Route Origin Authorization

$ rpki-client -vvf rpki-repo.registro.br/repo/4Bhazj8bFxvp7P6PcZgYFqm3bPxEryax3Q9RaDQNJ3P2/1/3137372e382e31362e302f32302d3234203d3e203238333630.roa
File:                     3137372e382e31362e302f32302d3234203d3e203238333630.roa (raw, json)
Hash identifier:          s4KSx7cj/z13lH8wHk9PAac9hWeZ7NVETjy0OQG82Jw=
Subject key identifier:   AF:8F:8E:ED:C0:4C:63:C6:3F:15:FA:F7:2F:F6:45:92:D3:BD:C2:B7
Certificate issuer:       /CN=43DB836C2077B43ED881A065A4DC216114503CEE
Certificate serial:       6B5A3A122B0CEA0D254DBDC9230ECBBA00373D81
Authority key identifier: 43:DB:83:6C:20:77:B4:3E:D8:81:A0:65:A4:DC:21:61:14:50:3C:EE
Authority info access:    rsync://rpki-repo.registro.br/repo/nicbr_repo/1/43DB836C2077B43ED881A065A4DC216114503CEE.cer
Subject info access:      rsync://rpki-repo.registro.br/repo/4Bhazj8bFxvp7P6PcZgYFqm3bPxEryax3Q9RaDQNJ3P2/1/3137372e382e31362e302f32302d3234203d3e203238333630.roa
Signing time:             Sat 06 Apr 2024 02:46:48 +0000
ROA not before:           Sat 06 Apr 2024 02:41:48 +0000
ROA not after:            Sat 05 Apr 2025 02:46:48 +0000
asID:                     28360
IP address blocks:        177.8.16.0/20 maxlen: 24

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:5a:3a:12:2b:0c:ea:0d:25:4d:bd:c9:23:0e:cb:ba:00:37:3d:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43DB836C2077B43ED881A065A4DC216114503CEE
        Validity
            Not Before: Apr  6 02:41:48 2024 GMT
            Not After : Apr  5 02:46:48 2025 GMT
        Subject: CN=AF8F8EEDC04C63C63F15FAF72FF64592D3BDC2B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:7c:d6:84:3e:39:dc:f7:e4:07:f1:cd:61:ea:
                    e8:6c:8c:c6:ca:e0:96:28:0d:c1:3e:87:77:0e:4f:
                    35:ac:4f:b4:e0:5f:cf:67:22:f0:c0:29:e7:bc:e2:
                    19:eb:9f:35:e4:9c:73:25:b5:25:37:db:98:95:cd:
                    a0:58:ce:9e:ad:1a:08:bf:75:23:93:e2:8e:a7:b1:
                    05:59:6f:42:5a:7f:97:c2:e9:3c:50:2a:cc:7f:8c:
                    a6:3d:a8:32:f2:81:39:ba:e2:9e:40:9a:1e:75:30:
                    c4:bd:ed:8f:2d:e8:d4:bc:af:5d:92:f5:72:04:bd:
                    8a:fd:6e:65:75:bb:59:c9:18:fa:c3:dd:9b:c0:d0:
                    17:9f:39:0a:3c:9a:e4:7a:fa:59:9d:fc:f9:6f:dd:
                    67:a0:ef:8a:ca:a7:a9:cc:7c:0b:99:ff:e0:b5:9d:
                    cf:43:9c:cb:cc:f7:e7:15:83:d9:3b:a8:5f:74:a5:
                    c6:63:a2:1b:b1:87:e1:db:43:f6:d8:13:c0:db:11:
                    be:35:79:bc:9c:69:c7:05:c9:54:37:85:fc:4b:dd:
                    e4:78:83:d3:04:dc:db:34:0f:20:f1:18:69:0a:74:
                    0f:b3:91:16:4c:b0:c8:9f:5f:47:ef:84:e5:9b:d3:
                    87:59:de:1e:89:70:94:29:55:f9:22:06:95:50:82:
                    b4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:8F:8E:ED:C0:4C:63:C6:3F:15:FA:F7:2F:F6:45:92:D3:BD:C2:B7
            X509v3 Authority Key Identifier:
                keyid:43:DB:83:6C:20:77:B4:3E:D8:81:A0:65:A4:DC:21:61:14:50:3C:EE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.registro.br/repo/4Bhazj8bFxvp7P6PcZgYFqm3bPxEryax3Q9RaDQNJ3P2/1/43DB836C2077B43ED881A065A4DC216114503CEE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-repo.registro.br/repo/nicbr_repo/1/43DB836C2077B43ED881A065A4DC216114503CEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-repo.registro.br/repo/4Bhazj8bFxvp7P6PcZgYFqm3bPxEryax3Q9RaDQNJ3P2/1/3137372e382e31362e302f32302d3234203d3e203238333630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  177.8.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         7a:9e:db:1a:3f:79:0c:d5:f0:d8:a8:2d:f3:d4:d3:e4:64:ec:
         1c:d6:68:5b:8a:38:81:62:7b:59:ef:32:ba:28:6b:81:a3:90:
         86:ba:09:b1:f4:37:7a:e0:37:c6:df:ce:18:d2:de:02:1e:83:
         fd:9c:99:5a:47:09:87:18:72:3c:f5:4d:51:96:69:2c:c1:d9:
         a8:3f:92:7e:17:24:bb:40:81:4b:62:e6:50:ae:30:59:8e:2d:
         fb:73:e7:17:e2:be:63:a9:f3:b4:ac:c9:48:fa:73:f9:f1:52:
         e3:f4:62:01:a8:14:5e:5c:92:62:e1:0b:d8:a4:f1:e3:7c:8f:
         b7:c5:59:39:69:4a:f5:56:c2:3d:61:06:fa:2b:6b:10:81:43:
         21:5c:fe:b2:09:d4:e0:63:c6:16:4d:b3:e5:8b:26:27:fb:70:
         07:03:58:bc:cd:82:99:9f:52:a2:1c:d1:21:cc:1e:e0:30:f0:
         57:7a:00:de:a9:a0:9d:ea:81:87:3a:e0:32:b9:90:8d:b0:c8:
         02:52:54:f0:99:44:aa:6a:b9:84:50:51:3b:86:9e:1b:47:07:
         32:18:b7:9d:8d:2c:26:7e:73:6e:90:b6:48:97:f6:43:77:00:
         c3:4e:8d:44:f9:ba:c4:a4:ae:77:95:ef:38:5f:55:20:82:f2:
         79:95:30:e0
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgIUa1o6EisM6g0lTb3JIw7LugA3PYEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDNEQjgzNkMyMDc3QjQzRUQ4ODFBMDY1QTREQzIxNjEx
NDUwM0NFRTAeFw0yNDA0MDYwMjQxNDhaFw0yNTA0MDUwMjQ2NDhaMDMxMTAvBgNV
BAMTKEFGOEY4RUVEQzA0QzYzQzYzRjE1RkFGNzJGRjY0NTkyRDNCREMyQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7fNaEPjnc9+QH8c1h6uhsjMbK
4JYoDcE+h3cOTzWsT7TgX89nIvDAKee84hnrnzXknHMltSU325iVzaBYzp6tGgi/
dSOT4o6nsQVZb0Jaf5fC6TxQKsx/jKY9qDLygTm64p5Amh51MMS97Y8t6NS8r12S
9XIEvYr9bmV1u1nJGPrD3ZvA0BefOQo8muR6+lmd/Plv3Weg74rKp6nMfAuZ/+C1
nc9DnMvM9+cVg9k7qF90pcZjohuxh+HbQ/bYE8DbEb41ebycaccFyVQ3hfxL3eR4
g9ME3Ns0DyDxGGkKdA+zkRZMsMifX0fvhOWb04dZ3h6JcJQpVfkiBpVQgrR5AgMB
AAGjggJLMIICRzAdBgNVHQ4EFgQUr4+O7cBMY8Y/Ffr3L/ZFktO9wrcwHwYDVR0j
BBgwFoAUQ9uDbCB3tD7YgaBlpNwhYRRQPO4wDgYDVR0PAQH/BAQDAgeAMIGUBgNV
HR8EgYwwgYkwgYaggYOggYCGfnJzeW5jOi8vcnBraS1yZXBvLnJlZ2lzdHJvLmJy
L3JlcG8vNEJoYXpqOGJGeHZwN1A2UGNaZ1lGcW0zYlB4RXJ5YXgzUTlSYURRTkoz
UDIvMS80M0RCODM2QzIwNzdCNDNFRDg4MUEwNjVBNERDMjE2MTE0NTAzQ0VFLmNy
bDB4BggrBgEFBQcBAQRsMGowaAYIKwYBBQUHMAKGXHJzeW5jOi8vcnBraS1yZXBv
LnJlZ2lzdHJvLmJyL3JlcG8vbmljYnJfcmVwby8xLzQzREI4MzZDMjA3N0I0M0VE
ODgxQTA2NUE0REMyMTYxMTQ1MDNDRUUuY2VyMIGoBggrBgEFBQcBCwSBmzCBmDCB
lQYIKwYBBQUHMAuGgYhyc3luYzovL3Jwa2ktcmVwby5yZWdpc3Ryby5ici9yZXBv
LzRCaGF6ajhiRnh2cDdQNlBjWmdZRnFtM2JQeEVyeWF4M1E5UmFEUU5KM1AyLzEv
MzEzNzM3MmUzODJlMzEzNjJlMzAyZjMyMzAyZDMyMzQyMDNkM2UyMDMyMzgzMzM2
MzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBASxCBAwDQYJKoZIhvcNAQELBQADggEBAHqe2xo/eQzV8Nio
LfPU0+Rk7BzWaFuKOIFie1nvMrooa4GjkIa6CbH0N3rgN8bfzhjS3gIeg/2cmVpH
CYcYcjz1TVGWaSzB2ag/kn4XJLtAgUti5lCuMFmOLftz5xfivmOp87SsyUj6c/nx
UuP0YgGoFF5ckmLhC9ik8eN8j7fFWTlpSvVWwj1hBvoraxCBQyFc/rIJ1OBjxhZN
s+WLJif7cAcDWLzNgpmfUqIc0SHMHuAw8Fd6AN6poJ3qgYc64DK5kI2wyAJSVPCZ
RKpquYRQUTuGnhtHBzIYt52NLCZ+c26QtkiX9kN3AMNOjUT5usSkrneV7zhfVSCC
8nmVMOA=
-----END CERTIFICATE-----
Generated at Sun Aug 4 16:07:11 2024 by rpki-client on console-ams.rpki-client.org