Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/0261522A7D1B1599601F0A1AAB8391A7D6EA0A5BDF95B045ABA001E79DD4B632/0/3133312e3232312e3131322e302f32322d3233203d3e20323633373031.roa
File:                     3133312e3232312e3131322e302f32322d3233203d3e20323633373031.roa (raw, json)
Hash identifier:          zrO0JHxav/ODTseJBfRtPRQY8JMJJlvt2SctxjDnYn0=
Subject key identifier:   C8:B4:D7:7D:B5:C7:35:D8:EB:B1:DE:F2:D2:5F:1C:19:B2:46:14:BE
Certificate issuer:       /CN=2D8AB2848654D51664AC6F45A44E5407C6B35912
Certificate serial:       55288F1D47EFA1670A6762C7D966CAD5ECFF01D1
Authority key identifier: 2D:8A:B2:84:86:54:D5:16:64:AC:6F:45:A4:4E:54:07:C6:B3:59:12
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/2D8AB2848654D51664AC6F45A44E5407C6B35912.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/0261522A7D1B1599601F0A1AAB8391A7D6EA0A5BDF95B045ABA001E79DD4B632/0/3133312e3232312e3131322e302f32322d3233203d3e20323633373031.roa
Signing time:             Tue 04 Feb 2025 18:21:02 +0000
ROA not before:           Tue 04 Feb 2025 18:16:02 +0000
ROA not after:            Tue 03 Feb 2026 18:21:02 +0000
asID:                     263701
IP address blocks:        131.221.112.0/22 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:28:8f:1d:47:ef:a1:67:0a:67:62:c7:d9:66:ca:d5:ec:ff:01:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2D8AB2848654D51664AC6F45A44E5407C6B35912
        Validity
            Not Before: Feb  4 18:16:02 2025 GMT
            Not After : Feb  3 18:21:02 2026 GMT
        Subject: CN=C8B4D77DB5C735D8EBB1DEF2D25F1C19B24614BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:b0:74:80:4a:7b:d4:4f:97:ee:1d:7e:0a:19:
                    3c:5b:4e:d5:53:5c:e3:e8:b7:15:de:a5:7c:56:7a:
                    02:2a:60:51:50:fd:de:cf:c4:11:da:d7:88:90:71:
                    fc:6f:3a:0a:a8:37:ed:ca:c2:30:ff:42:cb:11:eb:
                    22:2d:df:2a:ec:06:91:8d:1d:77:04:28:4a:03:80:
                    f0:99:7f:ae:c8:f8:96:08:e7:21:f4:f8:18:47:b6:
                    ef:4f:07:7e:49:83:d1:58:99:ac:e7:51:92:13:f8:
                    ab:65:c4:05:78:8a:20:18:32:7c:6d:43:7b:cf:8b:
                    3c:59:31:00:1c:9d:76:73:40:9c:5d:84:da:0d:d0:
                    68:35:61:a1:70:68:46:7a:34:24:3c:3c:be:8a:3c:
                    88:e9:66:2e:7a:0e:d7:03:1c:ef:2b:4d:64:f3:b0:
                    fd:8f:b3:94:1f:89:b2:5b:6e:30:b4:ee:9b:55:07:
                    c3:99:94:7a:98:1a:43:af:cd:1a:d6:a6:9d:5d:16:
                    80:d8:8f:4f:b4:c8:7c:37:54:03:5c:aa:9a:9f:12:
                    1b:00:dd:a0:66:b3:82:55:5f:4b:6d:8f:24:77:ba:
                    e4:ca:a0:66:c0:18:a1:1c:23:7c:88:53:7f:86:cb:
                    0c:62:cf:ad:5e:df:db:46:29:58:c9:e3:c4:42:0b:
                    1e:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B4:D7:7D:B5:C7:35:D8:EB:B1:DE:F2:D2:5F:1C:19:B2:46:14:BE
            X509v3 Authority Key Identifier:
