Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/2CCF978DE00466A1F41A9C761AEB2577E55690B00C4B3DDF339A23B95B311B93/0/3230302e322e3232342e302f32342d3234203d3e2034393935.roa
File:                     3230302e322e3232342e302f32342d3234203d3e2034393935.roa (raw, json)
Hash identifier:          Hxqip28B+uV0i/dzEmggKPUA+CNdGe4vwZ55M6zUg7Y=
Subject key identifier:   40:E4:F4:75:66:6B:43:51:D4:DF:A1:4B:38:FF:86:7E:A1:FF:C5:D1
Certificate issuer:       /CN=979E05FFEED48A9692454F668B83D49714C9FE39
Certificate serial:       5E985B697F3A64BF56AA4056976C9B413C808610
Authority key identifier: 97:9E:05:FF:EE:D4:8A:96:92:45:4F:66:8B:83:D4:97:14:C9:FE:39
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/979E05FFEED48A9692454F668B83D49714C9FE39.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/2CCF978DE00466A1F41A9C761AEB2577E55690B00C4B3DDF339A23B95B311B93/0/3230302e322e3232342e302f32342d3234203d3e2034393935.roa
Signing time:             Tue 04 Feb 2025 20:03:38 +0000
ROA not before:           Tue 04 Feb 2025 19:58:38 +0000
ROA not after:            Tue 03 Feb 2026 20:03:38 +0000
asID:                     4995
IP address blocks:        200.2.224.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:98:5b:69:7f:3a:64:bf:56:aa:40:56:97:6c:9b:41:3c:80:86:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=979E05FFEED48A9692454F668B83D49714C9FE39
        Validity
            Not Before: Feb  4 19:58:38 2025 GMT
            Not After : Feb  3 20:03:38 2026 GMT
        Subject: CN=40E4F475666B4351D4DFA14B38FF867EA1FFC5D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:11:d7:8f:49:0f:66:f9:e8:51:03:af:d5:43:
                    87:45:59:15:80:54:f1:5e:9b:9d:f0:a9:95:c0:30:
                    2c:69:65:eb:03:c8:b3:f8:6f:6c:6d:ef:12:aa:27:
                    16:cf:52:e7:f3:38:e5:7b:6f:64:e1:d3:2e:55:3a:
                    9b:51:85:ee:24:48:36:ca:35:a8:9d:fb:1b:d9:c4:
                    81:5b:19:d1:d7:4c:17:70:0f:90:9c:9c:56:b9:d2:
                    b0:b2:38:05:43:02:d4:dc:3a:b8:e6:2c:98:62:ae:
                    35:39:3e:ac:3d:2b:4d:21:89:dd:58:33:aa:a2:0f:
                    29:c1:34:05:8b:c2:26:b9:81:a6:34:e6:a2:e9:05:
                    fb:06:6b:09:06:9b:5f:07:86:ff:df:42:46:66:f2:
                    da:e2:20:c4:03:81:ae:f3:e1:2f:15:46:a4:d1:d5:
                    af:cc:5b:f0:e6:c4:eb:10:ea:3d:87:e3:43:1d:1e:
                    44:1e:26:8a:45:86:0e:c4:b3:a6:a9:67:35:75:f3:
                    df:c9:72:b1:e8:fd:36:34:c4:d7:de:d0:48:85:a2:
                    83:e0:d7:a4:1f:ac:4d:fd:e2:f6:19:ce:71:16:ab:
                    27:72:9e:9a:60:32:a1:92:e1:20:3a:ee:a1:b7:dc:
                    bb:64:c7:72:6c:7c:7f:6c:1d:68:17:0c:b5:ad:00:
                    66:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:E4:F4:75:66:6B:43:51:D4:DF:A1:4B:38:FF:86:7E:A1:FF:C5:D1
            X509v3 Authority Key Identifier:
                keyid:97:9E:05:FF:EE:D4:8A:96:92:45:4F:66:8B:83:D4:97:14:C9:FE:39

