Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/296CACF4DBEE77502940FAD50279723AF0DA139E5C75A6B5BCEBA6B1C143DB88/0/3133312e3130382e3134312e302f32342d3234203d3e203631343930.roa
File:                     3133312e3130382e3134312e302f32342d3234203d3e203631343930.roa (raw, json)
Hash identifier:          9AORvdZhHNHLMxlBF30Yr1xq7sW3FUp/1yp8qzNjziM=
Subject key identifier:   91:B8:6F:FD:8A:B9:6A:37:81:79:92:65:7E:4C:22:2F:FA:08:58:27
Certificate issuer:       /CN=D74EEC332802572047CBE0FAB13F3CF2BA417AFF
Certificate serial:       794F34D8B9501F1B7D00209C6C4193A58C599B06
Authority key identifier: D7:4E:EC:33:28:02:57:20:47:CB:E0:FA:B1:3F:3C:F2:BA:41:7A:FF
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D74EEC332802572047CBE0FAB13F3CF2BA417AFF.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/296CACF4DBEE77502940FAD50279723AF0DA139E5C75A6B5BCEBA6B1C143DB88/0/3133312e3130382e3134312e302f32342d3234203d3e203631343930.roa
Signing time:             Tue 04 Feb 2025 17:59:17 +0000
ROA not before:           Tue 04 Feb 2025 17:54:17 +0000
ROA not after:            Tue 03 Feb 2026 17:59:17 +0000
asID:                     61490
IP address blocks:        131.108.141.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:4f:34:d8:b9:50:1f:1b:7d:00:20:9c:6c:41:93:a5:8c:59:9b:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D74EEC332802572047CBE0FAB13F3CF2BA417AFF
        Validity
            Not Before: Feb  4 17:54:17 2025 GMT
            Not After : Feb  3 17:59:17 2026 GMT
        Subject: CN=91B86FFD8AB96A37817992657E4C222FFA085827
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7d:d3:4c:a0:fc:b6:0e:47:12:11:2a:d4:ac:
                    32:08:b6:59:41:39:3c:d0:ab:12:9a:98:da:25:59:
                    7b:d3:22:78:a3:b0:75:94:34:9d:49:88:0b:77:89:
                    24:e1:2a:ff:e5:b0:40:6d:ad:14:42:67:3d:53:8e:
                    c5:f6:64:34:a2:f3:2a:1a:09:c5:9c:6c:3c:0f:c0:
                    35:c0:48:9a:9b:7d:7d:f4:0c:7c:11:86:79:84:40:
                    c3:a3:79:43:1b:34:56:de:a1:97:08:41:f3:14:91:
                    c5:64:c6:b5:f0:5c:27:c4:27:bd:72:2d:9b:66:a5:
                    26:56:91:8b:aa:e3:6d:25:b8:ba:6c:71:f2:c4:ca:
                    62:bf:8f:52:14:d9:3e:6b:13:0d:bb:47:e5:0b:06:
                    18:31:14:db:97:de:ec:10:30:42:c2:54:e4:1b:08:
                    84:96:1e:c2:a9:17:05:da:55:81:87:5b:68:51:b2:
                    cf:9e:bf:5d:c1:19:ee:75:87:f1:8d:eb:f8:d0:29:
                    15:7f:2d:ad:99:a0:93:da:39:d3:bc:b0:84:e9:ed:
                    1a:cf:7b:58:4e:45:32:d7:45:80:e8:60:7e:1c:25:
                    f8:08:0f:0b:8a:ee:a7:c3:78:96:74:10:d0:8c:33:
                    b6:31:8b:40:3c:01:e4:95:e6:ff:89:2a:7d:c2:17:
                    54:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:B8:6F:FD:8A:B9:6A:37:81:79:92:65:7E:4C:22:2F:FA:08:58:27
            X509v3 Authority Key Identifier:
                keyid:D7:4E:EC:33:28:02:57:20:47:CB:E0:FA:B1:3F:3C:F2:BA:41:7A:FF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/296CACF4DBEE77502940FAD50279723AF0DA139E5C75A6B5BCEBA6B1C143DB88/0/D74EEC332802572047CBE0FAB13F3CF2BA417AFF.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D74EEC332802572047CBE0FAB13F3CF2BA417AFF.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/296CACF4DBEE77502940FAD50279723AF0DA139E5C75A6B5BCEBA6B1C143DB88/0/3133312e3130382e3134312e302f32342d3234203d3e203631343930.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.108.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:6f:29:c8:be:a0:78:5b:35:1a:24:b4:97:54:14:1b:7b:2c:
         51:e0:e7:e8:da:3a:24:08:ed:c9:b2:84:cc:d5:1c:c0:60:94:
         6b:32:7d:22:85:20:6c:7b:f6:03:f7:11:87:f4:9f:01:d7:df:
         a7:1b:ce:9b:33:b3:00:ab:65:57:81:df:2a:af:cc:c1:3c:9d:
         a2:e2:19:ed:ab:fe:73:88:08:90:d8:b0:ac:ec:e6:e4:a1:e9:
         6e:22:e9:09:bc:65:4d:de:31:39:f0:87:83:45:82:30:63:70:
         ba:d7:e4:f4:b9:f8:72:49:94:50:7a:6b:75:b1:ae:fc:4f:47:
         af:34:88:9a:7a:88:95:81:0b:41:7c:a1:3e:ab:71:ef:dd:15:
         f4:6d:f8:b8:d4:e4:63:ac:96:86:b4:24:d4:9f:bd:03:85:94:
         14:e3:c7:0c:19:d8:e3:8b:42:f3:56:04:4a:ec:2e:fa:2f:53:
         e3:13:23:66:75:89:ce:9f:a2:64:e9:3d:8d:31:b6:05:99:c5:
         c7:01:25:ba:d6:4f:ba:5f:45:df:3a:e4:74:0a:c1:3f:94:15:
         b7:8b:0b:c6:7f:d8:84:b4:af:dd:5e:56:7b:49:c7:d6:86:15:
         1c:90:9c:94:8e:b6:b0:33:4f:c5:05:71:e2:e8:2a:f4:df:c6:
         0f:f1:70:68
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUeU802LlQHxt9ACCcbEGTpYxZmwYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDc0RUVDMzMyODAyNTcyMDQ3Q0JFMEZBQjEzRjNDRjJC
QTQxN0FGRjAeFw0yNTAyMDQxNzU0MTdaFw0yNjAyMDMxNzU5MTdaMDMxMTAvBgNV
BAMTKDkxQjg2RkZEOEFCOTZBMzc4MTc5OTI2NTdFNEMyMjJGRkEwODU4MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJfdNMoPy2DkcSESrUrDIItllB
OTzQqxKamNolWXvTInijsHWUNJ1JiAt3iSThKv/lsEBtrRRCZz1TjsX2ZDSi8yoa
CcWcbDwPwDXASJqbfX30DHwRhnmEQMOjeUMbNFbeoZcIQfMUkcVkxrXwXCfEJ71y
LZtmpSZWkYuq420luLpscfLEymK/j1IU2T5rEw27R+ULBhgxFNuX3uwQMELCVOQb
CISWHsKpFwXaVYGHW2hRss+ev13BGe51h/GN6/jQKRV/La2ZoJPaOdO8sITp7RrP
e1hORTLXRYDoYH4cJfgIDwuK7qfDeJZ0ENCMM7Yxi0A8AeSV5v+JKn3CF1TtAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUkbhv/Yq5ajeBeZJlfkwiL/oIWCcwHwYDVR0j
BBgwFoAU107sMygCVyBHy+D6sT888rpBev8wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8yOTZDQUNGNERCRUU3NzUwMjk0MEZBRDUwMjc5NzIzQUYw
REExMzlFNUM3NUE2QjVCQ0VCQTZCMUMxNDNEQjg4LzAvRDc0RUVDMzMyODAyNTcy
MDQ3Q0JFMEZBQjEzRjNDRjJCQTQxN0FGRi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9ENzRFRUMzMzI4MDI1NzIwNDdD
QkUwRkFCMTNGM0NGMkJBNDE3QUZGLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMjk2Q0FDRjREQkVFNzc1MDI5NDBGQUQ1MDI3OTcyM0FGMERBMTM5RTVD
NzVBNkI1QkNFQkE2QjFDMTQzREI4OC8wLzMxMzMzMTJlMzEzMDM4MmUzMTM0MzEy
ZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNjMxMzQzOTMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAg2yN
MA0GCSqGSIb3DQEBCwUAA4IBAQCabynIvqB4WzUaJLSXVBQbeyxR4Ofo2jokCO3J
soTM1RzAYJRrMn0ihSBse/YD9xGH9J8B19+nG86bM7MAq2VXgd8qr8zBPJ2i4hnt
q/5ziAiQ2LCs7ObkoeluIukJvGVN3jE58IeDRYIwY3C61+T0ufhySZRQemt1sa78
T0evNIiaeoiVgQtBfKE+q3Hv3RX0bfi41ORjrJaGtCTUn70DhZQU48cMGdjji0Lz
VgRK7C76L1PjEyNmdYnOn6Jk6T2NMbYFmcXHASW61k+6X0XfOuR0CsE/lBW3iwvG
f9iEtK/dXlZ7ScfWhhUckJyUjrawM0/FBXHi6Cr038YP8XBo
-----END CERTIFICATE-----