Route Origin Authorization

$ rpki-client -vvf rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/3230312e3134392e3132302e302f32322d3232203d3e203238323730.roa
File:                     3230312e3134392e3132302e302f32322d3232203d3e203238323730.roa (raw, json)
Hash identifier:          kguiwa5W8ZLDtiunlUpUBfu7z5dntK1AwylGx2Ziev4=
Subject key identifier:   EA:6F:E4:BD:09:DD:84:39:D5:FA:17:1E:31:54:81:F5:5F:69:88:10
Certificate issuer:       /CN=DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72
Certificate serial:       73778DAEE7836C626C02D9919F5A56161997B225
Authority key identifier: DE:1F:6F:9F:B8:40:60:C0:7A:09:BD:D8:E5:2E:BA:52:2E:89:AC:72
Authority info access:    rsync://rpki-repo.registro.br/repo/nicbr_repo/1/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.cer
Subject info access:      rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/3230312e3134392e3132302e302f32322d3232203d3e203238323730.roa
Signing time:             Sat 18 Oct 2025 23:01:01 +0000
ROA not before:           Sat 18 Oct 2025 22:56:01 +0000
ROA not after:            Sat 17 Oct 2026 23:01:01 +0000
asID:                     28270
IP address blocks:        201.149.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.crl
                          rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.mft
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.cer
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.crl
                          rsync://rpki-repo.registro.br/repo/nicbr_repo/1/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.mft
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/605432E9E1B05A7E6C208B2946FDC9C967CA8A4B.cer
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.crl
                          rsync://repository.lacnic.net/rpki/lacnic/A1531B24BF50C461C7F574CD65267A8B0DC325DAAA10075F67165B98C4F4EFC3/0/05BAF2939E37DDDE1793A803162A35594ACBB405.mft
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/05BAF2939E37DDDE1793A803162A35594ACBB405.cer
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.crl
                          rsync://repository.lacnic.net/rpki/lacnic/E5AA1B2C690D34DD3A42E0C0268C3218ED158E15D29FCBD0BAB66B4786D632E6/0/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.mft
                          rsync://repository.lacnic.net/rpki/lacnic/946DAE8464E7C581E9BA5787F74CBDA9DCF6F8CD.cer
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.crl
                          rsync://repository.lacnic.net/rpki/lacnic/FC8A9CB3ED184E17D30EEA1E0FA7615CE4B1AF47.mft
                          rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer
Signature path expires:   Tue 21 Oct 2025 14:49:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:77:8d:ae:e7:83:6c:62:6c:02:d9:91:9f:5a:56:16:19:97:b2:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72
        Validity
            Not Before: Oct 18 22:56:01 2025 GMT
            Not After : Oct 17 23:01:01 2026 GMT
        Subject: CN=EA6FE4BD09DD8439D5FA171E315481F55F698810
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:c1:d0:1e:a4:6d:37:20:53:79:48:25:e5:af:
                    ab:f7:e4:b0:21:76:9d:05:44:1a:38:d3:1f:52:1a:
                    5f:0f:1f:cd:79:1b:9f:2d:60:3d:33:da:81:ac:47:
                    7a:3b:50:87:07:8d:8a:4e:d9:fb:21:46:e1:3f:bf:
                    30:26:22:20:a2:2e:2b:3e:d3:58:ce:ad:45:d9:cf:
                    38:79:2a:ca:e1:97:ec:ae:f7:ef:b2:f9:fd:71:01:
                    c7:38:00:97:10:c9:37:97:7a:b1:27:4a:f4:6c:cc:
                    79:fe:05:e2:7c:a6:d2:5b:d3:25:7d:20:94:3a:5e:
                    bc:0e:b6:c3:65:96:56:71:ca:14:c7:29:31:4d:e1:
                    7a:67:58:48:91:cc:06:b5:fb:2f:ea:99:d3:49:10:
                    28:f6:fb:07:63:95:d1:e0:42:0f:81:22:d5:5a:b7:
                    27:d4:8b:d4:c1:be:71:cc:ed:32:c6:95:15:66:f4:
                    89:5b:9b:8b:3d:d9:8f:4c:3b:2c:40:2e:58:73:bc:
