Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/16F04F49098269C7AE45E7884292E5EDA9D2ACC4167A67F0D74D5FBF78198103/0/3133382e39372e3136302e302f32322d3234203d3e20323633373531.roa
File:                     3133382e39372e3136302e302f32322d3234203d3e20323633373531.roa (raw, json)
Hash identifier:          zxlK+593xLodkQ/QOIp30AqZtFgJApHR90vYowHIWyw=
Subject key identifier:   34:40:13:84:4D:71:AB:09:27:AF:ED:8F:F5:C3:69:09:DE:32:29:0D
Certificate issuer:       /CN=84B2102857DD9312F9D75A5E7F972DCBBD0799CC
Certificate serial:       3D4D02E49AA517AD051CD8805B66ADC08E0C332F
Authority key identifier: 84:B2:10:28:57:DD:93:12:F9:D7:5A:5E:7F:97:2D:CB:BD:07:99:CC
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/84B2102857DD9312F9D75A5E7F972DCBBD0799CC.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/16F04F49098269C7AE45E7884292E5EDA9D2ACC4167A67F0D74D5FBF78198103/0/3133382e39372e3136302e302f32322d3234203d3e20323633373531.roa
Signing time:             Thu 13 Mar 2025 15:11:44 +0000
ROA not before:           Thu 13 Mar 2025 15:06:44 +0000
ROA not after:            Thu 12 Mar 2026 15:11:44 +0000
asID:                     263751
IP address blocks:        138.97.160.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:4d:02:e4:9a:a5:17:ad:05:1c:d8:80:5b:66:ad:c0:8e:0c:33:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84B2102857DD9312F9D75A5E7F972DCBBD0799CC
        Validity
            Not Before: Mar 13 15:06:44 2025 GMT
            Not After : Mar 12 15:11:44 2026 GMT
        Subject: CN=344013844D71AB0927AFED8FF5C36909DE32290D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c5:91:df:ad:8e:8a:c0:2b:e4:85:ec:2c:51:
                    93:dc:a5:cd:71:a4:57:11:35:96:0b:41:63:e0:16:
                    e0:db:e6:30:fe:b8:db:41:18:14:5f:c1:b3:03:57:
                    9c:2e:0c:96:89:d2:d6:ed:cb:1d:8e:84:5f:4c:66:
                    c4:0a:29:14:7a:ac:60:15:e5:71:2f:ee:69:c3:25:
                    5b:d4:93:5b:99:d4:9c:e4:82:e0:59:db:08:62:62:
                    34:1a:6d:54:55:58:b0:42:8d:d5:11:1b:fd:6f:b6:
                    0f:bc:db:34:40:2b:b5:6c:84:6e:01:dc:3c:5b:ec:
                    f5:e9:6a:52:62:17:34:03:a1:2d:77:86:8f:d7:cc:
                    10:fb:8f:2d:5a:82:69:29:3f:a8:4a:d6:3c:10:ca:
                    29:0a:26:4c:0d:6d:23:34:90:bd:26:2d:c4:b4:47:
                    8e:29:a2:16:f5:d0:09:71:d9:3d:de:5c:a3:fd:79:
                    08:54:29:74:1c:e7:ab:50:de:44:67:89:5f:1c:bd:
                    93:97:26:3d:0a:27:14:b9:55:62:1a:d1:2c:9c:79:
                    5d:0a:3f:c6:80:ec:cd:e8:91:21:07:f9:62:83:10:
                    fa:c9:e3:72:79:ff:82:24:b8:2b:fb:03:7a:dd:cd:
                    38:cf:5b:ad:a2:1a:7d:e2:30:90:68:3e:d3:79:06:
                    87:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:40:13:84:4D:71:AB:09:27:AF:ED:8F:F5:C3:69:09:DE:32:29:0D
            X509v3 Authority Key Identifier:
