Route Origin Authorization

$ rpki-client -vvf rpki-repo.registro.br/repo/BHkGVdB2hRozdqhJFffGnNdicB8hnpt6JrRoXmcgHg53/0/3133382e302e3135302e302f32342d3234203d3e20323638353436.roa
File:                     3133382e302e3135302e302f32342d3234203d3e20323638353436.roa (raw, json)
Hash identifier:          ED9ruVGVhyGRcU5tS6NhRZsCnSXo0voP2Jtxw+n3wAw=
Subject key identifier:   68:3A:5B:2F:A7:48:44:38:B6:3A:54:9B:43:69:00:58:56:F9:D1:87
Certificate issuer:       /CN=32C3A20BEBE1AC7A6C3E0958CCB971DEA64DE1B4
Certificate serial:       1E1BED5E1AF4D40F9E5DE44ABEE43A2C45CA28FE
Authority key identifier: 32:C3:A2:0B:EB:E1:AC:7A:6C:3E:09:58:CC:B9:71:DE:A6:4D:E1:B4
Authority info access:    rsync://rpki-repo.registro.br/repo/nicbr_repo/1/32C3A20BEBE1AC7A6C3E0958CCB971DEA64DE1B4.cer
Subject info access:      rsync://rpki-repo.registro.br/repo/BHkGVdB2hRozdqhJFffGnNdicB8hnpt6JrRoXmcgHg53/0/3133382e302e3135302e302f32342d3234203d3e20323638353436.roa
Signing time:             Wed 04 Jun 2025 01:14:00 +0000
ROA not before:           Wed 04 Jun 2025 01:09:00 +0000
ROA not after:            Wed 03 Jun 2026 01:14:00 +0000
asID:                     268546
IP address blocks:        138.0.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-repo.registro.br/repo/BHkGVdB2hRozdqhJFffGnNdicB8hnpt6JrRoXmcgHg53/0/32C3A20BEBE1AC7A6C3E0958CCB971DEA64DE1B4.crl
                          rsync://rpki-repo.registro.br/repo/BHkGVdB2hRozdqhJFffGnNdicB8hnpt6JrRoXmcgHg53/0/32C3A20BEBE1AC7A6C3E0958CCB971DEA64DE1B4.mft
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/32C3A20BEBE1AC7A6C3E0958CCB971DEA64DE1B4.cer
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.crl
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.mft
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.cer
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.crl
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/05BAF2939E37DDDE1793A803162A35594ACBB405.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Tue 10 Jun 2025 11:40:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:1b:ed:5e:1a:f4:d4:0f:9e:5d:e4:4a:be:e4:3a:2c:45:ca:28:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32C3A20BEBE1AC7A6C3E0958CCB971DEA64DE1B4
        Validity
            Not Before: Jun  4 01:09:00 2025 GMT
            Not After : Jun  3 01:14:00 2026 GMT
        Subject: CN=683A5B2FA7484438B63A549B4369005856F9D187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ee:77:92:12:23:1a:75:fb:b7:fe:52:f8:76:
                    0d:29:79:e7:b9:03:d2:21:9a:e1:32:9c:0c:82:fb:
                    c3:05:b1:b0:59:e6:11:14:a8:20:ae:e7:1a:33:cc:
                    c3:18:6c:9a:e2:d1:19:0f:df:6b:5f:ea:a9:fd:0f:
                    18:b4:4e:fb:7d:29:ec:51:76:a3:13:37:01:b6:98:
                    72:ca:b1:37:cf:63:68:ad:e7:2d:bd:3b:7c:f0:5c:
                    93:89:7d:f5:a6:7e:cf:c5:b5:f9:08:2c:82:47:05:
                    15:b3:0c:e5:eb:6f:a0:ce:08:50:25:7a:77:29:2f:
                    fb:96:56:ca:c7:ae:8d:34:06:4b:2f:87:cf:fb:4a:
                    d0:39:db:83:9b:c9:b7:18:95:88:85:4d:cb:62:a8:
                    1c:fe:f5:b0:38:a8:8a:8e:e7:f5:83:a8:72:c6:19:
                    9e:46:16:6c:1c:16:53:8f:b0:66:cb:27:e7:f2:9a:
                    a8:15:93:5b:f2:84:dd:63:7a:41:4d:7e:58:46:44:
                    8f:34:76:23:85:b1:6d:ee:54:29:ce:70:63:d6:8e:
                    bb:38:63:c6:1a:59:49:43:46:15:10:e3:a1:d7:77:
                    43:2d:63:90:26:36:fc:a4:1a:f5:46:a0:34:48:c8:
                    11:9e:03:b1:72:69:77:96:51:f6:8e:57:58:44:ac:
                    95:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:3A:5B:2F:A7:48:44:38:B6:3A:54:9B:43:69:00:58:56:F9:D1:87
