Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/0BB071D96D8FBE2A86990905DC17E199370A5705236A00065D68563FAADB85E6/0/3136382e3234332e32342e302f32322d3234203d3e203236363137.roa
File:                     3136382e3234332e32342e302f32322d3234203d3e203236363137.roa (raw, json)
Hash identifier:          lgB3mpTkwO7Zo6PE5NWDWY3rfZlQLDVUA+EK8frxOo4=
Subject key identifier:   F6:ED:67:CE:68:9C:F2:A5:80:DC:68:22:20:DA:63:CB:6C:D1:C0:88
Certificate issuer:       /CN=D3503D03E3D4DFA0767F6DFF3BA71DD7B6236AFA
Certificate serial:       3138C2DE2536DB0B519EC9F66630AB54314FCD8E
Authority key identifier: D3:50:3D:03:E3:D4:DF:A0:76:7F:6D:FF:3B:A7:1D:D7:B6:23:6A:FA
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D3503D03E3D4DFA0767F6DFF3BA71DD7B6236AFA.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/0BB071D96D8FBE2A86990905DC17E199370A5705236A00065D68563FAADB85E6/0/3136382e3234332e32342e302f32322d3234203d3e203236363137.roa
Signing time:             Tue 04 Feb 2025 18:20:34 +0000
ROA not before:           Tue 04 Feb 2025 18:15:34 +0000
ROA not after:            Tue 03 Feb 2026 18:20:34 +0000
asID:                     26617
IP address blocks:        168.243.24.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:38:c2:de:25:36:db:0b:51:9e:c9:f6:66:30:ab:54:31:4f:cd:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D3503D03E3D4DFA0767F6DFF3BA71DD7B6236AFA
        Validity
            Not Before: Feb  4 18:15:34 2025 GMT
            Not After : Feb  3 18:20:34 2026 GMT
        Subject: CN=F6ED67CE689CF2A580DC682220DA63CB6CD1C088
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e7:91:d5:95:4a:90:a4:18:99:7a:4e:76:70:
                    8a:8b:e7:05:54:ec:47:18:96:fc:29:21:b9:31:77:
                    7d:c6:69:3d:b3:1f:b6:8f:eb:85:bb:29:ab:7b:f4:
                    ac:bd:40:3b:56:a2:e3:ca:82:85:74:29:aa:29:9a:
                    6e:3f:f9:65:00:cd:3d:e7:65:f2:2f:85:ba:fb:a1:
                    28:69:07:39:1d:48:5d:0c:5c:1d:a8:84:56:f3:c8:
                    59:04:3e:fc:01:23:56:dc:b8:90:f1:18:ff:f7:87:
                    d5:c1:73:8a:90:7a:42:4b:4e:8f:e9:71:f7:35:6a:
                    39:6c:5e:08:5a:f1:86:f7:ef:4e:74:ce:c9:48:0e:
                    e0:51:47:82:01:29:18:68:f8:ff:bf:97:5d:41:d8:
                    27:3b:6b:24:be:89:5e:72:7e:cf:b0:71:21:da:68:
                    65:d5:f9:c7:4b:c1:09:90:fa:4f:44:d2:fc:4b:61:
                    ed:18:9e:47:d1:3c:b0:d6:bd:1e:4f:5c:35:9c:e8:
                    a0:27:ec:d2:0f:02:75:04:00:a3:df:f6:03:39:e3:
                    46:55:ea:ef:9b:e1:78:17:45:38:b5:5a:f3:72:b3:
                    16:34:35:6d:04:d0:95:d2:56:7a:e2:ce:36:53:59:
                    10:8a:77:63:82:e8:73:c0:99:77:c1:33:62:a5:09:
                    78:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:ED:67:CE:68:9C:F2:A5:80:DC:68:22:20:DA:63:CB:6C:D1:C0:88
            X509v3 Authority Key Identifier:
                keyid:D3:50:3D:03:E3:D4:DF:A0:76:7F:6D:FF:3B:A7:1D:D7:B6:23:6A:FA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/0BB071D96D8FBE2A86990905DC17E199370A5705236A00065D68563FAADB85E6/0/D3503D03E3D4DFA0767F6DFF3BA71DD7B6236AFA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D3503D03E3D4DFA0767F6DFF3BA71DD7B6236AFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/0BB071D96D8FBE2A86990905DC17E199370A5705236A00065D68563FAADB85E6/0/3136382e3234332e32342e302f32322d3234203d3e203236363137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.243.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:ab:e6:e8:ba:aa:e2:42:95:6f:a3:e2:c9:d2:5f:47:2e:69:
         c8:0e:71:f9:b0:e2:6f:12:99:87:6b:83:81:cb:8f:ef:d3:4a:
         7a:55:95:a6:1f:0b:14:41:3f:47:7d:a1:a1:4a:44:64:c9:70:
         bd:33:7e:26:71:e2:9b:3c:b3:8f:4c:ea:70:5a:0e:4b:97:6a:
         6c:d3:60:14:f7:bb:cc:f7:45:ca:36:c1:94:9a:44:d0:2b:53:
         23:70:45:a8:05:f3:66:04:7e:bd:26:79:9e:f5:42:b9:58:ab:
         bc:91:d2:81:bf:66:b1:f4:7b:5d:fb:cc:6d:07:b9:d7:99:20:
         58:d4:92:bb:80:cc:09:2e:d0:fe:7c:02:05:86:d9:c0:57:d4:
         42:3b:a6:c1:7b:0e:54:72:d7:03:83:45:18:2b:cc:68:3e:2a:
         68:4e:e2:56:8f:83:9f:ed:d9:d5:0d:88:58:87:bf:37:e3:ab:
         72:22:17:a8:72:1e:e3:a6:f7:35:74:2f:0f:6c:04:3d:9c:0e:
         33:83:50:3d:0f:69:d6:a8:55:20:cc:80:18:4b:79:2d:56:53:
         1e:bf:6c:9e:24:f2:61:b7:eb:9d:45:b8:5c:a8:3c:ed:e4:57:
         e3:46:83:00:54:bd:56:a8:54:43:6e:56:b3:7c:a5:fa:1e:9b:
         74:19:90:f3
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUMTjC3iU22wtRnsn2ZjCrVDFPzY4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDM1MDNEMDNFM0Q0REZBMDc2N0Y2REZGM0JBNzFERDdC
NjIzNkFGQTAeFw0yNTAyMDQxODE1MzRaFw0yNjAyMDMxODIwMzRaMDMxMTAvBgNV
BAMTKEY2RUQ2N0NFNjg5Q0YyQTU4MERDNjgyMjIwREE2M0NCNkNEMUMwODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY55HVlUqQpBiZek52cIqL5wVU
7EcYlvwpIbkxd33GaT2zH7aP64W7Kat79Ky9QDtWouPKgoV0Kaopmm4/+WUAzT3n
ZfIvhbr7oShpBzkdSF0MXB2ohFbzyFkEPvwBI1bcuJDxGP/3h9XBc4qQekJLTo/p
cfc1ajlsXgha8Yb37050zslIDuBRR4IBKRho+P+/l11B2Cc7ayS+iV5yfs+wcSHa
aGXV+cdLwQmQ+k9E0vxLYe0YnkfRPLDWvR5PXDWc6KAn7NIPAnUEAKPf9gM540ZV
6u+b4XgXRTi1WvNysxY0NW0E0JXSVnrizjZTWRCKd2OC6HPAmXfBM2KlCXgpAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQU9u1nzmic8qWA3GgiINpjy2zRwIgwHwYDVR0j
BBgwFoAU01A9A+PU36B2f23/O6cd17YjavowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8wQkIwNzFEOTZEOEZCRTJBODY5OTA5MDVEQzE3RTE5OTM3
MEE1NzA1MjM2QTAwMDY1RDY4NTYzRkFBREI4NUU2LzAvRDM1MDNEMDNFM0Q0REZB
MDc2N0Y2REZGM0JBNzFERDdCNjIzNkFGQS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EMzUwM0QwM0UzRDRERkEwNzY3
RjZERkYzQkE3MUREN0I2MjM2QUZBLmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMEJCMDcxRDk2RDhGQkUyQTg2OTkwOTA1REMxN0UxOTkzNzBBNTcwNTIz
NkEwMDA2NUQ2ODU2M0ZBQURCODVFNi8wLzMxMzYzODJlMzIzNDMzMmUzMjM0MmUz
MDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzNjM2MzEzNy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAqjzGDAN
BgkqhkiG9w0BAQsFAAOCAQEAeqvm6Lqq4kKVb6PiydJfRy5pyA5x+bDibxKZh2uD
gcuP79NKelWVph8LFEE/R32hoUpEZMlwvTN+JnHimzyzj0zqcFoOS5dqbNNgFPe7
zPdFyjbBlJpE0CtTI3BFqAXzZgR+vSZ5nvVCuVirvJHSgb9msfR7XfvMbQe515kg
WNSSu4DMCS7Q/nwCBYbZwFfUQjumwXsOVHLXA4NFGCvMaD4qaE7iVo+Dn+3Z1Q2I
WIe/N+OrciIXqHIe46b3NXQvD2wEPZwOM4NQPQ9p1qhVIMyAGEt5LVZTHr9sniTy
YbfrnUW4XKg87eRX40aDAFS9VqhUQ25Ws3yl+h6bdBmQ8w==
-----END CERTIFICATE-----