Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/29B8B0B5027D8D861D7CA62358652D20126B06A83B7179BC698D7D2A0E733F4D/0/3133382e33362e39372e302f32342d3234203d3e20323633373236.roa
File:                     3133382e33362e39372e302f32342d3234203d3e20323633373236.roa (raw, json)
Hash identifier:          FdtHUhWZD4RFvOJgfwB8nVsWd1NEuqUQYwHouMDAbKc=
Subject key identifier:   26:3E:57:18:A7:F3:E7:4E:01:0A:6E:DE:AD:FE:0A:95:D5:89:D6:62
Certificate issuer:       /CN=A1C86299C5FA84F9AB35C2974EACE4484F0A087A
Certificate serial:       60F8A62DE05828CB0CDE72CDA47E4C6907E3447D
Authority key identifier: A1:C8:62:99:C5:FA:84:F9:AB:35:C2:97:4E:AC:E4:48:4F:0A:08:7A
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A1C86299C5FA84F9AB35C2974EACE4484F0A087A.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/29B8B0B5027D8D861D7CA62358652D20126B06A83B7179BC698D7D2A0E733F4D/0/3133382e33362e39372e302f32342d3234203d3e20323633373236.roa
Signing time:             Fri 14 Mar 2025 21:11:55 +0000
ROA not before:           Fri 14 Mar 2025 21:06:55 +0000
ROA not after:            Fri 13 Mar 2026 21:11:55 +0000
asID:                     263726
IP address blocks:        138.36.97.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:f8:a6:2d:e0:58:28:cb:0c:de:72:cd:a4:7e:4c:69:07:e3:44:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A1C86299C5FA84F9AB35C2974EACE4484F0A087A
        Validity
            Not Before: Mar 14 21:06:55 2025 GMT
            Not After : Mar 13 21:11:55 2026 GMT
        Subject: CN=263E5718A7F3E74E010A6EDEADFE0A95D589D662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:04:44:74:a2:ef:a7:a3:fa:51:44:6d:59:8e:
                    af:6e:74:b7:d0:2f:5c:1f:e6:51:76:05:17:4b:68:
                    3e:94:e6:e7:1c:50:88:d8:e2:1e:b7:0e:c6:df:6a:
                    98:87:35:4b:78:ce:3f:60:06:e0:fa:8d:5f:84:0d:
                    3b:8c:73:e4:05:52:71:4a:f7:99:58:27:3d:d4:ac:
                    bb:4c:6e:6c:05:f8:31:92:e3:5a:7d:ef:98:18:7c:
                    6d:fc:73:df:98:2e:93:82:19:7f:7c:16:12:86:dd:
                    19:b6:9d:fe:5a:3b:73:b1:eb:4c:97:6b:4f:7e:95:
                    1a:b7:ff:c9:aa:e2:a0:13:80:2a:37:f5:cb:bb:0c:
                    21:c1:35:41:7b:82:94:ee:6a:45:b6:e5:db:df:95:
                    79:ce:ef:1e:d4:69:ee:6b:43:12:9b:58:80:fe:65:
                    5c:9d:02:20:ff:a4:bd:63:4d:62:c4:94:70:32:85:
                    45:93:cc:91:bd:bf:bb:82:a8:c6:9a:19:0c:f2:3e:
                    bf:eb:02:00:5d:6a:08:ef:3e:ac:9c:a8:7d:af:fd:
                    f5:23:59:a3:0c:93:8b:8b:73:f9:28:b5:8f:86:b8:
                    c2:fc:53:79:27:05:cb:5b:cd:b0:67:26:e8:14:99:
                    88:e8:ff:45:c1:35:2f:85:52:41:7d:5a:c1:35:b1:
                    b9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:3E:57:18:A7:F3:E7:4E:01:0A:6E:DE:AD:FE:0A:95:D5:89:D6:62
            X509v3 Authority Key Identifier:
