Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/1AD7261C7FD1E4EFECEBE6F362FCD0C75697E06B41474BEA8CABC706F79ECF3D/0/323830303a6237303a3430303a3a2f34382d3438203d3e20323632313931.roa
File:                     323830303a6237303a3430303a3a2f34382d3438203d3e20323632313931.roa (raw, json)
Hash identifier:          JylaD0TPe4ni2lvZfKOr95nCR8nM97GiVNYz5yqqufo=
Subject key identifier:   A3:04:31:32:8B:87:23:B9:D5:2E:91:04:1C:E2:3B:E3:7A:C8:56:01
Certificate issuer:       /CN=85D9E7D9BEEFED0B9E188DB7E8CC3B6489066DCD
Certificate serial:       10ECB21289E727C64BF21621DE8D7054A488493A
Authority key identifier: 85:D9:E7:D9:BE:EF:ED:0B:9E:18:8D:B7:E8:CC:3B:64:89:06:6D:CD
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/85D9E7D9BEEFED0B9E188DB7E8CC3B6489066DCD.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/1AD7261C7FD1E4EFECEBE6F362FCD0C75697E06B41474BEA8CABC706F79ECF3D/0/323830303a6237303a3430303a3a2f34382d3438203d3e20323632313931.roa
Signing time:             Tue 04 Feb 2025 20:04:40 +0000
ROA not before:           Tue 04 Feb 2025 19:59:40 +0000
ROA not after:            Tue 03 Feb 2026 20:04:40 +0000
asID:                     262191
IP address blocks:        2800:b70:400::/48 maxlen: 48
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:ec:b2:12:89:e7:27:c6:4b:f2:16:21:de:8d:70:54:a4:88:49:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85D9E7D9BEEFED0B9E188DB7E8CC3B6489066DCD
        Validity
            Not Before: Feb  4 19:59:40 2025 GMT
            Not After : Feb  3 20:04:40 2026 GMT
        Subject: CN=A30431328B8723B9D52E91041CE23BE37AC85601
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:21:28:42:76:a1:37:21:c4:94:7f:7c:64:48:
                    21:7d:ba:6b:4f:a8:f6:13:20:f1:55:27:8c:36:35:
                    ab:69:68:9e:44:2b:e3:56:f9:42:52:e2:94:bc:0f:
                    f5:34:4e:f8:72:e5:d3:6a:16:26:11:22:06:c3:6c:
                    4c:c6:b8:aa:ab:a0:49:ca:43:1d:96:28:06:81:c5:
                    8f:ca:95:b7:60:7d:92:b6:75:91:e6:ac:24:a8:c2:
                    e5:f1:e6:c5:00:96:54:ee:05:ea:0c:e9:cf:40:d1:
                    2d:39:d1:a2:a3:d5:63:df:a9:56:dd:1a:49:30:89:
                    34:8c:85:b9:69:2f:55:31:dd:55:bb:f4:fc:a8:b2:
                    c6:62:77:4c:20:b6:a8:84:68:39:bf:91:c3:e2:ed:
                    50:fa:ee:c8:d8:9c:20:94:14:e2:b0:28:46:71:a6:
                    07:de:cb:c9:c3:33:36:22:7d:9d:a2:16:9f:ca:0f:
                    50:be:65:a3:58:da:86:6b:1d:77:e4:a2:a8:e4:3b:
                    b1:66:7e:d1:9f:cd:da:44:d2:89:23:4a:0e:f7:c4:
                    93:46:25:d3:95:2a:b9:40:68:68:8c:6d:9f:67:3b:
                    10:bb:37:8a:24:50:da:1b:2d:1d:a1:c4:31:c2:d4:
                    35:c0:d4:f2:dd:f9:5a:81:7b:71:0a:0c:3d:64:00:
                    ba:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:04:31:32:8B:87:23:B9:D5:2E:91:04:1C:E2:3B:E3:7A:C8:56:01
            X509v3 Authority Key Identifier:
                keyid:85:D9:E7:D9:BE:EF:ED:0B:9E:18:8D:B7:E8:CC:3B:64:89:06:6D:CD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/1AD7261C7FD1E4EFECEBE6F362FCD0C75697E06B41474BEA8CABC706F79ECF3D/0/85D9E7D9BEEFED0B9E188DB7E8CC3B6489066DCD.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/85D9E7D9BEEFED0B9E188DB7E8CC3B6489066DCD.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/1AD7261C7FD1E4EFECEBE6F362FCD0C75697E06B41474BEA8CABC706F79ECF3D/0/323830303a6237303a3430303a3a2f34382d3438203d3e20323632313931.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2800:b70:400::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:af:49:2b:a5:81:62:e4:a5:2c:4a:42:87:d0:df:52:93:8a:
         a8:6e:6c:ed:61:fe:08:82:52:a4:ec:98:af:7b:2c:63:4b:78:
         01:c4:4f:d6:77:5c:30:ca:b5:11:7d:8b:98:c5:db:7a:0d:92:
         e8:9e:23:be:5c:5c:14:95:1f:89:6a:7d:93:78:fa:fa:65:96:
         58:b5:fe:4f:ca:33:d9:a9:4e:68:0f:5b:da:00:53:42:5a:ff:
         06:bc:fb:c3:c6:cd:96:37:47:30:63:5d:72:c8:8d:7a:a2:52:
         53:a0:c9:8b:d7:bb:a2:4c:4a:55:e7:3a:e9:1e:a6:0a:bf:bc:
         6e:b9:79:3c:e6:7b:1e:51:50:3e:24:b0:2f:6c:f5:2e:36:4c:
         89:6e:f2:f1:f8:e6:dc:ae:10:ca:ec:60:1b:1b:06:82:c6:9d:
         02:80:19:b7:41:15:30:f8:16:2d:49:d6:4f:ce:fb:43:e2:ec:
         82:5b:de:ba:6c:c1:32:b9:b4:40:d3:e2:2a:9a:ea:67:05:33:
         0b:4e:49:20:f4:41:17:8c:60:df:e3:4e:15:3b:8d:52:d2:94:
         07:dd:d0:7b:61:5d:a3:61:3b:47:a9:83:92:26:18:04:fd:a6:
         a9:94:d4:59:09:26:e3:77:8f:bf:3d:62:db:fa:5b:7d:93:e2:
         08:c6:00:51
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgIUEOyyEonnJ8ZL8hYh3o1wVKSISTowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODVEOUU3RDlCRUVGRUQwQjlFMTg4REI3RThDQzNCNjQ4
OTA2NkRDRDAeFw0yNTAyMDQxOTU5NDBaFw0yNjAyMDMyMDA0NDBaMDMxMTAvBgNV
BAMTKEEzMDQzMTMyOEI4NzIzQjlENTJFOTEwNDFDRTIzQkUzN0FDODU2MDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvIShCdqE3IcSUf3xkSCF9umtP
qPYTIPFVJ4w2NatpaJ5EK+NW+UJS4pS8D/U0Tvhy5dNqFiYRIgbDbEzGuKqroEnK
Qx2WKAaBxY/KlbdgfZK2dZHmrCSowuXx5sUAllTuBeoM6c9A0S050aKj1WPfqVbd
GkkwiTSMhblpL1Ux3VW79PyossZid0wgtqiEaDm/kcPi7VD67sjYnCCUFOKwKEZx
pgfey8nDMzYifZ2iFp/KD1C+ZaNY2oZrHXfkoqjkO7FmftGfzdpE0okjSg73xJNG
JdOVKrlAaGiMbZ9nOxC7N4okUNobLR2hxDHC1DXA1PLd+VqBe3EKDD1kALqRAgMB
AAGjggLRMIICzTAdBgNVHQ4EFgQUowQxMouHI7nVLpEEHOI743rIVgEwHwYDVR0j
BBgwFoAUhdnn2b7v7QueGI236Mw7ZIkGbc0wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xQUQ3MjYxQzdGRDFFNEVGRUNFQkU2RjM2MkZDRDBDNzU2
OTdFMDZCNDE0NzRCRUE4Q0FCQzcwNkY3OUVDRjNELzAvODVEOUU3RDlCRUVGRUQw
QjlFMTg4REI3RThDQzNCNjQ4OTA2NkRDRC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC84NUQ5RTdEOUJFRUZFRDBCOUUx
ODhEQjdFOENDM0I2NDg5MDY2RENELmNlcjCBzQYIKwYBBQUHAQsEgcAwgb0wgboG
CCsGAQUFBzALhoGtcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMUFENzI2MUM3RkQxRTRFRkVDRUJFNkYzNjJGQ0QwQzc1Njk3RTA2QjQx
NDc0QkVBOENBQkM3MDZGNzlFQ0YzRC8wLzMyMzgzMDMwM2E2MjM3MzAzYTM0MzAz
MDNhM2EyZjM0MzgyZDM0MzgyMDNkM2UyMDMyMzYzMjMxMzkzMS5yb2EwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMH
ACgAC3AEADANBgkqhkiG9w0BAQsFAAOCAQEApa9JK6WBYuSlLEpCh9DfUpOKqG5s
7WH+CIJSpOyYr3ssY0t4AcRP1ndcMMq1EX2LmMXbeg2S6J4jvlxcFJUfiWp9k3j6
+mWWWLX+T8oz2alOaA9b2gBTQlr/Brz7w8bNljdHMGNdcsiNeqJSU6DJi9e7okxK
Vec66R6mCr+8brl5POZ7HlFQPiSwL2z1LjZMiW7y8fjm3K4QyuxgGxsGgsadAoAZ
t0EVMPgWLUnWT877Q+LsglveumzBMrm0QNPiKprqZwUzC05JIPRBF4xg3+NOFTuN
UtKUB93Qe2Fdo2E7R6mDkiYYBP2mqZTUWQkm43ePvz1i2/pbfZPiCMYAUQ==
-----END CERTIFICATE-----