Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/12C706D8E5F0C1624920A74E6287D12F18BC62802FC601B563818C257509F4B8/0/3136382e39302e39362e302f32322d3232203d3e203532343835.roa
File:                     3136382e39302e39362e302f32322d3232203d3e203532343835.roa (raw, json)
Hash identifier:          gFaTRTshUvGVGufBG11dJ9jnQefgAkgYzKxkgLs+ZQ0=
Subject key identifier:   94:FA:7F:0E:5C:50:29:1B:46:7E:42:09:11:2B:FD:BA:4A:39:C8:19
Certificate issuer:       /CN=09E1B154B55FB4F84B47F72DFDDE8D9664B9D212
Certificate serial:       49C2C993D684D79BF276A9FBE111682D138F2823
Authority key identifier: 09:E1:B1:54:B5:5F:B4:F8:4B:47:F7:2D:FD:DE:8D:96:64:B9:D2:12
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/09E1B154B55FB4F84B47F72DFDDE8D9664B9D212.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/12C706D8E5F0C1624920A74E6287D12F18BC62802FC601B563818C257509F4B8/0/3136382e39302e39362e302f32322d3232203d3e203532343835.roa
Signing time:             Tue 04 Feb 2025 18:39:57 +0000
ROA not before:           Tue 04 Feb 2025 18:34:57 +0000
ROA not after:            Tue 03 Feb 2026 18:39:57 +0000
asID:                     52485
IP address blocks:        168.90.96.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:c2:c9:93:d6:84:d7:9b:f2:76:a9:fb:e1:11:68:2d:13:8f:28:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09E1B154B55FB4F84B47F72DFDDE8D9664B9D212
        Validity
            Not Before: Feb  4 18:34:57 2025 GMT
            Not After : Feb  3 18:39:57 2026 GMT
        Subject: CN=94FA7F0E5C50291B467E4209112BFDBA4A39C819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e1:3b:86:c4:01:40:ca:f4:9b:24:be:f4:d6:
                    7b:57:c4:b6:da:1e:99:81:e1:49:b2:98:0f:21:d8:
                    dc:9e:19:51:78:88:b3:dd:9f:20:c4:f5:54:96:dc:
                    e0:4f:a5:0d:00:de:81:86:ef:d0:1b:82:59:e6:8c:
                    ae:bb:81:8a:be:95:d8:29:29:b4:e8:bc:bc:7c:a9:
                    78:73:d6:7a:e7:ce:fd:c2:38:e9:94:35:0b:f1:f4:
                    48:25:65:6f:83:eb:2e:ee:3e:8e:a0:8b:55:c4:de:
                    f0:82:f8:3f:9c:88:a9:18:49:90:fd:31:96:af:2e:
                    b4:be:fd:7c:ef:64:56:c9:8c:52:82:9a:c4:6d:95:
                    0a:a4:1f:e4:bf:e6:f8:97:33:b1:5a:ca:c4:84:48:
                    cf:69:97:1f:7c:e4:06:87:78:19:f0:24:1d:11:20:
                    37:7c:d8:e3:fe:80:5e:e1:b3:d4:53:04:7b:6a:cb:
                    bd:6f:cb:8d:82:48:a5:8e:3e:b3:ae:ff:40:1a:fb:
                    ef:8d:8f:54:19:fe:df:bc:87:c3:5d:72:ec:92:41:
                    a8:3b:f0:5d:09:94:3e:1e:42:3b:4c:9f:d2:7d:57:
                    f4:1a:0d:90:93:c9:06:b5:0f:a5:41:e5:e5:6e:fc:
                    ca:0f:74:a2:86:13:9f:a5:f4:a0:b6:f2:68:f1:fb:
                    96:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:FA:7F:0E:5C:50:29:1B:46:7E:42:09:11:2B:FD:BA:4A:39:C8:19
            X509v3 Authority Key Identifier:
                keyid:09:E1:B1:54:B5:5F:B4:F8:4B:47:F7:2D:FD:DE:8D:96:64:B9:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/12C706D8E5F0C1624920A74E6287D12F18BC62802FC601B563818C257509F4B8/0/09E1B154B55FB4F84B47F72DFDDE8D9664B9D212.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/09E1B154B55FB4F84B47F72DFDDE8D9664B9D212.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/12C706D8E5F0C1624920A74E6287D12F18BC62802FC601B563818C257509F4B8/0/3136382e39302e39362e302f32322d3232203d3e203532343835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.90.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:27:57:a4:d3:be:9d:b4:f5:74:ce:a3:7f:24:7e:cd:fe:93:
         ba:fe:79:ca:7e:dc:2e:75:2d:cf:6e:ec:14:e7:82:81:f0:e6:
         06:ac:40:ae:21:f8:0a:cf:23:0e:53:19:1c:18:a2:a3:76:44:
         d5:e3:40:15:02:b1:19:33:1e:e7:34:17:53:e7:b8:27:91:a5:
         36:c3:fd:47:97:53:1d:d7:28:b6:03:81:9e:0d:de:d2:d8:82:
         72:86:8f:62:9c:24:3f:09:12:d6:0c:f5:67:05:4f:af:8b:73:
         10:04:50:b1:0d:49:e1:e1:e1:a8:5c:64:c0:81:50:ae:45:61:
         02:c1:4a:33:f5:53:8b:1e:b4:fe:bb:92:a1:7b:b5:06:e2:0e:
         a1:4a:02:e4:8c:de:67:65:63:48:bf:cd:b3:c9:95:bb:20:8b:
         9b:da:5e:6f:d9:cd:bf:a7:df:2e:08:00:bf:f9:e2:c2:a8:bc:
         9f:3b:5d:db:d7:71:9e:60:20:78:e1:eb:6e:40:b7:a1:24:d2:
         04:3f:78:b3:4d:07:fe:6d:11:5d:a3:9c:28:63:15:0d:16:21:
         d4:1c:e3:25:3e:50:b4:dc:dd:73:02:23:c8:c2:4c:90:71:dd:
         66:13:a5:0f:4b:85:cb:0d:7e:63:7b:c0:77:aa:ec:1e:04:fc:
         60:1a:89:ff
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUScLJk9aE15vydqn74RFoLROPKCMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDlFMUIxNTRCNTVGQjRGODRCNDdGNzJERkRERThEOTY2
NEI5RDIxMjAeFw0yNTAyMDQxODM0NTdaFw0yNjAyMDMxODM5NTdaMDMxMTAvBgNV
BAMTKDk0RkE3RjBFNUM1MDI5MUI0NjdFNDIwOTExMkJGREJBNEEzOUM4MTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa4TuGxAFAyvSbJL701ntXxLba
HpmB4UmymA8h2NyeGVF4iLPdnyDE9VSW3OBPpQ0A3oGG79AbglnmjK67gYq+ldgp
KbTovLx8qXhz1nrnzv3COOmUNQvx9EglZW+D6y7uPo6gi1XE3vCC+D+ciKkYSZD9
MZavLrS+/XzvZFbJjFKCmsRtlQqkH+S/5viXM7FaysSESM9plx985AaHeBnwJB0R
IDd82OP+gF7hs9RTBHtqy71vy42CSKWOPrOu/0Aa+++Nj1QZ/t+8h8NdcuySQag7
8F0JlD4eQjtMn9J9V/QaDZCTyQa1D6VB5eVu/MoPdKKGE5+l9KC28mjx+5aNAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUlPp/DlxQKRtGfkIJESv9uko5yBkwHwYDVR0j
BBgwFoAUCeGxVLVftPhLR/ct/d6NlmS50hIwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xMkM3MDZEOEU1RjBDMTYyNDkyMEE3NEU2Mjg3RDEyRjE4
QkM2MjgwMkZDNjAxQjU2MzgxOEMyNTc1MDlGNEI4LzAvMDlFMUIxNTRCNTVGQjRG
ODRCNDdGNzJERkRERThEOTY2NEI5RDIxMi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8wOUUxQjE1NEI1NUZCNEY4NEI0
N0Y3MkRGRERFOEQ5NjY0QjlEMjEyLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMTJDNzA2RDhFNUYwQzE2MjQ5MjBBNzRFNjI4N0QxMkYxOEJDNjI4MDJG
QzYwMUI1NjM4MThDMjU3NTA5RjRCOC8wLzMxMzYzODJlMzkzMDJlMzkzNjJlMzAy
ZjMyMzIyZDMyMzIyMDNkM2UyMDM1MzIzNDM4MzUucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKoWmAwDQYJ
KoZIhvcNAQELBQADggEBALAnV6TTvp209XTOo38kfs3+k7r+ecp+3C51Lc9u7BTn
goHw5gasQK4h+ArPIw5TGRwYoqN2RNXjQBUCsRkzHuc0F1PnuCeRpTbD/UeXUx3X
KLYDgZ4N3tLYgnKGj2KcJD8JEtYM9WcFT6+LcxAEULENSeHh4ahcZMCBUK5FYQLB
SjP1U4setP67kqF7tQbiDqFKAuSM3mdlY0i/zbPJlbsgi5vaXm/Zzb+n3y4IAL/5
4sKovJ87XdvXcZ5gIHjh625At6Ek0gQ/eLNNB/5tEV2jnChjFQ0WIdQc4yU+ULTc
3XMCI8jCTJBx3WYTpQ9LhcsNfmN7wHeq7B4E/GAaif8=
-----END CERTIFICATE-----