Route Origin Authorization

$ rpki-client -vvf rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/3138392e35302e3134342e302f32302d3230203d3e203238323730.roa
File:                     3138392e35302e3134342e302f32302d3230203d3e203238323730.roa (raw, json)
Hash identifier:          lQ3LnX8pdzcq4MfbIbuEHoAC7OGQy+CGulU63b+cbIg=
Subject key identifier:   1C:68:F1:DF:6A:01:97:DF:2A:D4:D4:64:F8:5E:1D:E6:D6:B0:35:BD
Certificate issuer:       /CN=DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72
Certificate serial:       158D0F2B602A32D8C6032320A358E06499E23FF5
Authority key identifier: DE:1F:6F:9F:B8:40:60:C0:7A:09:BD:D8:E5:2E:BA:52:2E:89:AC:72
Authority info access:    rsync://rpki-repo.registro.br/repo/nicbr_repo/1/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.cer
Subject info access:      rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/3138392e35302e3134342e302f32302d3230203d3e203238323730.roa
Signing time:             Sat 18 Oct 2025 23:01:01 +0000
ROA not before:           Sat 18 Oct 2025 22:56:01 +0000
ROA not after:            Sat 17 Oct 2026 23:01:01 +0000
asID:                     28270
IP address blocks:        189.50.144.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.crl
                          rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.mft
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.cer
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.crl
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.mft
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.cer
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.crl
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/05BAF2939E37DDDE1793A803162A35594ACBB405.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Tue 21 Oct 2025 14:49:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:8d:0f:2b:60:2a:32:d8:c6:03:23:20:a3:58:e0:64:99:e2:3f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72
        Validity
            Not Before: Oct 18 22:56:01 2025 GMT
            Not After : Oct 17 23:01:01 2026 GMT
        Subject: CN=1C68F1DF6A0197DF2AD4D464F85E1DE6D6B035BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:37:78:93:f4:40:b6:6b:bb:97:8e:8f:0a:10:
                    ee:56:7e:17:cf:30:36:1f:02:a3:7b:7f:62:dd:9d:
                    59:7b:97:2f:2f:c9:8d:d4:65:9f:68:e6:6a:cf:85:
                    45:7e:eb:01:2c:36:ff:df:06:4e:1f:28:ff:f4:33:
                    a9:60:d8:3a:49:ca:67:3b:9b:8a:de:16:4a:66:58:
                    a8:72:a3:b3:20:0d:f0:42:06:78:9e:85:f4:cd:5a:
                    89:81:a5:55:57:f3:f8:bf:41:b4:47:00:92:9b:6b:
                    07:fc:10:62:e8:3d:8c:2a:53:56:ff:5d:ac:3d:af:
                    5e:86:ce:d8:1b:8c:a4:8c:c8:5c:da:9a:c5:b1:2a:
                    fe:f1:5c:f2:6e:32:fc:88:63:af:67:4f:07:0d:90:
                    b1:ce:4c:8f:96:98:81:b4:cd:a2:df:9f:83:3e:7f:
                    78:58:0b:cc:6b:ed:3d:a4:8a:26:ff:38:cb:35:88:
                    07:b2:9a:a1:10:57:4d:d3:e8:34:a7:0f:51:86:43:
                    b9:48:0f:46:39:59:66:fa:80:a4:50:b7:0c:d9:38:
                    3b:2d:86:52:d6:18:98:26:c0:25:04:2c:38:85:fc:
                    d6:e9:7c:3c:da:a0:0b:6c:ab:f4:af:9c:c0:d0:ca:
                    75:ca:36:31:48:de:28:40:e7:5c:47:4c:14:0b:56:
                    df:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:68:F1:DF:6A:01:97:DF:2A:D4:D4:64:F8:5E:1D:E6:D6:B0:35:BD
