Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/561568D8C9ADDDCA3CE770397277D5396B63174DB0C7B08B578633BC3267E147/0/AS28481.roa
File:                     AS28481.roa (raw, json)
Hash identifier:          6gfYT+5HWGziZwug2XJTSP++ppEvpLdFsfWyYbl6sa4=
Subject key identifier:   9B:4B:94:FF:9A:B2:7B:32:C4:EE:C1:EA:26:FE:00:59:17:31:8C:FB
Certificate issuer:       /CN=E71A68011C0812045A1DBBC6433B7791B5DDF0D2
Certificate serial:       223B1B011A16E11CC33356CB079E709B939747EE
Authority key identifier: E7:1A:68:01:1C:08:12:04:5A:1D:BB:C6:43:3B:77:91:B5:DD:F0:D2
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/E71A68011C0812045A1DBBC6433B7791B5DDF0D2.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/561568D8C9ADDDCA3CE770397277D5396B63174DB0C7B08B578633BC3267E147/0/AS28481.roa
Signing time:             Thu 05 Dec 2024 23:25:00 +0000
ROA not before:           Thu 05 Dec 2024 23:20:00 +0000
ROA not after:            Thu 04 Dec 2025 23:25:00 +0000
asID:                     28481
IP address blocks:        177.225.216.0/21 maxlen: 21
                          187.243.116.0/24 maxlen: 24
                          189.195.46.0/24 maxlen: 24
                          189.196.168.0/22 maxlen: 24
                          200.92.220.0/22 maxlen: 22
                          200.92.232.0/22 maxlen: 22
                          200.94.228.0/23 maxlen: 23
                          200.94.230.0/23 maxlen: 23
                          200.94.232.0/23 maxlen: 23
                          200.94.234.0/23 maxlen: 23
                          200.94.236.0/23 maxlen: 24
                          201.132.132.0/22 maxlen: 23
                          201.132.136.0/21 maxlen: 22
                          201.132.144.0/21 maxlen: 22
                          201.132.156.0/22 maxlen: 23
                          201.164.48.0/21 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:3b:1b:01:1a:16:e1:1c:c3:33:56:cb:07:9e:70:9b:93:97:47:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=E71A68011C0812045A1DBBC6433B7791B5DDF0D2
        Validity
            Not Before: Dec  5 23:20:00 2024 GMT
            Not After : Dec  4 23:25:00 2025 GMT
        Subject: CN=9B4B94FF9AB27B32C4EEC1EA26FE005917318CFB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e2:43:b4:83:2e:33:dc:d5:ba:af:c4:a8:02:
                    90:fd:bd:9c:1a:8e:21:8d:92:47:52:b7:d5:ff:ad:
                    f4:ba:95:84:3e:f2:70:80:a8:91:9d:3e:37:f4:04:
                    bd:3d:d5:81:f2:6c:ed:12:04:0d:07:2d:93:e9:1b:
                    fe:d8:d5:d4:d2:16:ed:39:1e:a8:ff:e4:dd:39:b5:
                    69:b0:fb:e2:ab:ac:24:5e:0e:3c:6a:6c:a6:c4:bb:
                    4d:67:96:db:61:1d:60:dc:77:d7:00:74:05:31:a5:
                    99:63:df:b1:46:ed:3c:ad:99:e3:de:08:c9:04:aa:
                    b7:cf:fe:ee:72:05:33:3e:31:bf:39:d7:dd:34:de:
                    94:4a:f6:21:83:67:94:09:52:8b:3a:87:b0:bc:e6:
                    c2:17:09:78:68:74:f8:61:5a:ca:a8:44:75:6e:eb:
                    3e:f8:a3:c7:87:9e:d3:d5:40:6f:41:ea:7b:32:93:
                    3a:06:7d:eb:e8:ad:0f:af:f8:fc:95:02:f8:bf:a4:
                    c3:ba:d6:b2:f5:20:ac:93:ff:81:59:49:a5:d7:b2:
                    98:c1:00:11:9c:04:6f:d5:a1:87:13:da:0c:bc:71:
                    59:c8:89:78:d4:4a:1f:07:56:a7:22:52:fb:a4:0e:
                    66:f5:60:b2:7c:3a:03:8a:4d:59:f9:b9:76:72:8e:
                    5b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:4B:94:FF:9A:B2:7B:32:C4:EE:C1:EA:26:FE:00:59:17:31:8C:FB
            X509v3 Authority Key Identifier:
                keyid:E7:1A:68:01:1C:08:12:04:5A:1D:BB:C6:43:3B:77:91:B5:DD:F0:D2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/561568D8C9ADDDCA3CE770397277D5396B63174DB0C7B08B578633BC3267E147/0/E71A68011C0812045A1DBBC6433B7791B5DDF0D2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/E71A68011C0812045A1DBBC6433B7791B5DDF0D2.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/561568D8C9ADDDCA3CE770397277D5396B63174DB0C7B08B578633BC3267E147/0/AS28481.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  177.225.216.0/21
                  187.243.116.0/24
                  189.195.46.0/24
                  189.196.168.0/22
                  200.92.220.0/22
                  200.92.232.0/22
                  200.94.228.0-200.94.237.255
                  201.132.132.0-201.132.151.255
                  201.132.156.0/22
                  201.164.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         71:4a:fc:8c:6f:50:2e:5d:9a:76:cd:e1:3f:bd:b2:7b:5e:7f:
         d1:c3:5d:4b:81:bc:50:9c:07:91:63:bd:57:be:eb:bb:29:3a:
         45:8f:ca:5d:1e:d6:f2:b8:f8:55:4c:3b:d0:e3:23:c3:22:aa:
         47:4c:8d:cb:71:96:14:e3:72:7a:38:d9:55:32:c0:40:81:c3:
         8c:d2:7e:4b:96:87:60:81:4e:28:33:a6:0f:c4:96:d4:33:8f:
         95:83:c9:b1:ac:1b:f8:04:bf:ff:39:f1:97:76:0a:04:70:c4:
         55:0c:c0:45:a3:53:48:5c:12:6d:b4:0e:e0:6c:b8:b3:9e:e2:
         88:ac:3b:ae:43:52:c5:9b:5a:d7:ae:92:50:8b:1d:20:04:4a:
         96:5b:29:03:d9:22:02:8c:80:39:d1:4e:06:29:69:25:e0:b9:
         3d:ad:58:d8:83:09:97:9d:bd:f4:f6:37:47:43:0f:e9:b1:91:
         2a:7f:db:dc:91:8d:79:fa:78:4d:0f:e8:69:3c:21:47:d2:7c:
         0b:ba:d5:cc:c4:25:a0:a3:d9:ad:83:af:da:26:ab:1b:8c:cf:
         a4:d3:90:bf:ba:60:6e:3e:16:0d:48:43:c6:f4:ba:f7:06:7b:
         b4:6b:0b:a8:8a:1a:bf:3b:90:31:95:d8:0d:94:21:5a:13:b9:
         f9:13:e6:07
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgIUIjsbARoW4RzDM1bLB55wm5OXR+4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRTcxQTY4MDExQzA4MTIwNDVBMURCQkM2NDMzQjc3OTFC
NURERjBEMjAeFw0yNDEyMDUyMzIwMDBaFw0yNTEyMDQyMzI1MDBaMDMxMTAvBgNV
BAMTKDlCNEI5NEZGOUFCMjdCMzJDNEVFQzFFQTI2RkUwMDU5MTczMThDRkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB4kO0gy4z3NW6r8SoApD9vZwa
jiGNkkdSt9X/rfS6lYQ+8nCAqJGdPjf0BL091YHybO0SBA0HLZPpG/7Y1dTSFu05
Hqj/5N05tWmw++KrrCReDjxqbKbEu01nltthHWDcd9cAdAUxpZlj37FG7TytmePe
CMkEqrfP/u5yBTM+Mb8519003pRK9iGDZ5QJUos6h7C85sIXCXhodPhhWsqoRHVu
6z74o8eHntPVQG9B6nsykzoGfevorQ+v+PyVAvi/pMO61rL1IKyT/4FZSaXXspjB
ABGcBG/VoYcT2gy8cVnIiXjUSh8HVqciUvukDmb1YLJ8OgOKTVn5uXZyjlsBAgMB
AAGjggLeMIIC2jAdBgNVHQ4EFgQUm0uU/5qyezLE7sHqJv4AWRcxjPswHwYDVR0j
BBgwFoAU5xpoARwIEgRaHbvGQzt3kbXd8NIwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy81NjE1NjhEOEM5QURERENBM0NFNzcwMzk3Mjc3RDUzOTZC
NjMxNzREQjBDN0IwOEI1Nzg2MzNCQzMyNjdFMTQ3LzAvRTcxQTY4MDExQzA4MTIw
NDVBMURCQkM2NDMzQjc3OTFCNURERjBEMi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9FNzFBNjgwMTFDMDgxMjA0NUEx
REJCQzY0MzNCNzc5MUI1RERGMEQyLmNlcjCBlwYIKwYBBQUHAQsEgYowgYcwgYQG
CCsGAQUFBzALhnhyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy81NjE1NjhEOEM5QURERENBM0NFNzcwMzk3Mjc3RDUzOTZCNjMxNzREQjBD
N0IwOEI1Nzg2MzNCQzMyNjdFMTQ3LzAvQVMyODQ4MS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBlBggrBgEFBQcBBwEB/wRWMFQwUgQCAAEwTAMEA7Hh2AME
ALvzdAMEAL3DLgMEAr3EqAMEAshc3AMEAshc6DAMAwQCyF7kAwQByF7sMAwDBALJ
hIQDBAPJhJADBALJhJwDBAPJpDAwDQYJKoZIhvcNAQELBQADggEBAHFK/IxvUC5d
mnbN4T+9sntef9HDXUuBvFCcB5FjvVe+67spOkWPyl0e1vK4+FVMO9DjI8MiqkdM
jctxlhTjcno42VUywECBw4zSfkuWh2CBTigzpg/EltQzj5WDybGsG/gEv/858Zd2
CgRwxFUMwEWjU0hcEm20DuBsuLOe4oisO65DUsWbWteuklCLHSAESpZbKQPZIgKM
gDnRTgYpaSXguT2tWNiDCZedvfT2N0dDD+mxkSp/29yRjXn6eE0P6Gk8IUfSfAu6
1czEJaCj2a2Dr9omqxuMz6TTkL+6YG4+Fg1IQ8b0uvcGe7RrC6iKGr87kDGV2A2U
IVoTufkT5gc=
-----END CERTIFICATE-----
Generated at Wed Apr 30 14:36:09 2025 by rpki-client