Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/3650D59C14D282419C1FFC6D534AD0B46006980772355A21D5871025F82C9883/0/3139302e39392e39362e302f32302d3234203d3e203532333636.roa
File:                     3139302e39392e39362e302f32302d3234203d3e203532333636.roa (raw, json)
Hash identifier:          c7Jd2Hfbf5O72dBsGLHG8rBE6OFkyBn9EV8Lu0DYYmc=
Subject key identifier:   6D:A9:5C:F4:2B:EF:A6:2C:8B:C3:9F:CE:AD:00:0E:00:21:3C:D7:9B
Certificate issuer:       /CN=D7A486F4E8E32EBB7CA32A25A9EFE107EF5FB25B
Certificate serial:       4E427CCF888F6B97AC78DE23155E53E7C17D286A
Authority key identifier: D7:A4:86:F4:E8:E3:2E:BB:7C:A3:2A:25:A9:EF:E1:07:EF:5F:B2:5B
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D7A486F4E8E32EBB7CA32A25A9EFE107EF5FB25B.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/3650D59C14D282419C1FFC6D534AD0B46006980772355A21D5871025F82C9883/0/3139302e39392e39362e302f32302d3234203d3e203532333636.roa
Signing time:             Tue 04 Feb 2025 18:47:49 +0000
ROA not before:           Tue 04 Feb 2025 18:42:49 +0000
ROA not after:            Tue 03 Feb 2026 18:47:49 +0000
asID:                     52366
IP address blocks:        190.99.96.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:42:7c:cf:88:8f:6b:97:ac:78:de:23:15:5e:53:e7:c1:7d:28:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D7A486F4E8E32EBB7CA32A25A9EFE107EF5FB25B
        Validity
            Not Before: Feb  4 18:42:49 2025 GMT
            Not After : Feb  3 18:47:49 2026 GMT
        Subject: CN=6DA95CF42BEFA62C8BC39FCEAD000E00213CD79B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:87:30:9a:da:29:7a:e4:d7:12:f4:3a:d5:eb:
                    0a:12:d0:25:47:a1:89:74:70:2c:db:57:f3:c7:dc:
                    75:6f:74:89:50:fb:0f:02:af:9e:90:d5:a1:12:92:
                    f4:91:50:d3:c0:77:b0:72:42:9f:71:65:92:aa:93:
                    52:89:84:f6:4b:24:e3:2b:8c:87:96:08:84:87:1e:
                    09:1a:06:1b:34:aa:89:64:68:c8:1c:7e:47:93:27:
                    f6:d0:43:0b:0d:2d:90:9a:33:4f:5f:56:60:b0:d0:
                    60:d4:8f:45:99:25:2b:27:4e:2d:41:7c:66:a3:24:
                    76:31:76:29:2e:a1:22:92:1b:1d:43:1b:62:f5:45:
                    dc:27:01:8b:45:ae:8a:ba:b2:1b:41:1f:37:21:10:
                    65:76:0f:dd:f4:4c:ab:dc:03:10:7e:bc:12:47:96:
                    c1:be:20:a5:8e:28:81:c5:99:10:34:5d:ef:58:bb:
                    7f:e6:28:b9:38:4c:ab:de:d3:e1:3a:18:4d:fe:ab:
                    56:ee:87:6a:b8:da:79:44:9e:6e:9d:47:00:de:13:
                    9b:44:ca:48:0a:55:7e:13:bf:7c:83:46:51:c4:77:
                    3d:4c:88:2e:d1:14:40:6f:fd:60:31:72:84:a2:07:
                    cf:cf:44:af:cd:b2:55:d7:90:1b:b1:cb:cb:e3:3d:
                    08:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:A9:5C:F4:2B:EF:A6:2C:8B:C3:9F:CE:AD:00:0E:00:21:3C:D7:9B
            X509v3 Authority Key Identifier:
                keyid:D7:A4:86:F4:E8:E3:2E:BB:7C:A3:2A:25:A9:EF:E1:07:EF:5F:B2:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/3650D59C14D282419C1FFC6D534AD0B46006980772355A21D5871025F82C9883/0/D7A486F4E8E32EBB7CA32A25A9EFE107EF5FB25B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D7A486F4E8E32EBB7CA32A25A9EFE107EF5FB25B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/3650D59C14D282419C1FFC6D534AD0B46006980772355A21D5871025F82C9883/0/3139302e39392e39362e302f32302d3234203d3e203532333636.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.99.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         da:43:ac:73:c6:bf:17:d2:8e:70:73:ce:59:2e:02:a0:a3:1a:
         6f:a7:34:e1:83:46:ed:64:4e:47:50:28:53:88:6e:fb:8c:d4:
         62:25:a6:b5:2a:e3:33:56:90:32:6e:c0:ee:28:5e:e6:97:3c:
         ee:9b:3e:5e:1c:56:e9:b9:ea:dd:2e:fa:d4:9c:aa:93:8d:29:
         fd:a8:7f:66:8a:64:3b:b8:c4:b5:22:69:f1:59:fb:fb:52:b1:
         69:7a:8e:78:57:6e:7e:78:49:cc:cc:3c:f5:ed:72:a7:88:96:
         3c:d4:14:12:15:51:cc:03:f5:cd:cb:b3:fb:13:b3:34:86:87:
         13:42:9a:6c:69:5f:a8:c6:87:dc:cc:5d:74:e8:80:e5:00:26:
         ac:21:4f:3a:39:b4:5a:de:01:19:ce:99:6a:04:78:2a:4e:c4:
         5b:0c:7c:6a:9e:6f:da:70:14:d2:51:12:a6:02:a8:82:ae:58:
         d9:fb:44:34:f9:07:89:bc:35:d9:0c:8c:8a:f7:3f:d0:e0:95:
         d4:68:43:6c:f9:a0:87:62:7a:a6:87:49:87:72:98:99:e2:bb:
         a3:33:28:0e:12:0d:d7:ec:2d:0b:d3:1e:52:04:6e:43:78:b6:
         46:3c:60:e9:eb:ef:ee:f7:de:70:cd:62:aa:18:7f:2f:94:b7:
         5d:cf:d9:b1
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUTkJ8z4iPa5eseN4jFV5T58F9KGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDdBNDg2RjRFOEUzMkVCQjdDQTMyQTI1QTlFRkUxMDdF
RjVGQjI1QjAeFw0yNTAyMDQxODQyNDlaFw0yNjAyMDMxODQ3NDlaMDMxMTAvBgNV
BAMTKDZEQTk1Q0Y0MkJFRkE2MkM4QkMzOUZDRUFEMDAwRTAwMjEzQ0Q3OUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrhzCa2il65NcS9DrV6woS0CVH
oYl0cCzbV/PH3HVvdIlQ+w8Cr56Q1aESkvSRUNPAd7ByQp9xZZKqk1KJhPZLJOMr
jIeWCISHHgkaBhs0qolkaMgcfkeTJ/bQQwsNLZCaM09fVmCw0GDUj0WZJSsnTi1B
fGajJHYxdikuoSKSGx1DG2L1RdwnAYtFroq6shtBHzchEGV2D930TKvcAxB+vBJH
lsG+IKWOKIHFmRA0Xe9Yu3/mKLk4TKve0+E6GE3+q1buh2q42nlEnm6dRwDeE5tE
ykgKVX4Tv3yDRlHEdz1MiC7RFEBv/WAxcoSiB8/PRK/NslXXkBuxy8vjPQgzAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUbalc9CvvpiyLw5/OrQAOACE815swHwYDVR0j
BBgwFoAU16SG9OjjLrt8oyolqe/hB+9fslswDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zNjUwRDU5QzE0RDI4MjQxOUMxRkZDNkQ1MzRBRDBCNDYw
MDY5ODA3NzIzNTVBMjFENTg3MTAyNUY4MkM5ODgzLzAvRDdBNDg2RjRFOEUzMkVC
QjdDQTMyQTI1QTlFRkUxMDdFRjVGQjI1Qi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EN0E0ODZGNEU4RTMyRUJCN0NB
MzJBMjVBOUVGRTEwN0VGNUZCMjVCLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMzY1MEQ1OUMxNEQyODI0MTlDMUZGQzZENTM0QUQwQjQ2MDA2OTgwNzcy
MzU1QTIxRDU4NzEwMjVGODJDOTg4My8wLzMxMzkzMDJlMzkzOTJlMzkzNjJlMzAy
ZjMyMzAyZDMyMzQyMDNkM2UyMDM1MzIzMzM2MzYucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAS+Y2AwDQYJ
KoZIhvcNAQELBQADggEBANpDrHPGvxfSjnBzzlkuAqCjGm+nNOGDRu1kTkdQKFOI
bvuM1GIlprUq4zNWkDJuwO4oXuaXPO6bPl4cVum56t0u+tScqpONKf2of2aKZDu4
xLUiafFZ+/tSsWl6jnhXbn54SczMPPXtcqeIljzUFBIVUcwD9c3Ls/sTszSGhxNC
mmxpX6jGh9zMXXTogOUAJqwhTzo5tFreARnOmWoEeCpOxFsMfGqeb9pwFNJREqYC
qIKuWNn7RDT5B4m8NdkMjIr3P9DgldRoQ2z5oIdieqaHSYdymJniu6MzKA4SDdfs
LQvTHlIEbkN4tkY8YOnr7+733nDNYqoYfy+Ut13P2bE=
-----END CERTIFICATE-----