Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3139302e39392e34382e302f32302d3234203d3e203237373733.roa
File:                     3139302e39392e34382e302f32302d3234203d3e203237373733.roa (raw, json)
Hash identifier:          bIdSA7esufIFZhpWjftGL8AG7lLLo8fNVH1h44hjiV4=
Subject key identifier:   43:BF:0F:7F:D4:4B:27:63:4F:FF:BC:CF:B9:38:52:86:68:34:7D:CC
Certificate issuer:       /CN=9BCCBD68EB22C37B886D81BDFC8BA77CD7312208
Certificate serial:       1A01E9D0DC67C1E16769D9DEB7AE394A80CCDD93
Authority key identifier: 9B:CC:BD:68:EB:22:C3:7B:88:6D:81:BD:FC:8B:A7:7C:D7:31:22:08
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3139302e39392e34382e302f32302d3234203d3e203237373733.roa
Signing time:             Tue 04 Feb 2025 20:02:23 +0000
ROA not before:           Tue 04 Feb 2025 19:57:23 +0000
ROA not after:            Tue 03 Feb 2026 20:02:23 +0000
asID:                     27773
IP address blocks:        190.99.48.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:01:e9:d0:dc:67:c1:e1:67:69:d9:de:b7:ae:39:4a:80:cc:dd:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9BCCBD68EB22C37B886D81BDFC8BA77CD7312208
        Validity
            Not Before: Feb  4 19:57:23 2025 GMT
            Not After : Feb  3 20:02:23 2026 GMT
        Subject: CN=43BF0F7FD44B27634FFFBCCFB938528668347DCC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4c:b3:77:d8:ef:9c:18:95:0f:58:ca:bf:d6:
                    3c:d6:37:07:93:2d:fd:54:1c:4b:09:ea:9f:3f:58:
                    72:69:4f:89:29:08:20:5d:10:4d:a0:a4:4c:93:e8:
                    e6:16:c2:ef:90:26:72:06:43:75:3c:f8:4c:24:72:
                    ed:0f:2a:60:34:c7:72:e8:d6:ee:a2:a7:fd:e5:01:
                    ff:7b:07:a4:85:a6:d9:f9:f3:36:81:6b:a9:7f:15:
                    41:d6:c1:4e:39:ee:02:70:5b:fe:99:7f:a3:a4:66:
                    85:9b:3b:d6:90:75:f1:3a:0d:f5:ac:8d:f0:d3:7c:
                    ce:54:9c:30:c0:b7:2f:b5:b0:34:a0:aa:03:24:e3:
                    3f:d2:ee:0b:02:6d:0f:af:1e:bc:81:0b:0e:79:c0:
                    cf:6b:88:ce:87:b1:f5:28:a3:94:b0:52:8c:ed:e8:
                    cd:37:0b:0d:ed:fb:6b:03:6f:6c:5f:e4:80:f4:ea:
                    ab:00:9a:0c:fb:45:78:50:af:d7:02:cd:ab:49:04:
                    36:63:9b:0e:4c:e6:03:52:4f:75:9a:0b:9b:ed:9c:
                    2a:a3:16:2b:1e:d4:f0:85:80:51:0a:da:d9:71:e4:
                    e6:18:f9:4e:76:80:c5:00:b4:3b:7b:27:e7:00:5d:
                    98:43:a1:4f:fd:7a:94:db:9e:ea:46:6c:c0:2f:59:
                    c4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:BF:0F:7F:D4:4B:27:63:4F:FF:BC:CF:B9:38:52:86:68:34:7D:CC
            X509v3 Authority Key Identifier:
                keyid:9B:CC:BD:68:EB:22:C3:7B:88:6D:81:BD:FC:8B:A7:7C:D7:31:22:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3139302e39392e34382e302f32302d3234203d3e203237373733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.99.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5e:0f:c5:45:25:ec:8d:f2:da:57:42:d7:1b:ee:1c:1d:82:80:
         ae:f2:5f:ad:7d:b0:6c:d0:aa:4f:fc:08:86:1a:25:89:9e:c0:
         35:9b:1c:7e:58:a0:64:f6:1a:44:de:48:e9:18:7a:6d:8c:28:
         2d:70:b2:36:1e:62:fa:cc:bd:c5:69:ca:b2:29:d2:cc:bb:09:
         bf:43:14:d3:01:c0:e1:10:f0:98:da:13:b2:5d:81:b9:2f:d1:
         85:76:b3:cc:ec:bf:3e:9f:b9:c9:32:49:94:d8:69:da:8e:0c:
         ed:40:a6:43:09:2d:a4:ad:fa:34:89:3f:f0:d9:2a:6c:b2:61:
         f0:e5:b1:5d:38:9f:44:f0:00:f6:80:fa:b9:17:f3:0a:14:0a:
         db:c9:89:c3:3a:bc:2b:b2:dc:64:c5:7a:50:0a:83:19:dc:67:
         67:9f:af:1e:99:95:a9:eb:73:d3:d6:6a:e5:d7:fd:e5:31:6f:
         34:8d:aa:9b:b9:84:88:56:05:c0:ff:29:32:7b:d7:75:bf:84:
         21:ba:fd:dc:49:41:45:cb:f0:c0:c0:4d:4f:56:6c:6f:9b:74:
         fd:ed:d8:1b:75:85:38:3e:19:2e:de:26:41:1c:52:0e:b4:fb:
         c4:12:ba:2a:2b:2d:a0:ba:1d:52:93:cc:e3:ce:ec:bf:35:c0:
         6b:4b:38:59
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUGgHp0NxnweFnadnet645SoDM3ZMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUJDQ0JENjhFQjIyQzM3Qjg4NkQ4MUJERkM4QkE3N0NE
NzMxMjIwODAeFw0yNTAyMDQxOTU3MjNaFw0yNjAyMDMyMDAyMjNaMDMxMTAvBgNV
BAMTKDQzQkYwRjdGRDQ0QjI3NjM0RkZGQkNDRkI5Mzg1Mjg2NjgzNDdEQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzTLN32O+cGJUPWMq/1jzWNweT
Lf1UHEsJ6p8/WHJpT4kpCCBdEE2gpEyT6OYWwu+QJnIGQ3U8+Ewkcu0PKmA0x3Lo
1u6ip/3lAf97B6SFptn58zaBa6l/FUHWwU457gJwW/6Zf6OkZoWbO9aQdfE6DfWs
jfDTfM5UnDDAty+1sDSgqgMk4z/S7gsCbQ+vHryBCw55wM9riM6HsfUoo5SwUozt
6M03Cw3t+2sDb2xf5ID06qsAmgz7RXhQr9cCzatJBDZjmw5M5gNST3WaC5vtnCqj
Fise1PCFgFEK2tlx5OYY+U52gMUAtDt7J+cAXZhDoU/9epTbnupGbMAvWcQBAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUQ78Pf9RLJ2NP/7zPuThShmg0fcwwHwYDVR0j
BBgwFoAUm8y9aOsiw3uIbYG9/IunfNcxIggwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zQTVGMkY4N0QxMTc4NkZCM0ZDQURBQTA0MzQzMUVCMDEz
Q0RCQUQwMDI0N0VEQjdBNjUwMkJGRkQ4QjRDQzI0LzAvOUJDQ0JENjhFQjIyQzM3
Qjg4NkQ4MUJERkM4QkE3N0NENzMxMjIwOC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85QkNDQkQ2OEVCMjJDMzdCODg2
RDgxQkRGQzhCQTc3Q0Q3MzEyMjA4LmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvM0E1RjJGODdEMTE3ODZGQjNGQ0FEQUEwNDM0MzFFQjAxM0NEQkFEMDAy
NDdFREI3QTY1MDJCRkZEOEI0Q0MyNC8wLzMxMzkzMDJlMzkzOTJlMzQzODJlMzAy
ZjMyMzAyZDMyMzQyMDNkM2UyMDMyMzczNzM3MzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAS+YzAwDQYJ
KoZIhvcNAQELBQADggEBAF4PxUUl7I3y2ldC1xvuHB2CgK7yX619sGzQqk/8CIYa
JYmewDWbHH5YoGT2GkTeSOkYem2MKC1wsjYeYvrMvcVpyrIp0sy7Cb9DFNMBwOEQ
8JjaE7Jdgbkv0YV2s8zsvz6fuckySZTYadqODO1ApkMJLaSt+jSJP/DZKmyyYfDl
sV04n0TwAPaA+rkX8woUCtvJicM6vCuy3GTFelAKgxncZ2efrx6Zlanrc9PWauXX
/eUxbzSNqpu5hIhWBcD/KTJ713W/hCG6/dxJQUXL8MDATU9WbG+bdP3t2Bt1hTg+
GS7eJkEcUg60+8QSuiorLaC6HVKTzOPO7L81wGtLOFk=
-----END CERTIFICATE-----