Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/2DEA4B959BE421481C137BAE5FBC2FBE1BDDD87C07A65D52F0C9ECF68F7C599F/0/3230302e372e3137362e302f32312d3234203d3e203237393533.roa
File:                     3230302e372e3137362e302f32312d3234203d3e203237393533.roa (raw, json)
Hash identifier:          qQrKZoNSEhx8npacbLf9XjMKZYwy8Lc9Fqa1gGW8+4U=
Subject key identifier:   B6:6E:23:0F:64:DE:5B:21:11:CF:63:9F:82:EF:C8:FD:E7:11:DB:DA
Certificate issuer:       /CN=D67E5644D439ECB615A931808B0D6F2AC66A19F2
Certificate serial:       71FE614F08765974794761FA391544E434D2E825
Authority key identifier: D6:7E:56:44:D4:39:EC:B6:15:A9:31:80:8B:0D:6F:2A:C6:6A:19:F2
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D67E5644D439ECB615A931808B0D6F2AC66A19F2.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/2DEA4B959BE421481C137BAE5FBC2FBE1BDDD87C07A65D52F0C9ECF68F7C599F/0/3230302e372e3137362e302f32312d3234203d3e203237393533.roa
Signing time:             Tue 04 Feb 2025 18:56:25 +0000
ROA not before:           Tue 04 Feb 2025 18:51:25 +0000
ROA not after:            Tue 03 Feb 2026 18:56:25 +0000
asID:                     27953
IP address blocks:        200.7.176.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:fe:61:4f:08:76:59:74:79:47:61:fa:39:15:44:e4:34:d2:e8:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D67E5644D439ECB615A931808B0D6F2AC66A19F2
        Validity
            Not Before: Feb  4 18:51:25 2025 GMT
            Not After : Feb  3 18:56:25 2026 GMT
        Subject: CN=B66E230F64DE5B2111CF639F82EFC8FDE711DBDA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:28:2a:94:c3:86:83:3e:e2:a0:86:ac:4d:c8:
                    c8:cc:bc:4b:77:38:7b:1d:03:2a:89:41:16:86:24:
                    93:a9:26:e1:5a:fc:6b:20:98:43:ff:d5:2f:8b:4d:
                    e8:b8:77:f2:56:0c:88:d3:22:2a:02:55:d9:91:8f:
                    cb:be:ba:de:a3:0d:52:7e:25:cf:63:58:bb:9d:ae:
                    23:21:88:fb:c4:04:71:57:a5:af:f7:38:21:5c:fb:
                    d2:1e:14:54:f5:c9:58:b9:38:79:48:88:b0:27:53:
                    82:e2:29:5b:49:63:65:05:fa:e9:72:c8:08:b8:32:
                    92:80:85:27:b2:cd:67:e8:f4:44:65:fd:77:5e:37:
                    fd:73:99:47:0d:3d:ff:38:92:04:06:a3:9d:69:bc:
                    c6:0e:ab:41:64:2d:3c:3b:f1:d1:03:5b:24:41:a4:
                    43:d3:18:9c:b1:5b:ee:b7:74:1a:eb:ac:2a:6a:1f:
                    79:9d:56:76:2c:53:96:d9:20:cb:bb:a1:31:9d:dd:
                    4a:e8:79:9f:b1:2e:3e:6c:2a:31:a9:57:21:b8:d1:
                    d9:83:ca:fb:2c:35:32:17:db:64:b3:0a:01:df:bb:
                    63:02:ea:e4:bb:13:96:50:60:49:49:93:0e:1a:da:
                    f0:ae:90:f0:cf:aa:ab:57:e2:1d:85:ae:5e:69:f7:
                    08:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:6E:23:0F:64:DE:5B:21:11:CF:63:9F:82:EF:C8:FD:E7:11:DB:DA
            X509v3 Authority Key Identifier:
                keyid:D6:7E:56:44:D4:39:EC:B6:15:A9:31:80:8B:0D:6F:2A:C6:6A:19:F2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/2DEA4B959BE421481C137BAE5FBC2FBE1BDDD87C07A65D52F0C9ECF68F7C599F/0/D67E5644D439ECB615A931808B0D6F2AC66A19F2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D67E5644D439ECB615A931808B0D6F2AC66A19F2.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/2DEA4B959BE421481C137BAE5FBC2FBE1BDDD87C07A65D52F0C9ECF68F7C599F/0/3230302e372e3137362e302f32312d3234203d3e203237393533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.7.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3a:0d:4e:53:dc:c9:70:15:70:b9:0f:85:16:89:17:8d:1c:35:
         94:c1:8a:0d:e8:26:c4:2e:1b:8e:6d:9c:c4:a7:39:3c:39:70:
         34:98:9a:02:c5:c2:37:b5:bb:f0:51:3e:f4:15:84:3c:5b:f8:
         49:d9:a4:63:3b:f6:53:ea:24:48:dc:26:fc:9e:25:53:4c:5a:
         c5:db:92:fa:2f:5f:e7:d4:ea:18:40:bd:84:2c:30:67:fd:5b:
         61:bd:e9:e7:d3:60:9f:3b:10:ad:46:f2:0f:f2:ab:76:f0:25:
         5c:80:82:53:17:78:ca:ef:05:de:82:60:a3:37:b8:8f:76:7a:
         56:86:93:26:c8:9d:85:56:ee:d8:e6:fe:ab:87:20:7b:ba:6a:
         f7:68:2d:10:4b:f5:df:f9:66:e8:10:16:95:71:95:a2:b1:f6:
         79:b7:ac:e2:09:de:a0:8a:da:84:09:e3:72:4c:17:47:3a:e2:
         78:69:b7:2a:e8:fa:dd:6e:06:b7:06:50:2f:bf:61:09:af:3d:
         fa:75:97:98:3c:02:0c:30:b7:db:d3:ce:1b:9b:10:0d:ad:a5:
         06:ec:98:f8:03:11:e1:f9:f3:64:10:a4:78:18:05:9b:c7:05:
         9c:6a:e7:df:dc:86:d1:b6:17:ff:20:38:4c:38:2b:fc:9d:58:
         25:83:41:b5
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUcf5hTwh2WXR5R2H6ORVE5DTS6CUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDY3RTU2NDRENDM5RUNCNjE1QTkzMTgwOEIwRDZGMkFD
NjZBMTlGMjAeFw0yNTAyMDQxODUxMjVaFw0yNjAyMDMxODU2MjVaMDMxMTAvBgNV
BAMTKEI2NkUyMzBGNjRERTVCMjExMUNGNjM5RjgyRUZDOEZERTcxMURCREEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjKCqUw4aDPuKghqxNyMjMvEt3
OHsdAyqJQRaGJJOpJuFa/GsgmEP/1S+LTei4d/JWDIjTIioCVdmRj8u+ut6jDVJ+
Jc9jWLudriMhiPvEBHFXpa/3OCFc+9IeFFT1yVi5OHlIiLAnU4LiKVtJY2UF+uly
yAi4MpKAhSeyzWfo9ERl/XdeN/1zmUcNPf84kgQGo51pvMYOq0FkLTw78dEDWyRB
pEPTGJyxW+63dBrrrCpqH3mdVnYsU5bZIMu7oTGd3UroeZ+xLj5sKjGpVyG40dmD
yvssNTIX22SzCgHfu2MC6uS7E5ZQYElJkw4a2vCukPDPqqtX4h2Frl5p9wgPAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUtm4jD2TeWyERz2Ofgu/I/ecR29owHwYDVR0j
BBgwFoAU1n5WRNQ57LYVqTGAiw1vKsZqGfIwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8yREVBNEI5NTlCRTQyMTQ4MUMxMzdCQUU1RkJDMkZCRTFC
REREODdDMDdBNjVENTJGMEM5RUNGNjhGN0M1OTlGLzAvRDY3RTU2NDRENDM5RUNC
NjE1QTkzMTgwOEIwRDZGMkFDNjZBMTlGMi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9ENjdFNTY0NEQ0MzlFQ0I2MTVB
OTMxODA4QjBENkYyQUM2NkExOUYyLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMkRFQTRCOTU5QkU0MjE0ODFDMTM3QkFFNUZCQzJGQkUxQkRERDg3QzA3
QTY1RDUyRjBDOUVDRjY4RjdDNTk5Ri8wLzMyMzAzMDJlMzcyZTMxMzczNjJlMzAy
ZjMyMzEyZDMyMzQyMDNkM2UyMDMyMzczOTM1MzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPIB7AwDQYJ
KoZIhvcNAQELBQADggEBADoNTlPcyXAVcLkPhRaJF40cNZTBig3oJsQuG45tnMSn
OTw5cDSYmgLFwje1u/BRPvQVhDxb+EnZpGM79lPqJEjcJvyeJVNMWsXbkvovX+fU
6hhAvYQsMGf9W2G96efTYJ87EK1G8g/yq3bwJVyAglMXeMrvBd6CYKM3uI92elaG
kybInYVW7tjm/quHIHu6avdoLRBL9d/5ZugQFpVxlaKx9nm3rOIJ3qCK2oQJ43JM
F0c64nhptyro+t1uBrcGUC+/YQmvPfp1l5g8Agwwt9vTzhubEA2tpQbsmPgDEeH5
82QQpHgYBZvHBZxq59/chtG2F/8gOEw4K/ydWCWDQbU=
-----END CERTIFICATE-----