Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/38283047-8834-43d5-82f7-4d938e60571e/3fa37d5870b640c7ef509e3948955d22e5d0b433.roa
File:                     3fa37d5870b640c7ef509e3948955d22e5d0b433.roa (raw, json)
Hash identifier:          Tl0iXNjn/RvQNAR6SDsk8plH47vlfzhfmZUJn3HnGdA=
Subject key identifier:   8E:B0:39:54:63:DE:AF:31:7D:6B:B8:E2:02:AB:58:3D:F3:95:72:84
Certificate issuer:       /CN=33b7a43fc33bfc7ff5ea592decadde645288705e
Certificate serial:       1B998B
Authority key identifier: C1:A4:F9:06:D7:C5:6B:7D:5E:32:B4:3C:AE:33:6A:BD:11:7D:39:56
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/33b7a43fc33bfc7ff5ea592decadde645288705e.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/38283047-8834-43d5-82f7-4d938e60571e/3fa37d5870b640c7ef509e3948955d22e5d0b433.roa
Signing time:             Mon 05 Sep 2022 21:09:26 +0000
ROA not before:           Wed 24 Mar 2021 03:00:00 +0000
ROA not after:            Tue 24 Mar 2026 03:00:00 +0000
asID:                     10697
IP address blocks:        200.50.160.0/23 maxlen: 23
                          200.50.160.0/24 maxlen: 24
                          200.50.161.0/24 maxlen: 24
                          200.50.164.0/24 maxlen: 24
                          200.50.168.0/24 maxlen: 24
                          200.50.173.0/24 maxlen: 24
                          2800:820::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1808779 (0x1b998b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33b7a43fc33bfc7ff5ea592decadde645288705e
        Validity
            Not Before: Mar 24 03:00:00 2021 GMT
            Not After : Mar 24 03:00:00 2026 GMT
        Subject: CN=3fa37d5870b640c7ef509e3948955d22e5d0b433
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d5:7e:de:2d:62:35:b4:f1:9d:a5:f6:54:bb:
                    9f:1c:1b:14:a9:89:ad:e1:8f:14:5c:81:f1:46:71:
                    b3:d9:3f:6d:34:fd:ac:1b:bc:44:eb:38:cd:6d:1c:
                    e7:4d:5d:40:b3:ff:91:3b:96:22:67:fc:34:a4:cb:
                    2c:81:74:2f:a9:18:c3:ed:23:7a:2f:b8:67:7a:4f:
                    6a:7d:47:53:f6:93:2a:60:a8:d1:60:56:a0:70:a5:
                    86:50:9b:dc:09:0b:b1:4f:52:78:f7:a4:62:c2:98:
                    5c:a5:99:06:6b:2e:33:e3:58:db:3f:8d:bd:8e:1d:
                    a7:13:da:55:84:6d:9b:4e:3b:f0:04:37:34:9c:76:
                    ba:db:3e:3e:62:8f:47:8f:20:1b:f0:e3:31:ec:e3:
                    a0:9a:2d:cc:83:d6:48:f4:24:dd:36:70:a2:9d:30:
                    e6:74:a7:8e:ab:80:a4:e8:85:22:d2:f5:2f:55:95:
                    fb:89:81:4d:3a:e7:60:45:7a:a4:1a:42:48:0c:fb:
                    7d:5f:c0:49:9c:a7:70:5a:35:b7:f3:ff:7d:44:fd:
                    8d:6e:17:1b:e4:b2:cd:60:f7:83:20:57:b1:11:d4:
                    22:48:73:75:f3:b2:ec:22:8c:c6:03:cd:3b:0e:70:
                    12:07:6a:cb:69:6b:6f:81:a1:1f:68:8a:da:59:94:
                    05:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:B0:39:54:63:DE:AF:31:7D:6B:B8:E2:02:AB:58:3D:F3:95:72:84
            X509v3 Authority Key Identifier:
