Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/1CBDA3CBE3F94B19EDF009953C0F455D7053B060883FF74AB3FFCA12818F0932/0/3230302e3132352e3133332e302f32342d3234203d3e203237393437.roa
File:                     3230302e3132352e3133332e302f32342d3234203d3e203237393437.roa (raw, json)
Hash identifier:          ei+aI3yRpqWAQlVC80Ih9G66OfmMtRym4fO22DedFGU=
Subject key identifier:   E4:71:24:63:81:80:61:97:81:37:EA:63:12:33:79:95:29:8F:EF:EA
Certificate issuer:       /CN=D2709F777988D8BB9C29DBBB53968812568C616E
Certificate serial:       0DF8703AFFFD41AA20E26CC5F4534037976DEBE4
Authority key identifier: D2:70:9F:77:79:88:D8:BB:9C:29:DB:BB:53:96:88:12:56:8C:61:6E
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D2709F777988D8BB9C29DBBB53968812568C616E.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/1CBDA3CBE3F94B19EDF009953C0F455D7053B060883FF74AB3FFCA12818F0932/0/3230302e3132352e3133332e302f32342d3234203d3e203237393437.roa
Signing time:             Tue 04 Feb 2025 18:33:21 +0000
ROA not before:           Tue 04 Feb 2025 18:28:21 +0000
ROA not after:            Tue 03 Feb 2026 18:33:21 +0000
asID:                     27947
IP address blocks:        200.125.133.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:f8:70:3a:ff:fd:41:aa:20:e2:6c:c5:f4:53:40:37:97:6d:eb:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D2709F777988D8BB9C29DBBB53968812568C616E
        Validity
            Not Before: Feb  4 18:28:21 2025 GMT
            Not After : Feb  3 18:33:21 2026 GMT
        Subject: CN=E4712463818061978137EA6312337995298FEFEA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:46:31:b7:0a:99:47:a7:14:50:00:73:2a:83:
                    ea:16:e0:6c:da:5e:c8:86:64:67:cd:83:23:6e:92:
                    bb:ad:f5:c7:51:bb:2b:ad:76:6e:ee:6e:da:83:0e:
                    89:8b:e5:2f:52:a5:73:1d:dd:84:1a:61:51:7a:f0:
                    7e:c7:1f:0b:5d:73:d7:04:4b:ef:65:51:15:b6:0f:
                    86:6f:42:01:5c:27:f3:3e:3e:7a:44:4c:0c:fa:ed:
                    e9:bc:6d:10:d0:a5:b8:f2:d3:03:f1:01:65:11:b2:
                    e8:0b:9f:c1:f3:eb:68:94:10:5d:18:c9:bd:fa:b6:
                    58:3b:c4:9e:d5:ff:f4:11:88:ad:5e:72:0c:fc:12:
                    97:57:83:1c:af:67:e3:c9:99:46:b3:77:e9:97:6f:
                    f9:49:c2:da:a5:d1:63:a6:9b:00:1e:cb:6d:50:d2:
                    45:23:0f:81:6e:a7:51:61:5a:70:68:54:54:f6:48:
                    03:88:31:01:fe:eb:8d:f0:6f:b2:ea:bd:5f:fe:1f:
                    d5:f7:be:a5:ee:d2:88:a7:fc:92:b4:16:27:61:d2:
                    e0:59:75:e3:de:8b:74:98:b6:a6:91:6a:39:f4:5c:
                    be:8a:2b:e8:9a:ea:f7:26:88:3d:fb:2d:f8:8d:6c:
                    80:a5:1f:2b:9e:60:a2:a6:0a:69:a7:11:41:17:a3:
                    c1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:71:24:63:81:80:61:97:81:37:EA:63:12:33:79:95:29:8F:EF:EA
            X509v3 Authority Key Identifier:
                keyid:D2:70:9F:77:79:88:D8:BB:9C:29:DB:BB:53:96:88:12:56:8C:61:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/1CBDA3CBE3F94B19EDF009953C0F455D7053B060883FF74AB3FFCA12818F0932/0/D2709F777988D8BB9C29DBBB53968812568C616E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D2709F777988D8BB9C29DBBB53968812568C616E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/1CBDA3CBE3F94B19EDF009953C0F455D7053B060883FF74AB3FFCA12818F0932/0/3230302e3132352e3133332e302f32342d3234203d3e203237393437.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.125.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:bd:78:23:9c:4f:72:63:59:90:c7:9f:73:62:b7:23:51:12:
         8d:1f:05:eb:22:82:78:a5:ec:0d:c1:b0:42:6a:7b:b7:f9:a5:
         eb:ca:43:af:36:5a:0c:ee:b2:b8:a8:9e:5f:c6:ee:00:76:5f:
         e8:c6:3a:b2:e5:b8:e3:9e:1b:df:1a:22:48:9b:a2:03:67:82:
         03:60:4c:59:24:34:bc:47:76:c5:c1:12:ac:02:7e:e1:45:52:
         69:0c:b6:c9:cc:41:6d:31:8b:c5:71:bf:4a:31:a7:45:fd:b9:
         69:e8:52:2d:76:16:70:e7:a2:ed:c1:9f:64:ee:f8:06:ca:86:
         68:bb:dd:aa:f1:98:87:31:d3:97:20:16:70:8e:f7:d5:97:61:
         96:b4:6a:a6:af:db:ad:e6:b9:b8:c6:86:bb:48:0a:0f:40:fa:
         97:b8:71:44:8a:22:fc:bd:dc:ac:c3:30:1f:dc:63:c6:10:f0:
         13:38:fd:b2:b4:c1:1a:b2:08:6d:e1:60:e8:59:6f:64:08:f4:
         ba:c0:3b:8d:06:cf:e0:ad:a6:ce:d5:00:54:c6:6d:95:fe:39:
         4f:3a:ef:0f:08:91:ca:0a:3d:e0:83:fc:fc:e9:30:50:ce:a6:
         69:30:a0:6a:ea:9a:5d:2f:8d:a5:35:96:e3:f4:65:b1:18:4b:
         20:ea:20:69
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUDfhwOv/9Qaog4mzF9FNAN5dt6+QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDI3MDlGNzc3OTg4RDhCQjlDMjlEQkJCNTM5Njg4MTI1
NjhDNjE2RTAeFw0yNTAyMDQxODI4MjFaFw0yNjAyMDMxODMzMjFaMDMxMTAvBgNV
BAMTKEU0NzEyNDYzODE4MDYxOTc4MTM3RUE2MzEyMzM3OTk1Mjk4RkVGRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQRjG3CplHpxRQAHMqg+oW4Gza
XsiGZGfNgyNukrut9cdRuyutdm7ubtqDDomL5S9SpXMd3YQaYVF68H7HHwtdc9cE
S+9lURW2D4ZvQgFcJ/M+PnpETAz67em8bRDQpbjy0wPxAWURsugLn8Hz62iUEF0Y
yb36tlg7xJ7V//QRiK1ecgz8EpdXgxyvZ+PJmUazd+mXb/lJwtql0WOmmwAey21Q
0kUjD4Fup1FhWnBoVFT2SAOIMQH+643wb7LqvV/+H9X3vqXu0oin/JK0Fidh0uBZ
dePei3SYtqaRajn0XL6KK+ia6vcmiD37LfiNbIClHyueYKKmCmmnEUEXo8E1AgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQU5HEkY4GAYZeBN+pjEjN5lSmP7+owHwYDVR0j
BBgwFoAU0nCfd3mI2LucKdu7U5aIElaMYW4wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xQ0JEQTNDQkUzRjk0QjE5RURGMDA5OTUzQzBGNDU1RDcw
NTNCMDYwODgzRkY3NEFCM0ZGQ0ExMjgxOEYwOTMyLzAvRDI3MDlGNzc3OTg4RDhC
QjlDMjlEQkJCNTM5Njg4MTI1NjhDNjE2RS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EMjcwOUY3Nzc5ODhEOEJCOUMy
OURCQkI1Mzk2ODgxMjU2OEM2MTZFLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMUNCREEzQ0JFM0Y5NEIxOUVERjAwOTk1M0MwRjQ1NUQ3MDUzQjA2MDg4
M0ZGNzRBQjNGRkNBMTI4MThGMDkzMi8wLzMyMzAzMDJlMzEzMjM1MmUzMTMzMzMy
ZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM3MzkzNDM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyH2F
MA0GCSqGSIb3DQEBCwUAA4IBAQA2vXgjnE9yY1mQx59zYrcjURKNHwXrIoJ4pewN
wbBCanu3+aXrykOvNloM7rK4qJ5fxu4Adl/oxjqy5bjjnhvfGiJIm6IDZ4IDYExZ
JDS8R3bFwRKsAn7hRVJpDLbJzEFtMYvFcb9KMadF/blp6FItdhZw56LtwZ9k7vgG
yoZou92q8ZiHMdOXIBZwjvfVl2GWtGqmr9ut5rm4xoa7SAoPQPqXuHFEiiL8vdys
wzAf3GPGEPATOP2ytMEasght4WDoWW9kCPS6wDuNBs/grabO1QBUxm2V/jlPOu8P
CJHKCj3gg/z86TBQzqZpMKBq6ppdL42lNZbj9GWxGEsg6iBp
-----END CERTIFICATE-----