Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/0BB071D96D8FBE2A86990905DC17E199370A5705236A00065D68563FAADB85E6/0/3136382e3234332e33322e302f32342d3234203d3e203236363137.roa
File:                     3136382e3234332e33322e302f32342d3234203d3e203236363137.roa (raw, json)
Hash identifier:          YZCU+tM/zXi3SyJmqDe70alU+CdEKUHmjK5UpLlOfXU=
Subject key identifier:   B4:C8:C0:4D:2C:54:D1:2B:89:8D:86:3A:0D:44:EB:6B:2C:EE:F1:12
Certificate issuer:       /CN=D3503D03E3D4DFA0767F6DFF3BA71DD7B6236AFA
Certificate serial:       21097DCDF3980083920458B863925F8D2E6896CD
Authority key identifier: D3:50:3D:03:E3:D4:DF:A0:76:7F:6D:FF:3B:A7:1D:D7:B6:23:6A:FA
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D3503D03E3D4DFA0767F6DFF3BA71DD7B6236AFA.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/0BB071D96D8FBE2A86990905DC17E199370A5705236A00065D68563FAADB85E6/0/3136382e3234332e33322e302f32342d3234203d3e203236363137.roa
Signing time:             Sat 30 Nov 2024 20:45:00 +0000
ROA not before:           Sat 30 Nov 2024 20:40:00 +0000
ROA not after:            Sat 29 Nov 2025 20:45:00 +0000
asID:                     26617
IP address blocks:        168.243.32.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:09:7d:cd:f3:98:00:83:92:04:58:b8:63:92:5f:8d:2e:68:96:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D3503D03E3D4DFA0767F6DFF3BA71DD7B6236AFA
        Validity
            Not Before: Nov 30 20:40:00 2024 GMT
            Not After : Nov 29 20:45:00 2025 GMT
        Subject: CN=B4C8C04D2C54D12B898D863A0D44EB6B2CEEF112
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c7:c2:b8:05:23:a7:dc:a5:66:78:aa:80:30:
                    11:30:9d:37:26:d4:a7:17:c3:db:fc:5e:6e:e0:f8:
                    d7:ad:4b:64:f7:72:a5:7f:78:a7:64:f6:4d:72:d5:
                    0d:71:44:18:2c:3a:d9:01:8a:51:4b:c1:04:85:ad:
                    d5:30:0e:74:83:2c:f6:cc:0c:08:4a:a5:c1:22:f9:
                    13:9d:6d:12:56:ed:cd:e8:da:b1:22:60:6f:f2:36:
                    f7:d7:c5:0d:e2:96:19:63:6b:34:15:cd:cf:2f:f7:
                    06:1a:aa:97:c2:59:b9:c4:a4:b7:00:da:cd:0d:8a:
                    d3:e7:48:f1:1a:cc:68:e1:fb:be:64:10:68:17:d0:
                    b2:da:08:e4:2f:31:8b:f2:42:15:4d:cb:45:bb:71:
                    fd:e2:f4:19:9b:1e:18:13:3f:50:bc:c5:02:61:bc:
                    69:47:46:8d:77:9b:39:9f:92:20:58:ef:9b:c8:ea:
                    0d:37:75:5c:f9:58:d5:e7:a5:ac:f0:65:d8:db:04:
                    20:8f:d3:fb:48:76:3d:a1:69:08:31:86:98:46:af:
                    79:c7:81:e6:eb:f6:49:c2:36:84:91:06:dc:c5:11:
                    9a:64:db:9e:11:7a:b2:e5:e5:31:9a:bf:c9:21:f3:
                    0e:53:d0:56:ab:83:5d:b5:42:16:44:b3:e4:44:c8:
                    c1:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:C8:C0:4D:2C:54:D1:2B:89:8D:86:3A:0D:44:EB:6B:2C:EE:F1:12
            X509v3 Authority Key Identifier:
                keyid:D3:50:3D:03:E3:D4:DF:A0:76:7F:6D:FF:3B:A7:1D:D7:B6:23:6A:FA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/0BB071D96D8FBE2A86990905DC17E199370A5705236A00065D68563FAADB85E6/0/D3503D03E3D4DFA0767F6DFF3BA71DD7B6236AFA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D3503D03E3D4DFA0767F6DFF3BA71DD7B6236AFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/0BB071D96D8FBE2A86990905DC17E199370A5705236A00065D68563FAADB85E6/0/3136382e3234332e33322e302f32342d3234203d3e203236363137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.243.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:03:72:3a:65:3e:c6:be:8a:0d:58:6f:cb:ef:fc:38:e0:f7:
         42:48:92:95:d0:85:de:bd:3e:6c:b8:7a:6c:3c:64:49:4a:c9:
         04:29:91:37:de:6a:a3:7c:24:37:e0:1c:85:37:2d:36:88:d6:
         3b:91:e3:fd:2c:db:0f:46:00:ac:86:3f:51:a8:ec:d4:6b:e7:
         a2:92:0a:4d:da:05:b7:47:0d:11:71:ac:da:c7:da:9f:4f:ae:
         a7:bf:1a:c3:a9:06:b2:71:16:e0:16:71:29:58:90:9d:99:0b:
         04:5d:f8:74:05:80:69:b6:f9:d6:48:57:ae:de:1b:bb:a1:59:
         8d:bb:10:db:21:4d:07:f4:4a:02:34:88:56:92:23:07:7b:bf:
         a1:04:dc:bd:d2:e5:2f:9a:a3:7b:5c:79:1b:ee:58:a5:da:f8:
         54:f2:e9:15:9c:ad:7d:b4:d0:08:bd:41:1f:84:04:7b:83:34:
         87:58:52:5a:c0:fb:72:29:ad:ff:65:70:1d:56:b9:9b:49:f6:
         1e:aa:9f:fc:a1:33:23:9b:16:a0:d3:32:b6:ee:55:50:0c:30:
         62:f1:08:3d:7d:93:cf:2e:0b:57:8e:5f:a5:87:d9:b9:ee:7f:
         8f:26:16:52:db:42:8b:1b:7e:74:f6:3b:01:e2:c8:91:86:86:
         4d:8a:7e:0a
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUIQl9zfOYAIOSBFi4Y5JfjS5ols0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDM1MDNEMDNFM0Q0REZBMDc2N0Y2REZGM0JBNzFERDdC
NjIzNkFGQTAeFw0yNDExMzAyMDQwMDBaFw0yNTExMjkyMDQ1MDBaMDMxMTAvBgNV
BAMTKEI0QzhDMDREMkM1NEQxMkI4OThEODYzQTBENDRFQjZCMkNFRUYxMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIx8K4BSOn3KVmeKqAMBEwnTcm
1KcXw9v8Xm7g+NetS2T3cqV/eKdk9k1y1Q1xRBgsOtkBilFLwQSFrdUwDnSDLPbM
DAhKpcEi+ROdbRJW7c3o2rEiYG/yNvfXxQ3ilhljazQVzc8v9wYaqpfCWbnEpLcA
2s0NitPnSPEazGjh+75kEGgX0LLaCOQvMYvyQhVNy0W7cf3i9BmbHhgTP1C8xQJh
vGlHRo13mzmfkiBY75vI6g03dVz5WNXnpazwZdjbBCCP0/tIdj2haQgxhphGr3nH
gebr9knCNoSRBtzFEZpk254RerLl5TGav8kh8w5T0Farg121QhZEs+REyMGVAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQUtMjATSxU0SuJjYY6DUTrayzu8RIwHwYDVR0j
BBgwFoAU01A9A+PU36B2f23/O6cd17YjavowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8wQkIwNzFEOTZEOEZCRTJBODY5OTA5MDVEQzE3RTE5OTM3
MEE1NzA1MjM2QTAwMDY1RDY4NTYzRkFBREI4NUU2LzAvRDM1MDNEMDNFM0Q0REZB
MDc2N0Y2REZGM0JBNzFERDdCNjIzNkFGQS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EMzUwM0QwM0UzRDRERkEwNzY3
RjZERkYzQkE3MUREN0I2MjM2QUZBLmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMEJCMDcxRDk2RDhGQkUyQTg2OTkwOTA1REMxN0UxOTkzNzBBNTcwNTIz
NkEwMDA2NUQ2ODU2M0ZBQURCODVFNi8wLzMxMzYzODJlMzIzNDMzMmUzMzMyMmUz
MDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNjM2MzEzNy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKjzIDAN
BgkqhkiG9w0BAQsFAAOCAQEAsANyOmU+xr6KDVhvy+/8OOD3QkiSldCF3r0+bLh6
bDxkSUrJBCmRN95qo3wkN+AchTctNojWO5Hj/SzbD0YArIY/Uajs1GvnopIKTdoF
t0cNEXGs2sfan0+up78aw6kGsnEW4BZxKViQnZkLBF34dAWAabb51khXrt4bu6FZ
jbsQ2yFNB/RKAjSIVpIjB3u/oQTcvdLlL5qje1x5G+5Ypdr4VPLpFZytfbTQCL1B
H4QEe4M0h1hSWsD7cimt/2VwHVa5m0n2Hqqf/KEzI5sWoNMytu5VUAwwYvEIPX2T
zy4LV45fpYfZue5/jyYWUttCixt+dPY7AeLIkYaGTYp+Cg==
-----END CERTIFICATE-----