                keyid:C1:A4:F9:06:D7:C5:6B:7D:5E:32:B4:3C:AE:33:6A:BD:11:7D:39:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/33b7a43fc33bfc7ff5ea592decadde645288705e.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/38283047-8834-43d5-82f7-4d938e60571e/3fa37d5870b640c7ef509e3948955d22e5d0b433.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/38283047-8834-43d5-82f7-4d938e60571e/33b7a43fc33bfc7ff5ea592decadde645288705e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.50.160.0/23
                  200.50.164.0/24
                  200.50.168.0/24
                  200.50.173.0/24
                IPv6:
                  2800:820::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:4d:f9:ad:bd:39:cb:e7:bd:2b:91:5f:ba:b3:df:eb:b1:2d:
         21:d4:57:5a:9e:1e:c0:f8:6c:b2:09:4f:75:6e:1c:b5:a2:99:
         bd:de:53:d7:cd:d0:ba:de:02:72:4e:f4:ab:33:08:b8:8d:6b:
         c2:f3:d6:a9:96:dc:b3:24:16:e1:7d:6a:53:76:84:84:52:71:
         17:2f:84:32:71:fd:2e:50:a9:17:a3:c0:77:68:ae:93:14:99:
         f9:f2:5c:4a:90:cd:c0:c8:36:a3:32:7f:31:db:ee:60:8d:95:
         87:9d:eb:b4:81:58:8d:aa:60:a2:f8:b3:7b:e2:5a:d7:6a:c4:
         cf:ca:e3:1f:2b:2d:ca:78:50:95:76:0e:d7:7c:ba:73:8c:0e:
         de:d5:c3:53:fc:8b:21:39:0e:54:9a:6b:8c:3f:b7:d6:7b:be:
         4c:d6:7d:1e:b3:b9:e6:2f:27:63:e6:3d:74:6a:17:c4:0b:9b:
         92:68:7c:75:b8:3e:c2:dd:a8:d0:79:ee:18:dc:02:6a:8b:04:
         10:00:86:eb:95:a8:58:48:e6:ef:e8:1b:5b:e9:5a:db:7f:51:
         c7:ef:b6:18:73:ca:b7:50:81:be:78:d2:d4:b4:07:9e:2e:3b:
         55:02:98:26:b3:2c:a8:69:f8:a3:63:80:87:22:6c:85:1d:18:
         30:86:fd:8b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIDG5mLMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDMz
YjdhNDNmYzMzYmZjN2ZmNWVhNTkyZGVjYWRkZTY0NTI4ODcwNWUwHhcNMjEwMzI0
MDMwMDAwWhcNMjYwMzI0MDMwMDAwWjAzMTEwLwYDVQQDEygzZmEzN2Q1ODcwYjY0
MGM3ZWY1MDllMzk0ODk1NWQyMmU1ZDBiNDMzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNV+3i1iNbTxnaX2VLufHBsUqYmt4Y8UXIHxRnGz2T9tNP2s
G7xE6zjNbRznTV1As/+RO5YiZ/w0pMssgXQvqRjD7SN6L7hnek9qfUdT9pMqYKjR
YFagcKWGUJvcCQuxT1J496RiwphcpZkGay4z41jbP429jh2nE9pVhG2bTjvwBDc0
nHa62z4+Yo9HjyAb8OMx7OOgmi3Mg9ZI9CTdNnCinTDmdKeOq4Ck6IUi0vUvVZX7
iYFNOudgRXqkGkJIDPt9X8BJnKdwWjW38/99RP2Nbhcb5LLNYPeDIFexEdQiSHN1
87LsIozGA807DnASB2rLaWtvgaEfaIraWZQFaQIDAQABo4ICfDCCAngwHQYDVR0O
BBYEFI6wOVRj3q8xfWu44gKrWD3zlXKEMB8GA1UdIwQYMBaAFMGk+QbXxWt9XjK0
PK4zar0RfTlWMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMzNiN2E0
M2ZjMzNiZmM3ZmY1ZWE1OTJkZWNhZGRlNjQ1Mjg4NzA1ZS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvMzgyODMwNDctODgzNC00M2Q1LTgyZjctNGQ5Mzhl
NjA1NzFlLzNmYTM3ZDU4NzBiNjQwYzdlZjUwOWUzOTQ4OTU1ZDIyZTVkMGI0MzMu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy8zODI4MzA0Ny04ODM0LTQzZDUtODJmNy00ZDkz
OGU2MDU3MWUvMzNiN2E0M2ZjMzNiZmM3ZmY1ZWE1OTJkZWNhZGRlNjQ1Mjg4NzA1
ZS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBABggrBgEFBQcBBwEB/wQx
MC8wHgQCAAEwGAMEAcgyoAMEAMgypAMEAMgyqAMEAMgyrTANBAIAAjAHAwUAKAAI
IDANBgkqhkiG9w0BAQsFAAOCAQEADE35rb05y+e9K5FfurPf67EtIdRXWp4ewPhs
sglPdW4ctaKZvd5T183Qut4Cck70qzMIuI1rwvPWqZbcsyQW4X1qU3aEhFJxFy+E
MnH9LlCpF6PAd2iukxSZ+fJcSpDNwMg2ozJ/MdvuYI2Vh53rtIFYjapgovize+Ja
12rEz8rjHystynhQlXYO13y6c4wO3tXDU/yLITkOVJprjD+31nu+TNZ9HrO55i8n
Y+Y9dGoXxAubkmh8dbg+wt2o0HnuGNwCaosEEACG65WoWEjm7+gbW+la239Rx++2
GHPKt1CBvnjS1LQHni47VQKYJrMsqGn4o2OAhyJshR0YMIb9iw==
-----END CERTIFICATE-----