Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/114524E86CBEDB1BBBA6B5568E97599EC02601B8263BBE3C6132E9D787321E00/0/34352e37312e3131322e302f32322d3234203d3e203532343638.roa
File:                     34352e37312e3131322e302f32322d3234203d3e203532343638.roa (raw, json)
Hash identifier:          LFg0Pjh1qDGmDc6lk4HIuk7S3sL+Aob2D0YE86v2jeU=
Subject key identifier:   C2:CD:C7:3D:9A:38:53:D1:C7:97:2E:E9:AB:77:E5:0A:FF:E2:F8:92
Certificate issuer:       /CN=BC6522E3C11015B5E5613800EF79B4EAC428C2BA
Certificate serial:       1CC064588033F34A6F3B1C398CA93CFED158AB2B
Authority key identifier: BC:65:22:E3:C1:10:15:B5:E5:61:38:00:EF:79:B4:EA:C4:28:C2:BA
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BC6522E3C11015B5E5613800EF79B4EAC428C2BA.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/114524E86CBEDB1BBBA6B5568E97599EC02601B8263BBE3C6132E9D787321E00/0/34352e37312e3131322e302f32322d3234203d3e203532343638.roa
Signing time:             Tue 04 Feb 2025 18:56:15 +0000
ROA not before:           Tue 04 Feb 2025 18:51:15 +0000
ROA not after:            Tue 03 Feb 2026 18:56:15 +0000
asID:                     52468
IP address blocks:        45.71.112.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:c0:64:58:80:33:f3:4a:6f:3b:1c:39:8c:a9:3c:fe:d1:58:ab:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BC6522E3C11015B5E5613800EF79B4EAC428C2BA
        Validity
            Not Before: Feb  4 18:51:15 2025 GMT
            Not After : Feb  3 18:56:15 2026 GMT
        Subject: CN=C2CDC73D9A3853D1C7972EE9AB77E50AFFE2F892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c9:a4:33:1e:00:d6:78:43:66:02:c0:11:65:
                    31:29:e5:13:bf:03:39:ef:ba:76:4b:ef:5c:66:a9:
                    59:c8:aa:cd:69:5b:02:c6:cc:f8:ae:d8:6c:7c:96:
                    04:77:33:9f:f5:05:cb:f1:bf:1b:19:a2:83:4d:b0:
                    e7:23:f4:4b:73:4a:b5:31:29:c6:df:f9:69:5e:33:
                    10:66:05:95:c6:be:ab:6e:64:9e:79:21:38:ad:ef:
                    c3:ee:35:13:09:f4:b2:f0:f8:1f:d7:d8:80:ab:88:
                    2d:59:be:1f:45:40:d0:4e:74:9f:0c:80:ee:a0:8d:
                    c9:a9:1a:4b:b4:c1:00:35:d6:2e:85:f9:b8:b0:e8:
                    0f:53:f8:bc:3c:dd:a4:07:ad:bf:de:50:4d:d5:e1:
                    e5:b5:72:cc:03:25:2b:90:2d:23:dc:d9:6d:75:f5:
                    0a:e7:73:c7:01:13:eb:25:8f:d2:96:ea:a6:0f:04:
                    37:71:14:f5:ef:dd:b9:8f:93:b0:c5:90:72:9f:86:
                    d8:7e:b1:75:54:cb:f5:3f:7c:a3:82:93:57:72:e8:
                    91:b4:12:d8:4f:11:81:3b:3e:01:6a:06:67:6f:cf:
                    4a:6b:0d:76:04:d0:f8:69:cf:66:3a:37:d3:91:b7:
                    36:e0:6c:f4:f0:99:76:9c:b9:b7:9c:8d:23:e9:42:
                    ee:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:CD:C7:3D:9A:38:53:D1:C7:97:2E:E9:AB:77:E5:0A:FF:E2:F8:92
            X509v3 Authority Key Identifier:
                keyid:BC:65:22:E3:C1:10:15:B5:E5:61:38:00:EF:79:B4:EA:C4:28:C2:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/114524E86CBEDB1BBBA6B5568E97599EC02601B8263BBE3C6132E9D787321E00/0/BC6522E3C11015B5E5613800EF79B4EAC428C2BA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BC6522E3C11015B5E5613800EF79B4EAC428C2BA.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/114524E86CBEDB1BBBA6B5568E97599EC02601B8263BBE3C6132E9D787321E00/0/34352e37312e3131322e302f32322d3234203d3e203532343638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.71.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         93:4e:94:4d:80:29:ab:ff:aa:99:c4:8d:9d:4e:c4:66:e9:bf:
         39:1f:ec:5c:8e:4f:e8:c8:56:d4:e4:71:a7:99:19:c4:55:1c:
         4f:44:7b:6d:78:ab:0c:ea:b1:3b:fc:ab:e9:05:ec:b0:db:68:
         79:20:af:00:74:53:63:0b:21:3a:ce:92:a3:4c:3e:5b:30:a1:
         18:c4:15:84:d2:a2:0d:29:37:1a:30:92:ae:99:9d:62:ab:6c:
         c1:77:01:62:80:4b:ca:0f:49:bd:1a:6c:c2:ac:95:6c:98:b0:
         76:cf:e2:a9:dd:e1:f9:be:a1:a3:a8:00:c7:ba:f0:e1:66:1e:
         85:c7:1f:0e:b7:f9:f3:7a:b3:ac:0e:c0:a6:17:5e:27:5b:6a:
         4f:25:42:a2:51:a6:66:42:2a:e2:c0:bd:3a:12:50:7d:7c:7c:
         f0:04:a7:ae:79:ee:66:b2:03:ed:18:f9:4d:19:a0:9b:fe:b4:
         25:e0:ff:3c:6d:98:38:a9:ab:c7:0e:b3:71:61:bd:1c:52:6a:
         d7:65:ef:4b:30:30:76:15:0c:43:37:00:db:7c:48:d3:e6:5e:
         0f:73:0c:4d:bf:42:a1:90:f0:9f:33:ed:60:5d:5b:aa:f5:a1:
         d8:1c:f4:1c:74:52:67:89:9e:b7:a0:6b:bb:6a:77:c0:b7:35:
         d0:2a:dc:9d
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUHMBkWIAz80pvOxw5jKk8/tFYqyswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQkM2NTIyRTNDMTEwMTVCNUU1NjEzODAwRUY3OUI0RUFD
NDI4QzJCQTAeFw0yNTAyMDQxODUxMTVaFw0yNjAyMDMxODU2MTVaMDMxMTAvBgNV
BAMTKEMyQ0RDNzNEOUEzODUzRDFDNzk3MkVFOUFCNzdFNTBBRkZFMkY4OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXyaQzHgDWeENmAsARZTEp5RO/
AznvunZL71xmqVnIqs1pWwLGzPiu2Gx8lgR3M5/1BcvxvxsZooNNsOcj9EtzSrUx
Kcbf+WleMxBmBZXGvqtuZJ55ITit78PuNRMJ9LLw+B/X2ICriC1Zvh9FQNBOdJ8M
gO6gjcmpGku0wQA11i6F+biw6A9T+Lw83aQHrb/eUE3V4eW1cswDJSuQLSPc2W11
9Qrnc8cBE+slj9KW6qYPBDdxFPXv3bmPk7DFkHKfhth+sXVUy/U/fKOCk1dy6JG0
EthPEYE7PgFqBmdvz0prDXYE0Phpz2Y6N9ORtzbgbPTwmXacubecjSPpQu7hAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUws3HPZo4U9HHly7pq3flCv/i+JIwHwYDVR0j
BBgwFoAUvGUi48EQFbXlYTgA73m06sQowrowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xMTQ1MjRFODZDQkVEQjFCQkJBNkI1NTY4RTk3NTk5RUMw
MjYwMUI4MjYzQkJFM0M2MTMyRTlENzg3MzIxRTAwLzAvQkM2NTIyRTNDMTEwMTVC
NUU1NjEzODAwRUY3OUI0RUFDNDI4QzJCQS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9CQzY1MjJFM0MxMTAxNUI1RTU2
MTM4MDBFRjc5QjRFQUM0MjhDMkJBLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMTE0NTI0RTg2Q0JFREIxQkJCQTZCNTU2OEU5NzU5OUVDMDI2MDFCODI2
M0JCRTNDNjEzMkU5RDc4NzMyMUUwMC8wLzM0MzUyZTM3MzEyZTMxMzEzMjJlMzAy
ZjMyMzIyZDMyMzQyMDNkM2UyMDM1MzIzNDM2Mzgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAItR3AwDQYJ
KoZIhvcNAQELBQADggEBAJNOlE2AKav/qpnEjZ1OxGbpvzkf7FyOT+jIVtTkcaeZ
GcRVHE9Ee214qwzqsTv8q+kF7LDbaHkgrwB0U2MLITrOkqNMPlswoRjEFYTSog0p
Nxowkq6ZnWKrbMF3AWKAS8oPSb0abMKslWyYsHbP4qnd4fm+oaOoAMe68OFmHoXH
Hw63+fN6s6wOwKYXXidbak8lQqJRpmZCKuLAvToSUH18fPAEp6557mayA+0Y+U0Z
oJv+tCXg/zxtmDipq8cOs3FhvRxSatdl70swMHYVDEM3ANt8SNPmXg9zDE2/QqGQ
8J8z7WBdW6r1odgc9Bx0UmeJnrega7tqd8C3NdAq3J0=
-----END CERTIFICATE-----