Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/02419b92-fbba-404b-a229-f3865d57a46a/ea7d3963b8707dfcd351a1c90fdf63103627f643.roa
File:                     ea7d3963b8707dfcd351a1c90fdf63103627f643.roa (raw, json)
Hash identifier:          c7S5SCfmuMuIZvwnBRlKTAe4jdt85YaRKSqJe1odP1A=
Subject key identifier:   BB:C6:62:4E:4B:E2:99:CA:91:5D:35:B7:7B:F4:C0:46:EB:91:AB:22
Certificate issuer:       /CN=c1f68ecd3896b3288f83c29a2c3da44c821c7684
Certificate serial:       231324
Authority key identifier: A8:73:83:2C:03:09:14:B8:FD:00:F5:3F:AF:46:E4:95:D9:71:1B:3C
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/c1f68ecd3896b3288f83c29a2c3da44c821c7684.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/02419b92-fbba-404b-a229-f3865d57a46a/ea7d3963b8707dfcd351a1c90fdf63103627f643.roa
Signing time:             Fri 24 Feb 2023 13:47:49 +0000
ROA not before:           Tue 20 Apr 2021 03:00:00 +0000
ROA not after:            Thu 27 Apr 2023 03:00:00 +0000
asID:                     14080
IP address blocks:        190.144.192.0/19 maxlen: 19
                          181.49.224.0/19 maxlen: 29
                          186.85.72.0/22 maxlen: 24
                          200.118.0.0/16 maxlen: 24
                          186.145.4.0/22 maxlen: 24
                          190.84.213.0/24 maxlen: 24
                          190.84.214.0/24 maxlen: 24
                          190.158.6.0/24 maxlen: 24
                          190.158.7.0/24 maxlen: 24
                          190.158.10.0/24 maxlen: 24
                          190.158.11.0/24 maxlen: 24
                          190.159.0.0/16 maxlen: 24
                          190.157.216.0/22 maxlen: 24
                          186.84.72.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2298660 (0x231324)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1f68ecd3896b3288f83c29a2c3da44c821c7684
        Validity
            Not Before: Apr 20 03:00:00 2021 GMT
            Not After : Apr 27 03:00:00 2023 GMT
        Subject: CN=ea7d3963b8707dfcd351a1c90fdf63103627f643
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:57:d7:e9:29:b3:52:0e:db:cb:a6:b4:17:7f:
                    fe:05:a3:d3:af:05:5b:54:99:77:92:a5:54:99:c7:
                    08:0f:ab:bd:c4:47:54:7d:b5:77:d5:91:a1:8d:b5:
                    f7:70:1d:d0:cc:3d:ad:5c:bd:68:82:a8:de:e1:ef:
                    e2:c8:80:8e:d7:bd:4a:50:8e:4f:e2:84:4a:67:fc:
                    7f:fc:c8:85:aa:66:88:ca:25:72:c3:5a:a5:cb:43:
                    9e:70:1b:72:13:4f:52:3a:61:0d:91:3b:8c:1d:c0:
                    e0:28:bf:f7:20:90:ae:7f:ab:82:1d:20:36:94:a1:
                    49:f3:93:19:b3:ac:40:95:14:63:bc:1d:d8:d0:2b:
                    1c:07:e9:60:76:3a:36:11:72:2a:b5:ea:72:31:bb:
                    e8:89:49:4f:6a:9d:96:b2:47:12:1c:33:ec:98:42:
                    bf:a5:42:ff:fc:c8:fc:61:50:01:b1:90:2e:fc:b6:
                    0c:37:d7:24:72:a3:60:25:a8:57:dd:27:6d:9d:d8:
                    fb:ac:f7:bf:5d:d1:1a:d9:d2:ec:18:30:c2:c9:bb:
                    63:3a:a2:92:26:ec:64:a4:7f:82:03:14:fd:d7:ea:
                    46:2d:3f:b9:c8:c1:b1:f1:de:67:1d:bd:33:eb:3d:
                    47:31:df:79:e6:26:4c:3e:0f:65:bb:f3:51:77:16:
                    3f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:C6:62:4E:4B:E2:99:CA:91:5D:35:B7:7B:F4:C0:46:EB:91:AB:22
            X509v3 Authority Key Identifier:
