Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/3281FF68D110D44B9E6761515810E862925448FA8B0A0E4AD2950EED298CD8C5/0/34352e372e39362e302f32322d3234203d3e203230323037.roa
File:                     34352e372e39362e302f32322d3234203d3e203230323037.roa (raw, json)
Hash identifier:          uzFGRV3Rede0GgY000WCXl07Sys4Zyl2hnO4xlJ7ZbA=
Subject key identifier:   2D:53:38:D1:94:B0:93:4A:9B:82:EF:40:E0:33:4B:DA:69:F6:C5:01
Certificate issuer:       /CN=C2F520684E5695147DFD40A812A269883EC7E43C
Certificate serial:       4187881F8D4369717F4549A660A168E57B7B270A
Authority key identifier: C2:F5:20:68:4E:56:95:14:7D:FD:40:A8:12:A2:69:88:3E:C7:E4:3C
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/C2F520684E5695147DFD40A812A269883EC7E43C.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/3281FF68D110D44B9E6761515810E862925448FA8B0A0E4AD2950EED298CD8C5/0/34352e372e39362e302f32322d3234203d3e203230323037.roa
Signing time:             Tue 04 Feb 2025 18:05:30 +0000
ROA not before:           Tue 04 Feb 2025 18:00:30 +0000
ROA not after:            Tue 03 Feb 2026 18:05:30 +0000
asID:                     20207
IP address blocks:        45.7.96.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:87:88:1f:8d:43:69:71:7f:45:49:a6:60:a1:68:e5:7b:7b:27:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C2F520684E5695147DFD40A812A269883EC7E43C
        Validity
            Not Before: Feb  4 18:00:30 2025 GMT
            Not After : Feb  3 18:05:30 2026 GMT
        Subject: CN=2D5338D194B0934A9B82EF40E0334BDA69F6C501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:51:d7:14:18:25:03:75:48:9e:a5:cb:50:39:
                    67:09:0d:74:32:53:38:c7:39:9f:6a:33:17:52:ba:
                    8b:1d:c1:3f:54:7d:68:6d:50:23:ce:2c:49:3b:fd:
                    16:7b:bd:ef:22:27:06:2c:2c:6d:f2:06:24:f0:fa:
                    86:3c:16:64:f9:68:76:2c:5f:66:cb:fb:c4:39:77:
                    66:eb:3d:59:31:c3:f4:0e:6b:24:34:f4:79:c0:30:
                    84:b6:aa:df:1f:9a:20:8e:da:1e:76:96:21:c5:d4:
                    c1:ed:a0:38:48:85:fa:87:96:d1:f6:b3:7f:b3:62:
                    57:5a:5e:e3:6e:2b:e3:48:5b:c6:d2:a6:84:5d:87:
                    ca:c7:d4:bd:f7:e0:61:77:c0:c7:ac:e6:d5:59:60:
                    d9:2d:8f:fc:49:e0:8a:77:ba:4f:cb:79:a5:00:28:
                    e2:d7:44:b7:63:fe:7a:65:98:f1:e7:21:a8:76:ff:
                    5c:d9:8a:5e:64:34:3c:8e:33:fe:4c:bc:f3:60:20:
                    78:6e:1e:b6:42:aa:c7:e6:a2:f1:fb:2d:d8:7f:5d:
                    ca:bc:ff:c8:df:71:10:ad:95:bd:e6:8c:c8:25:69:
                    a8:82:6a:1f:8b:b4:90:3a:da:97:87:67:cd:55:d0:
                    51:17:65:c6:cd:ac:97:41:91:b3:bb:f6:83:48:5d:
                    f2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:53:38:D1:94:B0:93:4A:9B:82:EF:40:E0:33:4B:DA:69:F6:C5:01
            X509v3 Authority Key Identifier:
                keyid:C2:F5:20:68:4E:56:95:14:7D:FD:40:A8:12:A2:69:88:3E:C7:E4:3C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/3281FF68D110D44B9E6761515810E862925448FA8B0A0E4AD2950EED298CD8C5/0/C2F520684E5695147DFD40A812A269883EC7E43C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/C2F520684E5695147DFD40A812A269883EC7E43C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/3281FF68D110D44B9E6761515810E862925448FA8B0A0E4AD2950EED298CD8C5/0/34352e372e39362e302f32322d3234203d3e203230323037.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.7.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:27:13:e4:15:cc:23:0c:af:5b:02:e9:62:29:f8:b1:68:5c:
         e3:c6:b1:ee:90:45:f0:e9:77:45:9d:6a:7b:d7:9a:97:39:89:
         12:f7:ca:5b:62:7c:c6:b7:85:aa:15:2c:33:3c:ca:7b:8c:ca:
         1b:23:e8:3c:5e:d1:2a:05:d6:67:ff:b5:03:e1:f9:2e:b9:11:
         6a:72:83:cd:88:42:f6:21:a2:99:26:4b:e6:bd:09:9d:b5:04:
         3c:8d:0f:62:9e:ec:22:da:61:b9:50:1b:55:4b:31:2b:e2:96:
         8e:fb:08:3e:7c:c4:f5:c0:7b:56:a8:43:a2:db:04:13:13:b4:
         52:11:a2:b9:64:83:c3:02:a1:24:67:36:fb:5a:d7:3d:2a:f5:
         db:06:91:67:ca:88:c3:2f:9c:85:b9:96:d4:88:5a:c8:51:30:
         fb:89:ae:66:3c:e1:f4:9d:4f:26:2c:09:40:3c:c1:f6:9f:eb:
         c6:37:5d:f0:ff:97:c5:9e:39:b8:79:cd:e2:ef:de:b3:d5:f7:
         9a:fb:d0:87:bd:e2:3c:a7:da:da:ff:d9:cb:3e:d0:c7:37:23:
         8d:67:f4:9c:62:03:d9:da:42:65:03:61:90:e6:82:9f:06:c5:
         b6:b0:a3:a5:8e:a6:7b:e0:2d:dc:c7:80:2c:9d:95:2b:ae:d9:
         1d:a2:23:dd
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgIUQYeIH41DaXF/RUmmYKFo5Xt7JwowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzJGNTIwNjg0RTU2OTUxNDdERkQ0MEE4MTJBMjY5ODgz
RUM3RTQzQzAeFw0yNTAyMDQxODAwMzBaFw0yNjAyMDMxODA1MzBaMDMxMTAvBgNV
BAMTKDJENTMzOEQxOTRCMDkzNEE5QjgyRUY0MEUwMzM0QkRBNjlGNkM1MDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVUdcUGCUDdUiepctQOWcJDXQy
UzjHOZ9qMxdSuosdwT9UfWhtUCPOLEk7/RZ7ve8iJwYsLG3yBiTw+oY8FmT5aHYs
X2bL+8Q5d2brPVkxw/QOayQ09HnAMIS2qt8fmiCO2h52liHF1MHtoDhIhfqHltH2
s3+zYldaXuNuK+NIW8bSpoRdh8rH1L334GF3wMes5tVZYNktj/xJ4Ip3uk/LeaUA
KOLXRLdj/nplmPHnIah2/1zZil5kNDyOM/5MvPNgIHhuHrZCqsfmovH7Ldh/Xcq8
/8jfcRCtlb3mjMglaaiCah+LtJA62peHZ81V0FEXZcbNrJdBkbO79oNIXfIBAgMB
AAGjggLCMIICvjAdBgNVHQ4EFgQULVM40ZSwk0qbgu9A4DNL2mn2xQEwHwYDVR0j
BBgwFoAUwvUgaE5WlRR9/UCoEqJpiD7H5DwwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zMjgxRkY2OEQxMTBENDRCOUU2NzYxNTE1ODEwRTg2Mjky
NTQ0OEZBOEIwQTBFNEFEMjk1MEVFRDI5OENEOEM1LzAvQzJGNTIwNjg0RTU2OTUx
NDdERkQ0MEE4MTJBMjY5ODgzRUM3RTQzQy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9DMkY1MjA2ODRFNTY5NTE0N0RG
RDQwQTgxMkEyNjk4ODNFQzdFNDNDLmNlcjCBwQYIKwYBBQUHAQsEgbQwgbEwga4G
CCsGAQUFBzALhoGhcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMzI4MUZGNjhEMTEwRDQ0QjlFNjc2MTUxNTgxMEU4NjI5MjU0NDhGQThC
MEEwRTRBRDI5NTBFRUQyOThDRDhDNS8wLzM0MzUyZTM3MmUzOTM2MmUzMDJmMzIz
MjJkMzIzNDIwM2QzZTIwMzIzMDMyMzAzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi0HYDANBgkqhkiG
9w0BAQsFAAOCAQEAaycT5BXMIwyvWwLpYin4sWhc48ax7pBF8Ol3RZ1qe9ealzmJ
EvfKW2J8xreFqhUsMzzKe4zKGyPoPF7RKgXWZ/+1A+H5LrkRanKDzYhC9iGimSZL
5r0JnbUEPI0PYp7sItphuVAbVUsxK+KWjvsIPnzE9cB7VqhDotsEExO0UhGiuWSD
wwKhJGc2+1rXPSr12waRZ8qIwy+chbmW1IhayFEw+4muZjzh9J1PJiwJQDzB9p/r
xjdd8P+XxZ45uHnN4u/es9X3mvvQh73iPKfa2v/Zyz7QxzcjjWf0nGID2dpCZQNh
kOaCnwbFtrCjpY6me+At3MeALJ2VK67ZHaIj3Q==
-----END CERTIFICATE-----