Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/bef91ee1-4224-4c1c-aee6-5ce138641c48/1cda1a628af5990cb2386769460e68d8b7669231.roa
File:                     1cda1a628af5990cb2386769460e68d8b7669231.roa (raw, json)
Hash identifier:          iYaOybLB+z3v0Lfk8b3DSR7YDH8sD6NWyZ5ABC14VLk=
Subject key identifier:   88:61:A7:B0:51:21:E2:78:7C:0B:0D:C4:C4:3E:C7:A5:FF:A2:D9:1F
Certificate issuer:       /CN=c4935075ec435dbda09406df9fa324ff802f1d14
Certificate serial:       21E3D6
Authority key identifier: 76:83:16:F0:88:5D:BF:BD:21:FF:F5:2D:ED:2B:87:BE:D1:53:D7:ED
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/c4935075ec435dbda09406df9fa324ff802f1d14.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/bef91ee1-4224-4c1c-aee6-5ce138641c48/1cda1a628af5990cb2386769460e68d8b7669231.roa
Signing time:             Sat 24 Jun 2023 01:38:31 +0000
ROA not before:           Fri 23 Jun 2023 01:38:30 +0000
ROA not after:            Tue 24 Jun 2025 01:38:30 +0000
asID:                     23243
IP address blocks:        200.94.249.0/24 maxlen: 24
                          200.94.250.0/23 maxlen: 24
                          190.111.17.0/24 maxlen: 24
                          190.111.24.0/24 maxlen: 24
                          190.111.29.0/24 maxlen: 24
                          181.189.128.0/24 maxlen: 24
                          181.189.144.0/21 maxlen: 24
                          181.189.152.0/24 maxlen: 24
                          190.14.2.0/23 maxlen: 24
                          190.14.6.0/24 maxlen: 24
                          181.189.154.0/24 maxlen: 24
                          2803:3a00::/37 maxlen: 48
                          2803:3a00:1800::/37 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2221014 (0x21e3d6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4935075ec435dbda09406df9fa324ff802f1d14
        Validity
            Not Before: Jun 23 01:38:30 2023 GMT
            Not After : Jun 24 01:38:30 2025 GMT
        Subject: CN=1cda1a628af5990cb2386769460e68d8b7669231
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:dc:48:1c:4f:d0:c8:95:e9:de:b2:e1:11:7b:
                    c1:ef:6c:be:43:6c:28:94:59:4c:56:ac:01:e1:d3:
                    03:1b:81:9b:62:fe:9b:5e:7f:8f:3b:6c:b6:f6:22:
                    d9:f7:ad:fa:f0:cf:4b:2b:a2:36:8a:14:74:fd:c5:
                    81:7d:66:97:c8:dd:14:e9:10:b9:bd:e5:2b:e7:ff:
                    2c:d3:7f:10:98:dd:2d:0e:e6:5e:e9:ec:7f:cb:bc:
                    e4:a0:5d:4a:36:5e:1f:55:a5:bd:ab:db:53:63:11:
                    f2:66:d0:65:57:30:29:ab:5f:16:6a:26:f9:e6:55:
                    9a:7f:05:16:9a:5b:39:ab:47:51:90:da:82:7e:6a:
                    54:14:11:a6:53:f7:b5:03:ca:1d:a7:1f:e5:a9:d4:
                    91:ed:92:8e:45:4d:7c:25:52:9d:5c:b1:75:b3:43:
                    3a:74:61:7c:b7:0a:70:64:1c:92:44:2f:37:34:e0:
                    15:1d:00:52:b2:e9:79:89:56:a3:de:8d:c4:db:15:
                    4f:f8:85:b0:3f:9f:52:13:0c:3a:9d:25:e3:92:11:
                    c6:f6:b0:5b:3f:90:3b:f7:3a:33:56:06:05:55:57:
                    df:0b:ce:54:35:43:31:06:c3:9b:ae:21:ff:11:b3:
                    6a:29:bc:57:69:a7:40:9a:0b:95:6b:9f:9c:82:18:
                    15:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:61:A7:B0:51:21:E2:78:7C:0B:0D:C4:C4:3E:C7:A5:FF:A2:D9:1F
            X509v3 Authority Key Identifier:
                keyid:76:83:16:F0:88:5D:BF:BD:21:FF:F5:2D:ED:2B:87:BE:D1:53:D7:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/c4935075ec435dbda09406df9fa324ff802f1d14.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/bef91ee1-4224-4c1c-aee6-5ce138641c48/1cda1a628af5990cb2386769460e68d8b7669231.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/bef91ee1-4224-4c1c-aee6-5ce138641c48/c4935075ec435dbda09406df9fa324ff802f1d14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.189.128.0/24
                  181.189.144.0-181.189.152.255
                  181.189.154.0/24
                  190.14.2.0/23
                  190.14.6.0/24
                  190.111.17.0/24
                  190.111.24.0/24
                  190.111.29.0/24
                  200.94.249.0-200.94.251.255
                IPv6:
                  2803:3a00::/37
                  2803:3a00:1800::/37

    Signature Algorithm: sha256WithRSAEncryption
         26:43:b1:2e:f4:b5:45:94:7c:b9:a6:45:0a:74:2b:bc:e2:39:
         31:63:bd:0b:c4:04:81:dc:57:a1:f2:47:f1:f4:3b:a5:43:42:
         58:80:96:3b:e3:31:56:0f:37:80:82:e4:0b:96:6e:a9:51:41:
         7a:b8:5c:34:ee:43:0b:46:71:43:d4:eb:86:1f:15:ce:cd:2e:
         af:45:bb:37:6e:7a:a8:9a:bc:43:a4:76:33:e1:4a:a8:d3:93:
         2c:ed:da:c9:05:55:c2:e7:5a:6a:e8:c0:d2:f3:e1:51:a3:d4:
         dc:6c:a9:64:aa:9c:22:5f:8f:b9:1b:f8:ee:6b:fe:86:73:6c:
         fe:bb:4b:89:87:65:ed:93:38:66:40:a6:c2:34:ee:c0:c4:62:
         60:d9:fd:c8:f3:e2:37:f2:7f:59:ef:b9:61:3a:a2:71:38:98:
         01:c2:f7:36:95:45:bf:3b:3a:67:1c:a0:60:a0:3b:56:41:27:
         89:30:52:a7:17:0d:84:e6:2a:ea:be:cd:3f:e0:9a:58:b3:f1:
         52:b1:87:fc:8a:fe:6b:ab:ac:a6:19:28:ac:74:dd:4e:4b:67:
         69:e5:0e:9f:b0:b3:8c:35:60:d1:22:3c:89:80:01:38:0c:99:
         45:22:6f:81:13:22:c1:0f:00:e6:ce:41:2a:83:39:a3:8d:01:
         54:c9:05:21
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgIDIePWMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGM0
OTM1MDc1ZWM0MzVkYmRhMDk0MDZkZjlmYTMyNGZmODAyZjFkMTQwHhcNMjMwNjIz
MDEzODMwWhcNMjUwNjI0MDEzODMwWjAzMTEwLwYDVQQDEygxY2RhMWE2MjhhZjU5
OTBjYjIzODY3Njk0NjBlNjhkOGI3NjY5MjMxMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAv9xIHE/QyJXp3rLhEXvB72y+Q2wolFlMVqwB4dMDG4GbYv6b
Xn+PO2y29iLZ96368M9LK6I2ihR0/cWBfWaXyN0U6RC5veUr5/8s038QmN0tDuZe
6ex/y7zkoF1KNl4fVaW9q9tTYxHyZtBlVzApq18Waib55lWafwUWmls5q0dRkNqC
fmpUFBGmU/e1A8odpx/lqdSR7ZKORU18JVKdXLF1s0M6dGF8twpwZBySRC83NOAV
HQBSsul5iVaj3o3E2xVP+IWwP59SEww6nSXjkhHG9rBbP5A79zozVgYFVVffC85U
NUMxBsObriH/EbNqKbxXaadAmguVa5+cghgVtQIDAQABo4ICszCCAq8wHQYDVR0O
BBYEFIhhp7BRIeJ4fAsNxMQ+x6X/otkfMB8GA1UdIwQYMBaAFHaDFvCIXb+9If/1
Le0rh77RU9ftMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYzQ5MzUw
NzVlYzQzNWRiZGEwOTQwNmRmOWZhMzI0ZmY4MDJmMWQxNC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvYmVmOTFlZTEtNDIyNC00YzFjLWFlZTYtNWNlMTM4
NjQxYzQ4LzFjZGExYTYyOGFmNTk5MGNiMjM4Njc2OTQ2MGU2OGQ4Yjc2NjkyMzEu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9iZWY5MWVlMS00MjI0LTRjMWMtYWVlNi01Y2Ux
Mzg2NDFjNDgvYzQ5MzUwNzVlYzQzNWRiZGEwOTQwNmRmOWZhMzI0ZmY4MDJmMWQx
NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB3BggrBgEFBQcBBwEB/wRo
MGYwTAQCAAEwRgMEALW9gDAMAwQEtb2QAwQAtb2YAwQAtb2aAwQBvg4CAwQAvg4G
AwQAvm8RAwQAvm8YAwQAvm8dMAwDBADIXvkDBALIXvgwFgQCAAIwEAMGAygDOgAA
AwYDKAM6ABgwDQYJKoZIhvcNAQELBQADggEBACZDsS70tUWUfLmmRQp0K7ziOTFj
vQvEBIHcV6HyR/H0O6VDQliAljvjMVYPN4CC5AuWbqlRQXq4XDTuQwtGcUPU64Yf
Fc7NLq9FuzdueqiavEOkdjPhSqjTkyzt2skFVcLnWmrowNLz4VGj1NxsqWSqnCJf
j7kb+O5r/oZzbP67S4mHZe2TOGZApsI07sDEYmDZ/cjz4jfyf1nvuWE6onE4mAHC
9zaVRb87OmccoGCgO1ZBJ4kwUqcXDYTmKuq+zT/gmliz8VKxh/yK/murrKYZKKx0
3U5LZ2nlDp+ws4w1YNEiPImAATgMmUUib4ETIsEPAObOQSqDOaONAVTJBSE=
-----END CERTIFICATE-----