                keyid:A8:73:83:2C:03:09:14:B8:FD:00:F5:3F:AF:46:E4:95:D9:71:1B:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/c1f68ecd3896b3288f83c29a2c3da44c821c7684.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/02419b92-fbba-404b-a229-f3865d57a46a/ea7d3963b8707dfcd351a1c90fdf63103627f643.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/02419b92-fbba-404b-a229-f3865d57a46a/c1f68ecd3896b3288f83c29a2c3da44c821c7684.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.49.224.0/19
                  186.84.72.0/22
                  186.85.72.0/22
                  186.145.4.0/22
                  190.84.213.0-190.84.214.255
                  190.144.192.0/19
                  190.157.216.0/22
                  190.158.6.0/23
                  190.158.10.0/23
                  190.159.0.0/16
                  200.118.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         70:7a:b3:48:2f:1a:8f:c7:88:63:13:91:6a:35:7a:c3:ea:bb:
         88:16:de:90:5c:bb:fa:52:36:cd:cc:27:89:cf:d3:1f:47:09:
         99:d8:13:bc:77:3f:37:c0:f2:08:9c:08:ca:cf:28:b5:f1:dc:
         ae:11:e3:4e:5d:9a:79:cd:b8:7a:8d:ed:92:67:81:6c:3e:41:
         01:12:a4:4d:94:d4:de:47:e4:69:e8:52:ee:74:7d:ff:38:d1:
         ae:3d:e5:92:21:51:92:c0:9a:c5:be:6c:05:2b:08:5f:59:f5:
         39:d4:73:52:8b:df:64:dd:31:fa:d0:71:46:87:16:03:68:03:
         3e:33:cb:87:03:39:ec:65:62:47:bf:4f:34:f3:45:00:51:3b:
         38:07:a5:07:24:b0:c7:2f:17:f0:f6:7c:e5:46:a8:50:6a:eb:
         a7:e4:79:83:93:6f:40:e8:48:5e:dc:87:fc:63:f2:d2:f7:28:
         92:5b:e5:b0:3e:88:62:57:63:ac:77:72:12:5c:05:73:5c:b6:
         45:0b:2c:a6:86:b2:7d:bf:bc:23:f8:4a:88:a4:c8:02:5e:38:
         a3:a4:89:4c:c6:fb:f4:29:96:9e:bd:96:67:7d:54:24:84:5d:
         8d:20:6e:ad:c4:6d:2c:43:1d:22:42:fc:61:4d:5e:ff:7a:45:
         84:17:60:b2
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIDIxMkMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGMx
ZjY4ZWNkMzg5NmIzMjg4ZjgzYzI5YTJjM2RhNDRjODIxYzc2ODQwHhcNMjEwNDIw
MDMwMDAwWhcNMjMwNDI3MDMwMDAwWjAzMTEwLwYDVQQDEyhlYTdkMzk2M2I4NzA3
ZGZjZDM1MWExYzkwZmRmNjMxMDM2MjdmNjQzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAhlfX6SmzUg7by6a0F3/+BaPTrwVbVJl3kqVUmccID6u9xEdU
fbV31ZGhjbX3cB3QzD2tXL1ogqje4e/iyICO171KUI5P4oRKZ/x//MiFqmaIyiVy
w1qly0OecBtyE09SOmENkTuMHcDgKL/3IJCuf6uCHSA2lKFJ85MZs6xAlRRjvB3Y
0CscB+lgdjo2EXIqtepyMbvoiUlPap2WskcSHDPsmEK/pUL//Mj8YVABsZAu/LYM
N9ckcqNgJahX3Sdtndj7rPe/XdEa2dLsGDDCybtjOqKSJuxkpH+CAxT91+pGLT+5
yMGx8d5nHb0z6z1HMd955iZMPg9lu/NRdxY/1QIDAQABo4ICnTCCApkwHQYDVR0O
BBYEFLvGYk5L4pnKkV01t3v0wEbrkasiMB8GA1UdIwQYMBaAFKhzgywDCRS4/QD1
P69G5JXZcRs8MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYzFmNjhl
Y2QzODk2YjMyODhmODNjMjlhMmMzZGE0NGM4MjFjNzY4NC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvMDI0MTliOTItZmJiYS00MDRiLWEyMjktZjM4NjVk
NTdhNDZhL2VhN2QzOTYzYjg3MDdkZmNkMzUxYTFjOTBmZGY2MzEwMzYyN2Y2NDMu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy8wMjQxOWI5Mi1mYmJhLTQwNGItYTIyOS1mMzg2
NWQ1N2E0NmEvYzFmNjhlY2QzODk2YjMyODhmODNjMjlhMmMzZGE0NGM4MjFjNzY4
NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBhBggrBgEFBQcBBwEB/wRS
MFAwTgQCAAEwSAMEBbUx4AMEArpUSAMEArpVSAMEArqRBDAMAwQAvlTVAwQAvlTW
AwQFvpDAAwQCvp3YAwQBvp4GAwQBvp4KAwMAvp8DAwDIdjANBgkqhkiG9w0BAQsF
AAOCAQEAcHqzSC8aj8eIYxORajV6w+q7iBbekFy7+lI2zcwnic/TH0cJmdgTvHc/
N8DyCJwIys8otfHcrhHjTl2aec24eo3tkmeBbD5BARKkTZTU3kfkaehS7nR9/zjR
rj3lkiFRksCaxb5sBSsIX1n1OdRzUovfZN0x+tBxRocWA2gDPjPLhwM57GViR79P
NPNFAFE7OAelBySwxy8X8PZ85UaoUGrrp+R5g5NvQOhIXtyH/GPy0vcoklvlsD6I
YldjrHdyElwFc1y2RQsspoayfb+8I/hKiKTIAl44o6SJTMb79CmWnr2WZ31UJIRd
jSBurcRtLEMdIkL8YU1e/3pFhBdgsg==
-----END CERTIFICATE-----