                    32:7e:36:a7:b6:70:dc:32:82:48:21:af:f7:9f:72:
                    d2:02:30:0d:9d:bb:be:d9:99:8f:e5:72:31:ab:ba:
                    60:af:3a:a2:ba:c6:d1:f3:51:49:04:13:7c:64:ac:
                    d0:24:cb:26:7c:05:ec:d6:91:31:32:1b:80:b5:18:
                    09:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:6F:E4:BD:09:DD:84:39:D5:FA:17:1E:31:54:81:F5:5F:69:88:10
            X509v3 Authority Key Identifier:
                keyid:DE:1F:6F:9F:B8:40:60:C0:7A:09:BD:D8:E5:2E:BA:52:2E:89:AC:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki-repo.registro.br/repo/nicbr_repo/1/DE1F6F9FB84060C07A09BDD8E52EBA522E89AC72.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-repo.registro.br/repo/3Z9nEQVcGsVG7sRCTkY2ZvvmDHhoE5ZgbjDKFqMFt7DF/0/3230312e3134392e3132302e302f32322d3232203d3e203238323730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.149.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         82:34:d8:3d:bc:d8:41:3f:8d:44:0d:f7:06:d9:27:5f:a2:d3:
         bb:98:8c:2e:d5:b7:8e:a4:92:04:2b:2d:ca:7d:ca:e3:f1:03:
         62:fe:15:e4:41:79:37:7c:a8:e2:eb:3e:9e:8f:fd:91:f7:b3:
         11:d9:d3:77:e6:fe:b4:2f:45:7b:89:43:fc:0d:e2:35:7a:a4:
         d4:30:63:f9:6b:18:1f:b6:f6:e0:59:ed:c3:55:78:91:a2:34:
         d1:e1:f8:24:88:e0:bd:9c:ea:0d:30:d1:31:aa:e9:77:e6:b0:
         c8:07:87:f8:02:3d:78:91:47:8e:1d:ce:28:d6:93:39:91:88:
         f7:30:63:11:b8:00:12:96:d6:31:44:e9:3b:2f:ac:b2:e4:58:
         c6:7c:7f:5e:5a:35:d5:a1:4f:b8:83:d6:dc:28:ff:0c:0a:77:
         de:05:29:c4:e4:ec:9d:aa:61:c8:b6:22:c2:ef:80:e2:d1:fb:
         34:45:cf:e8:93:94:59:11:ad:e8:bf:ef:80:94:b3:e8:fc:83:
         f3:00:68:ab:9b:4e:55:3a:68:42:52:0d:f9:43:e3:57:45:7b:
         ee:ef:64:a3:33:d5:5d:be:6e:09:f2:7d:b7:7f:ea:5d:79:21:
         d8:0d:77:92:60:a6:f6:1d:23:51:f5:6f:ba:76:4a:10:b6:c7:
         4d:34:76:82
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgIUc3eNrueDbGJsAtmRn1pWFhmXsiUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREUxRjZGOUZCODQwNjBDMDdBMDlCREQ4RTUyRUJBNTIy
RTg5QUM3MjAeFw0yNTEwMTgyMjU2MDFaFw0yNjEwMTcyMzAxMDFaMDMxMTAvBgNV
BAMTKEVBNkZFNEJEMDlERDg0MzlENUZBMTcxRTMxNTQ4MUY1NUY2OTg4MTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNwdAepG03IFN5SCXlr6v35LAh
dp0FRBo40x9SGl8PH815G58tYD0z2oGsR3o7UIcHjYpO2fshRuE/vzAmIiCiLis+
01jOrUXZzzh5Ksrhl+yu9++y+f1xAcc4AJcQyTeXerEnSvRszHn+BeJ8ptJb0yV9
IJQ6XrwOtsNlllZxyhTHKTFN4XpnWEiRzAa1+y/qmdNJECj2+wdjldHgQg+BItVa
tyfUi9TBvnHM7TLGlRVm9Ilbm4s92Y9MOyxALlhzvDJ+Nqe2cNwygkghr/efctIC
MA2du77ZmY/lcjGrumCvOqK6xtHzUUkEE3xkrNAkyyZ8BezWkTEyG4C1GAnLAgMB
AAGjggJRMIICTTAdBgNVHQ4EFgQU6m/kvQndhDnV+hceMVSB9V9piBAwHwYDVR0j
BBgwFoAU3h9vn7hAYMB6Cb3Y5S66Ui6JrHIwDgYDVR0PAQH/BAQDAgeAMIGUBgNV
HR8EgYwwgYkwgYaggYOggYCGfnJzeW5jOi8vcnBraS1yZXBvLnJlZ2lzdHJvLmJy
L3JlcG8vM1o5bkVRVmNHc1ZHN3NSQ1RrWTJadnZtREhob0U1WmdiakRLRnFNRnQ3
REYvMC9ERTFGNkY5RkI4NDA2MEMwN0EwOUJERDhFNTJFQkE1MjJFODlBQzcyLmNy
bDB4BggrBgEFBQcBAQRsMGowaAYIKwYBBQUHMAKGXHJzeW5jOi8vcnBraS1yZXBv
LnJlZ2lzdHJvLmJyL3JlcG8vbmljYnJfcmVwby8xL0RFMUY2RjlGQjg0MDYwQzA3
QTA5QkREOEU1MkVCQTUyMkU4OUFDNzIuY2VyMIGuBggrBgEFBQcBCwSBoTCBnjCB
mwYIKwYBBQUHMAuGgY5yc3luYzovL3Jwa2ktcmVwby5yZWdpc3Ryby5ici9yZXBv
LzNaOW5FUVZjR3NWRzdzUkNUa1kyWnZ2bURIaG9FNVpnYmpES0ZxTUZ0N0RGLzAv
MzIzMDMxMmUzMTM0MzkyZTMxMzIzMDJlMzAyZjMyMzIyZDMyMzIyMDNkM2UyMDMy
MzgzMjM3MzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUH
AQcBAf8EEDAOMAwEAgABMAYDBALJlXgwDQYJKoZIhvcNAQELBQADggEBAII02D28
2EE/jUQN9wbZJ1+i07uYjC7Vt46kkgQrLcp9yuPxA2L+FeRBeTd8qOLrPp6P/ZH3
sxHZ03fm/rQvRXuJQ/wN4jV6pNQwY/lrGB+29uBZ7cNVeJGiNNHh+CSI4L2c6g0w
0TGq6XfmsMgHh/gCPXiRR44dzijWkzmRiPcwYxG4ABKW1jFE6TsvrLLkWMZ8f15a
NdWhT7iD1two/wwKd94FKcTk7J2qYci2IsLvgOLR+zRFz+iTlFkRrei/74CUs+j8
g/MAaKubTlU6aEJSDflD41dFe+7vZKMz1V2+bgnyfbd/6l15IdgNd5JgpvYdI1H1
b7p2ShC2x000doI=
-----END CERTIFICATE-----
Generated at Tue Oct 21 07:48:24 2025 by rpki-client