jul 22 12:10:37 2025 GMT
        Subject: CN=D7C5D9BA01631D8FD1149C81B77413F7AFD3FE9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:dc:9d:35:ba:06:5f:d8:06:8d:fc:6f:fc:3b:
                    8d:0c:ed:42:55:dc:fe:be:32:a5:28:4d:9c:6d:5e:
                    a8:d1:fd:f6:c0:c0:bc:7e:69:7d:a0:2e:ae:b3:22:
                    e9:01:31:42:c8:fa:67:73:94:91:a8:e2:4c:eb:58:
                    3c:ba:d8:c3:ba:6a:d5:d6:f6:a9:19:fa:e2:09:c5:
                    21:42:17:eb:c6:70:aa:fe:19:e5:b3:47:80:4b:6e:
                    48:ae:36:8d:79:da:98:dc:9b:10:0a:ad:84:bf:84:
                    f1:9b:e0:17:18:c6:f2:6c:31:90:c1:33:c7:62:4f:
                    0e:5a:81:0d:9d:9f:8f:9b:d9:b3:9c:6d:02:1e:c6:
                    3e:92:7c:8e:c9:45:03:0d:9e:8e:34:b0:47:d3:55:
                    69:27:51:94:89:33:b5:bd:f1:32:fb:64:28:a4:6c:
                    76:85:86:19:db:30:03:a0:ef:f8:e1:f7:d2:4f:88:
                    56:51:09:82:08:b5:ac:87:e1:b8:7a:5c:95:1e:56:
                    a7:32:31:c2:c8:3e:2f:3a:2d:37:c7:af:15:5a:d8:
                    19:17:fd:4d:fa:dd:c4:b8:1a:01:e2:1d:1d:5a:76:
                    32:a9:fe:f5:a2:87:f1:3b:47:8b:3c:d3:0d:38:d3:
                    e6:1c:48:3f:59:ae:3d:5c:79:7a:67:bd:1f:7a:69:
                    ef:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C5:D9:BA:01:63:1D:8F:D1:14:9C:81:B7:74:13:F7:AF:D3:FE:9C
            X509v3 Authority Key Identifier:
                keyid:D7:B8:6B:5B:6E:06:77:EE:D8:9A:37:67:0E:1D:04:CE:75:9E:FB:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.registro.br/repo/3KpJ5uP6qLk2iHW9gWepTDxax6jVvtuQYhFudw9r8Tcy/2/D7B86B5B6E0677EED89A37670E1D04CE759EFB26.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-repo.registro.br/repo/nicbr_repo/1/D7B86B5B6E0677EED89A37670E1D04CE759EFB26.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-repo.registro.br/repo/3KpJ5uP6qLk2iHW9gWepTDxax6jVvtuQYhFudw9r8Tcy/2/AS28258.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.117.72.0/22
                  143.255.252.0/23
                  168.227.196.0/22
                  170.246.208.0/22
                  177.104.64.0/19
                  177.126.224.0/20
                  186.235.96.0/20
                  187.16.176.0/20
                  187.73.72.0/23
                  187.85.80.0/20
                  190.108.96.0/19
                IPv6:
                  2804:2484::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:07:b4:7a:3f:59:ca:49:92:11:a3:ef:db:0c:fb:b1:a7:13:
         4d:a4:6a:09:fa:43:ac:23:f6:d1:5a:2e:63:71:ae:74:38:8a:
         ac:86:c4:52:cf:95:84:66:f3:d1:8e:b4:94:6b:49:48:7e:ac:
         0d:4c:95:b4:d9:d5:2c:05:b6:33:b5:34:ec:c0:15:93:10:fa:
         84:5e:81:3f:f2:c9:93:80:87:29:8c:fd:99:86:a5:a9:d7:c2:
         15:f9:b9:fd:8d:3e:25:79:53:c5:4f:51:cc:46:1e:b1:d8:3a:
         c7:78:29:6b:da:99:99:c4:90:e3:cc:d4:e8:d3:28:a3:08:c6:
         94:7c:be:b4:bc:8f:d1:bb:1f:1a:91:79:11:e0:d2:a7:b7:2d:
         f9:de:16:eb:80:5c:8d:88:50:9a:39:a6:f6:5f:79:26:db:aa:
         05:57:3f:9d:02:9c:ce:0a:7e:b3:b6:c9:e1:e6:a2:e6:83:37:
         3c:6c:16:ef:47:9e:ce:2b:41:dc:6d:fe:a4:1f:53:aa:66:11:
         df:45:f2:c1:29:1b:44:bc:a2:41:81:60:61:dc:05:e7:39:95:
         a1:95:30:4a:ff:db:13:55:c1:a3:d2:61:20:cf:d5:68:a3:9f:
         77:e6:14:55:a9:d0:4a:ed:a3:8d:6d:19:da:62:c0:5b:cf:10:
         14:55:8a:03
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgIUSXBNq6THgRI9mVpcHz59YLAWdgIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDdCODZCNUI2RTA2NzdFRUQ4OUEzNzY3MEUxRDA0Q0U3
NTlFRkIyNjAeFw0yNDA3MjMxMjA1MzdaFw0yNTA3MjIxMjEwMzdaMDMxMTAvBgNV
BAMTKEQ3QzVEOUJBMDE2MzFEOEZEMTE0OUM4MUI3NzQxM0Y3QUZEM0ZFOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy3J01ugZf2AaN/G/8O40M7UJV
3P6+MqUoTZxtXqjR/fbAwLx+aX2gLq6zIukBMULI+mdzlJGo4kzrWDy62MO6atXW
9qkZ+uIJxSFCF+vGcKr+GeWzR4BLbkiuNo152pjcmxAKrYS/hPGb4BcYxvJsMZDB
M8diTw5agQ2dn4+b2bOcbQIexj6SfI7JRQMNno40sEfTVWknUZSJM7W98TL7ZCik
bHaFhhnbMAOg7/jh99JPiFZRCYIItayH4bh6XJUeVqcyMcLIPi86LTfHrxVa2BkX
/U363cS4GgHiHR1adjKp/vWih/E7R4s80w040+YcSD9Zrj1ceXpnvR96ae9XAgMB
AAGjggJmMIICYjAdBgNVHQ4EFgQU18XZugFjHY/RFJyBt3QT96/T/pwwHwYDVR0j
BBgwFoAU17hrW24Gd+7YmjdnDh0EznWe+yYwDgYDVR0PAQH/BAQDAgeAMIGUBgNV
HR8EgYwwgYkwgYaggYOggYCGfnJzeW5jOi8vcnBraS1yZXBvLnJlZ2lzdHJvLmJy
L3JlcG8vM0twSjV1UDZxTGsyaUhXOWdXZXBURHhheDZqVnZ0dVFZaEZ1ZHc5cjhU
Y3kvMi9EN0I4NkI1QjZFMDY3N0VFRDg5QTM3NjcwRTFEMDRDRTc1OUVGQjI2LmNy
bDB4BggrBgEFBQcBAQRsMGowaAYIKwYBBQUHMAKGXHJzeW5jOi8vcnBraS1yZXBv
LnJlZ2lzdHJvLmJyL3JlcG8vbmljYnJfcmVwby8xL0Q3Qjg2QjVCNkUwNjc3RUVE
ODlBMzc2NzBFMUQwNENFNzU5RUZCMjYuY2VyMHkGCCsGAQUFBwELBG0wazBpBggr
BgEFBQcwC4ZdcnN5bmM6Ly9ycGtpLXJlcG8ucmVnaXN0cm8uYnIvcmVwby8zS3BK
NXVQNnFMazJpSFc5Z1dlcFREeGF4NmpWdnR1UVloRnVkdzlyOFRjeS8yL0FTMjgy
NTgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwagYIKwYBBQUHAQcBAf8E
WzBZMEgEAgABMEIDBAKKdUgDBAGP//wDBAKo48QDBAKq9tADBAWxaEADBASxfuAD
BAS662ADBAS7ELADBAG7SUgDBAS7VVADBAW+bGAwDQQCAAIwBwMFACgEJIQwDQYJ
KoZIhvcNAQELBQADggEBAHQHtHo/WcpJkhGj79sM+7GnE02kagn6Q6wj9tFaLmNx
rnQ4iqyGxFLPlYRm89GOtJRrSUh+rA1MlbTZ1SwFtjO1NOzAFZMQ+oRegT/yyZOA
hymM/ZmGpanXwhX5uf2NPiV5U8VPUcxGHrHYOsd4KWvamZnEkOPM1OjTKKMIxpR8
vrS8j9G7HxqReRHg0qe3LfneFuuAXI2IUJo5pvZfeSbbqgVXP50CnM4KfrO2yeHm
ouaDNzxsFu9Hns4rQdxt/qQfU6pmEd9F8sEpG0S8okGBYGHcBec5laGVMEr/2xNV
waPSYSDP1Wijn3fmFFWp0Erto41tGdpiwFvPEBRVigM=
-----END CERTIFICATE-----