Route Origin Authorization

$ rpki-client -vvf rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/3137302e302e3230342e302f32322d3232203d3e203238323730.roa
File:                     3137302e302e3230342e302f32322d3232203d3e203238323730.roa (raw, json)
Hash identifier:          10vB6boWLwItutatzslaRtu/eXiiled6yjNqgSYPfU0=
Subject key identifier:   E7:11:13:7B:37:B5:84:63:D8:6E:D3:C6:6C:D6:6E:53:B4:A7:53:32
Certificate issuer:       /CN=DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72
Certificate serial:       7489FB7DB1D16212E5A8D82B6049B8A78F56849D
Authority key identifier: DE:1F:6F:9F:B8:40:60:C0:7A:09:BD:D8:E5:2E:BA:52:2E:89:AC:72
Authority info access:    rsync://rpki-repo.registro.br/repo/nicbr_repo/1/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.cer
Subject info access:      rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/3137302e302e3230342e302f32322d3232203d3e203238323730.roa
Signing time:             Sat 18 Oct 2025 23:01:01 +0000
ROA not before:           Sat 18 Oct 2025 22:56:01 +0000
ROA not after:            Sat 17 Oct 2026 23:01:01 +0000
asID:                     28270
IP address blocks:        170.0.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.crl
                          rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.mft
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.cer
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.crl
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.mft
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.cer
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.crl
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/05BAF2939E37DDDE1793A803162A35594ACBB405.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Tue 21 Oct 2025 14:49:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:89:fb:7d:b1:d1:62:12:e5:a8:d8:2b:60:49:b8:a7:8f:56:84:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72
        Validity
            Not Before: Oct 18 22:56:01 2025 GMT
            Not After : Oct 17 23:01:01 2026 GMT
        Subject: CN=E711137B37B58463D86ED3C66CD66E53B4A75332
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:f9:11:3c:3a:74:91:a5:d2:76:8c:4a:18:dc:
                    6c:87:6e:c9:82:26:e8:7f:a7:84:82:7a:81:af:44:
                    49:69:58:44:07:f9:00:e9:04:08:cb:89:ec:1f:49:
                    eb:d1:a7:19:b3:fe:b5:3d:25:a5:6b:72:b6:b1:c9:
                    54:65:eb:d5:31:20:8b:8a:56:1b:95:b3:2c:60:e4:
                    c8:46:ac:8a:72:e9:e4:b3:69:22:b4:7f:85:b9:47:
                    8e:a2:de:c5:ac:65:98:f0:10:e8:73:4d:29:e9:fa:
                    4a:ff:0e:df:9e:7b:df:fa:6d:65:cf:ee:4c:0a:10:
                    5a:ee:7e:91:ca:fa:72:91:af:b0:99:0f:51:8e:2e:
                    47:ef:e2:f2:f0:a9:26:9b:3a:f0:a2:24:f4:d3:9c:
                    0c:52:e0:4b:c3:62:bf:5a:9c:d6:ec:9f:c5:7d:c9:
                    2d:f3:64:fc:36:93:97:f5:85:62:e2:20:fe:a7:d8:
                    2b:2f:4e:2d:91:ff:62:4f:bd:54:e1:02:6b:2b:40:
                    f3:09:8f:57:61:63:47:b0:32:b7:4b:9e:b4:8c:58:
                    d0:b7:7c:c5:82:2c:f6:e8:71:29:22:4b:ce:53:13:
                    b9:e1:32:8d:1b:fd:e3:26:19:af:d9:9a:4a:f3:69:
                    2b:54:e8:3b:a9:2a:32:47:95:17:e4:3e:0b:3c:b4:
                    c6:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:11:13:7B:37:B5:84:63:D8:6E:D3:C6:6C:D6:6E:53:B4:A7:53:32
