Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/220D655CE1609C246E89BDC1042E51C467801A7D0CE67C9FDADC6307D7325B62/0/3133312e3232312e36342e302f32322d3234203d3e20323635373938.roa
File:                     3133312e3232312e36342e302f32322d3234203d3e20323635373938.roa (raw, json)
Hash identifier:          H1conceKs3KYf0BCP7SqZQsJe7CkX4TRtQ2icAnCBCU=
Subject key identifier:   8D:E1:2B:11:59:DB:86:86:10:95:DF:7C:C6:C1:75:B6:AB:7F:29:14
Certificate issuer:       /CN=9D2820894F6D41941116396B192CCF8017618F44
Certificate serial:       3CB73105932898F2ECE82B2E8ED07CC49FB9CB21
Authority key identifier: 9D:28:20:89:4F:6D:41:94:11:16:39:6B:19:2C:CF:80:17:61:8F:44
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9D2820894F6D41941116396B192CCF8017618F44.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/220D655CE1609C246E89BDC1042E51C467801A7D0CE67C9FDADC6307D7325B62/0/3133312e3232312e36342e302f32322d3234203d3e20323635373938.roa
Signing time:             Tue 04 Feb 2025 18:20:01 +0000
ROA not before:           Tue 04 Feb 2025 18:15:01 +0000
ROA not after:            Tue 03 Feb 2026 18:20:01 +0000
asID:                     265798
IP address blocks:        131.221.64.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:b7:31:05:93:28:98:f2:ec:e8:2b:2e:8e:d0:7c:c4:9f:b9:cb:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9D2820894F6D41941116396B192CCF8017618F44
        Validity
            Not Before: Feb  4 18:15:01 2025 GMT
            Not After : Feb  3 18:20:01 2026 GMT
        Subject: CN=8DE12B1159DB86861095DF7CC6C175B6AB7F2914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:9f:9d:57:16:fc:ea:d3:a3:44:6e:c4:ca:9c:
                    6e:1d:e7:c8:51:27:5e:0e:18:77:5f:e8:0c:3b:3b:
                    76:09:69:ae:ae:da:00:51:a2:61:c3:38:22:4b:ba:
                    7d:aa:92:2d:15:1e:0a:e1:83:5b:fb:73:3a:86:dc:
                    47:e2:1a:12:5b:15:04:0b:28:ef:2e:df:da:05:d8:
                    4f:64:d0:6e:8a:d7:46:8c:1b:a7:84:b8:8d:82:83:
                    48:60:26:cb:b6:83:8d:99:49:de:76:6b:de:54:c8:
                    d3:ac:2b:0d:33:fa:f7:f0:ea:a3:0a:ec:96:75:73:
                    63:8b:bd:6c:f8:2f:98:12:48:a6:cd:a9:d9:d0:f4:
                    28:71:b4:c5:a4:6a:b6:12:1a:45:f7:fb:df:65:c3:
                    db:02:32:60:58:7d:fe:87:6d:25:b4:a6:de:7f:62:
                    99:0f:5c:d8:de:37:d1:9f:8b:99:2e:0e:14:24:89:
                    fe:73:95:0e:1e:e6:1f:d6:3e:28:a7:03:17:3b:cc:
                    1b:85:23:0f:76:d9:ee:f7:23:18:08:50:24:25:5a:
                    2c:09:c1:11:65:1d:9a:6c:9f:b9:d3:97:58:fb:13:
                    69:c9:fb:a7:4e:50:d5:7f:82:bc:dc:66:9b:7f:ac:
                    d4:1a:d5:3c:44:fb:99:0d:0c:5a:2b:ac:f1:6f:84:
                    e2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:E1:2B:11:59:DB:86:86:10:95:DF:7C:C6:C1:75:B6:AB:7F:29:14
            X509v3 Authority Key Identifier:
                keyid:9D:28:20:89:4F:6D:41:94:11:16:39:6B:19:2C:CF:80:17:61:8F:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/220D655CE1609C246E89BDC1042E51C467801A7D0CE67C9FDADC6307D7325B62/0/9D2820894F6D41941116396B192CCF8017618F44.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9D2820894F6D41941116396B192CCF8017618F44.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/220D655CE1609C246E89BDC1042E51C467801A7D0CE67C9FDADC6307D7325B62/0/3133312e3232312e36342e302f32322d3234203d3e20323635373938.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.221.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ea:00:fa:43:56:a2:e8:ac:a5:7f:1e:29:4c:82:a2:e8:60:77:
         c8:f2:7c:bc:f2:0e:b4:3f:be:fa:38:d0:57:bb:33:b6:c3:3d:
         48:6f:c8:9d:98:e8:1d:10:a2:b9:c5:1c:4c:b5:7b:9b:93:83:
         08:cb:8b:65:7a:fa:c6:74:8c:73:eb:e0:11:ce:2d:c2:ca:74:
         1d:c0:b2:64:f3:49:fd:a1:3f:4f:1c:48:01:57:d3:70:a5:59:
         42:0e:70:c7:93:17:fa:05:db:a3:27:93:f7:f1:04:ed:66:6d:
         70:7c:d5:db:b9:5d:f7:48:c5:64:c7:d8:63:ff:ba:cd:a9:70:
         69:94:59:14:21:f1:e8:26:ff:e4:c4:95:b0:0c:0e:5a:b0:c7:
         55:82:aa:3e:c5:37:e4:95:8c:a4:7a:ac:0b:e8:db:6e:8c:68:
         46:e9:3f:02:e1:de:e0:8f:1a:3c:a6:2f:fe:dd:dd:f5:43:23:
         69:ba:f0:53:86:a4:90:50:48:c4:14:42:2a:8d:d7:22:a0:33:
         8d:bc:75:dd:62:76:89:a5:4c:f9:43:2b:8a:f1:e2:37:91:7a:
         e6:95:fd:33:de:3d:7b:25:9b:93:c9:21:56:66:0c:b6:a5:dc:
         e7:5f:25:4c:ff:5a:02:68:50:a2:03:ac:a3:89:2d:85:93:73:
         3c:d0:30:4e
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUPLcxBZMomPLs6CsujtB8xJ+5yyEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUQyODIwODk0RjZENDE5NDExMTYzOTZCMTkyQ0NGODAx
NzYxOEY0NDAeFw0yNTAyMDQxODE1MDFaFw0yNjAyMDMxODIwMDFaMDMxMTAvBgNV
BAMTKDhERTEyQjExNTlEQjg2ODYxMDk1REY3Q0M2QzE3NUI2QUI3RjI5MTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrn51XFvzq06NEbsTKnG4d58hR
J14OGHdf6Aw7O3YJaa6u2gBRomHDOCJLun2qki0VHgrhg1v7czqG3EfiGhJbFQQL
KO8u39oF2E9k0G6K10aMG6eEuI2Cg0hgJsu2g42ZSd52a95UyNOsKw0z+vfw6qMK
7JZ1c2OLvWz4L5gSSKbNqdnQ9ChxtMWkarYSGkX3+99lw9sCMmBYff6HbSW0pt5/
YpkPXNjeN9Gfi5kuDhQkif5zlQ4e5h/WPiinAxc7zBuFIw922e73IxgIUCQlWiwJ
wRFlHZpsn7nTl1j7E2nJ+6dOUNV/grzcZpt/rNQa1TxE+5kNDForrPFvhOIrAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUjeErEVnbhoYQld98xsF1tqt/KRQwHwYDVR0j
BBgwFoAUnSggiU9tQZQRFjlrGSzPgBdhj0QwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8yMjBENjU1Q0UxNjA5QzI0NkU4OUJEQzEwNDJFNTFDNDY3
ODAxQTdEMENFNjdDOUZEQURDNjMwN0Q3MzI1QjYyLzAvOUQyODIwODk0RjZENDE5
NDExMTYzOTZCMTkyQ0NGODAxNzYxOEY0NC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85RDI4MjA4OTRGNkQ0MTk0MTEx
NjM5NkIxOTJDQ0Y4MDE3NjE4RjQ0LmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMjIwRDY1NUNFMTYwOUMyNDZFODlCREMxMDQyRTUxQzQ2NzgwMUE3RDBD
RTY3QzlGREFEQzYzMDdENzMyNUI2Mi8wLzMxMzMzMTJlMzIzMjMxMmUzNjM0MmUz
MDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzNjM1MzczOTM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCg91A
MA0GCSqGSIb3DQEBCwUAA4IBAQDqAPpDVqLorKV/HilMgqLoYHfI8ny88g60P776
ONBXuzO2wz1Ib8idmOgdEKK5xRxMtXubk4MIy4tlevrGdIxz6+ARzi3CynQdwLJk
80n9oT9PHEgBV9NwpVlCDnDHkxf6BdujJ5P38QTtZm1wfNXbuV33SMVkx9hj/7rN
qXBplFkUIfHoJv/kxJWwDA5asMdVgqo+xTfklYykeqwL6NtujGhG6T8C4d7gjxo8
pi/+3d31QyNpuvBThqSQUEjEFEIqjdcioDONvHXdYnaJpUz5QyuK8eI3kXrmlf0z
3j17JZuTySFWZgy2pdznXyVM/1oCaFCiA6yjiS2Fk3M80DBO
-----END CERTIFICATE-----