Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/1A8FB9B50BD6F6BDB905D4F5295E39E7770BEABC2471F2B45989B36198CFAF67/0/3230302e38352e3134332e302f32342d3234203d3e20323731393036.roa
File:                     3230302e38352e3134332e302f32342d3234203d3e20323731393036.roa (raw, json)
Hash identifier:          9NP/qLXn94xeePSynUXEHf5lLCpdv3lTav9I8/hYi9g=
Subject key identifier:   09:15:3E:22:81:3C:E4:D0:20:4A:7C:B7:BF:1C:66:5F:0E:AC:D8:DD
Certificate issuer:       /CN=AC68EDFE9EFC975AF892AC92B6AE1914A3B2D0D3
Certificate serial:       4B32AE2CF2CE42607440734615C84DA78FEB09E8
Authority key identifier: AC:68:ED:FE:9E:FC:97:5A:F8:92:AC:92:B6:AE:19:14:A3:B2:D0:D3
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/AC68EDFE9EFC975AF892AC92B6AE1914A3B2D0D3.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/1A8FB9B50BD6F6BDB905D4F5295E39E7770BEABC2471F2B45989B36198CFAF67/0/3230302e38352e3134332e302f32342d3234203d3e20323731393036.roa
Signing time:             Tue 04 Feb 2025 18:40:01 +0000
ROA not before:           Tue 04 Feb 2025 18:35:01 +0000
ROA not after:            Tue 03 Feb 2026 18:40:01 +0000
asID:                     271906
IP address blocks:        200.85.143.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:32:ae:2c:f2:ce:42:60:74:40:73:46:15:c8:4d:a7:8f:eb:09:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AC68EDFE9EFC975AF892AC92B6AE1914A3B2D0D3
        Validity
            Not Before: Feb  4 18:35:01 2025 GMT
            Not After : Feb  3 18:40:01 2026 GMT
        Subject: CN=09153E22813CE4D0204A7CB7BF1C665F0EACD8DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:89:fc:a5:41:51:f3:78:cd:a7:99:97:ef:75:
                    38:75:ce:b7:9b:76:6b:eb:b3:fb:44:e0:ff:01:23:
                    9d:b2:14:22:ec:db:6a:9b:d3:cf:fb:d9:18:d3:54:
                    35:82:15:6f:14:f9:8f:3c:d8:c4:0e:99:bc:cd:1e:
                    bb:ad:a5:57:d4:0a:24:ae:56:f8:5a:40:df:a1:2f:
                    ad:7a:aa:ee:ff:cc:c3:64:f9:0e:72:a9:65:01:48:
                    b7:b1:71:8f:b9:ac:ee:a0:21:13:46:35:26:1e:eb:
                    52:0a:48:7a:d9:41:76:8a:bf:0e:b9:10:b4:1e:bd:
                    4e:29:68:24:9e:05:99:ac:24:3a:c6:bb:84:9e:90:
                    3e:e6:4d:79:0c:5e:a0:b3:7a:fa:89:50:b2:97:49:
                    6a:7c:22:0b:08:a1:27:81:40:e9:cc:36:c7:eb:6b:
                    71:dd:30:48:3e:fe:32:63:56:e5:0c:93:14:70:fd:
                    f5:6a:aa:c3:03:2a:0e:20:98:71:98:4e:00:bc:0a:
                    32:55:72:f2:a0:2b:47:e3:26:d2:6a:de:29:a0:7d:
                    a6:a7:28:10:e3:1c:1e:79:43:c1:ed:74:58:9a:55:
                    57:d2:21:58:a5:f7:1a:05:dc:cb:81:3d:0d:14:0a:
                    80:ef:1b:a0:19:ae:ba:70:f6:41:fa:73:3a:15:93:
                    cd:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:15:3E:22:81:3C:E4:D0:20:4A:7C:B7:BF:1C:66:5F:0E:AC:D8:DD
            X509v3 Authority Key Identifier:
                keyid:AC:68:ED:FE:9E:FC:97:5A:F8:92:AC:92:B6:AE:19:14:A3:B2:D0:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/1A8FB9B50BD6F6BDB905D4F5295E39E7770BEABC2471F2B45989B36198CFAF67/0/AC68EDFE9EFC975AF892AC92B6AE1914A3B2D0D3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/AC68EDFE9EFC975AF892AC92B6AE1914A3B2D0D3.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/1A8FB9B50BD6F6BDB905D4F5295E39E7770BEABC2471F2B45989B36198CFAF67/0/3230302e38352e3134332e302f32342d3234203d3e20323731393036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.85.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:cc:52:c6:cb:d5:03:db:95:40:c6:ae:59:cb:7f:78:c6:09:
         b0:37:7f:ee:20:09:3b:b0:92:f4:bd:b4:a3:e7:f5:aa:8c:ee:
         3c:a4:fd:05:a3:18:2b:09:a7:e7:83:ff:71:97:74:96:9e:af:
         37:a4:3e:f4:3f:e7:23:31:21:97:24:4e:9b:11:a5:92:78:bf:
         f3:49:82:b2:63:b8:cd:ee:65:45:49:c2:3c:42:a1:b0:ec:59:
         33:b9:48:9a:2c:60:32:15:72:fe:11:70:00:6c:6f:95:be:8f:
         5e:69:02:60:3b:94:94:59:5c:ad:79:ec:96:49:da:bd:1c:76:
         d7:e7:16:e8:60:30:d1:d1:4e:44:c4:e5:b2:39:66:69:e9:4b:
         ea:1d:0e:63:27:cb:11:f9:ee:a0:9c:f5:53:c5:65:94:88:f7:
         80:92:df:4a:ac:30:46:08:6f:cf:8e:e2:d3:f7:80:4d:55:66:
         83:af:ff:2e:c7:f5:5b:85:c2:b3:a2:13:8a:62:67:2d:ae:0a:
         48:6c:c8:08:9e:3c:df:37:70:98:fa:57:67:4c:ad:22:2e:4f:
         a4:a9:a1:2f:a1:d9:e1:1e:2f:d9:74:c8:e8:6f:43:78:75:0b:
         c6:c2:31:32:37:49:50:7d:9a:d0:1d:3b:be:ff:31:b9:55:9c:
         d1:33:d9:f9
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUSzKuLPLOQmB0QHNGFchNp4/rCegwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUM2OEVERkU5RUZDOTc1QUY4OTJBQzkyQjZBRTE5MTRB
M0IyRDBEMzAeFw0yNTAyMDQxODM1MDFaFw0yNjAyMDMxODQwMDFaMDMxMTAvBgNV
BAMTKDA5MTUzRTIyODEzQ0U0RDAyMDRBN0NCN0JGMUM2NjVGMEVBQ0Q4REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtifylQVHzeM2nmZfvdTh1zreb
dmvrs/tE4P8BI52yFCLs22qb08/72RjTVDWCFW8U+Y882MQOmbzNHrutpVfUCiSu
VvhaQN+hL616qu7/zMNk+Q5yqWUBSLexcY+5rO6gIRNGNSYe61IKSHrZQXaKvw65
ELQevU4paCSeBZmsJDrGu4SekD7mTXkMXqCzevqJULKXSWp8IgsIoSeBQOnMNsfr
a3HdMEg+/jJjVuUMkxRw/fVqqsMDKg4gmHGYTgC8CjJVcvKgK0fjJtJq3imgfaan
KBDjHB55Q8HtdFiaVVfSIVil9xoF3MuBPQ0UCoDvG6AZrrpw9kH6czoVk81dAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUCRU+IoE85NAgSny3vxxmXw6s2N0wHwYDVR0j
BBgwFoAUrGjt/p78l1r4kqyStq4ZFKOy0NMwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xQThGQjlCNTBCRDZGNkJEQjkwNUQ0RjUyOTVFMzlFNzc3
MEJFQUJDMjQ3MUYyQjQ1OTg5QjM2MTk4Q0ZBRjY3LzAvQUM2OEVERkU5RUZDOTc1
QUY4OTJBQzkyQjZBRTE5MTRBM0IyRDBEMy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9BQzY4RURGRTlFRkM5NzVBRjg5
MkFDOTJCNkFFMTkxNEEzQjJEMEQzLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMUE4RkI5QjUwQkQ2RjZCREI5MDVENEY1Mjk1RTM5RTc3NzBCRUFCQzI0
NzFGMkI0NTk4OUIzNjE5OENGQUY2Ny8wLzMyMzAzMDJlMzgzNTJlMzEzNDMzMmUz
MDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNzMxMzkzMDM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyFWP
MA0GCSqGSIb3DQEBCwUAA4IBAQAGzFLGy9UD25VAxq5Zy394xgmwN3/uIAk7sJL0
vbSj5/WqjO48pP0FoxgrCafng/9xl3SWnq83pD70P+cjMSGXJE6bEaWSeL/zSYKy
Y7jN7mVFScI8QqGw7FkzuUiaLGAyFXL+EXAAbG+Vvo9eaQJgO5SUWVyteeyWSdq9
HHbX5xboYDDR0U5ExOWyOWZp6UvqHQ5jJ8sR+e6gnPVTxWWUiPeAkt9KrDBGCG/P
juLT94BNVWaDr/8ux/VbhcKzohOKYmctrgpIbMgInjzfN3CY+ldnTK0iLk+kqaEv
odnhHi/ZdMjob0N4dQvGwjEyN0lQfZrQHTu+/zG5VZzRM9n5
-----END CERTIFICATE-----