Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/199149CA43EC64A0473D2BC1CF13F8E17F3B1E19CB42E246891B0DF0EDCC5862/0/36342e32382e3133372e302f32342d3234203d3e203238303637.roa
File:                     36342e32382e3133372e302f32342d3234203d3e203238303637.roa (raw, json)
Hash identifier:          iN0EYX/pkEQiFWPDasSiuZ+JMxSrh+7QThhvVS6S8uY=
Subject key identifier:   B4:50:F5:62:9E:27:D2:71:D4:A1:80:8D:04:3C:1A:1D:F3:4E:07:ED
Certificate issuer:       /CN=8FCB3DAED8FB3A82F6BDE95FBC5AC3B79CCEFD30
Certificate serial:       09062DA81A67A9C1AE53DFD2B8B010F1E876111A
Authority key identifier: 8F:CB:3D:AE:D8:FB:3A:82:F6:BD:E9:5F:BC:5A:C3:B7:9C:CE:FD:30
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/8FCB3DAED8FB3A82F6BDE95FBC5AC3B79CCEFD30.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/199149CA43EC64A0473D2BC1CF13F8E17F3B1E19CB42E246891B0DF0EDCC5862/0/36342e32382e3133372e302f32342d3234203d3e203238303637.roa
Signing time:             Tue 04 Feb 2025 18:29:12 +0000
ROA not before:           Tue 04 Feb 2025 18:24:12 +0000
ROA not after:            Tue 03 Feb 2026 18:29:12 +0000
asID:                     28067
IP address blocks:        64.28.137.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:06:2d:a8:1a:67:a9:c1:ae:53:df:d2:b8:b0:10:f1:e8:76:11:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8FCB3DAED8FB3A82F6BDE95FBC5AC3B79CCEFD30
        Validity
            Not Before: Feb  4 18:24:12 2025 GMT
            Not After : Feb  3 18:29:12 2026 GMT
        Subject: CN=B450F5629E27D271D4A1808D043C1A1DF34E07ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c8:43:f9:82:3b:a1:0f:d2:c8:96:3e:24:bc:
                    8f:b0:a1:04:99:e7:85:8c:bc:7e:64:97:3a:5f:fb:
                    59:52:3b:c4:86:4e:03:66:25:38:2b:ab:30:3c:20:
                    6d:60:3c:b6:fc:e7:85:d9:42:97:eb:fd:be:7e:e2:
                    bd:e8:62:9b:84:5b:aa:ab:5b:c8:00:1f:7d:d3:0c:
                    37:b7:4f:db:bc:74:89:d6:f6:ef:6e:a5:64:67:e0:
                    43:07:86:f0:59:64:56:f7:93:20:96:07:0b:3d:28:
                    73:43:84:24:14:c8:e5:1d:67:f2:88:6b:37:61:ce:
                    5c:a9:6a:29:2e:1c:e5:cd:b2:1a:cd:aa:d9:4b:ec:
                    50:ca:c0:d8:55:c3:03:9e:41:34:8f:3f:f5:e6:a5:
                    af:f3:63:5c:91:bd:e4:cd:ef:db:04:46:b9:8d:9c:
                    4b:1d:0a:b6:10:c5:5e:49:ae:d4:0a:0c:42:a7:2a:
                    82:02:ef:ed:62:ef:2a:b5:92:5a:49:a8:ee:c2:a6:
                    63:10:65:bd:f9:09:1a:be:7d:66:34:a3:ec:42:9d:
                    68:49:ff:7b:53:87:ba:0b:3c:1c:51:7b:2e:4b:43:
                    e6:fd:5f:61:47:7b:97:e1:5c:0d:76:39:fd:46:69:
                    a7:92:c3:d6:95:4c:b4:93:8c:98:15:d7:f4:82:b1:
                    17:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:50:F5:62:9E:27:D2:71:D4:A1:80:8D:04:3C:1A:1D:F3:4E:07:ED
            X509v3 Authority Key Identifier:
                keyid:8F:CB:3D:AE:D8:FB:3A:82:F6:BD:E9:5F:BC:5A:C3:B7:9C:CE:FD:30