                keyid:A1:C8:62:99:C5:FA:84:F9:AB:35:C2:97:4E:AC:E4:48:4F:0A:08:7A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/29B8B0B5027D8D861D7CA62358652D20126B06A83B7179BC698D7D2A0E733F4D/0/A1C86299C5FA84F9AB35C2974EACE4484F0A087A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A1C86299C5FA84F9AB35C2974EACE4484F0A087A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/29B8B0B5027D8D861D7CA62358652D20126B06A83B7179BC698D7D2A0E733F4D/0/3133382e33362e39372e302f32342d3234203d3e20323633373236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.36.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:2a:7c:7d:68:f0:2b:aa:47:da:17:06:bb:39:25:2c:e7:35:
         79:98:b4:77:5b:98:59:bb:84:d7:86:1f:55:a4:e3:c7:b8:9b:
         fc:64:53:ea:ac:84:5b:d9:1d:7f:6f:5f:62:96:65:29:85:2c:
         90:3e:9c:db:6e:04:38:15:30:0f:ba:de:f2:a0:68:54:76:fb:
         e2:a1:c2:0d:32:da:e4:45:ba:c2:ef:7b:7d:c0:96:77:aa:80:
         d7:75:0e:32:3a:8d:dd:dd:51:e7:1e:b2:bc:50:cc:24:dd:3e:
         ec:52:33:d5:d6:8b:f6:5a:d2:d7:e3:1e:0d:25:39:1f:39:44:
         8b:d2:fe:cf:f0:1f:4e:a3:af:1c:69:fe:6c:04:3e:c2:55:ce:
         57:a7:e6:5e:0f:b4:f0:78:60:00:c2:c8:5a:25:12:4b:b0:73:
         71:bc:8e:72:56:55:91:d2:18:f8:ec:60:0c:39:2a:d8:ae:25:
         b9:74:01:16:fb:2e:ee:03:5e:49:d0:1b:f6:ba:5d:b7:ec:a0:
         9c:be:a3:8d:6e:38:6a:a8:8c:69:12:6a:25:2a:d1:15:5b:a6:
         c7:0d:da:d0:ac:24:fe:d3:3d:a4:73:49:cf:1d:ba:72:ce:6b:
         b5:85:6a:b2:8d:41:c7:07:76:0b:84:42:c8:df:28:c4:8b:f6:
         0a:d0:28:9a
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUYPimLeBYKMsM3nLNpH5MaQfjRH0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTFDODYyOTlDNUZBODRGOUFCMzVDMjk3NEVBQ0U0NDg0
RjBBMDg3QTAeFw0yNTAzMTQyMTA2NTVaFw0yNjAzMTMyMTExNTVaMDMxMTAvBgNV
BAMTKDI2M0U1NzE4QTdGM0U3NEUwMTBBNkVERUFERkUwQTk1RDU4OUQ2NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlBER0ou+no/pRRG1Zjq9udLfQ
L1wf5lF2BRdLaD6U5uccUIjY4h63DsbfapiHNUt4zj9gBuD6jV+EDTuMc+QFUnFK
95lYJz3UrLtMbmwF+DGS41p975gYfG38c9+YLpOCGX98FhKG3Rm2nf5aO3Ox60yX
a09+lRq3/8mq4qATgCo39cu7DCHBNUF7gpTuakW25dvflXnO7x7Uae5rQxKbWID+
ZVydAiD/pL1jTWLElHAyhUWTzJG9v7uCqMaaGQzyPr/rAgBdagjvPqycqH2v/fUj
WaMMk4uLc/kotY+GuML8U3knBctbzbBnJugUmYjo/0XBNS+FUkF9WsE1sbn7AgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQUJj5XGKfz504BCm7erf4KldWJ1mIwHwYDVR0j
BBgwFoAUochimcX6hPmrNcKXTqzkSE8KCHowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8yOUI4QjBCNTAyN0Q4RDg2MUQ3Q0E2MjM1ODY1MkQyMDEy
NkIwNkE4M0I3MTc5QkM2OThEN0QyQTBFNzMzRjRELzAvQTFDODYyOTlDNUZBODRG
OUFCMzVDMjk3NEVBQ0U0NDg0RjBBMDg3QS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9BMUM4NjI5OUM1RkE4NEY5QUIz
NUMyOTc0RUFDRTQ0ODRGMEEwODdBLmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMjlCOEIwQjUwMjdEOEQ4NjFEN0NBNjIzNTg2NTJEMjAxMjZCMDZBODNC
NzE3OUJDNjk4RDdEMkEwRTczM0Y0RC8wLzMxMzMzODJlMzMzNjJlMzkzNzJlMzAy
ZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzYzMzM3MzIzNi5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAIokYTAN
BgkqhkiG9w0BAQsFAAOCAQEAHCp8fWjwK6pH2hcGuzklLOc1eZi0d1uYWbuE14Yf
VaTjx7ib/GRT6qyEW9kdf29fYpZlKYUskD6c224EOBUwD7re8qBoVHb74qHCDTLa
5EW6wu97fcCWd6qA13UOMjqN3d1R5x6yvFDMJN0+7FIz1daL9lrS1+MeDSU5HzlE
i9L+z/AfTqOvHGn+bAQ+wlXOV6fmXg+08HhgAMLIWiUSS7BzcbyOclZVkdIY+Oxg
DDkq2K4luXQBFvsu7gNeSdAb9rpdt+ygnL6jjW44aqiMaRJqJSrRFVumxw3a0Kwk
/tM9pHNJzx26cs5rtYVqso1Bxwd2C4RCyN8oxIv2CtAomg==
-----END CERTIFICATE-----