                keyid:2D:8A:B2:84:86:54:D5:16:64:AC:6F:45:A4:4E:54:07:C6:B3:59:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/0261522A7D1B1599601F0A1AAB8391A7D6EA0A5BDF95B045ABA001E79DD4B632/0/2D8AB2848654D51664AC6F45A44E5407C6B35912.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/2D8AB2848654D51664AC6F45A44E5407C6B35912.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/0261522A7D1B1599601F0A1AAB8391A7D6EA0A5BDF95B045ABA001E79DD4B632/0/3133312e3232312e3131322e302f32322d3233203d3e20323633373031.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.221.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:2b:a0:ad:37:fd:f6:26:52:81:c6:4c:2e:43:e5:00:a8:5c:
         4c:4c:53:aa:d2:d5:1f:2a:b7:8c:a5:d7:41:9e:dc:39:49:80:
         56:1a:b8:7a:34:25:71:7b:be:ea:6a:de:1e:16:e7:2b:08:e1:
         9d:55:2e:7d:da:e5:13:31:e4:15:f3:39:01:3f:74:ae:71:21:
         38:6e:48:a6:d4:92:ba:f8:cb:1b:c1:cf:fb:78:14:4f:9d:9f:
         1b:88:99:ee:f3:b2:61:63:97:a4:cc:4d:31:3d:b3:f2:54:15:
         30:ab:19:16:29:b9:af:40:8f:90:08:a7:6a:db:6c:c4:a9:30:
         29:bd:00:6d:67:2f:fc:f5:de:a7:c5:9b:4c:f3:be:d3:83:bd:
         f5:d1:50:51:7f:bd:02:dc:bb:fb:2b:06:f2:48:cb:ff:41:23:
         fc:e0:3e:e5:e1:a2:14:cc:fb:19:15:0f:2c:7d:c2:1b:3b:07:
         fd:19:41:8d:52:69:9a:8a:4b:7a:f6:1f:f3:a0:b9:f6:10:97:
         1f:00:f0:87:8f:a1:f3:7b:fd:0f:d7:0a:10:5c:cc:bd:de:e8:
         4f:a1:a4:b6:b3:a2:d2:69:12:db:87:c4:69:d6:f2:07:10:17:
         c1:a8:dd:52:a9:30:4b:95:14:eb:5f:b0:ef:89:14:0a:4d:07:
         c1:6b:cc:cc
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIUVSiPHUfvoWcKZ2LH2WbK1ez/AdEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkQ4QUIyODQ4NjU0RDUxNjY0QUM2RjQ1QTQ0RTU0MDdD
NkIzNTkxMjAeFw0yNTAyMDQxODE2MDJaFw0yNjAyMDMxODIxMDJaMDMxMTAvBgNV
BAMTKEM4QjRENzdEQjVDNzM1RDhFQkIxREVGMkQyNUYxQzE5QjI0NjE0QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGsHSASnvUT5fuHX4KGTxbTtVT
XOPotxXepXxWegIqYFFQ/d7PxBHa14iQcfxvOgqoN+3KwjD/QssR6yIt3yrsBpGN
HXcEKEoDgPCZf67I+JYI5yH0+BhHtu9PB35Jg9FYmaznUZIT+KtlxAV4iiAYMnxt
Q3vPizxZMQAcnXZzQJxdhNoN0Gg1YaFwaEZ6NCQ8PL6KPIjpZi56DtcDHO8rTWTz
sP2Ps5QfibJbbjC07ptVB8OZlHqYGkOvzRrWpp1dFoDYj0+0yHw3VANcqpqfEhsA
3aBms4JVX0ttjyR3uuTKoGbAGKEcI3yIU3+Gywxiz61e39tGKVjJ48RCCx5XAgMB
AAGjggLMMIICyDAdBgNVHQ4EFgQUyLTXfbXHNdjrsd7y0l8cGbJGFL4wHwYDVR0j
BBgwFoAULYqyhIZU1RZkrG9FpE5UB8azWRIwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8wMjYxNTIyQTdEMUIxNTk5NjAxRjBBMUFBQjgzOTFBN0Q2
RUEwQTVCREY5NUIwNDVBQkEwMDFFNzlERDRCNjMyLzAvMkQ4QUIyODQ4NjU0RDUx
NjY0QUM2RjQ1QTQ0RTU0MDdDNkIzNTkxMi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yRDhBQjI4NDg2NTRENTE2NjRB
QzZGNDVBNDRFNTQwN0M2QjM1OTEyLmNlcjCBywYIKwYBBQUHAQsEgb4wgbswgbgG
CCsGAQUFBzALhoGrcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMDI2MTUyMkE3RDFCMTU5OTYwMUYwQTFBQUI4MzkxQTdENkVBMEE1QkRG
OTVCMDQ1QUJBMDAxRTc5REQ0QjYzMi8wLzMxMzMzMTJlMzIzMjMxMmUzMTMxMzIy
ZTMwMmYzMjMyMmQzMjMzMjAzZDNlMjAzMjM2MzMzNzMwMzEucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKD
3XAwDQYJKoZIhvcNAQELBQADggEBABcroK03/fYmUoHGTC5D5QCoXExMU6rS1R8q
t4yl10Ge3DlJgFYauHo0JXF7vupq3h4W5ysI4Z1VLn3a5RMx5BXzOQE/dK5xIThu
SKbUkrr4yxvBz/t4FE+dnxuIme7zsmFjl6TMTTE9s/JUFTCrGRYpua9Aj5AIp2rb
bMSpMCm9AG1nL/z13qfFm0zzvtODvfXRUFF/vQLcu/srBvJIy/9BI/zgPuXhohTM
+xkVDyx9whs7B/0ZQY1SaZqKS3r2H/OgufYQlx8A8IePofN7/Q/XChBczL3e6E+h
pLazotJpEtuHxGnW8gcQF8Go3VKpMEuVFOtfsO+JFApNB8FrzMw=
-----END CERTIFICATE-----