Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/05FDF64B617FCE0E4515EBFA80E41D8F6BF5D8CFE78F2BEA3A7C93E43F0E5D40/0/3230302e33352e3135332e302f32342d3234203d3e203230343733.roa
File:                     3230302e33352e3135332e302f32342d3234203d3e203230343733.roa (raw, json)
Hash identifier:          oJwPDwUOY6DJUaI6WqVU2+o3v5RlfjWV3oZYvl7iCKE=
Subject key identifier:   7D:38:84:98:62:DD:D6:16:0D:E4:06:4B:63:65:03:D7:6A:3D:E4:47
Certificate issuer:       /CN=B62E719F360BF9C9EE89EC2E25CF0DE228B6EBFC
Certificate serial:       11772554B54C0DDB1918986B2CD699E2BFD00796
Authority key identifier: B6:2E:71:9F:36:0B:F9:C9:EE:89:EC:2E:25:CF:0D:E2:28:B6:EB:FC
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/B62E719F360BF9C9EE89EC2E25CF0DE228B6EBFC.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/05FDF64B617FCE0E4515EBFA80E41D8F6BF5D8CFE78F2BEA3A7C93E43F0E5D40/0/3230302e33352e3135332e302f32342d3234203d3e203230343733.roa
Signing time:             Tue 04 Feb 2025 18:33:16 +0000
ROA not before:           Tue 04 Feb 2025 18:28:16 +0000
ROA not after:            Tue 03 Feb 2026 18:33:16 +0000
asID:                     20473
IP address blocks:        200.35.153.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:77:25:54:b5:4c:0d:db:19:18:98:6b:2c:d6:99:e2:bf:d0:07:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=B62E719F360BF9C9EE89EC2E25CF0DE228B6EBFC
        Validity
            Not Before: Feb  4 18:28:16 2025 GMT
            Not After : Feb  3 18:33:16 2026 GMT
        Subject: CN=7D38849862DDD6160DE4064B636503D76A3DE447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a0:d4:f3:7f:d0:02:f0:84:39:f8:a7:54:9d:
                    77:6b:fe:6f:7b:56:55:bd:a9:2b:5b:ed:13:0f:a6:
                    78:e5:84:58:75:10:92:83:8e:f3:5b:2f:66:4a:4d:
                    22:4d:ff:80:1b:42:ba:7c:22:44:9f:08:38:cd:e9:
                    52:79:ee:0c:3b:b1:1a:62:2e:4d:f2:3a:7e:3e:bf:
                    7e:7d:ce:5f:8f:ad:fc:63:70:f0:d0:4f:d8:b1:ef:
                    16:d3:3e:97:86:72:17:c8:1c:6e:0d:49:3d:d5:46:
                    2e:40:61:f2:0a:17:6b:1d:13:25:5b:03:b2:b0:c2:
                    3f:96:f7:6b:70:fd:4a:1e:4e:ab:d9:10:23:cf:35:
                    eb:57:1e:39:c5:ec:d7:74:58:6b:1f:1e:d2:2b:82:
                    ff:1d:cd:89:e6:3b:ed:5d:48:7e:85:3d:cc:8d:d2:
                    c1:77:c7:9c:15:23:91:2e:f7:45:df:5b:84:73:62:
                    bf:f6:2f:c8:20:dd:0d:9f:92:f4:83:f3:9d:78:b4:
                    d5:b5:f8:4a:a0:6a:63:11:df:b5:c0:ed:00:e6:1b:
                    8e:98:44:b6:9a:0d:16:89:d8:09:7e:a4:05:29:14:
                    00:66:9e:b4:63:67:da:8e:c5:66:e7:6f:9a:5e:d3:
                    ac:bf:7e:27:62:4c:cc:40:b1:9c:52:c1:2c:b8:61:
                    52:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:38:84:98:62:DD:D6:16:0D:E4:06:4B:63:65:03:D7:6A:3D:E4:47
            X509v3 Authority Key Identifier:
                keyid:B6:2E:71:9F:36:0B:F9:C9:EE:89:EC:2E:25:CF:0D:E2:28:B6:EB:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/05FDF64B617FCE0E4515EBFA80E41D8F6BF5D8CFE78F2BEA3A7C93E43F0E5D40/0/B62E719F360BF9C9EE89EC2E25CF0DE228B6EBFC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/B62E719F360BF9C9EE89EC2E25CF0DE228B6EBFC.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/05FDF64B617FCE0E4515EBFA80E41D8F6BF5D8CFE78F2BEA3A7C93E43F0E5D40/0/3230302e33352e3135332e302f32342d3234203d3e203230343733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.35.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:02:23:23:a7:29:5d:01:5e:33:da:a9:09:a1:e1:51:de:37:
         26:0c:a4:5d:2b:55:dd:34:d6:b6:a5:f5:a4:66:8d:5e:2c:e9:
         fb:1e:94:8e:ce:22:26:ef:3c:5d:68:5a:82:49:50:db:6a:71:
         1b:65:cc:0b:b7:7d:ec:96:09:91:38:43:bf:a5:b9:b8:6a:43:
         e6:6b:da:97:cd:8c:41:8d:22:eb:53:3f:7a:a8:86:93:bc:78:
         30:29:64:e2:02:51:e1:83:ec:55:8d:8b:90:5a:78:30:d4:8a:
         c0:bf:40:63:55:e5:f1:e7:df:54:16:6a:d6:0f:db:bd:f7:b2:
         c6:1e:80:2d:52:5e:69:5c:1c:75:72:a3:83:e1:7e:d6:9b:a2:
         bc:16:db:ea:6e:0d:ff:2b:90:a8:9e:1e:90:9f:e3:f6:26:31:
         79:d2:5c:5d:3b:7c:78:c3:bb:bf:5e:44:04:83:ec:b0:37:4e:
         b5:9c:49:ad:99:2d:ee:f8:47:ce:c6:68:13:c1:be:4e:54:db:
         e9:85:30:45:3a:b6:02:cc:e7:b5:84:a5:3d:d0:ff:88:d4:f5:
         04:04:82:0b:f7:df:d2:64:96:a2:6e:82:4b:84:74:f0:49:da:
         81:24:c1:8e:41:70:30:ac:71:fa:02:f7:a3:0e:84:4d:4a:52:
         6d:4f:7d:5e
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUEXclVLVMDdsZGJhrLNaZ4r/QB5YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQjYyRTcxOUYzNjBCRjlDOUVFODlFQzJFMjVDRjBERTIy
OEI2RUJGQzAeFw0yNTAyMDQxODI4MTZaFw0yNjAyMDMxODMzMTZaMDMxMTAvBgNV
BAMTKDdEMzg4NDk4NjJEREQ2MTYwREU0MDY0QjYzNjUwM0Q3NkEzREU0NDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKoNTzf9AC8IQ5+KdUnXdr/m97
VlW9qStb7RMPpnjlhFh1EJKDjvNbL2ZKTSJN/4AbQrp8IkSfCDjN6VJ57gw7sRpi
Lk3yOn4+v359zl+PrfxjcPDQT9ix7xbTPpeGchfIHG4NST3VRi5AYfIKF2sdEyVb
A7Kwwj+W92tw/UoeTqvZECPPNetXHjnF7Nd0WGsfHtIrgv8dzYnmO+1dSH6FPcyN
0sF3x5wVI5Eu90XfW4RzYr/2L8gg3Q2fkvSD8514tNW1+EqgamMR37XA7QDmG46Y
RLaaDRaJ2Al+pAUpFABmnrRjZ9qOxWbnb5pe06y/fidiTMxAsZxSwSy4YVJjAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQUfTiEmGLd1hYN5AZLY2UD12o95EcwHwYDVR0j
BBgwFoAUti5xnzYL+cnuiewuJc8N4ii26/wwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8wNUZERjY0QjYxN0ZDRTBFNDUxNUVCRkE4MEU0MUQ4RjZC
RjVEOENGRTc4RjJCRUEzQTdDOTNFNDNGMEU1RDQwLzAvQjYyRTcxOUYzNjBCRjlD
OUVFODlFQzJFMjVDRjBERTIyOEI2RUJGQy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9CNjJFNzE5RjM2MEJGOUM5RUU4
OUVDMkUyNUNGMERFMjI4QjZFQkZDLmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMDVGREY2NEI2MTdGQ0UwRTQ1MTVFQkZBODBFNDFEOEY2QkY1RDhDRkU3
OEYyQkVBM0E3QzkzRTQzRjBFNUQ0MC8wLzMyMzAzMDJlMzMzNTJlMzEzNTMzMmUz
MDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzMDM0MzczMy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMgjmTAN
BgkqhkiG9w0BAQsFAAOCAQEAbwIjI6cpXQFeM9qpCaHhUd43JgykXStV3TTWtqX1
pGaNXizp+x6Ujs4iJu88XWhagklQ22pxG2XMC7d97JYJkThDv6W5uGpD5mval82M
QY0i61M/eqiGk7x4MClk4gJR4YPsVY2LkFp4MNSKwL9AY1Xl8effVBZq1g/bvfey
xh6ALVJeaVwcdXKjg+F+1puivBbb6m4N/yuQqJ4ekJ/j9iYxedJcXTt8eMO7v15E
BIPssDdOtZxJrZkt7vhHzsZoE8G+TlTb6YUwRTq2AszntYSlPdD/iNT1BASCC/ff
0mSWom6CS4R08EnagSTBjkFwMKxx+gL3ow6ETUpSbU99Xg==
-----END CERTIFICATE-----