            X509v3 Authority Key Identifier:
                keyid:DE:1F:6F:9F:B8:40:60:C0:7A:09:BD:D8:E5:2E:BA:52:2E:89:AC:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-repo.registro.br/repo/nicbr_repo/1/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/3137302e302e3230342e302f32322d3232203d3e203238323730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.0.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:ca:ae:0f:19:42:2c:9f:15:ef:84:b1:32:61:01:0b:9e:9e:
         4b:ea:36:11:fc:9f:ba:85:a6:af:cb:92:b5:39:18:a2:47:bc:
         f8:b6:6e:be:c8:7d:9a:e2:4f:91:a3:9f:b3:1f:5a:f5:7e:f3:
         eb:d2:17:8e:e5:48:b6:99:1a:c2:3a:7a:05:1a:98:9d:6c:26:
         87:7d:06:8e:be:14:0b:e7:f6:af:1c:e7:de:97:f1:bf:2a:9b:
         27:69:e6:e9:73:49:99:8e:1d:76:48:cb:ec:5e:6b:3f:3c:df:
         4c:15:5e:d5:ad:ea:11:9c:aa:9f:de:9f:fa:8a:51:94:72:ba:
         22:82:f5:a5:5a:7c:1c:6d:fa:d3:64:55:d5:f8:34:16:30:f8:
         55:2b:2a:57:7a:cd:04:20:77:0a:65:7b:28:92:c9:b4:75:34:
         2f:46:5a:d3:69:32:38:47:d0:fe:24:0a:d2:af:d2:bc:e2:a5:
         32:4b:08:77:09:14:b2:99:56:b3:5d:73:8f:29:50:a8:34:a2:
         12:94:a8:62:97:73:5a:fc:cd:39:04:75:6f:63:f6:94:89:65:
         dd:4b:12:b0:ff:70:96:4f:64:fa:cc:4f:ef:52:2d:4a:42:d3:
         34:c8:46:f0:92:8b:e3:0b:3e:7d:5f:fa:df:11:7a:35:ee:68:
         f0:06:a4:2a
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgIUdIn7fbHRYhLlqNgrYEm4p49WhJ0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREUxRjZGOUZCODQwNjBDMDdBMDlCREQ4RTUyRUJBNTIy
RTg5QUM3MjAeFw0yNTEwMTgyMjU2MDFaFw0yNjEwMTcyMzAxMDFaMDMxMTAvBgNV
BAMTKEU3MTExMzdCMzdCNTg0NjNEODZFRDNDNjZDRDY2RTUzQjRBNzUzMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN+RE8OnSRpdJ2jEoY3GyHbsmC
Juh/p4SCeoGvRElpWEQH+QDpBAjLiewfSevRpxmz/rU9JaVrcraxyVRl69UxIIuK
VhuVsyxg5MhGrIpy6eSzaSK0f4W5R46i3sWsZZjwEOhzTSnp+kr/Dt+ee9/6bWXP
7kwKEFrufpHK+nKRr7CZD1GOLkfv4vLwqSabOvCiJPTTnAxS4EvDYr9anNbsn8V9
yS3zZPw2k5f1hWLiIP6n2CsvTi2R/2JPvVThAmsrQPMJj1dhY0ewMrdLnrSMWNC3
fMWCLPbocSkiS85TE7nhMo0b/eMmGa/ZmkrzaStU6DupKjJHlRfkPgs8tMZpAgMB
AAGjggJNMIICSTAdBgNVHQ4EFgQU5xETeze1hGPYbtPGbNZuU7SnUzIwHwYDVR0j
BBgwFoAU3h9vn7hAYMB6Cb3Y5S66Ui6JrHIwDgYDVR0PAQH/BAQDAgeAMIGUBgNV
HR8EgYwwgYkwgYaggYOggYCGfnJzeW5jOi8vcnBraS1yZXBvLnJlZ2lzdHJvLmJy
L3JlcG8vM1o5bkVRVmNHc1ZHN3NSQ1RrWTJadnZtREhob0U1WmdiakRLRnFNRnQ3
REYvMC9ERTFGNkY5RkI4NDA2MEMwN0EwOUJERDhFNTJFQkE1MjJFODlBQzcyLmNy
bDB4BggrBgEFBQcBAQRsMGowaAYIKwYBBQUHMAKGXHJzeW5jOi8vcnBraS1yZXBv
LnJlZ2lzdHJvLmJyL3JlcG8vbmljYnJfcmVwby8xL0RFMUY2RjlGQjg0MDYwQzA3
QTA5QkREOEU1MkVCQTUyMkU4OUFDNzIuY2VyMIGqBggrBgEFBQcBCwSBnTCBmjCB
lwYIKwYBBQUHMAuGgYpyc3luYzovL3Jwa2ktcmVwby5yZWdpc3Ryby5ici9yZXBv
LzNaOW5FUVZjR3NWRzdzUkNUa1kyWnZ2bURIaG9FNVpnYmpES0ZxTUZ0N0RGLzAv
MzEzNzMwMmUzMDJlMzIzMDM0MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzIzODMy
MzczMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB
/wQQMA4wDAQCAAEwBgMEAqoAzDANBgkqhkiG9w0BAQsFAAOCAQEACcquDxlCLJ8V
74SxMmEBC56eS+o2EfyfuoWmr8uStTkYoke8+LZuvsh9muJPkaOfsx9a9X7z69IX
juVItpkawjp6BRqYnWwmh30Gjr4UC+f2rxzn3pfxvyqbJ2nm6XNJmY4ddkjL7F5r
PzzfTBVe1a3qEZyqn96f+opRlHK6IoL1pVp8HG3602RV1fg0FjD4VSsqV3rNBCB3
CmV7KJLJtHU0L0Za02kyOEfQ/iQK0q/SvOKlMksIdwkUsplWs11zjylQqDSiEpSo
YpdzWvzNOQR1b2P2lIll3UsSsP9wlk9k+sxP71ItSkLTNMhG8JKL4ws+fV/63xF6
Ne5o8AakKg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 21:57:37 2025 by rpki-client