Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3138362e33322e36382e302f32322d3234203d3e203237373733.roa
File:                     3138362e33322e36382e302f32322d3234203d3e203237373733.roa (raw, json)
Hash identifier:          OSx6lDw3827yIAXw7qojKTUdOCd/E0Yk3d1CJw1T7go=
Subject key identifier:   57:8E:74:01:56:46:5D:EC:54:6C:7B:96:A6:96:96:35:F3:FB:93:FA
Certificate issuer:       /CN=9BCCBD68EB22C37B886D81BDFC8BA77CD7312208
Certificate serial:       13B67C054C2D546CD2764E148ABF4CB591953ED4
Authority key identifier: 9B:CC:BD:68:EB:22:C3:7B:88:6D:81:BD:FC:8B:A7:7C:D7:31:22:08
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3138362e33322e36382e302f32322d3234203d3e203237373733.roa
Signing time:             Tue 04 Feb 2025 20:02:02 +0000
ROA not before:           Tue 04 Feb 2025 19:57:02 +0000
ROA not after:            Tue 03 Feb 2026 20:02:02 +0000
asID:                     27773
IP address blocks:        186.32.68.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:b6:7c:05:4c:2d:54:6c:d2:76:4e:14:8a:bf:4c:b5:91:95:3e:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9BCCBD68EB22C37B886D81BDFC8BA77CD7312208
        Validity
            Not Before: Feb  4 19:57:02 2025 GMT
            Not After : Feb  3 20:02:02 2026 GMT
        Subject: CN=578E740156465DEC546C7B96A6969635F3FB93FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5a:ec:bf:08:56:de:e2:46:f3:01:f9:6d:7f:
                    a8:e7:28:df:15:bd:bd:01:7a:c6:8d:06:97:9e:39:
                    66:e3:4b:32:6f:c4:fd:61:83:09:46:cb:75:c1:f4:
                    be:42:ba:0b:e1:4a:50:d6:a5:63:2f:f8:31:b5:1f:
                    75:56:01:0c:67:21:0f:84:39:0f:ba:21:be:9a:fb:
                    b5:87:a6:b6:77:24:71:3b:2f:67:fc:32:dc:3a:c3:
                    e5:f1:f3:56:3a:a4:b3:39:dc:0d:44:f6:0a:4b:98:
                    9d:a4:fa:81:22:cd:cb:90:04:0f:81:e9:3b:5d:9d:
                    fd:d7:13:44:a3:a2:29:af:73:11:8f:81:f5:aa:72:
                    b4:3a:2e:94:7e:19:0d:8a:2c:f3:24:c6:45:6d:24:
                    f0:57:a8:f6:ac:a3:0d:f0:40:84:25:8b:6b:f4:db:
                    38:bc:e7:4f:19:39:26:ba:0f:ba:e4:b4:15:e3:47:
                    a9:65:90:33:b2:0d:7e:3a:11:c2:dc:ba:1a:3a:9f:
                    ed:b9:25:92:01:53:d9:31:b1:8e:c4:15:76:79:19:
                    f6:5d:81:f1:29:e4:a1:8e:ca:5a:ef:4b:cd:9b:23:
                    e1:89:a4:f8:b7:ba:e1:69:b2:a6:f6:a2:21:5b:fb:
                    d0:f8:d9:b7:e5:fd:ad:0c:69:54:34:e7:93:7a:9c:
                    34:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:8E:74:01:56:46:5D:EC:54:6C:7B:96:A6:96:96:35:F3:FB:93:FA
            X509v3 Authority Key Identifier:
                keyid:9B:CC:BD:68:EB:22:C3:7B:88:6D:81:BD:FC:8B:A7:7C:D7:31:22:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3138362e33322e36382e302f32322d3234203d3e203237373733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  186.32.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:ce:18:f6:60:72:44:53:ed:17:c3:1e:2a:47:23:5b:b5:10:
         6b:db:d0:63:07:bd:79:a2:51:37:53:12:37:ed:17:57:98:d2:
         41:f6:86:0f:53:e3:31:a1:85:cd:55:9d:7d:d0:f5:61:4f:8f:
         bb:52:32:15:96:00:7f:0a:07:29:08:ff:aa:75:fe:c2:bb:c0:
         ca:79:08:4d:24:d0:e8:0d:ac:0c:56:46:4a:0d:a6:c3:f5:7f:
         59:08:d7:c0:a3:ae:bd:0a:d6:53:9b:5b:cd:7a:41:12:cd:62:
         19:b1:32:af:6d:0e:ad:c6:13:53:a5:d5:1d:ef:fa:ec:ea:9a:
         cf:48:18:a0:da:6a:22:aa:4c:a4:88:58:03:93:f9:5b:a0:40:
         f7:46:35:f4:d4:16:02:52:63:ee:88:2b:6f:97:84:e8:31:e8:
         e8:69:8f:9f:26:87:9a:6e:6d:c1:f3:16:88:fb:0c:52:e6:c8:
         fd:3e:aa:22:79:67:21:5e:f9:53:d5:13:e6:7c:38:8f:a5:f5:
         47:5a:36:e4:60:3a:48:9b:dc:a1:f6:a0:46:57:52:2b:55:97:
         d1:e0:9c:39:37:fc:1f:4d:33:58:90:dc:92:af:7e:d4:87:23:
         5a:00:e9:2d:c2:f8:ad:24:3a:67:c8:0a:f8:63:f3:36:da:f4:
         2c:ad:94:3a
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUE7Z8BUwtVGzSdk4Uir9MtZGVPtQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUJDQ0JENjhFQjIyQzM3Qjg4NkQ4MUJERkM4QkE3N0NE
NzMxMjIwODAeFw0yNTAyMDQxOTU3MDJaFw0yNjAyMDMyMDAyMDJaMDMxMTAvBgNV
BAMTKDU3OEU3NDAxNTY0NjVERUM1NDZDN0I5NkE2OTY5NjM1RjNGQjkzRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEWuy/CFbe4kbzAfltf6jnKN8V
vb0BesaNBpeeOWbjSzJvxP1hgwlGy3XB9L5CugvhSlDWpWMv+DG1H3VWAQxnIQ+E
OQ+6Ib6a+7WHprZ3JHE7L2f8Mtw6w+Xx81Y6pLM53A1E9gpLmJ2k+oEizcuQBA+B
6Ttdnf3XE0SjoimvcxGPgfWqcrQ6LpR+GQ2KLPMkxkVtJPBXqPasow3wQIQli2v0
2zi8508ZOSa6D7rktBXjR6llkDOyDX46EcLcuho6n+25JZIBU9kxsY7EFXZ5GfZd
gfEp5KGOylrvS82bI+GJpPi3uuFpsqb2oiFb+9D42bfl/a0MaVQ055N6nDSHAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUV450AVZGXexUbHuWppaWNfP7k/owHwYDVR0j
BBgwFoAUm8y9aOsiw3uIbYG9/IunfNcxIggwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zQTVGMkY4N0QxMTc4NkZCM0ZDQURBQTA0MzQzMUVCMDEz
Q0RCQUQwMDI0N0VEQjdBNjUwMkJGRkQ4QjRDQzI0LzAvOUJDQ0JENjhFQjIyQzM3
Qjg4NkQ4MUJERkM4QkE3N0NENzMxMjIwOC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85QkNDQkQ2OEVCMjJDMzdCODg2
RDgxQkRGQzhCQTc3Q0Q3MzEyMjA4LmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvM0E1RjJGODdEMTE3ODZGQjNGQ0FEQUEwNDM0MzFFQjAxM0NEQkFEMDAy
NDdFREI3QTY1MDJCRkZEOEI0Q0MyNC8wLzMxMzgzNjJlMzMzMjJlMzYzODJlMzAy
ZjMyMzIyZDMyMzQyMDNkM2UyMDMyMzczNzM3MzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK6IEQwDQYJ
KoZIhvcNAQELBQADggEBAIjOGPZgckRT7RfDHipHI1u1EGvb0GMHvXmiUTdTEjft
F1eY0kH2hg9T4zGhhc1VnX3Q9WFPj7tSMhWWAH8KBykI/6p1/sK7wMp5CE0k0OgN
rAxWRkoNpsP1f1kI18Cjrr0K1lObW816QRLNYhmxMq9tDq3GE1Ol1R3v+uzqms9I
GKDaaiKqTKSIWAOT+VugQPdGNfTUFgJSY+6IK2+XhOgx6Ohpj58mh5pubcHzFoj7
DFLmyP0+qiJ5ZyFe+VPVE+Z8OI+l9UdaNuRgOkib3KH2oEZXUitVl9HgnDk3/B9N
M1iQ3JKvftSHI1oA6S3C+K0kOmfICvhj8zba9CytlDo=
-----END CERTIFICATE-----