Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/0C966AF2D667C71DB8F7DC6CBE7AA3B54C9A1341ACA871B57B438DF8EAC761DC/0/3230302e3139322e3233362e302f32322d3232203d3e20323633323438.roa
File:                     3230302e3139322e3233362e302f32322d3232203d3e20323633323438.roa (raw, json)
Hash identifier:          aYQ3vbsAKT1SOXJ5PnEH8IxDZs4HmHDdG0IG9LNLu3U=
Subject key identifier:   55:6B:39:05:64:0D:C6:28:5C:F7:84:E9:E3:43:31:63:45:C5:B0:63
Certificate issuer:       /CN=A4EC8475F98014B965F34B25A2A68F58AAEE199B
Certificate serial:       77EE41B8A5BABD8FD56E140E3B16D16769BBE9FF
Authority key identifier: A4:EC:84:75:F9:80:14:B9:65:F3:4B:25:A2:A6:8F:58:AA:EE:19:9B
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A4EC8475F98014B965F34B25A2A68F58AAEE199B.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/0C966AF2D667C71DB8F7DC6CBE7AA3B54C9A1341ACA871B57B438DF8EAC761DC/0/3230302e3139322e3233362e302f32322d3232203d3e20323633323438.roa
Signing time:             Tue 04 Feb 2025 18:14:13 +0000
ROA not before:           Tue 04 Feb 2025 18:09:13 +0000
ROA not after:            Tue 03 Feb 2026 18:14:13 +0000
asID:                     263248
IP address blocks:        200.192.236.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:ee:41:b8:a5:ba:bd:8f:d5:6e:14:0e:3b:16:d1:67:69:bb:e9:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A4EC8475F98014B965F34B25A2A68F58AAEE199B
        Validity
            Not Before: Feb  4 18:09:13 2025 GMT
            Not After : Feb  3 18:14:13 2026 GMT
        Subject: CN=556B3905640DC6285CF784E9E343316345C5B063
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ac:6f:89:e4:f5:80:c5:9e:17:25:68:62:7b:
                    41:7f:11:df:05:69:b0:bf:90:fe:6f:51:0c:45:47:
                    94:a0:43:9a:63:83:a9:3d:d6:7d:54:4b:f2:a8:79:
                    1a:af:03:83:ba:13:a5:42:bd:c6:86:fc:40:c0:7a:
                    d8:d4:9a:20:6f:9c:a2:2d:c6:9d:41:5f:b7:70:6b:
                    aa:2a:02:c7:1b:4d:00:2e:a1:f2:fb:0e:be:4f:65:
                    e0:f6:9b:7b:cd:6c:d3:38:d5:a8:b7:b3:03:5f:4b:
                    f4:71:f2:28:b5:ef:47:9a:6d:0f:5a:7b:d1:4d:ea:
                    63:f8:fd:85:a4:cf:6f:7f:4b:f6:08:85:61:ad:76:
                    3d:d8:c5:ef:5c:4e:c2:e6:59:33:f1:eb:cd:f5:28:
                    1c:1a:d7:79:3d:65:5a:6a:50:e2:65:c2:97:f7:0a:
                    66:b2:57:1e:47:b4:b1:a5:51:fb:1f:73:17:40:52:
                    e3:63:af:5e:99:4f:01:ad:81:e2:9b:17:b7:2a:a7:
                    77:bc:cc:26:79:0b:a2:66:b3:b1:f3:7e:28:a1:0a:
                    fd:83:b4:e9:44:4a:d7:fb:08:6a:b2:64:99:d2:8e:
                    aa:d8:88:d3:9e:81:07:0c:6b:37:0d:34:04:d9:25:
                    c4:04:d3:ff:10:ea:5f:d0:db:a0:97:85:e0:29:0c:
                    b7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:6B:39:05:64:0D:C6:28:5C:F7:84:E9:E3:43:31:63:45:C5:B0:63
            X509v3 Authority Key Identifier:
                keyid:A4:EC:84:75:F9:80:14:B9:65:F3:4B:25:A2:A6:8F:58:AA:EE:19:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/0C966AF2D667C71DB8F7DC6CBE7AA3B54C9A1341ACA871B57B438DF8EAC761DC/0/A4EC8475F98014B965F34B25A2A68F58AAEE199B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A4EC8475F98014B965F34B25A2A68F58AAEE199B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/0C966AF2D667C71DB8F7DC6CBE7AA3B54C9A1341ACA871B57B438DF8EAC761DC/0/3230302e3139322e3233362e302f32322d3232203d3e20323633323438.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.192.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:0b:91:ac:a5:c3:13:14:8d:b9:6a:4a:c2:dd:da:10:c2:0c:
         58:aa:dc:10:0e:61:8c:eb:02:4e:2a:0a:96:18:5e:4d:45:0a:
         f8:b3:48:79:db:ef:a7:89:51:8f:92:1f:7e:a9:af:bb:b1:8e:
         65:65:29:65:76:d7:21:29:24:08:3c:5d:36:f4:54:e5:2d:c0:
         a7:0b:02:17:61:17:55:b1:be:58:c6:4a:0c:25:98:63:be:62:
         21:05:f0:39:d4:44:04:80:8b:85:db:cc:07:fd:f4:4e:3c:ba:
         81:c5:3f:f1:53:a4:ae:b6:89:2a:62:65:69:b1:2c:30:a2:45:
         7e:f7:e7:47:2c:60:d1:31:00:2c:fd:0b:d4:0d:c1:d3:86:68:
         1f:55:ed:8e:f0:24:10:83:ea:b9:aa:f7:34:36:5a:5a:98:ad:
         be:a3:d8:de:44:81:2c:84:ae:bd:c9:5e:c0:b6:b4:ce:92:a2:
         5d:1a:7c:dd:08:34:d7:4f:32:f6:ab:19:7c:c1:b9:2d:9e:1b:
         28:a4:de:bf:e7:12:5e:30:2b:94:67:c1:2b:68:5e:0d:83:cb:
         e1:b6:cd:69:93:3b:f0:53:1b:d9:9b:1a:7b:c1:95:44:0f:8c:
         6f:ce:6e:b8:01:ab:f2:de:18:75:1a:20:10:d9:14:95:16:4d:
         5e:ee:28:82
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIUd+5BuKW6vY/VbhQOOxbRZ2m76f8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTRFQzg0NzVGOTgwMTRCOTY1RjM0QjI1QTJBNjhGNThB
QUVFMTk5QjAeFw0yNTAyMDQxODA5MTNaFw0yNjAyMDMxODE0MTNaMDMxMTAvBgNV
BAMTKDU1NkIzOTA1NjQwREM2Mjg1Q0Y3ODRFOUUzNDMzMTYzNDVDNUIwNjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCirG+J5PWAxZ4XJWhie0F/Ed8F
abC/kP5vUQxFR5SgQ5pjg6k91n1US/KoeRqvA4O6E6VCvcaG/EDAetjUmiBvnKIt
xp1BX7dwa6oqAscbTQAuofL7Dr5PZeD2m3vNbNM41ai3swNfS/Rx8ii170eabQ9a
e9FN6mP4/YWkz29/S/YIhWGtdj3Yxe9cTsLmWTPx6831KBwa13k9ZVpqUOJlwpf3
CmayVx5HtLGlUfsfcxdAUuNjr16ZTwGtgeKbF7cqp3e8zCZ5C6Jms7HzfiihCv2D
tOlEStf7CGqyZJnSjqrYiNOegQcMazcNNATZJcQE0/8Q6l/Q26CXheApDLdfAgMB
AAGjggLMMIICyDAdBgNVHQ4EFgQUVWs5BWQNxihc94Tp40MxY0XFsGMwHwYDVR0j
BBgwFoAUpOyEdfmAFLll80sloqaPWKruGZswDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8wQzk2NkFGMkQ2NjdDNzFEQjhGN0RDNkNCRTdBQTNCNTRD
OUExMzQxQUNBODcxQjU3QjQzOERGOEVBQzc2MURDLzAvQTRFQzg0NzVGOTgwMTRC
OTY1RjM0QjI1QTJBNjhGNThBQUVFMTk5Qi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9BNEVDODQ3NUY5ODAxNEI5NjVG
MzRCMjVBMkE2OEY1OEFBRUUxOTlCLmNlcjCBywYIKwYBBQUHAQsEgb4wgbswgbgG
CCsGAQUFBzALhoGrcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMEM5NjZBRjJENjY3QzcxREI4RjdEQzZDQkU3QUEzQjU0QzlBMTM0MUFD
QTg3MUI1N0I0MzhERjhFQUM3NjFEQy8wLzMyMzAzMDJlMzEzOTMyMmUzMjMzMzYy
ZTMwMmYzMjMyMmQzMjMyMjAzZDNlMjAzMjM2MzMzMjM0Mzgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALI
wOwwDQYJKoZIhvcNAQELBQADggEBALALkaylwxMUjblqSsLd2hDCDFiq3BAOYYzr
Ak4qCpYYXk1FCvizSHnb76eJUY+SH36pr7uxjmVlKWV21yEpJAg8XTb0VOUtwKcL
AhdhF1WxvljGSgwlmGO+YiEF8DnURASAi4XbzAf99E48uoHFP/FTpK62iSpiZWmx
LDCiRX7350csYNExACz9C9QNwdOGaB9V7Y7wJBCD6rmq9zQ2WlqYrb6j2N5EgSyE
rr3JXsC2tM6Sol0afN0INNdPMvarGXzBuS2eGyik3r/nEl4wK5RnwStoXg2Dy+G2
zWmTO/BTG9mbGnvBlUQPjG/ObrgBq/LeGHUaIBDZFJUWTV7uKII=
-----END CERTIFICATE-----