Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/342AB48DF24F4D85DAA49BDAB77609E5DB5B37712CFD9DE7A5CE9F98076010F2/0/3230302e372e3135362e302f32332d3233203d3e203532333939.roa
File:                     3230302e372e3135362e302f32332d3233203d3e203532333939.roa (raw, json)
Hash identifier:          qpMmobFwr2a+rtgEoMKwrV6c5Y1YZ0se8yPBRaYKo0U=
Subject key identifier:   F3:50:C6:A6:78:A8:E0:9B:A5:9F:20:39:3D:D4:E5:14:97:80:C8:6D
Certificate issuer:       /CN=C2B7A28859947C52A387BB628764F91AAA1D05B9
Certificate serial:       0D9B406120C5FF1BF081B0E5AEF4EA21E7C7A5B9
Authority key identifier: C2:B7:A2:88:59:94:7C:52:A3:87:BB:62:87:64:F9:1A:AA:1D:05:B9
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/C2B7A28859947C52A387BB628764F91AAA1D05B9.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/342AB48DF24F4D85DAA49BDAB77609E5DB5B37712CFD9DE7A5CE9F98076010F2/0/3230302e372e3135362e302f32332d3233203d3e203532333939.roa
Signing time:             Tue 04 Feb 2025 18:35:59 +0000
ROA not before:           Tue 04 Feb 2025 18:30:59 +0000
ROA not after:            Tue 03 Feb 2026 18:35:59 +0000
asID:                     52399
IP address blocks:        200.7.156.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:9b:40:61:20:c5:ff:1b:f0:81:b0:e5:ae:f4:ea:21:e7:c7:a5:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=C2B7A28859947C52A387BB628764F91AAA1D05B9
        Validity
            Not Before: Feb  4 18:30:59 2025 GMT
            Not After : Feb  3 18:35:59 2026 GMT
        Subject: CN=F350C6A678A8E09BA59F20393DD4E5149780C86D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:79:06:91:ef:fb:f5:01:70:70:5c:2a:ce:32:
                    95:cc:47:7c:9f:36:7d:88:3e:21:a5:0c:4b:f1:eb:
                    17:a3:ac:17:16:4e:7b:85:be:21:0a:1e:38:81:4d:
                    49:f9:8e:d1:53:8e:3c:f7:58:70:cc:fb:61:78:10:
                    dc:43:1d:78:8c:a9:b7:c7:b0:69:5f:d5:57:3e:f1:
                    90:5b:ad:c6:7f:93:21:7c:a0:6c:75:d5:77:86:60:
                    4f:90:06:70:2a:78:73:06:9d:ff:01:d8:9d:53:3d:
                    91:63:0b:ed:f0:de:30:eb:19:77:f2:15:04:aa:09:
                    de:27:54:2d:9f:72:34:59:6c:a7:35:79:7e:ca:73:
                    c9:cd:cb:73:b5:33:76:15:5d:a5:eb:d5:b7:a1:b5:
                    d9:53:8f:7c:f3:4d:a7:bc:3b:24:5f:03:84:46:43:
                    f8:49:9a:81:70:ae:75:50:fc:fb:56:00:d3:dd:20:
                    ff:93:64:ae:e2:8b:89:70:59:6a:83:cd:ad:75:1d:
                    b5:56:78:fd:28:28:7d:72:7d:60:90:e0:49:16:27:
                    3c:32:b5:c0:bc:90:8d:da:1d:22:fd:9a:7e:ba:36:
                    e1:43:54:0a:c5:ca:5b:15:c2:88:b1:e5:81:95:26:
                    09:2e:a0:76:fd:78:ae:f0:04:36:ff:9e:53:e2:6d:
                    4e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:50:C6:A6:78:A8:E0:9B:A5:9F:20:39:3D:D4:E5:14:97:80:C8:6D
            X509v3 Authority Key Identifier:
