Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/1489EDDEDD16840B285BCF11153DD1A04B180E51826F3B121184F750C824FF88/0/3134332e3133372e32302e302f32322d3234203d3e20323633373336.roa
File:                     3134332e3133372e32302e302f32322d3234203d3e20323633373336.roa (raw, json)
Hash identifier:          KDXCOis003itqjsQnqa89/YB7rkYgCnu5yCRyjBrmdM=
Subject key identifier:   8E:91:55:BF:D4:25:7A:36:78:28:33:C9:A8:C4:0E:D8:7A:44:83:A1
Certificate issuer:       /CN=6D3FC3D1EF1497B650EA4B8F238C71F242CCD88A
Certificate serial:       0BA2DC6688C6361E3B270DBEB2E32B7CFB11FBDF
Authority key identifier: 6D:3F:C3:D1:EF:14:97:B6:50:EA:4B:8F:23:8C:71:F2:42:CC:D8:8A
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/6D3FC3D1EF1497B650EA4B8F238C71F242CCD88A.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/1489EDDEDD16840B285BCF11153DD1A04B180E51826F3B121184F750C824FF88/0/3134332e3133372e32302e302f32322d3234203d3e20323633373336.roa
Signing time:             Tue 04 Feb 2025 18:37:32 +0000
ROA not before:           Tue 04 Feb 2025 18:32:32 +0000
ROA not after:            Tue 03 Feb 2026 18:37:32 +0000
asID:                     263736
IP address blocks:        143.137.20.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a2:dc:66:88:c6:36:1e:3b:27:0d:be:b2:e3:2b:7c:fb:11:fb:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6D3FC3D1EF1497B650EA4B8F238C71F242CCD88A
        Validity
            Not Before: Feb  4 18:32:32 2025 GMT
            Not After : Feb  3 18:37:32 2026 GMT
        Subject: CN=8E9155BFD4257A36782833C9A8C40ED87A4483A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9b:5f:68:39:64:9c:02:d0:66:b4:ee:d4:1f:
                    e7:80:59:1c:0c:40:f6:22:69:d6:d1:39:6e:35:9e:
                    c0:02:d0:e0:ab:cb:06:33:35:a1:d4:4b:78:5e:59:
                    43:71:c0:ac:21:8e:f1:a5:06:00:35:80:a0:ef:7a:
                    08:da:1c:4a:11:27:59:c6:a6:68:a8:ce:75:7e:5e:
                    fc:97:2f:6b:72:bb:da:c6:cb:91:ca:25:e3:9b:0b:
                    0e:96:da:18:9b:ca:78:db:10:23:a6:ef:13:eb:c9:
                    84:02:89:7e:85:94:5d:e7:45:85:8e:5e:d9:5f:56:
                    8c:ab:64:fd:6c:57:f7:e6:a3:72:7a:ee:c3:d0:ae:
                    9f:61:55:93:67:17:65:04:b9:53:85:57:49:0e:f5:
                    92:d0:00:67:b5:26:90:19:8c:64:83:47:33:ca:1a:
                    61:92:39:c6:a4:50:56:09:4f:e3:6f:ee:f2:3b:a3:
                    f6:d6:a2:79:38:4f:4c:3c:ba:a0:a4:76:7e:f9:e5:
                    c3:af:68:57:cb:70:2e:fd:ef:ef:b7:cd:ae:9d:f1:
                    0a:a4:a2:4f:7d:d7:11:71:1c:19:ac:35:81:ba:fd:
                    3f:b4:7e:57:f6:c1:64:91:8b:df:3f:bf:ed:37:09:
                    35:50:30:fe:c0:8d:d5:19:80:1d:55:50:41:86:90:
                    f1:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:91:55:BF:D4:25:7A:36:78:28:33:C9:A8:C4:0E:D8:7A:44:83:A1
            X509v3 Authority Key Identifier:
                keyid:6D:3F:C3:D1:EF:14:97:B6:50:EA:4B:8F:23:8C:71:F2:42:CC:D8:8A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/1489EDDEDD16840B285BCF11153DD1A04B180E51826F3B121184F750C824FF88/0/6D3FC3D1EF1497B650EA4B8F238C71F242CCD88A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/6D3FC3D1EF1497B650EA4B8F238C71F242CCD88A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/1489EDDEDD16840B285BCF11153DD1A04B180E51826F3B121184F750C824FF88/0/3134332e3133372e32302e302f32322d3234203d3e20323633373336.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.137.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:d8:bd:e3:ce:15:a2:4d:33:b7:28:e5:6e:d9:b5:ec:52:19:
         30:7b:83:1e:dd:c1:51:b6:29:f4:06:77:37:71:43:11:23:4b:
         fb:65:ed:5c:fd:61:db:b2:f1:4c:ff:c8:69:85:d7:1d:d0:b8:
         9e:07:91:a6:a0:13:f9:f3:c3:8f:1a:c0:72:b0:8b:24:9f:08:
         bb:81:e4:8e:bc:11:b0:34:d2:13:38:6b:a2:12:7f:5b:45:af:
         37:a8:6f:bc:58:ef:cf:60:42:34:76:82:d5:e4:65:4d:4f:e9:
         a9:14:e1:d6:e5:e2:c5:9e:f4:20:2b:50:53:dc:40:75:41:04:
         29:c6:e1:9c:77:f5:b4:5e:f0:d1:57:af:b9:6b:b9:32:92:04:
         6c:f9:69:27:8b:ee:9a:cf:9b:6a:f9:fa:2f:00:ca:31:86:e0:
         f1:c1:4f:96:9c:fd:88:5b:ed:6f:22:fa:65:2f:b5:b0:90:71:
         ea:a5:ae:43:3a:06:ca:e2:3f:09:2e:80:61:f3:41:3d:e1:80:
         20:5c:05:46:9c:87:d2:79:1c:ec:cf:fe:ac:1c:4d:30:b5:d2:
         56:50:26:71:7c:a4:09:03:eb:ae:51:6e:a7:c1:8d:ee:29:7f:
         60:2a:b0:09:74:38:f8:40:07:25:d1:b6:f8:46:ae:51:0a:99:
         95:82:ea:d8
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUC6LcZojGNh47Jw2+suMrfPsR+98wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNkQzRkMzRDFFRjE0OTdCNjUwRUE0QjhGMjM4QzcxRjI0
MkNDRDg4QTAeFw0yNTAyMDQxODMyMzJaFw0yNjAyMDMxODM3MzJaMDMxMTAvBgNV
BAMTKDhFOTE1NUJGRDQyNTdBMzY3ODI4MzNDOUE4QzQwRUQ4N0E0NDgzQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrm19oOWScAtBmtO7UH+eAWRwM
QPYiadbROW41nsAC0OCrywYzNaHUS3heWUNxwKwhjvGlBgA1gKDvegjaHEoRJ1nG
pmioznV+XvyXL2tyu9rGy5HKJeObCw6W2hibynjbECOm7xPryYQCiX6FlF3nRYWO
XtlfVoyrZP1sV/fmo3J67sPQrp9hVZNnF2UEuVOFV0kO9ZLQAGe1JpAZjGSDRzPK
GmGSOcakUFYJT+Nv7vI7o/bWonk4T0w8uqCkdn755cOvaFfLcC797++3za6d8Qqk
ok991xFxHBmsNYG6/T+0flf2wWSRi98/v+03CTVQMP7AjdUZgB1VUEGGkPEJAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUjpFVv9QlejZ4KDPJqMQO2HpEg6EwHwYDVR0j
BBgwFoAUbT/D0e8Ul7ZQ6kuPI4xx8kLM2IowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xNDg5RURERUREMTY4NDBCMjg1QkNGMTExNTNERDFBMDRC
MTgwRTUxODI2RjNCMTIxMTg0Rjc1MEM4MjRGRjg4LzAvNkQzRkMzRDFFRjE0OTdC
NjUwRUE0QjhGMjM4QzcxRjI0MkNDRDg4QS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC82RDNGQzNEMUVGMTQ5N0I2NTBF
QTRCOEYyMzhDNzFGMjQyQ0NEODhBLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMTQ4OUVEREVERDE2ODQwQjI4NUJDRjExMTUzREQxQTA0QjE4MEU1MTgy
NkYzQjEyMTE4NEY3NTBDODI0RkY4OC8wLzMxMzQzMzJlMzEzMzM3MmUzMjMwMmUz
MDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzNjMzMzczMzM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCj4kU
MA0GCSqGSIb3DQEBCwUAA4IBAQBe2L3jzhWiTTO3KOVu2bXsUhkwe4Me3cFRtin0
Bnc3cUMRI0v7Ze1c/WHbsvFM/8hphdcd0LieB5GmoBP588OPGsBysIsknwi7geSO
vBGwNNITOGuiEn9bRa83qG+8WO/PYEI0doLV5GVNT+mpFOHW5eLFnvQgK1BT3EB1
QQQpxuGcd/W0XvDRV6+5a7kykgRs+Wkni+6az5tq+fovAMoxhuDxwU+WnP2IW+1v
IvplL7WwkHHqpa5DOgbK4j8JLoBh80E94YAgXAVGnIfSeRzsz/6sHE0wtdJWUCZx
fKQJA+uuUW6nwY3uKX9gKrAJdDj4QAcl0bb4Rq5RCpmVgurY
-----END CERTIFICATE-----