            X509v3 Authority Key Identifier:
                keyid:32:C3:A2:0B:EB:E1:AC:7A:6C:3E:09:58:CC:B9:71:DE:A6:4D:E1:B4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.registro.br/repo/BHkGVdB2hRozdqhJFffGnNdicB8hnpt6JrRoXmcgHg53/0/32C3A20BEBE1AC7A6C3E0958CCB971DEA64DE1B4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-repo.registro.br/repo/nicbr_repo/1/32C3A20BEBE1AC7A6C3E0958CCB971DEA64DE1B4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-repo.registro.br/repo/BHkGVdB2hRozdqhJFffGnNdicB8hnpt6JrRoXmcgHg53/0/3133382e302e3135302e302f32342d3234203d3e20323638353436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.0.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:b1:30:1d:3e:b4:cf:26:a5:88:f2:36:84:62:dc:0e:75:e0:
         77:f9:0e:b2:26:36:2e:17:29:32:aa:43:5d:fa:df:86:df:32:
         0c:5e:f8:cb:f3:5c:0b:89:77:0b:80:75:a7:75:98:f9:79:73:
         e2:24:55:0b:5f:46:76:81:36:69:48:6b:47:dc:e8:bb:70:39:
         d1:a2:ee:86:2f:8b:e2:40:a2:27:82:27:8a:b0:73:c5:63:c8:
         83:4f:84:e1:ae:34:38:b7:14:42:53:2d:92:54:5e:ff:b4:ff:
         cd:09:60:5c:13:b1:a0:7f:ed:ac:14:70:8b:6a:e2:ab:2a:9b:
         2d:11:bc:b6:c8:f8:67:85:39:a8:da:4a:57:3a:1c:18:5a:59:
         9f:a1:b4:1d:af:46:56:bc:6e:58:41:37:22:5e:6f:e6:cd:ee:
         dc:a1:67:12:1b:8f:7a:82:ad:08:7e:05:f2:38:7d:39:28:2f:
         79:0b:f7:ce:ed:59:8a:f2:56:2d:8c:fc:24:19:5e:0f:df:fd:
         cf:e8:61:3f:77:cd:e2:f4:ce:2f:e9:97:d7:e3:47:b2:e9:ca:
         0b:88:03:b3:d4:77:b0:28:2a:4d:0a:ad:2f:82:0c:b5:da:00:
         91:ca:52:54:c7:1e:33:98:77:5d:cc:2d:1d:e1:f7:ac:4a:78:
         9f:3e:06:96
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgIUHhvtXhr01A+eXeRKvuQ6LEXKKP4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzJDM0EyMEJFQkUxQUM3QTZDM0UwOTU4Q0NCOTcxREVB
NjRERTFCNDAeFw0yNTA2MDQwMTA5MDBaFw0yNjA2MDMwMTE0MDBaMDMxMTAvBgNV
BAMTKDY4M0E1QjJGQTc0ODQ0MzhCNjNBNTQ5QjQzNjkwMDU4NTZGOUQxODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP7neSEiMadfu3/lL4dg0peee5
A9IhmuEynAyC+8MFsbBZ5hEUqCCu5xozzMMYbJri0RkP32tf6qn9Dxi0Tvt9KexR
dqMTNwG2mHLKsTfPY2it5y29O3zwXJOJffWmfs/FtfkILIJHBRWzDOXrb6DOCFAl
encpL/uWVsrHro00Bksvh8/7StA524ObybcYlYiFTctiqBz+9bA4qIqO5/WDqHLG
GZ5GFmwcFlOPsGbLJ+fymqgVk1vyhN1jekFNflhGRI80diOFsW3uVCnOcGPWjrs4
Y8YaWUlDRhUQ46HXd0MtY5AmNvykGvVGoDRIyBGeA7FyaXeWUfaOV1hErJW/AgMB
AAGjggJPMIICSzAdBgNVHQ4EFgQUaDpbL6dIRDi2OlSbQ2kAWFb50YcwHwYDVR0j
BBgwFoAUMsOiC+vhrHpsPglYzLlx3qZN4bQwDgYDVR0PAQH/BAQDAgeAMIGUBgNV
HR8EgYwwgYkwgYaggYOggYCGfnJzeW5jOi8vcnBraS1yZXBvLnJlZ2lzdHJvLmJy
L3JlcG8vQkhrR1ZkQjJoUm96ZHFoSkZmZkduTmRpY0I4aG5wdDZKclJvWG1jZ0hn
NTMvMC8zMkMzQTIwQkVCRTFBQzdBNkMzRTA5NThDQ0I5NzFERUE2NERFMUI0LmNy
bDB4BggrBgEFBQcBAQRsMGowaAYIKwYBBQUHMAKGXHJzeW5jOi8vcnBraS1yZXBv
LnJlZ2lzdHJvLmJyL3JlcG8vbmljYnJfcmVwby8xLzMyQzNBMjBCRUJFMUFDN0E2
QzNFMDk1OENDQjk3MURFQTY0REUxQjQuY2VyMIGsBggrBgEFBQcBCwSBnzCBnDCB
mQYIKwYBBQUHMAuGgYxyc3luYzovL3Jwa2ktcmVwby5yZWdpc3Ryby5ici9yZXBv
L0JIa0dWZEIyaFJvemRxaEpGZmZHbk5kaWNCOGhucHQ2SnJSb1htY2dIZzUzLzAv
MzEzMzM4MmUzMDJlMzEzNTMwMmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNjM4
MzUzNDM2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAigCWMA0GCSqGSIb3DQEBCwUAA4IBAQCesTAdPrTP
JqWI8jaEYtwOdeB3+Q6yJjYuFykyqkNd+t+G3zIMXvjL81wLiXcLgHWndZj5eXPi
JFULX0Z2gTZpSGtH3Oi7cDnRou6GL4viQKIngieKsHPFY8iDT4ThrjQ4txRCUy2S
VF7/tP/NCWBcE7Ggf+2sFHCLauKrKpstEby2yPhnhTmo2kpXOhwYWlmfobQdr0ZW
vG5YQTciXm/mze7coWcSG496gq0IfgXyOH05KC95C/fO7VmK8lYtjPwkGV4P3/3P
6GE/d83i9M4v6ZfX40ey6coLiAOz1HewKCpNCq0vggy12gCRylJUxx4zmHddzC0d
4fesSnifPgaW
-----END CERTIFICATE-----
Generated at Mon Jun 9 21:45:07 2025 by rpki-client