Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/1F00C0A324484A0E532189EE68B426AA220331435BA450CFFCF3816BF1031989/0/36352e33382e3130302e302f32342d3234203d3e203532343233.roa
File:                     36352e33382e3130302e302f32342d3234203d3e203532343233.roa (raw, json)
Hash identifier:          CuqdtSVFiBxzd07Z+EiTezJKYivBD7LFPZMlecr3/AM=
Subject key identifier:   8D:7E:D6:90:18:F4:39:71:C8:15:56:58:19:F1:71:E8:4A:02:9B:2A
Certificate issuer:       /CN=044328B588D7E6AB4F049D26F9E6FDBB2FB51970
Certificate serial:       22D927E561453902F34552A9AC7169AEB18CFF81
Authority key identifier: 04:43:28:B5:88:D7:E6:AB:4F:04:9D:26:F9:E6:FD:BB:2F:B5:19:70
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/044328B588D7E6AB4F049D26F9E6FDBB2FB51970.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/1F00C0A324484A0E532189EE68B426AA220331435BA450CFFCF3816BF1031989/0/36352e33382e3130302e302f32342d3234203d3e203532343233.roa
Signing time:             Tue 04 Feb 2025 18:54:30 +0000
ROA not before:           Tue 04 Feb 2025 18:49:30 +0000
ROA not after:            Tue 03 Feb 2026 18:54:30 +0000
asID:                     52423
IP address blocks:        65.38.100.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:d9:27:e5:61:45:39:02:f3:45:52:a9:ac:71:69:ae:b1:8c:ff:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=044328B588D7E6AB4F049D26F9E6FDBB2FB51970
        Validity
            Not Before: Feb  4 18:49:30 2025 GMT
            Not After : Feb  3 18:54:30 2026 GMT
        Subject: CN=8D7ED69018F43971C815565819F171E84A029B2A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:96:14:6c:fe:1c:5f:42:b5:a2:39:af:61:ca:
                    61:9f:44:6d:5f:3e:04:a7:1a:89:7c:d7:c6:ac:3d:
                    62:58:f3:33:55:69:94:4a:c7:d4:e7:cf:14:8f:48:
                    18:b2:72:43:dc:ba:63:e8:a9:93:ce:01:b5:07:e7:
                    71:12:cb:cd:5d:f1:7d:02:07:29:27:b2:1c:3e:77:
                    bb:81:6b:22:69:bc:cd:b6:6d:ab:14:6d:c1:d4:de:
                    65:9c:5d:13:15:21:b0:f0:9b:a3:47:94:ad:13:33:
                    99:31:de:d4:c5:ec:bf:1d:1d:b6:e5:c5:64:ca:8e:
                    5a:d8:da:4c:67:5e:12:d6:2c:13:93:05:17:f9:c9:
                    07:ee:23:86:3f:96:c4:ec:38:ff:86:db:ab:79:91:
                    6f:79:44:39:bd:b4:18:a9:a7:75:c2:36:d6:1f:da:
                    0e:43:14:9b:79:a5:bc:bd:78:42:0b:27:2c:47:72:
                    36:4c:2f:60:fc:19:2a:d5:3f:ac:84:e4:ee:ae:1a:
                    2a:08:64:cf:ae:3f:2a:46:79:02:8c:b7:3f:e0:c1:
                    7d:2e:7f:da:71:5e:d1:98:80:9c:0a:3c:dd:7c:7f:
                    ea:26:d8:71:d7:16:c3:9a:74:e7:94:91:63:27:79:
                    24:be:fd:8e:89:ac:1e:b9:7b:da:57:9b:33:04:6d:
                    3b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:7E:D6:90:18:F4:39:71:C8:15:56:58:19:F1:71:E8:4A:02:9B:2A
            X509v3 Authority Key Identifier:
                keyid:04:43:28:B5:88:D7:E6:AB:4F:04:9D:26:F9:E6:FD:BB:2F:B5:19:70

