Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/38D53F21DBB0C6D941D346978CD73AA33B02A79E32543773A79EA6AB8BD48D08/0/3132382e3230312e3136312e302f32342d3237203d3e20323635373632.roa
File:                     3132382e3230312e3136312e302f32342d3237203d3e20323635373632.roa (raw, json)
Hash identifier:          dCKe424d3Jct/FaPfWgMVaf1YgO+ytiFEo1QBlyDGBo=
Subject key identifier:   C8:5C:A4:6E:06:61:C4:FB:E7:6E:9E:EA:13:5B:E7:A1:6C:F6:AC:92
Certificate issuer:       /CN=CF5339F87B278717067560B9059C3098661F754B
Certificate serial:       2B82FA7D8C35AE1D8FCB39159162A24CB6068974
Authority key identifier: CF:53:39:F8:7B:27:87:17:06:75:60:B9:05:9C:30:98:66:1F:75:4B
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/CF5339F87B278717067560B9059C3098661F754B.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/38D53F21DBB0C6D941D346978CD73AA33B02A79E32543773A79EA6AB8BD48D08/0/3132382e3230312e3136312e302f32342d3237203d3e20323635373632.roa
Signing time:             Tue 04 Feb 2025 18:23:19 +0000
ROA not before:           Tue 04 Feb 2025 18:18:19 +0000
ROA not after:            Tue 03 Feb 2026 18:23:19 +0000
asID:                     265762
IP address blocks:        128.201.161.0/24 maxlen: 27
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:82:fa:7d:8c:35:ae:1d:8f:cb:39:15:91:62:a2:4c:b6:06:89:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CF5339F87B278717067560B9059C3098661F754B
        Validity
            Not Before: Feb  4 18:18:19 2025 GMT
            Not After : Feb  3 18:23:19 2026 GMT
        Subject: CN=C85CA46E0661C4FBE76E9EEA135BE7A16CF6AC92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6b:f9:8e:fd:5b:fa:dc:58:91:21:ee:05:fa:
                    d9:e4:75:d0:14:bb:d5:30:b5:99:bb:fe:e4:b7:9a:
                    a6:69:54:4e:b7:7d:c5:31:69:58:4a:12:4c:c6:d3:
                    c1:20:7e:a2:72:b7:69:25:41:cc:70:03:97:ec:c5:
                    c7:71:8a:ba:cd:61:02:93:59:6f:d1:fc:da:72:48:
                    b6:48:71:e7:c9:b8:96:3c:fc:14:de:00:f5:3a:91:
                    9f:0f:ec:8d:21:cc:42:d6:55:eb:c4:f4:d6:6c:a0:
                    ad:9e:48:59:a0:28:5a:21:bf:d2:f7:c5:00:26:9d:
                    88:2a:54:f3:3e:26:f3:b3:4d:a5:64:20:33:2e:03:
                    18:32:d0:01:24:05:fc:4a:d6:1d:7f:39:b7:77:f6:
                    28:e0:07:3d:70:99:84:c8:1c:ce:ab:3b:e4:b3:bf:
                    24:65:ea:4d:3d:1f:6a:22:1c:81:4f:f6:e5:f2:cf:
                    bc:96:db:da:fa:a4:12:44:ad:68:86:b5:38:05:2f:
                    e5:2d:73:59:cc:a3:b6:3f:a4:f9:7d:e6:a7:45:7d:
                    cd:0a:75:31:98:60:87:4d:ed:4e:53:44:86:86:56:
                    16:2a:42:73:d4:f3:16:64:72:79:3f:68:d8:89:18:
                    3e:79:ad:05:de:ad:b0:7f:04:33:a0:05:9b:4d:fd:
                    d8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:5C:A4:6E:06:61:C4:FB:E7:6E:9E:EA:13:5B:E7:A1:6C:F6:AC:92
            X509v3 Authority Key Identifier:
                keyid:CF:53:39:F8:7B:27:87:17:06:75:60:B9:05:9C:30:98:66:1F:75:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/38D53F21DBB0C6D941D346978CD73AA33B02A79E32543773A79EA6AB8BD48D08/0/CF5339F87B278717067560B9059C3098661F754B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/CF5339F87B278717067560B9059C3098661F754B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/38D53F21DBB0C6D941D346978CD73AA33B02A79E32543773A79EA6AB8BD48D08/0/3132382e3230312e3136312e302f32342d3237203d3e20323635373632.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.201.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:d6:17:39:db:5e:90:ae:93:15:73:d3:1a:30:ae:f5:b8:d3:
         9a:f8:e8:13:dc:bd:3c:6c:bf:ee:fd:9d:94:91:fb:fa:6a:97:
         26:e7:d6:ea:35:8f:f3:d7:ad:96:bc:92:30:39:6f:c2:3f:f0:
         d9:5b:36:33:1a:c3:44:5e:3f:ae:24:cb:90:d0:b4:b9:5a:1b:
         fa:23:6e:88:80:5c:3b:03:f6:38:02:db:13:ab:a6:a5:82:39:
         ec:75:60:21:55:53:57:ba:d4:d7:db:00:fe:25:00:d7:46:43:
         40:57:34:f3:3f:d7:ca:0d:ad:27:1a:8a:23:ed:7b:c6:a9:9b:
         94:ee:b1:ad:d8:9b:56:21:e4:56:16:d8:7b:f3:20:72:34:07:
         16:3a:1f:5f:80:1e:00:00:2e:b0:87:7d:6b:1b:d6:04:db:32:
         7f:55:26:a4:99:03:0d:ea:b5:6f:8a:e9:8c:4f:de:0b:39:f5:
         b6:46:5f:be:98:24:32:7e:cb:9e:d5:45:2d:7c:a6:ea:db:bc:
         e6:de:17:15:20:24:c2:33:96:77:0a:54:07:db:a0:03:1b:58:
         df:83:88:30:01:c9:f5:06:df:50:b9:ec:72:d4:54:8c:6d:85:
         a1:63:34:8b:f0:fc:b3:27:7e:ba:ca:23:82:82:80:ec:ef:dc:
         ba:6e:0d:e7
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIUK4L6fYw1rh2PyzkVkWKiTLYGiXQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0Y1MzM5Rjg3QjI3ODcxNzA2NzU2MEI5MDU5QzMwOTg2
NjFGNzU0QjAeFw0yNTAyMDQxODE4MTlaFw0yNjAyMDMxODIzMTlaMDMxMTAvBgNV
BAMTKEM4NUNBNDZFMDY2MUM0RkJFNzZFOUVFQTEzNUJFN0ExNkNGNkFDOTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6a/mO/Vv63FiRIe4F+tnkddAU
u9UwtZm7/uS3mqZpVE63fcUxaVhKEkzG08EgfqJyt2klQcxwA5fsxcdxirrNYQKT
WW/R/NpySLZIcefJuJY8/BTeAPU6kZ8P7I0hzELWVevE9NZsoK2eSFmgKFohv9L3
xQAmnYgqVPM+JvOzTaVkIDMuAxgy0AEkBfxK1h1/Obd39ijgBz1wmYTIHM6rO+Sz
vyRl6k09H2oiHIFP9uXyz7yW29r6pBJErWiGtTgFL+Utc1nMo7Y/pPl95qdFfc0K
dTGYYIdN7U5TRIaGVhYqQnPU8xZkcnk/aNiJGD55rQXerbB/BDOgBZtN/djHAgMB
AAGjggLMMIICyDAdBgNVHQ4EFgQUyFykbgZhxPvnbp7qE1vnoWz2rJIwHwYDVR0j
BBgwFoAUz1M5+HsnhxcGdWC5BZwwmGYfdUswDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zOEQ1M0YyMURCQjBDNkQ5NDFEMzQ2OTc4Q0Q3M0FBMzNC
MDJBNzlFMzI1NDM3NzNBNzlFQTZBQjhCRDQ4RDA4LzAvQ0Y1MzM5Rjg3QjI3ODcx
NzA2NzU2MEI5MDU5QzMwOTg2NjFGNzU0Qi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9DRjUzMzlGODdCMjc4NzE3MDY3
NTYwQjkwNTlDMzA5ODY2MUY3NTRCLmNlcjCBywYIKwYBBQUHAQsEgb4wgbswgbgG
CCsGAQUFBzALhoGrcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMzhENTNGMjFEQkIwQzZEOTQxRDM0Njk3OENENzNBQTMzQjAyQTc5RTMy
NTQzNzczQTc5RUE2QUI4QkQ0OEQwOC8wLzMxMzIzODJlMzIzMDMxMmUzMTM2MzEy
ZTMwMmYzMjM0MmQzMjM3MjAzZDNlMjAzMjM2MzUzNzM2MzIucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACA
yaEwDQYJKoZIhvcNAQELBQADggEBALvWFznbXpCukxVz0xowrvW405r46BPcvTxs
v+79nZSR+/pqlybn1uo1j/PXrZa8kjA5b8I/8NlbNjMaw0ReP64ky5DQtLlaG/oj
boiAXDsD9jgC2xOrpqWCOex1YCFVU1e61NfbAP4lANdGQ0BXNPM/18oNrScaiiPt
e8apm5Tusa3Ym1Yh5FYW2HvzIHI0BxY6H1+AHgAALrCHfWsb1gTbMn9VJqSZAw3q
tW+K6YxP3gs59bZGX76YJDJ+y57VRS18purbvObeFxUgJMIzlncKVAfboAMbWN+D
iDAByfUG31C57HLUVIxthaFjNIvw/LMnfrrKI4KCgOzv3LpuDec=
-----END CERTIFICATE-----