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/199149CA43EC64A0473D2BC1CF13F8E17F3B1E19CB42E246891B0DF0EDCC5862/0/8FCB3DAED8FB3A82F6BDE95FBC5AC3B79CCEFD30.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/8FCB3DAED8FB3A82F6BDE95FBC5AC3B79CCEFD30.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/199149CA43EC64A0473D2BC1CF13F8E17F3B1E19CB42E246891B0DF0EDCC5862/0/36342e32382e3133372e302f32342d3234203d3e203238303637.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.28.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c8:9f:10:9c:9c:f5:e9:fc:7a:a3:7b:5d:30:a7:eb:f6:13:
         11:e7:bd:e3:1d:fa:6b:ab:6f:95:f6:10:8b:45:88:c7:c2:54:
         f9:a5:11:68:0b:39:d0:2b:0c:fc:1c:5f:5e:54:37:06:cc:76:
         d3:75:c2:e9:13:50:fa:d5:8e:78:aa:a1:c6:a4:86:6d:59:7a:
         47:ae:b1:df:0a:b6:c5:b5:52:2d:f1:46:de:d3:d8:71:d0:9e:
         23:52:0d:3e:57:ff:cc:b7:60:db:9d:95:ef:37:06:d3:c6:d4:
         35:32:77:15:45:8a:bf:1b:22:d9:2c:e9:1f:40:29:f5:39:19:
         30:b9:93:64:cf:a7:1d:a3:66:36:32:94:46:5c:52:a8:ce:a7:
         7a:64:56:3a:15:39:7f:37:20:86:d1:d3:8b:94:c9:a3:94:a6:
         a3:b8:68:17:17:aa:1f:29:3c:ee:03:0e:56:9f:cb:51:78:a4:
         48:22:bf:e6:d5:27:05:bc:53:bc:90:85:04:cf:ad:91:e7:28:
         95:30:8c:10:bc:75:de:d7:3a:86:67:3e:e0:0f:1c:e9:21:3b:
         20:aa:de:70:8b:e3:2e:07:e4:e6:0f:30:4d:04:8c:26:c5:3b:
         3d:02:cc:5b:9b:59:85:37:53:c3:12:80:d9:bd:a1:f7:d5:29:
         57:b3:9f:a9
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUCQYtqBpnqcGuU9/SuLAQ8eh2ERowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEZDQjNEQUVEOEZCM0E4MkY2QkRFOTVGQkM1QUMzQjc5
Q0NFRkQzMDAeFw0yNTAyMDQxODI0MTJaFw0yNjAyMDMxODI5MTJaMDMxMTAvBgNV
BAMTKEI0NTBGNTYyOUUyN0QyNzFENEExODA4RDA0M0MxQTFERjM0RTA3RUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvyEP5gjuhD9LIlj4kvI+woQSZ
54WMvH5klzpf+1lSO8SGTgNmJTgrqzA8IG1gPLb854XZQpfr/b5+4r3oYpuEW6qr
W8gAH33TDDe3T9u8dInW9u9upWRn4EMHhvBZZFb3kyCWBws9KHNDhCQUyOUdZ/KI
azdhzlypaikuHOXNshrNqtlL7FDKwNhVwwOeQTSPP/Xmpa/zY1yRveTN79sERrmN
nEsdCrYQxV5JrtQKDEKnKoIC7+1i7yq1klpJqO7CpmMQZb35CRq+fWY0o+xCnWhJ
/3tTh7oLPBxRey5LQ+b9X2FHe5fhXA12Of1GaaeSw9aVTLSTjJgV1/SCsRddAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUtFD1Yp4n0nHUoYCNBDwaHfNOB+0wHwYDVR0j
BBgwFoAUj8s9rtj7OoL2velfvFrDt5zO/TAwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xOTkxNDlDQTQzRUM2NEEwNDczRDJCQzFDRjEzRjhFMTdG
M0IxRTE5Q0I0MkUyNDY4OTFCMERGMEVEQ0M1ODYyLzAvOEZDQjNEQUVEOEZCM0E4
MkY2QkRFOTVGQkM1QUMzQjc5Q0NFRkQzMC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC84RkNCM0RBRUQ4RkIzQTgyRjZC
REU5NUZCQzVBQzNCNzlDQ0VGRDMwLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMTk5MTQ5Q0E0M0VDNjRBMDQ3M0QyQkMxQ0YxM0Y4RTE3RjNCMUUxOUNC
NDJFMjQ2ODkxQjBERjBFRENDNTg2Mi8wLzM2MzQyZTMyMzgyZTMxMzMzNzJlMzAy
ZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzgzMDM2Mzcucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABAHIkwDQYJ
KoZIhvcNAQELBQADggEBAEHInxCcnPXp/Hqje10wp+v2ExHnveMd+murb5X2EItF
iMfCVPmlEWgLOdArDPwcX15UNwbMdtN1wukTUPrVjniqocakhm1Zekeusd8KtsW1
Ui3xRt7T2HHQniNSDT5X/8y3YNudle83BtPG1DUydxVFir8bItks6R9AKfU5GTC5
k2TPpx2jZjYylEZcUqjOp3pkVjoVOX83IIbR04uUyaOUpqO4aBcXqh8pPO4DDlaf
y1F4pEgiv+bVJwW8U7yQhQTPrZHnKJUwjBC8dd7XOoZnPuAPHOkhOyCq3nCL4y4H
5OYPME0EjCbFOz0CzFubWYU3U8MSgNm9offVKVezn6k=
-----END CERTIFICATE-----