Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/116DB0F82AF8D867A78EC5C0DE029B971BBB247E27E547C2F37EF532827B2B51/0/3139302e3136382e302e302f31372d3137203d3e203233303037.roa
File:                     3139302e3136382e302e302f31372d3137203d3e203233303037.roa (raw, json)
Hash identifier:          9XIJ1SfdGGOmrQdreaWOYfDKgqNN971WxRFNgaYhITQ=
Subject key identifier:   32:8A:59:A6:F9:7A:AA:42:D1:FB:65:BB:66:A9:76:C0:14:5A:AC:41
Certificate issuer:       /CN=FBF606BE5CE9E76D394A0AFAC9A4DC3EDE5675A5
Certificate serial:       47BF7F236EBB75C5891B10706EE91860B48A4434
Authority key identifier: FB:F6:06:BE:5C:E9:E7:6D:39:4A:0A:FA:C9:A4:DC:3E:DE:56:75:A5
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/FBF606BE5CE9E76D394A0AFAC9A4DC3EDE5675A5.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/116DB0F82AF8D867A78EC5C0DE029B971BBB247E27E547C2F37EF532827B2B51/0/3139302e3136382e302e302f31372d3137203d3e203233303037.roa
Signing time:             Tue 04 Feb 2025 18:09:23 +0000
ROA not before:           Tue 04 Feb 2025 18:04:23 +0000
ROA not after:            Tue 03 Feb 2026 18:09:23 +0000
asID:                     23007
IP address blocks:        190.168.0.0/17 maxlen: 17
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:bf:7f:23:6e:bb:75:c5:89:1b:10:70:6e:e9:18:60:b4:8a:44:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=FBF606BE5CE9E76D394A0AFAC9A4DC3EDE5675A5
        Validity
            Not Before: Feb  4 18:04:23 2025 GMT
            Not After : Feb  3 18:09:23 2026 GMT
        Subject: CN=328A59A6F97AAA42D1FB65BB66A976C0145AAC41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:be:4e:1b:36:ae:a1:3e:30:35:25:b0:27:f2:
                    78:09:c2:a9:7a:39:94:dc:06:d4:56:a1:11:53:45:
                    a0:36:08:41:3e:8b:9e:4c:76:4f:47:91:8b:80:c2:
                    37:bc:38:ed:39:28:86:39:6a:55:bd:59:5c:c6:53:
                    fb:f8:de:d7:86:bf:b0:59:10:a7:da:02:88:3e:8e:
                    dc:27:ef:05:3b:4d:80:c1:09:bd:53:48:3f:02:ba:
                    7b:1b:16:7b:99:88:3b:f4:66:9e:34:a7:a7:0d:59:
                    16:25:12:d2:fe:7a:9a:85:18:94:23:59:91:55:39:
                    c1:17:c9:6b:7d:9f:4a:99:bd:54:5b:0b:50:dc:2d:
                    7a:5c:9e:70:ad:ae:4e:5d:aa:f6:6f:cc:34:63:fa:
                    0f:5d:d2:9b:45:39:99:f6:74:93:cb:92:85:b8:a8:
                    8c:80:27:ea:c9:53:62:07:c7:6d:0e:86:2a:73:9c:
                    ee:82:6a:0b:e3:10:11:c5:ee:16:d4:7e:f1:74:af:
                    24:cf:5f:94:ef:41:29:fa:0a:ea:16:f6:14:2f:ee:
                    da:06:5e:02:73:ff:25:42:8a:c0:51:77:10:22:f1:
                    4c:df:04:1d:56:89:39:80:d3:8b:03:02:15:58:15:
                    18:f1:74:06:2e:73:f0:ca:c1:56:2d:f2:8d:37:81:
                    19:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:8A:59:A6:F9:7A:AA:42:D1:FB:65:BB:66:A9:76:C0:14:5A:AC:41
            X509v3 Authority Key Identifier:
                keyid:FB:F6:06:BE:5C:E9:E7:6D:39:4A:0A:FA:C9:A4:DC:3E:DE:56:75:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/116DB0F82AF8D867A78EC5C0DE029B971BBB247E27E547C2F37EF532827B2B51/0/FBF606BE5CE9E76D394A0AFAC9A4DC3EDE5675A5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/FBF606BE5CE9E76D394A0AFAC9A4DC3EDE5675A5.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/116DB0F82AF8D867A78EC5C0DE029B971BBB247E27E547C2F37EF532827B2B51/0/3139302e3136382e302e302f31372d3137203d3e203233303037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.168.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         6d:c7:ff:1f:de:7f:1d:f9:20:11:4c:4d:f4:1d:68:ab:34:a8:
         73:75:f0:f2:af:95:ca:c1:70:91:fe:d9:07:c0:d7:11:26:b9:
         13:a6:17:57:41:7c:c2:1c:48:ea:e6:df:ed:8e:d2:07:81:08:
         59:2f:f9:4f:6a:7a:ed:88:9a:71:83:7f:85:ad:aa:88:0d:ca:
         f1:bd:e4:c1:6d:e5:15:3f:71:5c:31:1c:fc:c6:96:25:33:69:
         27:3f:01:6c:a0:2f:7f:d0:28:15:8b:4c:30:c6:76:1a:b4:0b:
         7e:55:8c:8c:df:78:e2:3f:9d:e1:14:ad:38:66:8c:4f:a3:fc:
         59:33:b3:89:9b:72:7f:fa:40:ff:7c:c2:ce:75:06:23:d3:cf:
         33:78:03:7a:ed:14:9d:99:76:53:78:36:d7:e3:8a:e5:34:92:
         4d:21:bb:01:7c:b7:9f:8f:b9:55:1d:c7:c2:64:2b:5e:9c:ad:
         f5:b3:ec:bb:98:6c:ca:28:17:35:49:f5:9a:28:50:9a:bd:ee:
         fc:81:11:a9:9e:ec:85:45:5b:47:36:b7:8b:0e:8c:9f:4f:e2:
         66:27:14:1f:56:2c:ab:a8:1f:0f:ca:63:84:b1:00:3d:85:b3:
         f5:89:a3:c5:5c:7c:ef:44:45:8c:f3:78:87:18:b0:14:d1:c9:
         fe:da:02:4a
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUR79/I267dcWJGxBwbukYYLSKRDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRkJGNjA2QkU1Q0U5RTc2RDM5NEEwQUZBQzlBNERDM0VE
RTU2NzVBNTAeFw0yNTAyMDQxODA0MjNaFw0yNjAyMDMxODA5MjNaMDMxMTAvBgNV
BAMTKDMyOEE1OUE2Rjk3QUFBNDJEMUZCNjVCQjY2QTk3NkMwMTQ1QUFDNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXvk4bNq6hPjA1JbAn8ngJwql6
OZTcBtRWoRFTRaA2CEE+i55Mdk9HkYuAwje8OO05KIY5alW9WVzGU/v43teGv7BZ
EKfaAog+jtwn7wU7TYDBCb1TSD8CunsbFnuZiDv0Zp40p6cNWRYlEtL+epqFGJQj
WZFVOcEXyWt9n0qZvVRbC1DcLXpcnnCtrk5dqvZvzDRj+g9d0ptFOZn2dJPLkoW4
qIyAJ+rJU2IHx20OhipznO6CagvjEBHF7hbUfvF0ryTPX5TvQSn6CuoW9hQv7toG
XgJz/yVCisBRdxAi8UzfBB1WiTmA04sDAhVYFRjxdAYuc/DKwVYt8o03gRn7AgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUMopZpvl6qkLR+2W7Zql2wBRarEEwHwYDVR0j
BBgwFoAU+/YGvlzp5205Sgr6yaTcPt5WdaUwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xMTZEQjBGODJBRjhEODY3QTc4RUM1QzBERTAyOUI5NzFC
QkIyNDdFMjdFNTQ3QzJGMzdFRjUzMjgyN0IyQjUxLzAvRkJGNjA2QkU1Q0U5RTc2
RDM5NEEwQUZBQzlBNERDM0VERTU2NzVBNS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9GQkY2MDZCRTVDRTlFNzZEMzk0
QTBBRkFDOUE0REMzRURFNTY3NUE1LmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMTE2REIwRjgyQUY4RDg2N0E3OEVDNUMwREUwMjlCOTcxQkJCMjQ3RTI3
RTU0N0MyRjM3RUY1MzI4MjdCMkI1MS8wLzMxMzkzMDJlMzEzNjM4MmUzMDJlMzAy
ZjMxMzcyZDMxMzcyMDNkM2UyMDMyMzMzMDMwMzcucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAe+qAAwDQYJ
KoZIhvcNAQELBQADggEBAG3H/x/efx35IBFMTfQdaKs0qHN18PKvlcrBcJH+2QfA
1xEmuROmF1dBfMIcSOrm3+2O0geBCFkv+U9qeu2ImnGDf4WtqogNyvG95MFt5RU/
cVwxHPzGliUzaSc/AWygL3/QKBWLTDDGdhq0C35VjIzfeOI/neEUrThmjE+j/Fkz
s4mbcn/6QP98ws51BiPTzzN4A3rtFJ2ZdlN4NtfjiuU0kk0huwF8t5+PuVUdx8Jk
K16crfWz7LuYbMooFzVJ9ZooUJq97vyBEame7IVFW0c2t4sOjJ9P4mYnFB9WLKuo
Hw/KY4SxAD2Fs/WJo8VcfO9ERYzzeIcYsBTRyf7aAko=
-----END CERTIFICATE-----