            X509v3 Authority Key Identifier:
                keyid:DE:1F:6F:9F:B8:40:60:C0:7A:09:BD:D8:E5:2E:BA:52:2E:89:AC:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-repo.registro.br/repo/nicbr_repo/1/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/3138392e35302e3134342e302f32302d3230203d3e203238323730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.50.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         87:06:bf:31:64:7a:d4:d5:74:9a:67:45:0b:5d:6b:03:e4:b8:
         e3:3d:b6:9b:53:c6:6d:37:82:63:21:4d:56:b1:54:6c:0b:46:
         0c:27:21:5d:28:3d:4b:a6:c7:5b:49:b1:cd:1f:82:49:10:06:
         3a:0b:18:34:48:b5:1e:5f:72:c0:fb:27:65:f9:74:c6:f1:58:
         f3:bc:8e:8a:a3:c3:2d:8a:a3:ed:d2:a2:ff:ba:ca:9b:3e:01:
         a8:ee:58:67:4c:bc:c8:d3:90:60:5e:19:ec:52:fc:2d:ab:40:
         b7:4a:c4:74:23:8e:d2:3f:36:35:66:32:e6:74:f2:00:65:54:
         42:e9:5a:0b:97:d8:16:7a:8d:97:fc:bd:ea:55:d9:4b:07:2a:
         30:41:cd:d1:6c:a0:13:15:8b:4e:42:a4:bd:e1:49:84:c3:43:
         42:d7:3c:bc:82:f6:1e:4d:34:18:69:e4:d2:84:5e:6c:e9:6a:
         63:95:32:37:f1:2e:f0:c4:c0:42:9e:ca:6a:66:66:49:33:a2:
         b5:3d:dd:54:5f:33:62:ea:d5:9d:a2:38:97:e1:2f:73:38:a5:
         48:b8:9b:18:b8:91:82:75:39:17:2f:d0:15:cf:f2:8d:ee:4c:
         bf:00:02:2e:ff:e1:20:cf:d6:31:7f:8d:16:62:4d:ee:4d:2c:
         7b:21:7b:1a
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgIUFY0PK2AqMtjGAyMgo1jgZJniP/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREUxRjZGOUZCODQwNjBDMDdBMDlCREQ4RTUyRUJBNTIy
RTg5QUM3MjAeFw0yNTEwMTgyMjU2MDFaFw0yNjEwMTcyMzAxMDFaMDMxMTAvBgNV
BAMTKDFDNjhGMURGNkEwMTk3REYyQUQ0RDQ2NEY4NUUxREU2RDZCMDM1QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKN3iT9EC2a7uXjo8KEO5WfhfP
MDYfAqN7f2LdnVl7ly8vyY3UZZ9o5mrPhUV+6wEsNv/fBk4fKP/0M6lg2DpJymc7
m4reFkpmWKhyo7MgDfBCBniehfTNWomBpVVX8/i/QbRHAJKbawf8EGLoPYwqU1b/
Xaw9r16GztgbjKSMyFzamsWxKv7xXPJuMvyIY69nTwcNkLHOTI+WmIG0zaLfn4M+
f3hYC8xr7T2kiib/OMs1iAeymqEQV03T6DSnD1GGQ7lID0Y5WWb6gKRQtwzZODst
hlLWGJgmwCUELDiF/NbpfDzaoAtsq/SvnMDQynXKNjFI3ihA51xHTBQLVt/BAgMB
AAGjggJPMIICSzAdBgNVHQ4EFgQUHGjx32oBl98q1NRk+F4d5tawNb0wHwYDVR0j
BBgwFoAU3h9vn7hAYMB6Cb3Y5S66Ui6JrHIwDgYDVR0PAQH/BAQDAgeAMIGUBgNV
HR8EgYwwgYkwgYaggYOggYCGfnJzeW5jOi8vcnBraS1yZXBvLnJlZ2lzdHJvLmJy
L3JlcG8vM1o5bkVRVmNHc1ZHN3NSQ1RrWTJadnZtREhob0U1WmdiakRLRnFNRnQ3
REYvMC9ERTFGNkY5RkI4NDA2MEMwN0EwOUJERDhFNTJFQkE1MjJFODlBQzcyLmNy
bDB4BggrBgEFBQcBAQRsMGowaAYIKwYBBQUHMAKGXHJzeW5jOi8vcnBraS1yZXBv
LnJlZ2lzdHJvLmJyL3JlcG8vbmljYnJfcmVwby8xL0RFMUY2RjlGQjg0MDYwQzA3
QTA5QkREOEU1MkVCQTUyMkU4OUFDNzIuY2VyMIGsBggrBgEFBQcBCwSBnzCBnDCB
mQYIKwYBBQUHMAuGgYxyc3luYzovL3Jwa2ktcmVwby5yZWdpc3Ryby5ici9yZXBv
LzNaOW5FUVZjR3NWRzdzUkNUa1kyWnZ2bURIaG9FNVpnYmpES0ZxTUZ0N0RGLzAv
MzEzODM5MmUzNTMwMmUzMTM0MzQyZTMwMmYzMjMwMmQzMjMwMjAzZDNlMjAzMjM4
MzIzNzMwLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQEvTKQMA0GCSqGSIb3DQEBCwUAA4IBAQCHBr8xZHrU
1XSaZ0ULXWsD5LjjPbabU8ZtN4JjIU1WsVRsC0YMJyFdKD1LpsdbSbHNH4JJEAY6
Cxg0SLUeX3LA+ydl+XTG8VjzvI6Ko8MtiqPt0qL/usqbPgGo7lhnTLzI05BgXhns
Uvwtq0C3SsR0I47SPzY1ZjLmdPIAZVRC6VoLl9gWeo2X/L3qVdlLByowQc3RbKAT
FYtOQqS94UmEw0NC1zy8gvYeTTQYaeTShF5s6WpjlTI38S7wxMBCnspqZmZJM6K1
Pd1UXzNi6tWdojiX4S9zOKVIuJsYuJGCdTkXL9AVz/KN7ky/AAIu/+Egz9Yxf40W
Yk3uTSx7IXsa
-----END CERTIFICATE-----
Generated at Tue Oct 21 00:03:42 2025 by rpki-client