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/1F00C0A324484A0E532189EE68B426AA220331435BA450CFFCF3816BF1031989/0/044328B588D7E6AB4F049D26F9E6FDBB2FB51970.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/044328B588D7E6AB4F049D26F9E6FDBB2FB51970.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/1F00C0A324484A0E532189EE68B426AA220331435BA450CFFCF3816BF1031989/0/36352e33382e3130302e302f32342d3234203d3e203532343233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  65.38.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:02:ce:a5:93:ab:62:15:4f:9c:51:19:53:97:4a:ff:37:3d:
         e9:f7:47:86:90:02:fb:c6:96:2c:6d:66:ac:bd:1b:90:c6:49:
         b8:6c:4b:c6:98:d7:ac:82:f1:bd:2f:98:49:35:3e:fb:92:38:
         76:07:03:cb:c5:1f:d7:a1:d7:f5:57:2d:06:aa:33:b8:d6:39:
         ed:b6:3d:22:d8:14:4f:8c:bc:cb:5e:e1:61:02:a1:6a:a6:54:
         04:51:5b:7a:f6:84:1d:30:2f:7c:97:12:bc:6d:cc:f5:93:55:
         53:43:9c:c9:ab:47:5c:82:1e:2e:3a:60:69:a1:7f:0f:ad:a7:
         ac:59:ff:55:d6:f2:bb:88:7e:ee:a4:a5:3e:ab:80:09:14:34:
         fb:22:9a:ed:1a:cd:82:57:6a:02:11:3c:a2:da:6d:9c:bf:28:
         df:3e:21:1a:06:fd:82:1f:a9:fb:9a:a2:bf:66:26:d7:fd:63:
         ed:a5:b6:40:b6:6a:30:12:6f:6f:df:cb:be:40:24:be:62:b9:
         8e:5a:e3:79:de:2c:88:10:20:be:ba:e7:a0:0e:73:8a:d4:1b:
         31:ba:08:e1:c6:5a:19:99:86:01:82:06:da:a8:82:72:e7:8b:
         8d:24:b2:63:7d:f4:a6:00:82:85:85:a8:91:3f:06:ec:78:fc:
         e9:d3:a5:1a
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUItkn5WFFOQLzRVKprHFprrGM/4EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDQ0MzI4QjU4OEQ3RTZBQjRGMDQ5RDI2RjlFNkZEQkIy
RkI1MTk3MDAeFw0yNTAyMDQxODQ5MzBaFw0yNjAyMDMxODU0MzBaMDMxMTAvBgNV
BAMTKDhEN0VENjkwMThGNDM5NzFDODE1NTY1ODE5RjE3MUU4NEEwMjlCMkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQlhRs/hxfQrWiOa9hymGfRG1f
PgSnGol818asPWJY8zNVaZRKx9TnzxSPSBiyckPcumPoqZPOAbUH53ESy81d8X0C
Byknshw+d7uBayJpvM22basUbcHU3mWcXRMVIbDwm6NHlK0TM5kx3tTF7L8dHbbl
xWTKjlrY2kxnXhLWLBOTBRf5yQfuI4Y/lsTsOP+G26t5kW95RDm9tBipp3XCNtYf
2g5DFJt5pby9eEILJyxHcjZML2D8GSrVP6yE5O6uGioIZM+uPypGeQKMtz/gwX0u
f9pxXtGYgJwKPN18f+om2HHXFsOadOeUkWMneSS+/Y6JrB65e9pXmzMEbTs1AgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUjX7WkBj0OXHIFVZYGfFx6EoCmyowHwYDVR0j
BBgwFoAUBEMotYjX5qtPBJ0m+eb9uy+1GXAwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xRjAwQzBBMzI0NDg0QTBFNTMyMTg5RUU2OEI0MjZBQTIy
MDMzMTQzNUJBNDUwQ0ZGQ0YzODE2QkYxMDMxOTg5LzAvMDQ0MzI4QjU4OEQ3RTZB
QjRGMDQ5RDI2RjlFNkZEQkIyRkI1MTk3MC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8wNDQzMjhCNTg4RDdFNkFCNEYw
NDlEMjZGOUU2RkRCQjJGQjUxOTcwLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMUYwMEMwQTMyNDQ4NEEwRTUzMjE4OUVFNjhCNDI2QUEyMjAzMzE0MzVC
QTQ1MENGRkNGMzgxNkJGMTAzMTk4OS8wLzM2MzUyZTMzMzgyZTMxMzAzMDJlMzAy
ZjMyMzQyZDMyMzQyMDNkM2UyMDM1MzIzNDMyMzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABBJmQwDQYJ
KoZIhvcNAQELBQADggEBAEoCzqWTq2IVT5xRGVOXSv83Pen3R4aQAvvGlixtZqy9
G5DGSbhsS8aY16yC8b0vmEk1PvuSOHYHA8vFH9eh1/VXLQaqM7jWOe22PSLYFE+M
vMte4WECoWqmVARRW3r2hB0wL3yXErxtzPWTVVNDnMmrR1yCHi46YGmhfw+tp6xZ
/1XW8ruIfu6kpT6rgAkUNPsimu0azYJXagIRPKLabZy/KN8+IRoG/YIfqfuaor9m
Jtf9Y+2ltkC2ajASb2/fy75AJL5iuY5a43neLIgQIL6656AOc4rUGzG6COHGWhmZ
hgGCBtqognLni40ksmN99KYAgoWFqJE/Bux4/OnTpRo=
-----END CERTIFICATE-----