Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/1FC9C142275D6E11A0ED9B4FAADDBB8C2A7D3F1C46D75320A7251C71996187F1/0/34352e372e36352e302f32342d3234203d3e20323730313433.roa
File:                     34352e372e36352e302f32342d3234203d3e20323730313433.roa (raw, json)
Hash identifier:          YgyD+51iPdOdBLW56X7FuGuR1CAulv75IROHXnfLLtQ=
Subject key identifier:   BA:3A:2A:8F:0B:3A:97:47:02:1F:39:01:AD:D3:57:89:4E:09:44:2D
Certificate issuer:       /CN=3B7FBA3E1DF8AD691DB755372D731DFAB6E0CD8C
Certificate serial:       7EE5FA631CFB91BC6DBB3727C5B4B3B962DDD0C6
Authority key identifier: 3B:7F:BA:3E:1D:F8:AD:69:1D:B7:55:37:2D:73:1D:FA:B6:E0:CD:8C
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/3B7FBA3E1DF8AD691DB755372D731DFAB6E0CD8C.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/1FC9C142275D6E11A0ED9B4FAADDBB8C2A7D3F1C46D75320A7251C71996187F1/0/34352e372e36352e302f32342d3234203d3e20323730313433.roa
Signing time:             Tue 04 Feb 2025 18:45:50 +0000
ROA not before:           Tue 04 Feb 2025 18:40:50 +0000
ROA not after:            Tue 03 Feb 2026 18:45:50 +0000
asID:                     270143
IP address blocks:        45.7.65.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:e5:fa:63:1c:fb:91:bc:6d:bb:37:27:c5:b4:b3:b9:62:dd:d0:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3B7FBA3E1DF8AD691DB755372D731DFAB6E0CD8C
        Validity
            Not Before: Feb  4 18:40:50 2025 GMT
            Not After : Feb  3 18:45:50 2026 GMT
        Subject: CN=BA3A2A8F0B3A9747021F3901ADD357894E09442D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:1c:97:47:1d:45:fd:0d:ac:5e:55:63:3b:98:
                    58:29:5b:a6:4f:c3:b5:96:0b:56:f2:e0:c5:dc:84:
                    86:cc:57:eb:99:0b:52:de:1d:78:c2:88:6f:2c:2d:
                    80:e0:6f:82:b8:9b:fa:c1:a5:05:03:b3:4f:c0:bd:
                    a0:87:41:de:b5:a4:d6:91:af:7e:ff:f9:43:59:1a:
                    01:86:f7:89:e6:c1:2f:d4:05:69:fe:48:78:03:20:
                    c0:dc:29:66:d3:5e:c7:cf:8f:81:6c:10:7b:69:3b:
                    04:3d:b7:08:38:d5:3a:62:ec:6f:41:b2:d4:96:e2:
                    57:87:7a:aa:84:5c:dd:87:9c:a9:db:11:dd:d4:ed:
                    8f:a8:ca:cd:df:28:a8:6f:c8:bb:5e:d7:f2:b7:9a:
                    2a:5a:b3:69:e3:c1:54:86:7d:e8:47:52:5e:f6:e1:
                    de:f5:cb:2d:64:48:04:0e:a4:eb:96:c8:3d:20:aa:
                    88:4a:ed:b1:cf:9b:ed:6c:b8:74:03:92:e1:bc:90:
                    ed:92:6f:5d:01:47:d9:f2:23:80:fc:f5:81:4f:13:
                    47:b6:b9:f5:a1:88:61:48:91:ba:0d:28:22:5e:7f:
                    b1:27:63:43:bf:d5:a2:06:c2:aa:cf:b6:86:ed:3e:
                    39:25:99:b0:d8:6f:52:bf:98:59:3d:dc:57:da:fe:
                    e9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:3A:2A:8F:0B:3A:97:47:02:1F:39:01:AD:D3:57:89:4E:09:44:2D
            X509v3 Authority Key Identifier:
                keyid:3B:7F:BA:3E:1D:F8:AD:69:1D:B7:55:37:2D:73:1D:FA:B6:E0:CD:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/1FC9C142275D6E11A0ED9B4FAADDBB8C2A7D3F1C46D75320A7251C71996187F1/0/3B7FBA3E1DF8AD691DB755372D731DFAB6E0CD8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/3B7FBA3E1DF8AD691DB755372D731DFAB6E0CD8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/1FC9C142275D6E11A0ED9B4FAADDBB8C2A7D3F1C46D75320A7251C71996187F1/0/34352e372e36352e302f32342d3234203d3e20323730313433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.7.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:7b:8a:71:46:75:3b:f6:11:f4:f5:2d:04:14:7a:16:bb:4d:
         9b:00:32:f5:2f:07:5a:2a:f3:a2:21:01:76:aa:eb:03:b8:f4:
         7c:47:a6:97:cb:f2:bf:30:fb:4e:7d:77:a9:6c:c4:35:01:86:
         f0:94:d9:c2:11:43:28:d0:ad:ca:f0:1b:2c:2d:35:2d:76:13:
         ea:a9:77:ee:ec:f4:6f:70:52:7e:1f:3a:54:12:4f:7c:ae:8e:
         62:39:e5:42:86:a1:58:86:bc:77:91:6c:79:4a:8d:38:3f:14:
         f4:1f:04:4e:a4:8d:90:c7:56:94:da:3f:d6:90:6a:b7:e2:51:
         2d:43:20:af:fd:1a:e2:57:56:6c:44:42:17:10:22:a4:9e:3e:
         33:08:e2:bf:db:45:06:73:04:ad:f0:aa:f4:3f:30:07:72:4a:
         9f:29:1c:66:a0:2c:3e:a6:4e:68:75:e5:8e:ad:6d:b7:4c:3e:
         66:c5:ba:de:c7:94:c7:a6:9a:d9:9e:0a:9b:9b:a1:ac:d5:0b:
         a1:b9:2e:d8:43:30:3e:0b:79:bc:4c:c8:b8:e0:2e:1a:39:12:
         10:25:6f:0c:1e:b8:93:16:f7:a0:c2:c4:d1:20:b2:bd:79:50:
         56:d6:b4:ff:36:f9:2e:8b:b4:ae:1d:10:e3:8d:b7:ed:18:78:
         e1:8f:6f:d8
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIUfuX6Yxz7kbxtuzcnxbSzuWLd0MYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0I3RkJBM0UxREY4QUQ2OTFEQjc1NTM3MkQ3MzFERkFC
NkUwQ0Q4QzAeFw0yNTAyMDQxODQwNTBaFw0yNjAyMDMxODQ1NTBaMDMxMTAvBgNV
BAMTKEJBM0EyQThGMEIzQTk3NDcwMjFGMzkwMUFERDM1Nzg5NEUwOTQ0MkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVHJdHHUX9DaxeVWM7mFgpW6ZP
w7WWC1by4MXchIbMV+uZC1LeHXjCiG8sLYDgb4K4m/rBpQUDs0/AvaCHQd61pNaR
r37/+UNZGgGG94nmwS/UBWn+SHgDIMDcKWbTXsfPj4FsEHtpOwQ9twg41Tpi7G9B
stSW4leHeqqEXN2HnKnbEd3U7Y+oys3fKKhvyLte1/K3mipas2njwVSGfehHUl72
4d71yy1kSAQOpOuWyD0gqohK7bHPm+1suHQDkuG8kO2Sb10BR9nyI4D89YFPE0e2
ufWhiGFIkboNKCJef7EnY0O/1aIGwqrPtobtPjklmbDYb1K/mFk93Ffa/ul3AgMB
AAGjggLEMIICwDAdBgNVHQ4EFgQUujoqjws6l0cCHzkBrdNXiU4JRC0wHwYDVR0j
BBgwFoAUO3+6Ph34rWkdt1U3LXMd+rbgzYwwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xRkM5QzE0MjI3NUQ2RTExQTBFRDlCNEZBQUREQkI4QzJB
N0QzRjFDNDZENzUzMjBBNzI1MUM3MTk5NjE4N0YxLzAvM0I3RkJBM0UxREY4QUQ2
OTFEQjc1NTM3MkQ3MzFERkFCNkUwQ0Q4Qy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8zQjdGQkEzRTFERjhBRDY5MURC
NzU1MzcyRDczMURGQUI2RTBDRDhDLmNlcjCBwwYIKwYBBQUHAQsEgbYwgbMwgbAG
CCsGAQUFBzALhoGjcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMUZDOUMxNDIyNzVENkUxMUEwRUQ5QjRGQUFEREJCOEMyQTdEM0YxQzQ2
RDc1MzIwQTcyNTFDNzE5OTYxODdGMS8wLzM0MzUyZTM3MmUzNjM1MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzNzMwMzEzNDMzLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQdBMA0GCSqG
SIb3DQEBCwUAA4IBAQBie4pxRnU79hH09S0EFHoWu02bADL1LwdaKvOiIQF2qusD
uPR8R6aXy/K/MPtOfXepbMQ1AYbwlNnCEUMo0K3K8BssLTUtdhPqqXfu7PRvcFJ+
HzpUEk98ro5iOeVChqFYhrx3kWx5So04PxT0HwROpI2Qx1aU2j/WkGq34lEtQyCv
/RriV1ZsREIXECKknj4zCOK/20UGcwSt8Kr0PzAHckqfKRxmoCw+pk5odeWOrW23
TD5mxbrex5THpprZngqbm6Gs1QuhuS7YQzA+C3m8TMi44C4aORIQJW8MHriTFveg
wsTRILK9eVBW1rT/Nvkui7SuHRDjjbftGHjhj2/Y
-----END CERTIFICATE-----