Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/1F7F0EF12DE7D634D9BBBCB75AC26A71E69415F9726946CF098AAC09A80B6DF1/0/3133382e35392e382e302f32322d3234203d3e20323639373838.roa
File:                     3133382e35392e382e302f32322d3234203d3e20323639373838.roa (raw, json)
Hash identifier:          IKL41gLEB/Op56pL2lBxZtVeLDrNrMGZ2pR7ATs1pnM=
Subject key identifier:   DC:E0:E4:04:16:DE:DC:21:07:49:B0:A6:B3:77:9E:45:E7:BA:B6:C8
Certificate issuer:       /CN=5D308584816ACB0CC9C35ED09C51D8BB4AA6CE24
Certificate serial:       08A7279719B5CE76348F49A3564EEB0B0FEE6478
Authority key identifier: 5D:30:85:84:81:6A:CB:0C:C9:C3:5E:D0:9C:51:D8:BB:4A:A6:CE:24
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/5D308584816ACB0CC9C35ED09C51D8BB4AA6CE24.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/1F7F0EF12DE7D634D9BBBCB75AC26A71E69415F9726946CF098AAC09A80B6DF1/0/3133382e35392e382e302f32322d3234203d3e20323639373838.roa
Signing time:             Tue 04 Feb 2025 18:27:35 +0000
ROA not before:           Tue 04 Feb 2025 18:22:35 +0000
ROA not after:            Tue 03 Feb 2026 18:27:35 +0000
asID:                     269788
IP address blocks:        138.59.8.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:a7:27:97:19:b5:ce:76:34:8f:49:a3:56:4e:eb:0b:0f:ee:64:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5D308584816ACB0CC9C35ED09C51D8BB4AA6CE24
        Validity
            Not Before: Feb  4 18:22:35 2025 GMT
            Not After : Feb  3 18:27:35 2026 GMT
        Subject: CN=DCE0E40416DEDC210749B0A6B3779E45E7BAB6C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1f:ea:5e:ca:48:ae:27:5c:0d:44:c7:7b:50:
                    06:88:01:1b:ce:5b:43:61:4e:a0:73:ad:50:09:76:
                    7d:22:6e:c5:62:d9:73:e6:81:d3:00:ef:46:45:93:
                    81:da:8e:4d:e7:d9:4d:67:ca:f7:db:0b:62:90:5f:
                    fa:6f:31:42:ca:43:cb:d4:9f:7a:5d:3d:14:6a:d0:
                    72:aa:39:be:20:1b:15:53:08:e3:a3:4d:8f:02:78:
                    51:eb:3e:3f:6d:8d:00:12:66:36:82:11:11:8f:07:
                    f3:44:31:54:b4:68:25:1d:ea:8e:f4:fe:a5:de:46:
                    17:77:5b:6f:3d:60:9d:9e:9e:7e:6d:9b:ba:09:72:
                    bf:cc:5c:76:0c:27:49:f9:8a:90:ce:04:f8:02:b1:
                    8d:c8:c0:c3:19:8b:42:da:f6:9c:55:76:06:9c:e3:
                    64:ab:23:e1:d1:6c:7b:5b:a9:90:26:99:f6:19:c0:
                    f9:9e:e7:1c:a4:4c:2f:1e:2a:03:31:9d:bd:c9:7c:
                    8f:3a:01:e9:61:99:7e:c0:e5:62:93:f6:07:af:2f:
                    f5:4b:48:74:a5:56:71:ae:37:b2:01:e0:29:b8:7b:
                    5e:a2:ca:8e:ef:72:dc:3c:51:6c:a9:09:54:e2:77:
                    8a:f5:31:69:a8:d8:a6:eb:7e:37:84:69:10:bf:49:
                    bb:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E0:E4:04:16:DE:DC:21:07:49:B0:A6:B3:77:9E:45:E7:BA:B6:C8
            X509v3 Authority Key Identifier:
                keyid:5D:30:85:84:81:6A:CB:0C:C9:C3:5E:D0:9C:51:D8:BB:4A:A6:CE:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/1F7F0EF12DE7D634D9BBBCB75AC26A71E69415F9726946CF098AAC09A80B6DF1/0/5D308584816ACB0CC9C35ED09C51D8BB4AA6CE24.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/5D308584816ACB0CC9C35ED09C51D8BB4AA6CE24.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/1F7F0EF12DE7D634D9BBBCB75AC26A71E69415F9726946CF098AAC09A80B6DF1/0/3133382e35392e382e302f32322d3234203d3e20323639373838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.59.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:c5:e7:b6:ce:f8:7a:f1:04:f1:86:12:63:a8:ec:b3:c1:35:
         dd:df:b8:c5:de:79:07:fe:01:94:f6:41:b2:2b:2f:4a:a4:80:
         65:39:75:4d:8e:b8:57:f1:7b:74:b1:05:41:af:25:87:6d:db:
         4b:35:9e:ca:27:36:f8:47:b8:8b:1e:d2:2c:d9:ed:0f:ef:da:
         fb:58:69:b5:8d:8e:5b:5e:5d:ff:7f:0b:e7:93:93:da:06:cd:
         4e:1d:87:d6:8a:aa:fc:2a:35:bd:53:f5:68:35:2b:64:13:2d:
         4c:39:62:a0:f2:67:b3:4c:54:53:00:60:94:5c:03:fe:41:7b:
         d3:e1:4a:d9:85:b7:e8:96:a2:80:15:7e:4a:06:1d:d2:51:93:
         07:97:39:14:83:97:ce:ca:9c:0f:91:e4:53:66:72:e3:a1:05:
         fd:ac:93:2c:44:06:28:45:5d:ad:19:06:63:75:6c:16:72:9a:
         ac:d4:f8:9b:1f:23:c0:1e:32:29:ac:32:0e:5b:b3:a0:ee:31:
         86:ed:31:ff:21:59:a8:ed:c8:b0:34:4f:bb:33:23:e3:51:64:
         43:b6:8e:b5:8b:ad:1b:23:34:f6:c5:9b:16:13:49:53:62:64:
         bb:e5:b6:a5:0e:a4:d9:7d:02:6d:5a:65:14:12:94:39:44:26:
         6c:0e:a2:db
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUCKcnlxm1znY0j0mjVk7rCw/uZHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNUQzMDg1ODQ4MTZBQ0IwQ0M5QzM1RUQwOUM1MUQ4QkI0
QUE2Q0UyNDAeFw0yNTAyMDQxODIyMzVaFw0yNjAyMDMxODI3MzVaMDMxMTAvBgNV
BAMTKERDRTBFNDA0MTZERURDMjEwNzQ5QjBBNkIzNzc5RTQ1RTdCQUI2QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcH+peykiuJ1wNRMd7UAaIARvO
W0NhTqBzrVAJdn0ibsVi2XPmgdMA70ZFk4Hajk3n2U1nyvfbC2KQX/pvMULKQ8vU
n3pdPRRq0HKqOb4gGxVTCOOjTY8CeFHrPj9tjQASZjaCERGPB/NEMVS0aCUd6o70
/qXeRhd3W289YJ2enn5tm7oJcr/MXHYMJ0n5ipDOBPgCsY3IwMMZi0La9pxVdgac
42SrI+HRbHtbqZAmmfYZwPme5xykTC8eKgMxnb3JfI86AelhmX7A5WKT9gevL/VL
SHSlVnGuN7IB4Cm4e16iyo7vctw8UWypCVTid4r1MWmo2KbrfjeEaRC/Sbs3AgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQU3ODkBBbe3CEHSbCms3eeRee6tsgwHwYDVR0j
BBgwFoAUXTCFhIFqywzJw17QnFHYu0qmziQwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xRjdGMEVGMTJERTdENjM0RDlCQkJDQjc1QUMyNkE3MUU2
OTQxNUY5NzI2OTQ2Q0YwOThBQUMwOUE4MEI2REYxLzAvNUQzMDg1ODQ4MTZBQ0Iw
Q0M5QzM1RUQwOUM1MUQ4QkI0QUE2Q0UyNC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC81RDMwODU4NDgxNkFDQjBDQzlD
MzVFRDA5QzUxRDhCQjRBQTZDRTI0LmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMUY3RjBFRjEyREU3RDYzNEQ5QkJCQ0I3NUFDMjZBNzFFNjk0MTVGOTcy
Njk0NkNGMDk4QUFDMDlBODBCNkRGMS8wLzMxMzMzODJlMzUzOTJlMzgyZTMwMmYz
MjMyMmQzMjM0MjAzZDNlMjAzMjM2MzkzNzM4Mzgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKKOwgwDQYJ
KoZIhvcNAQELBQADggEBAL/F57bO+HrxBPGGEmOo7LPBNd3fuMXeeQf+AZT2QbIr
L0qkgGU5dU2OuFfxe3SxBUGvJYdt20s1nsonNvhHuIse0izZ7Q/v2vtYabWNjlte
Xf9/C+eTk9oGzU4dh9aKqvwqNb1T9Wg1K2QTLUw5YqDyZ7NMVFMAYJRcA/5Be9Ph
StmFt+iWooAVfkoGHdJRkweXORSDl87KnA+R5FNmcuOhBf2skyxEBihFXa0ZBmN1
bBZymqzU+JsfI8AeMimsMg5bs6DuMYbtMf8hWajtyLA0T7szI+NRZEO2jrWLrRsj
NPbFmxYTSVNiZLvltqUOpNl9Am1aZRQSlDlEJmwOots=
-----END CERTIFICATE-----