Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/2DEA4B959BE421481C137BAE5FBC2FBE1BDDD87C07A65D52F0C9ECF68F7C599F/0/3230302e38352e38382e302f32312d3234203d3e203237393533.roa
File:                     3230302e38352e38382e302f32312d3234203d3e203237393533.roa (raw, json)
Hash identifier:          cJ5RCxqeDZDXLZY4BWYWRQFrPZWkfpdb+xbvEP/5srk=
Subject key identifier:   BD:84:F6:58:F8:AC:B6:5C:E5:E9:04:28:63:09:6E:99:7E:76:C3:D9
Certificate issuer:       /CN=D67E5644D439ECB615A931808B0D6F2AC66A19F2
Certificate serial:       3648D8465488693FD4CB119459D1E8C3D71BDBAF
Authority key identifier: D6:7E:56:44:D4:39:EC:B6:15:A9:31:80:8B:0D:6F:2A:C6:6A:19:F2
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D67E5644D439ECB615A931808B0D6F2AC66A19F2.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/2DEA4B959BE421481C137BAE5FBC2FBE1BDDD87C07A65D52F0C9ECF68F7C599F/0/3230302e38352e38382e302f32312d3234203d3e203237393533.roa
Signing time:             Tue 04 Feb 2025 18:56:24 +0000
ROA not before:           Tue 04 Feb 2025 18:51:24 +0000
ROA not after:            Tue 03 Feb 2026 18:56:24 +0000
asID:                     27953
IP address blocks:        200.85.88.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:48:d8:46:54:88:69:3f:d4:cb:11:94:59:d1:e8:c3:d7:1b:db:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D67E5644D439ECB615A931808B0D6F2AC66A19F2
        Validity
            Not Before: Feb  4 18:51:24 2025 GMT
            Not After : Feb  3 18:56:24 2026 GMT
        Subject: CN=BD84F658F8ACB65CE5E9042863096E997E76C3D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:38:c6:c8:ff:d5:32:29:9f:df:6b:5f:1d:9d:
                    b8:39:93:08:86:15:66:be:59:c0:5d:46:0c:65:9e:
                    bd:3c:bb:91:47:46:ff:81:3e:7f:4b:ec:b6:bc:cb:
                    86:59:5b:cc:04:91:50:31:91:ad:b9:f9:a3:90:77:
                    9e:51:5f:9b:c3:59:35:c3:86:23:1f:f5:fc:9f:34:
                    5e:3b:be:22:e6:be:06:a2:09:47:9a:eb:1f:d9:00:
                    b5:f1:34:61:8b:af:56:c9:a3:06:0f:43:d3:5e:53:
                    7e:db:c2:91:57:6b:b5:70:a6:69:06:1b:a9:c0:e1:
                    d4:ee:d2:cb:06:2e:e0:17:8f:54:d7:ec:f2:af:65:
                    e4:0f:57:2e:97:2d:41:6c:ed:96:cb:56:1a:ef:51:
                    ce:e3:ab:b8:51:d4:03:e0:90:61:01:33:a2:f6:40:
                    09:56:90:ff:6e:33:b0:f6:f8:37:75:7c:01:cf:11:
                    16:1c:22:7e:ef:b8:81:13:d0:e3:07:b1:24:b2:60:
                    6d:44:03:cb:c2:4c:57:1e:21:43:77:9e:de:b4:83:
                    9d:b8:b8:ac:31:96:f5:8f:2b:86:96:08:f9:7c:ec:
                    98:5b:c9:01:b7:a6:01:56:aa:ce:f5:35:d9:1e:e5:
                    0f:ea:fc:9d:4c:62:f0:b1:48:0d:e1:f7:43:1a:cc:
                    37:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:84:F6:58:F8:AC:B6:5C:E5:E9:04:28:63:09:6E:99:7E:76:C3:D9
            X509v3 Authority Key Identifier:
                keyid:D6:7E:56:44:D4:39:EC:B6:15:A9:31:80:8B:0D:6F:2A:C6:6A:19:F2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/2DEA4B959BE421481C137BAE5FBC2FBE1BDDD87C07A65D52F0C9ECF68F7C599F/0/D67E5644D439ECB615A931808B0D6F2AC66A19F2.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D67E5644D439ECB615A931808B0D6F2AC66A19F2.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/2DEA4B959BE421481C137BAE5FBC2FBE1BDDD87C07A65D52F0C9ECF68F7C599F/0/3230302e38352e38382e302f32312d3234203d3e203237393533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.85.88.0/21

    Signature Algorithm: sha256WithRSAEncryption
         65:b6:a1:b9:93:e0:d4:f5:49:62:9d:4f:7e:3b:b9:b5:63:8a:
         55:1c:45:63:1e:09:6e:5e:57:11:36:3c:47:73:29:f0:76:12:
         2a:24:c2:e1:1b:80:5c:52:b3:e1:c8:dd:c6:0b:a9:be:3f:77:
         01:ae:c7:e7:be:12:bf:eb:72:3f:83:4f:b1:c3:d8:c3:8f:83:
         3c:f8:ed:60:0d:6c:d6:da:5d:fb:eb:8c:58:01:7e:f7:ce:56:
         01:12:d2:9c:09:91:19:1e:3e:1d:3b:e8:6d:61:85:ed:6a:71:
         40:dd:a1:6b:0c:16:eb:f0:4e:a4:a8:2f:f3:09:37:2c:4f:af:
         c2:e4:0a:b7:18:62:67:a9:81:e0:21:83:70:63:b7:88:59:eb:
         70:73:8c:1d:31:9b:2d:0f:48:20:72:27:7c:91:63:26:00:ce:
         13:9e:bd:aa:48:d8:59:99:d2:0e:3b:11:d4:8a:cc:8c:c3:6d:
         fa:99:69:9f:9b:65:d4:5e:0a:ae:86:50:59:2e:ef:3d:57:82:
         7a:a0:90:8b:94:c4:ec:e8:74:93:10:b1:20:e8:38:70:8c:37:
         61:6a:09:0e:cf:e4:59:cd:69:9e:5f:a6:e8:79:56:ef:d1:69:
         d1:0b:71:84:e1:d3:15:c0:80:2d:3a:5a:0c:4d:b5:b0:3c:7f:
         63:9c:cd:4a
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUNkjYRlSIaT/UyxGUWdHow9cb268wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDY3RTU2NDRENDM5RUNCNjE1QTkzMTgwOEIwRDZGMkFD
NjZBMTlGMjAeFw0yNTAyMDQxODUxMjRaFw0yNjAyMDMxODU2MjRaMDMxMTAvBgNV
BAMTKEJEODRGNjU4RjhBQ0I2NUNFNUU5MDQyODYzMDk2RTk5N0U3NkMzRDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgOMbI/9UyKZ/fa18dnbg5kwiG
FWa+WcBdRgxlnr08u5FHRv+BPn9L7La8y4ZZW8wEkVAxka25+aOQd55RX5vDWTXD
hiMf9fyfNF47viLmvgaiCUea6x/ZALXxNGGLr1bJowYPQ9NeU37bwpFXa7VwpmkG
G6nA4dTu0ssGLuAXj1TX7PKvZeQPVy6XLUFs7ZbLVhrvUc7jq7hR1APgkGEBM6L2
QAlWkP9uM7D2+Dd1fAHPERYcIn7vuIET0OMHsSSyYG1EA8vCTFceIUN3nt60g524
uKwxlvWPK4aWCPl87JhbyQG3pgFWqs71Ndke5Q/q/J1MYvCxSA3h90MazDepAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUvYT2WPistlzl6QQoYwlumX52w9kwHwYDVR0j
BBgwFoAU1n5WRNQ57LYVqTGAiw1vKsZqGfIwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8yREVBNEI5NTlCRTQyMTQ4MUMxMzdCQUU1RkJDMkZCRTFC
REREODdDMDdBNjVENTJGMEM5RUNGNjhGN0M1OTlGLzAvRDY3RTU2NDRENDM5RUNC
NjE1QTkzMTgwOEIwRDZGMkFDNjZBMTlGMi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9ENjdFNTY0NEQ0MzlFQ0I2MTVB
OTMxODA4QjBENkYyQUM2NkExOUYyLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMkRFQTRCOTU5QkU0MjE0ODFDMTM3QkFFNUZCQzJGQkUxQkRERDg3QzA3
QTY1RDUyRjBDOUVDRjY4RjdDNTk5Ri8wLzMyMzAzMDJlMzgzNTJlMzgzODJlMzAy
ZjMyMzEyZDMyMzQyMDNkM2UyMDMyMzczOTM1MzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPIVVgwDQYJ
KoZIhvcNAQELBQADggEBAGW2obmT4NT1SWKdT347ubVjilUcRWMeCW5eVxE2PEdz
KfB2EiokwuEbgFxSs+HI3cYLqb4/dwGux+e+Er/rcj+DT7HD2MOPgzz47WANbNba
XfvrjFgBfvfOVgES0pwJkRkePh076G1hhe1qcUDdoWsMFuvwTqSoL/MJNyxPr8Lk
CrcYYmepgeAhg3Bjt4hZ63BzjB0xmy0PSCByJ3yRYyYAzhOevapI2FmZ0g47EdSK
zIzDbfqZaZ+bZdReCq6GUFku7z1XgnqgkIuUxOzodJMQsSDoOHCMN2FqCQ7P5FnN
aZ5fpuh5Vu/RadELcYTh0xXAgC06WgxNtbA8f2OczUo=
-----END CERTIFICATE-----