Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/300892915B4F76495207C54B9B23B1629F6FBAD8A5659EE4F5B09E982BA54E63/0/3132382e3230312e3131322e302f32322d3234203d3e20323635373231.roa
File:                     3132382e3230312e3131322e302f32322d3234203d3e20323635373231.roa (raw, json)
Hash identifier:          CMkBruGYKL80Ok5wn8mmC59u6wsCZ/dDxiwJ+THiyQ0=
Subject key identifier:   42:20:80:59:4B:6C:30:37:6D:97:1E:93:E3:65:76:3D:A6:CF:1F:5C
Certificate issuer:       /CN=CFA8D5AEE2FFD5169B863E840F863AC026919A61
Certificate serial:       4F2C238AB15206B65A9C86D0FA52AC7014C89478
Authority key identifier: CF:A8:D5:AE:E2:FF:D5:16:9B:86:3E:84:0F:86:3A:C0:26:91:9A:61
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/CFA8D5AEE2FFD5169B863E840F863AC026919A61.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/300892915B4F76495207C54B9B23B1629F6FBAD8A5659EE4F5B09E982BA54E63/0/3132382e3230312e3131322e302f32322d3234203d3e20323635373231.roa
Signing time:             Tue 04 Feb 2025 18:37:30 +0000
ROA not before:           Tue 04 Feb 2025 18:32:30 +0000
ROA not after:            Tue 03 Feb 2026 18:37:30 +0000
asID:                     265721
IP address blocks:        128.201.112.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:2c:23:8a:b1:52:06:b6:5a:9c:86:d0:fa:52:ac:70:14:c8:94:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CFA8D5AEE2FFD5169B863E840F863AC026919A61
        Validity
            Not Before: Feb  4 18:32:30 2025 GMT
            Not After : Feb  3 18:37:30 2026 GMT
        Subject: CN=422080594B6C30376D971E93E365763DA6CF1F5C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:58:a1:40:15:af:8b:11:df:ad:95:88:6b:47:
                    d4:74:3f:1a:63:2a:c3:5c:55:12:ec:3e:4b:63:bd:
                    11:ec:13:c9:bd:ec:c1:97:41:29:41:ad:e6:5e:28:
                    7e:b2:b7:b7:d4:ad:66:c0:59:83:58:d6:01:3d:0b:
                    a0:87:6b:bb:8c:57:dc:1c:19:59:c5:27:32:6d:38:
                    30:45:27:8d:f0:98:ce:52:94:62:3b:e5:76:a2:6c:
                    41:8e:a9:3a:dd:7c:ea:d0:9c:9e:52:d1:c0:03:eb:
                    93:67:f0:eb:e4:aa:56:8f:d9:85:4e:4c:b5:06:da:
                    d0:e8:95:d3:8b:1b:52:e8:a1:27:47:de:50:9d:05:
                    20:a4:57:b9:d0:d1:bb:5b:b6:52:3c:da:67:c3:e2:
                    2a:5f:23:2c:1f:81:b8:c7:d7:3c:d5:24:05:1d:d1:
                    0a:14:94:2f:3e:dd:35:65:86:23:0b:d1:9e:bb:92:
                    12:a6:7b:11:dd:14:ad:cc:e9:fb:87:38:65:ac:66:
                    f7:58:23:27:d7:ce:be:7a:a4:39:39:5d:f9:f3:84:
                    bc:2d:4f:3e:f5:bd:0f:44:08:cc:1d:60:ba:7b:5c:
                    e3:7a:21:f6:eb:b7:02:7a:ea:76:02:26:ea:a4:cb:
                    d5:39:32:0b:71:22:97:76:81:18:8f:53:63:22:14:
                    93:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:20:80:59:4B:6C:30:37:6D:97:1E:93:E3:65:76:3D:A6:CF:1F:5C
            X509v3 Authority Key Identifier:
                keyid:CF:A8:D5:AE:E2:FF:D5:16:9B:86:3E:84:0F:86:3A:C0:26:91:9A:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/300892915B4F76495207C54B9B23B1629F6FBAD8A5659EE4F5B09E982BA54E63/0/CFA8D5AEE2FFD5169B863E840F863AC026919A61.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/CFA8D5AEE2FFD5169B863E840F863AC026919A61.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/300892915B4F76495207C54B9B23B1629F6FBAD8A5659EE4F5B09E982BA54E63/0/3132382e3230312e3131322e302f32322d3234203d3e20323635373231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.201.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         77:e3:51:c5:11:4b:5b:99:8a:73:90:ee:46:23:a6:83:6a:4c:
         17:57:d7:b2:fc:05:08:72:04:48:15:84:cc:b6:12:aa:7b:c7:
         61:aa:cb:76:a4:e2:f8:2c:a9:51:c6:14:09:c4:f0:22:59:d9:
         0b:ba:86:f3:7e:fc:f0:12:6a:04:a8:02:66:bb:df:44:03:fa:
         74:eb:5e:0a:ea:ff:26:47:87:5b:e3:86:80:6f:7b:69:47:8b:
         76:c7:22:57:cb:4c:3f:00:12:68:2c:6d:c2:ec:50:6e:a2:99:
         2a:b4:0c:5d:9b:89:5d:a0:e5:43:55:19:0e:42:9c:95:99:ad:
         63:4c:70:d7:3e:35:a4:20:8b:d9:2e:40:b1:4c:83:93:c6:5d:
         e9:52:72:97:ef:84:87:a5:61:7e:b2:01:63:64:f4:68:02:2d:
         9e:79:d5:70:5a:08:d9:57:d3:32:98:41:1f:68:10:23:c5:2f:
         66:a7:2d:d8:d2:1f:2b:00:91:dc:d4:c8:85:e5:fa:bc:73:c7:
         5b:78:77:c8:1a:a1:4a:ed:34:e7:cf:a6:ee:dd:c0:f6:92:69:
         28:f9:a2:bf:e7:74:70:1e:5b:1e:b6:1c:60:3e:b9:e9:46:0a:
         ce:2b:b4:b2:cb:4b:33:33:4a:76:28:40:34:c8:41:92:9a:de:
         75:91:ec:bf
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIUTywjirFSBrZanIbQ+lKscBTIlHgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0ZBOEQ1QUVFMkZGRDUxNjlCODYzRTg0MEY4NjNBQzAy
NjkxOUE2MTAeFw0yNTAyMDQxODMyMzBaFw0yNjAyMDMxODM3MzBaMDMxMTAvBgNV
BAMTKDQyMjA4MDU5NEI2QzMwMzc2RDk3MUU5M0UzNjU3NjNEQTZDRjFGNUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXWKFAFa+LEd+tlYhrR9R0Pxpj
KsNcVRLsPktjvRHsE8m97MGXQSlBreZeKH6yt7fUrWbAWYNY1gE9C6CHa7uMV9wc
GVnFJzJtODBFJ43wmM5SlGI75XaibEGOqTrdfOrQnJ5S0cAD65Nn8OvkqlaP2YVO
TLUG2tDoldOLG1LooSdH3lCdBSCkV7nQ0btbtlI82mfD4ipfIywfgbjH1zzVJAUd
0QoUlC8+3TVlhiML0Z67khKmexHdFK3M6fuHOGWsZvdYIyfXzr56pDk5XfnzhLwt
Tz71vQ9ECMwdYLp7XON6IfbrtwJ66nYCJuqky9U5MgtxIpd2gRiPU2MiFJMtAgMB
AAGjggLMMIICyDAdBgNVHQ4EFgQUQiCAWUtsMDdtlx6T42V2PabPH1wwHwYDVR0j
BBgwFoAUz6jVruL/1Rabhj6ED4Y6wCaRmmEwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zMDA4OTI5MTVCNEY3NjQ5NTIwN0M1NEI5QjIzQjE2MjlG
NkZCQUQ4QTU2NTlFRTRGNUIwOUU5ODJCQTU0RTYzLzAvQ0ZBOEQ1QUVFMkZGRDUx
NjlCODYzRTg0MEY4NjNBQzAyNjkxOUE2MS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9DRkE4RDVBRUUyRkZENTE2OUI4
NjNFODQwRjg2M0FDMDI2OTE5QTYxLmNlcjCBywYIKwYBBQUHAQsEgb4wgbswgbgG
CCsGAQUFBzALhoGrcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMzAwODkyOTE1QjRGNzY0OTUyMDdDNTRCOUIyM0IxNjI5RjZGQkFEOEE1
NjU5RUU0RjVCMDlFOTgyQkE1NEU2My8wLzMxMzIzODJlMzIzMDMxMmUzMTMxMzIy
ZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMjM2MzUzNzMyMzEucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKA
yXAwDQYJKoZIhvcNAQELBQADggEBAHfjUcURS1uZinOQ7kYjpoNqTBdX17L8BQhy
BEgVhMy2Eqp7x2Gqy3ak4vgsqVHGFAnE8CJZ2Qu6hvN+/PASagSoAma730QD+nTr
Xgrq/yZHh1vjhoBve2lHi3bHIlfLTD8AEmgsbcLsUG6imSq0DF2biV2g5UNVGQ5C
nJWZrWNMcNc+NaQgi9kuQLFMg5PGXelScpfvhIelYX6yAWNk9GgCLZ551XBaCNlX
0zKYQR9oECPFL2anLdjSHysAkdzUyIXl+rxzx1t4d8gaoUrtNOfPpu7dwPaSaSj5
or/ndHAeWx62HGA+uelGCs4rtLLLSzMzSnYoQDTIQZKa3nWR7L8=
-----END CERTIFICATE-----