                keyid:84:B2:10:28:57:DD:93:12:F9:D7:5A:5E:7F:97:2D:CB:BD:07:99:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/16F04F49098269C7AE45E7884292E5EDA9D2ACC4167A67F0D74D5FBF78198103/0/84B2102857DD9312F9D75A5E7F972DCBBD0799CC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/84B2102857DD9312F9D75A5E7F972DCBBD0799CC.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/16F04F49098269C7AE45E7884292E5EDA9D2ACC4167A67F0D74D5FBF78198103/0/3133382e39372e3136302e302f32322d3234203d3e20323633373531.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.97.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:52:f5:3a:13:ab:05:7c:08:a8:6c:ee:d1:8a:99:b4:51:0f:
         38:c9:28:dc:dc:8e:77:ac:7d:88:5c:2c:18:6c:61:d9:46:4b:
         fc:df:3a:af:09:59:23:6f:da:79:4a:2c:c1:cc:37:e5:03:98:
         00:81:e5:c7:1c:45:2b:64:69:f8:51:cf:bd:c2:ac:f9:b8:e1:
         55:72:be:9c:a7:d8:c0:c7:9f:c3:df:9c:2d:a8:cb:75:a2:9f:
         5e:dd:19:94:5c:24:ba:bc:74:ea:e3:c5:8b:14:19:f4:dd:f3:
         5c:90:18:82:15:b8:09:bb:53:c6:0e:c4:19:2c:62:c3:8b:3a:
         c5:01:d8:b6:8a:30:ac:25:8a:e9:0a:b6:23:ba:c6:5f:0d:6d:
         19:4b:20:2b:9b:f4:cf:65:8e:a0:cf:3e:a7:e5:64:57:0a:aa:
         73:41:02:40:ba:3b:16:25:98:aa:7a:4d:51:36:3a:fb:90:5d:
         32:42:bb:f2:d4:b4:59:bc:ea:b9:a4:8d:d4:02:94:56:ff:53:
         a7:17:39:42:2f:5d:eb:a5:56:e0:65:a9:03:7c:40:3e:ca:f5:
         52:7f:c4:bf:ac:17:e5:e5:2d:11:cf:c9:32:ef:ef:3d:91:3e:
         42:79:18:e5:b9:d0:7e:d9:e0:e7:65:c5:96:18:aa:74:b2:f2:
         f2:ac:89:a0
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUPU0C5JqlF60FHNiAW2atwI4MMy8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODRCMjEwMjg1N0REOTMxMkY5RDc1QTVFN0Y5NzJEQ0JC
RDA3OTlDQzAeFw0yNTAzMTMxNTA2NDRaFw0yNjAzMTIxNTExNDRaMDMxMTAvBgNV
BAMTKDM0NDAxMzg0NEQ3MUFCMDkyN0FGRUQ4RkY1QzM2OTA5REUzMjI5MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrxZHfrY6KwCvkhewsUZPcpc1x
pFcRNZYLQWPgFuDb5jD+uNtBGBRfwbMDV5wuDJaJ0tbtyx2OhF9MZsQKKRR6rGAV
5XEv7mnDJVvUk1uZ1JzkguBZ2whiYjQabVRVWLBCjdURG/1vtg+82zRAK7VshG4B
3Dxb7PXpalJiFzQDoS13ho/XzBD7jy1agmkpP6hK1jwQyikKJkwNbSM0kL0mLcS0
R44pohb10Alx2T3eXKP9eQhUKXQc56tQ3kRniV8cvZOXJj0KJxS5VWIa0SyceV0K
P8aA7M3okSEH+WKDEPrJ43J5/4IkuCv7A3rdzTjPW62iGn3iMJBoPtN5BodXAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUNEAThE1xqwknr+2P9cNpCd4yKQ0wHwYDVR0j
BBgwFoAUhLIQKFfdkxL511pef5cty70HmcwwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xNkYwNEY0OTA5ODI2OUM3QUU0NUU3ODg0MjkyRTVFREE5
RDJBQ0M0MTY3QTY3RjBENzRENUZCRjc4MTk4MTAzLzAvODRCMjEwMjg1N0REOTMx
MkY5RDc1QTVFN0Y5NzJEQ0JCRDA3OTlDQy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC84NEIyMTAyODU3REQ5MzEyRjlE
NzVBNUU3Rjk3MkRDQkJEMDc5OUNDLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMTZGMDRGNDkwOTgyNjlDN0FFNDVFNzg4NDI5MkU1RURBOUQyQUNDNDE2
N0E2N0YwRDc0RDVGQkY3ODE5ODEwMy8wLzMxMzMzODJlMzkzNzJlMzEzNjMwMmUz
MDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzNjMzMzczNTMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCimGg
MA0GCSqGSIb3DQEBCwUAA4IBAQBFUvU6E6sFfAiobO7Ripm0UQ84ySjc3I53rH2I
XCwYbGHZRkv83zqvCVkjb9p5SizBzDflA5gAgeXHHEUrZGn4Uc+9wqz5uOFVcr6c
p9jAx5/D35wtqMt1op9e3RmUXCS6vHTq48WLFBn03fNckBiCFbgJu1PGDsQZLGLD
izrFAdi2ijCsJYrpCrYjusZfDW0ZSyArm/TPZY6gzz6n5WRXCqpzQQJAujsWJZiq
ek1RNjr7kF0yQrvy1LRZvOq5pI3UApRW/1OnFzlCL13rpVbgZakDfEA+yvVSf8S/
rBfl5S0Rz8ky7+89kT5CeRjludB+2eDnZcWWGKp0svLyrImg
-----END CERTIFICATE-----