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/2CCF978DE00466A1F41A9C761AEB2577E55690B00C4B3DDF339A23B95B311B93/0/979E05FFEED48A9692454F668B83D49714C9FE39.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/979E05FFEED48A9692454F668B83D49714C9FE39.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/2CCF978DE00466A1F41A9C761AEB2577E55690B00C4B3DDF339A23B95B311B93/0/3230302e322e3232342e302f32342d3234203d3e2034393935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.2.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a8:c5:01:88:5a:f3:9b:7d:52:d7:e5:b3:80:eb:32:d5:c5:
         8a:c9:bf:a5:33:12:66:3a:6d:43:36:6f:0f:09:b8:f9:1c:3e:
         f8:ee:04:22:5b:93:63:7b:41:d8:03:9a:39:e6:5d:5b:a3:57:
         0d:9a:68:f3:a7:5b:35:5f:a4:e7:cb:ed:6a:6c:33:be:27:c5:
         02:71:4a:70:62:b2:9a:99:7a:7a:a9:f9:c4:78:12:6c:c8:bb:
         67:c8:57:a1:f0:07:a0:d0:21:b1:41:2e:b2:b9:8a:fe:92:a5:
         58:95:74:4c:19:fa:0d:80:30:8d:02:1d:3b:2a:b2:a2:a4:be:
         a6:18:ba:13:48:71:e5:ec:66:5e:f7:65:f8:98:b6:86:26:f2:
         3b:ad:d8:2c:8d:70:0e:95:63:bf:0d:bd:b9:84:e4:ea:45:39:
         fc:d4:f4:2a:0e:b2:78:24:ec:e9:e0:4b:18:ed:62:fe:8b:1b:
         0c:14:c0:c9:8f:c7:dd:64:89:3d:5d:85:ce:98:a3:a1:91:6c:
         ea:02:46:f8:82:59:f2:3a:14:5f:83:05:6c:85:57:b8:b0:77:
         13:ce:9e:d2:a3:15:5a:99:28:e7:9f:50:95:b0:54:67:86:f5:
         bc:f4:72:78:5c:c0:9c:fc:47:e1:ac:53:f7:e5:fc:ab:06:e6:
         c2:0e:d4:b8
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIUXphbaX86ZL9WqkBWl2ybQTyAhhAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTc5RTA1RkZFRUQ0OEE5NjkyNDU0RjY2OEI4M0Q0OTcx
NEM5RkUzOTAeFw0yNTAyMDQxOTU4MzhaFw0yNjAyMDMyMDAzMzhaMDMxMTAvBgNV
BAMTKDQwRTRGNDc1NjY2QjQzNTFENERGQTE0QjM4RkY4NjdFQTFGRkM1RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCREdePSQ9m+ehRA6/VQ4dFWRWA
VPFem53wqZXAMCxpZesDyLP4b2xt7xKqJxbPUufzOOV7b2Th0y5VOptRhe4kSDbK
Naid+xvZxIFbGdHXTBdwD5CcnFa50rCyOAVDAtTcOrjmLJhirjU5Pqw9K00hid1Y
M6qiDynBNAWLwia5gaY05qLpBfsGawkGm18Hhv/fQkZm8triIMQDga7z4S8VRqTR
1a/MW/DmxOsQ6j2H40MdHkQeJopFhg7Es6apZzV189/JcrHo/TY0xNfe0EiFooPg
16QfrE394vYZznEWqydynppgMqGS4SA67qG33Ltkx3JsfH9sHWgXDLWtAGZxAgMB
AAGjggLEMIICwDAdBgNVHQ4EFgQUQOT0dWZrQ1HU36FLOP+GfqH/xdEwHwYDVR0j
BBgwFoAUl54F/+7UipaSRU9mi4PUlxTJ/jkwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8yQ0NGOTc4REUwMDQ2NkExRjQxQTlDNzYxQUVCMjU3N0U1
NTY5MEIwMEM0QjNEREYzMzlBMjNCOTVCMzExQjkzLzAvOTc5RTA1RkZFRUQ0OEE5
NjkyNDU0RjY2OEI4M0Q0OTcxNEM5RkUzOS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85NzlFMDVGRkVFRDQ4QTk2OTI0
NTRGNjY4QjgzRDQ5NzE0QzlGRTM5LmNlcjCBwwYIKwYBBQUHAQsEgbYwgbMwgbAG
CCsGAQUFBzALhoGjcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMkNDRjk3OERFMDA0NjZBMUY0MUE5Qzc2MUFFQjI1NzdFNTU2OTBCMDBD
NEIzRERGMzM5QTIzQjk1QjMxMUI5My8wLzMyMzAzMDJlMzIyZTMyMzIzNDJlMzAy
ZjMyMzQyZDMyMzQyMDNkM2UyMDM0MzkzOTM1LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyALgMA0GCSqG
SIb3DQEBCwUAA4IBAQCcqMUBiFrzm31S1+WzgOsy1cWKyb+lMxJmOm1DNm8PCbj5
HD747gQiW5Nje0HYA5o55l1bo1cNmmjzp1s1X6Tny+1qbDO+J8UCcUpwYrKamXp6
qfnEeBJsyLtnyFeh8Aeg0CGxQS6yuYr+kqVYlXRMGfoNgDCNAh07KrKipL6mGLoT
SHHl7GZe92X4mLaGJvI7rdgsjXAOlWO/Db25hOTqRTn81PQqDrJ4JOzp4EsY7WL+
ixsMFMDJj8fdZIk9XYXOmKOhkWzqAkb4glnyOhRfgwVshVe4sHcTzp7SoxVamSjn
n1CVsFRnhvW89HJ4XMCc/EfhrFP35fyrBubCDtS4
-----END CERTIFICATE-----