                keyid:C2:B7:A2:88:59:94:7C:52:A3:87:BB:62:87:64:F9:1A:AA:1D:05:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/342AB48DF24F4D85DAA49BDAB77609E5DB5B37712CFD9DE7A5CE9F98076010F2/0/C2B7A28859947C52A387BB628764F91AAA1D05B9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/C2B7A28859947C52A387BB628764F91AAA1D05B9.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/342AB48DF24F4D85DAA49BDAB77609E5DB5B37712CFD9DE7A5CE9F98076010F2/0/3230302e372e3135362e302f32332d3233203d3e203532333939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.7.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:a5:87:6c:91:87:94:8b:49:fb:71:3d:17:4e:7f:27:b9:b3:
         da:0d:0e:b0:c5:7c:57:3a:83:a1:1e:46:e7:ea:0f:43:15:3c:
         d9:c7:c3:39:68:5c:1d:0e:ad:38:8c:c2:05:fa:6a:ce:23:b0:
         c3:63:b5:32:5e:36:22:07:ae:9f:4a:fb:d1:8c:5d:61:3e:a6:
         71:f2:8f:8f:68:b1:83:ae:ae:db:a5:02:f2:81:9d:b3:2d:8b:
         72:df:58:e8:f7:c8:c0:d1:85:72:2b:38:62:ab:5c:b6:08:91:
         a9:9d:c7:05:5b:3e:7f:39:fa:e4:9f:4e:3a:81:12:74:1f:40:
         61:22:28:ff:b5:35:1e:48:59:00:c9:4d:3b:77:d4:fe:94:95:
         ac:7e:02:e0:a5:cd:e9:09:ef:42:7c:ab:e6:f0:7c:9c:3d:8a:
         78:fb:91:36:c8:cc:b2:64:94:ff:8e:6f:6a:c0:92:f6:68:17:
         73:1e:2b:dd:6d:e6:e8:05:5b:12:73:7a:59:5a:7f:87:70:2a:
         2c:6c:77:c4:2d:55:f5:03:6d:f8:6b:84:36:b9:36:82:42:b5:
         19:91:8e:4b:2b:50:46:06:f8:54:c1:a3:68:41:01:7b:40:12:
         3a:ab:bb:f1:c2:06:34:eb:f9:65:58:02:23:5a:7d:80:25:da:
         04:13:4e:07
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUDZtAYSDF/xvwgbDlrvTqIefHpbkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQzJCN0EyODg1OTk0N0M1MkEzODdCQjYyODc2NEY5MUFB
QTFEMDVCOTAeFw0yNTAyMDQxODMwNTlaFw0yNjAyMDMxODM1NTlaMDMxMTAvBgNV
BAMTKEYzNTBDNkE2NzhBOEUwOUJBNTlGMjAzOTNERDRFNTE0OTc4MEM4NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eQaR7/v1AXBwXCrOMpXMR3yf
Nn2IPiGlDEvx6xejrBcWTnuFviEKHjiBTUn5jtFTjjz3WHDM+2F4ENxDHXiMqbfH
sGlf1Vc+8ZBbrcZ/kyF8oGx11XeGYE+QBnAqeHMGnf8B2J1TPZFjC+3w3jDrGXfy
FQSqCd4nVC2fcjRZbKc1eX7Kc8nNy3O1M3YVXaXr1behtdlTj3zzTae8OyRfA4RG
Q/hJmoFwrnVQ/PtWANPdIP+TZK7ii4lwWWqDza11HbVWeP0oKH1yfWCQ4EkWJzwy
tcC8kI3aHSL9mn66NuFDVArFylsVwoix5YGVJgkuoHb9eK7wBDb/nlPibU6fAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQU81DGpnio4JulnyA5PdTlFJeAyG0wHwYDVR0j
BBgwFoAUwreiiFmUfFKjh7tih2T5GqodBbkwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zNDJBQjQ4REYyNEY0RDg1REFBNDlCREFCNzc2MDlFNURC
NUIzNzcxMkNGRDlERTdBNUNFOUY5ODA3NjAxMEYyLzAvQzJCN0EyODg1OTk0N0M1
MkEzODdCQjYyODc2NEY5MUFBQTFEMDVCOS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9DMkI3QTI4ODU5OTQ3QzUyQTM4
N0JCNjI4NzY0RjkxQUFBMUQwNUI5LmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMzQyQUI0OERGMjRGNEQ4NURBQTQ5QkRBQjc3NjA5RTVEQjVCMzc3MTJD
RkQ5REU3QTVDRTlGOTgwNzYwMTBGMi8wLzMyMzAzMDJlMzcyZTMxMzUzNjJlMzAy
ZjMyMzMyZDMyMzMyMDNkM2UyMDM1MzIzMzM5Mzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHIB5wwDQYJ
KoZIhvcNAQELBQADggEBAIalh2yRh5SLSftxPRdOfye5s9oNDrDFfFc6g6EeRufq
D0MVPNnHwzloXB0OrTiMwgX6as4jsMNjtTJeNiIHrp9K+9GMXWE+pnHyj49osYOu
rtulAvKBnbMti3LfWOj3yMDRhXIrOGKrXLYIkamdxwVbPn85+uSfTjqBEnQfQGEi
KP+1NR5IWQDJTTt31P6Ulax+AuClzekJ70J8q+bwfJw9inj7kTbIzLJklP+Ob2rA
kvZoF3MeK91t5ugFWxJzellaf4dwKixsd8QtVfUDbfhrhDa5NoJCtRmRjksrUEYG
+FTBo2hBAXtAEjqru/HCBjTr+WVYAiNafYAl2gQTTgc=
-----END CERTIFICATE-----