Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/1FC9C142275D6E11A0ED9B4FAADDBB8C2A7D3F1C46D75320A7251C71996187F1/0/34352e372e36372e302f32342d3234203d3e20323730313433.roa
File:                     34352e372e36372e302f32342d3234203d3e20323730313433.roa (raw, json)
Hash identifier:          P6vusT39PTRh/tM4P42ZZ/SwyQPO1gCmMiJdQKJ1uOY=
Subject key identifier:   17:B6:E6:59:2B:2B:DC:9E:FC:CF:1D:1B:31:DB:B3:B3:89:E5:5D:15
Certificate issuer:       /CN=3B7FBA3E1DF8AD691DB755372D731DFAB6E0CD8C
Certificate serial:       69A0884FA888BEE5AAD225060A0BCEFF2889CE68
Authority key identifier: 3B:7F:BA:3E:1D:F8:AD:69:1D:B7:55:37:2D:73:1D:FA:B6:E0:CD:8C
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/3B7FBA3E1DF8AD691DB755372D731DFAB6E0CD8C.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/1FC9C142275D6E11A0ED9B4FAADDBB8C2A7D3F1C46D75320A7251C71996187F1/0/34352e372e36372e302f32342d3234203d3e20323730313433.roa
Signing time:             Tue 04 Feb 2025 18:45:51 +0000
ROA not before:           Tue 04 Feb 2025 18:40:51 +0000
ROA not after:            Tue 03 Feb 2026 18:45:51 +0000
asID:                     270143
IP address blocks:        45.7.67.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:a0:88:4f:a8:88:be:e5:aa:d2:25:06:0a:0b:ce:ff:28:89:ce:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3B7FBA3E1DF8AD691DB755372D731DFAB6E0CD8C
        Validity
            Not Before: Feb  4 18:40:51 2025 GMT
            Not After : Feb  3 18:45:51 2026 GMT
        Subject: CN=17B6E6592B2BDC9EFCCF1D1B31DBB3B389E55D15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:bc:77:f9:f5:9b:3d:64:97:31:cb:11:bd:22:
                    fa:52:97:3a:e4:9a:91:f6:81:c3:c1:f3:a5:ee:82:
                    5a:32:3c:4e:1f:45:f0:ac:94:6c:08:96:7f:79:9d:
                    9c:c1:09:94:09:cc:d4:6c:53:74:bc:20:12:5d:f2:
                    80:d8:cf:67:56:0c:2a:ad:d6:ae:74:68:1b:97:da:
                    0c:5a:84:bc:06:ee:d2:d0:3c:37:e8:b0:f9:b7:8c:
                    70:be:5f:bb:ec:4e:37:06:b5:d2:51:ec:5e:e7:a5:
                    f4:f2:29:66:d5:5e:03:ae:2a:c9:5c:e6:ed:a7:ea:
                    f8:0e:d4:72:61:c0:98:b9:6e:ce:c1:8c:87:4c:33:
                    da:e7:e6:72:ec:81:39:35:92:36:33:44:67:8c:1e:
                    5f:9a:b1:60:1b:00:bd:98:82:e8:b5:91:7f:37:bd:
                    48:f5:76:8a:3d:38:40:c3:73:40:47:78:67:a3:bf:
                    d6:c5:0e:36:88:1e:9d:1c:0b:69:69:8d:26:fa:e8:
                    a4:1d:ff:1a:15:b2:4d:ac:4b:e4:34:05:9b:b6:d7:
                    4f:53:37:72:a4:91:2d:8a:a5:21:d2:2a:25:6f:b5:
                    41:14:d6:10:5f:7b:45:fc:1d:da:53:25:5c:b2:59:
                    1d:11:44:d5:3e:e9:62:73:19:26:a5:01:a7:82:d3:
                    80:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B6:E6:59:2B:2B:DC:9E:FC:CF:1D:1B:31:DB:B3:B3:89:E5:5D:15
            X509v3 Authority Key Identifier:
                keyid:3B:7F:BA:3E:1D:F8:AD:69:1D:B7:55:37:2D:73:1D:FA:B6:E0:CD:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/1FC9C142275D6E11A0ED9B4FAADDBB8C2A7D3F1C46D75320A7251C71996187F1/0/3B7FBA3E1DF8AD691DB755372D731DFAB6E0CD8C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/3B7FBA3E1DF8AD691DB755372D731DFAB6E0CD8C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/1FC9C142275D6E11A0ED9B4FAADDBB8C2A7D3F1C46D75320A7251C71996187F1/0/34352e372e36372e302f32342d3234203d3e20323730313433.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.7.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:f7:bf:13:a1:57:12:5c:10:57:46:d5:a7:89:4e:49:e3:1a:
         4b:14:3a:49:14:46:58:da:67:65:b8:32:8d:c8:39:de:82:f5:
         48:d4:a5:cc:3f:0a:5d:c7:5d:d7:54:f3:79:4b:b2:2f:32:c6:
         99:f5:2b:13:1c:26:a9:fa:1b:10:63:57:49:31:6b:a4:d5:e6:
         01:7f:33:d1:49:82:55:f7:ae:3c:32:54:48:7c:0e:f5:94:da:
         0f:d1:2b:1e:75:02:4d:c4:2f:db:5e:e0:06:07:c7:f1:e4:de:
         c0:6f:95:8d:5f:4a:11:2d:4d:1b:de:38:85:00:31:fb:42:6e:
         2e:53:29:fb:74:4d:d6:a2:27:22:92:d8:38:87:82:b4:99:4d:
         d3:5e:d7:f9:02:6d:f8:ee:27:0c:f2:ab:31:0a:ff:39:72:96:
         c6:33:c8:0e:cf:f2:e2:20:35:72:6b:db:05:6d:c0:c2:5c:60:
         51:c9:0e:d1:64:d2:49:bf:8f:f7:5a:07:2e:d7:62:02:d6:14:
         e6:09:15:b9:47:a4:13:6d:18:89:58:60:6c:ca:ec:0e:41:99:
         21:26:ea:12:9d:34:f2:37:82:c1:b3:f2:57:5f:90:a3:9f:d5:
         e9:f3:5d:6b:f0:a4:48:14:0d:88:32:77:2f:b5:86:c9:39:49:
         f9:72:95:35
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIUaaCIT6iIvuWq0iUGCgvO/yiJzmgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0I3RkJBM0UxREY4QUQ2OTFEQjc1NTM3MkQ3MzFERkFC
NkUwQ0Q4QzAeFw0yNTAyMDQxODQwNTFaFw0yNjAyMDMxODQ1NTFaMDMxMTAvBgNV
BAMTKDE3QjZFNjU5MkIyQkRDOUVGQ0NGMUQxQjMxREJCM0IzODlFNTVEMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCNvHf59Zs9ZJcxyxG9IvpSlzrk
mpH2gcPB86XugloyPE4fRfCslGwIln95nZzBCZQJzNRsU3S8IBJd8oDYz2dWDCqt
1q50aBuX2gxahLwG7tLQPDfosPm3jHC+X7vsTjcGtdJR7F7npfTyKWbVXgOuKslc
5u2n6vgO1HJhwJi5bs7BjIdMM9rn5nLsgTk1kjYzRGeMHl+asWAbAL2Ygui1kX83
vUj1doo9OEDDc0BHeGejv9bFDjaIHp0cC2lpjSb66KQd/xoVsk2sS+Q0BZu2109T
N3KkkS2KpSHSKiVvtUEU1hBfe0X8HdpTJVyyWR0RRNU+6WJzGSalAaeC04DZAgMB
AAGjggLEMIICwDAdBgNVHQ4EFgQUF7bmWSsr3J78zx0bMduzs4nlXRUwHwYDVR0j
BBgwFoAUO3+6Ph34rWkdt1U3LXMd+rbgzYwwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8xRkM5QzE0MjI3NUQ2RTExQTBFRDlCNEZBQUREQkI4QzJB
N0QzRjFDNDZENzUzMjBBNzI1MUM3MTk5NjE4N0YxLzAvM0I3RkJBM0UxREY4QUQ2
OTFEQjc1NTM3MkQ3MzFERkFCNkUwQ0Q4Qy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8zQjdGQkEzRTFERjhBRDY5MURC
NzU1MzcyRDczMURGQUI2RTBDRDhDLmNlcjCBwwYIKwYBBQUHAQsEgbYwgbMwgbAG
CCsGAQUFBzALhoGjcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMUZDOUMxNDIyNzVENkUxMUEwRUQ5QjRGQUFEREJCOEMyQTdEM0YxQzQ2
RDc1MzIwQTcyNTFDNzE5OTYxODdGMS8wLzM0MzUyZTM3MmUzNjM3MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzNzMwMzEzNDMzLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQdDMA0GCSqG
SIb3DQEBCwUAA4IBAQAP978ToVcSXBBXRtWniU5J4xpLFDpJFEZY2mdluDKNyDne
gvVI1KXMPwpdx13XVPN5S7IvMsaZ9SsTHCap+hsQY1dJMWuk1eYBfzPRSYJV9648
MlRIfA71lNoP0SsedQJNxC/bXuAGB8fx5N7Ab5WNX0oRLU0b3jiFADH7Qm4uUyn7
dE3Woiciktg4h4K0mU3TXtf5Am347icM8qsxCv85cpbGM8gOz/LiIDVya9sFbcDC
XGBRyQ7RZNJJv4/3Wgcu12IC1hTmCRW5R6QTbRiJWGBsyuwOQZkhJuoSnTTyN4LB
s/JXX5Cjn9Xp811r8KRIFA2IMncvtYbJOUn5cpU1
-----END CERTIFICATE-----