Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3230302e3130362e3232382e302f32342d3234203d3e203233333833.roa
File:                     3230302e3130362e3232382e302f32342d3234203d3e203233333833.roa (raw, json)
Hash identifier:          FXYOlk7/Wj6erbWvYg+j5QjBcQODS89KlQiW33ZvXFE=
Subject key identifier:   9D:C0:7F:96:89:09:F5:A1:D0:AB:0A:E5:9A:9A:D6:BE:D7:D6:2E:0C
Certificate issuer:       /CN=9BCCBD68EB22C37B886D81BDFC8BA77CD7312208
Certificate serial:       115A1C57F9B0889CA781513B27B6C9CDA0C6B22F
Authority key identifier: 9B:CC:BD:68:EB:22:C3:7B:88:6D:81:BD:FC:8B:A7:7C:D7:31:22:08
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3230302e3130362e3232382e302f32342d3234203d3e203233333833.roa
Signing time:             Tue 04 Feb 2025 20:02:04 +0000
ROA not before:           Tue 04 Feb 2025 19:57:04 +0000
ROA not after:            Tue 03 Feb 2026 20:02:04 +0000
asID:                     23383
IP address blocks:        200.106.228.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:5a:1c:57:f9:b0:88:9c:a7:81:51:3b:27:b6:c9:cd:a0:c6:b2:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9BCCBD68EB22C37B886D81BDFC8BA77CD7312208
        Validity
            Not Before: Feb  4 19:57:04 2025 GMT
            Not After : Feb  3 20:02:04 2026 GMT
        Subject: CN=9DC07F968909F5A1D0AB0AE59A9AD6BED7D62E0C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:9f:e0:0a:08:5a:f1:52:8f:ca:1c:5d:92:ac:
                    50:8d:57:c8:c2:78:4c:1d:a1:3a:c7:b8:78:4a:f3:
                    ce:76:5a:81:d4:26:0b:27:c2:64:8d:b3:81:7c:49:
                    f6:27:7d:1a:7b:38:00:aa:cf:a4:0c:82:bb:3b:ff:
                    9e:6a:28:91:1c:39:3e:0c:25:a3:18:e6:b3:57:8d:
                    65:1d:35:eb:ba:b0:38:db:c1:5a:92:37:a8:39:5e:
                    84:32:7f:84:ba:aa:70:7a:eb:38:28:2b:c3:aa:e1:
                    60:e3:a2:45:1f:85:b8:00:48:9a:6d:ec:3f:ae:f0:
                    e9:0b:e2:63:ce:0a:d7:15:ea:e0:57:11:05:ac:2e:
                    15:98:cf:93:04:10:d2:1e:f9:fb:59:17:a0:b9:b1:
                    f2:52:8b:38:dd:3d:c6:20:e0:1b:0a:03:55:1e:71:
                    f8:01:ad:de:48:32:9d:8c:2e:13:d3:4f:03:d0:09:
                    b6:da:6f:2a:1d:24:d4:95:66:25:78:53:6c:9f:e8:
                    d3:94:cc:97:75:0b:33:74:fd:54:6d:54:eb:09:c2:
                    cb:85:0e:8a:3c:84:9d:e5:bf:f5:b8:18:4e:6f:db:
                    bb:ee:22:c7:6d:c6:f9:d6:cb:d5:96:aa:bd:d1:5c:
                    63:0c:cf:02:07:c8:cc:99:21:fb:12:40:1f:2a:fc:
                    08:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C0:7F:96:89:09:F5:A1:D0:AB:0A:E5:9A:9A:D6:BE:D7:D6:2E:0C
            X509v3 Authority Key Identifier:
                keyid:9B:CC:BD:68:EB:22:C3:7B:88:6D:81:BD:FC:8B:A7:7C:D7:31:22:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3230302e3130362e3232382e302f32342d3234203d3e203233333833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.106.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:15:1f:5a:f6:31:d6:0f:f5:17:8c:29:e5:4d:68:d8:9b:79:
         3a:eb:7c:51:c3:0d:a2:cf:ee:db:62:8f:d4:24:b8:46:57:20:
         9a:7b:20:55:6c:c8:8b:3c:b0:41:6a:c4:eb:09:26:9f:57:de:
         fa:ea:6f:f4:a7:08:73:02:96:73:66:e3:d8:d4:4b:0b:ac:7f:
         7a:d6:31:2e:8e:ca:53:32:7a:83:f0:6d:dc:47:58:b5:2b:6d:
         1b:fd:05:ae:e0:fe:b9:6a:56:9c:e3:2e:b1:8c:e6:d4:fc:95:
         58:9b:41:11:b2:3e:e4:00:af:e0:38:47:3b:5c:c8:2d:da:26:
         7e:d6:2b:9a:19:70:6f:a8:9d:16:2e:9e:b9:62:f4:3d:9a:b7:
         90:4d:b7:01:18:67:17:5c:2c:03:43:24:a7:c0:3a:29:bf:9d:
         1c:0a:24:aa:53:19:01:6c:65:7e:e9:f2:06:dd:c2:9a:0e:82:
         56:e4:3c:c5:36:9e:8e:63:1f:8e:37:9c:1c:ba:3e:7a:c1:5f:
         75:14:d3:e3:56:65:81:e1:ce:1f:86:32:a3:b1:e9:3f:82:55:
         34:bc:2a:92:6e:6f:3f:83:16:c7:6c:c2:26:94:3b:29:6a:5c:
         4c:75:e9:a5:f8:80:a8:21:14:4a:a7:69:3b:43:e9:be:d5:5b:
         06:04:a6:46
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUEVocV/mwiJyngVE7J7bJzaDGsi8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUJDQ0JENjhFQjIyQzM3Qjg4NkQ4MUJERkM4QkE3N0NE
NzMxMjIwODAeFw0yNTAyMDQxOTU3MDRaFw0yNjAyMDMyMDAyMDRaMDMxMTAvBgNV
BAMTKDlEQzA3Rjk2ODkwOUY1QTFEMEFCMEFFNTlBOUFENkJFRDdENjJFMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzn+AKCFrxUo/KHF2SrFCNV8jC
eEwdoTrHuHhK8852WoHUJgsnwmSNs4F8SfYnfRp7OACqz6QMgrs7/55qKJEcOT4M
JaMY5rNXjWUdNeu6sDjbwVqSN6g5XoQyf4S6qnB66zgoK8Oq4WDjokUfhbgASJpt
7D+u8OkL4mPOCtcV6uBXEQWsLhWYz5MEENIe+ftZF6C5sfJSizjdPcYg4BsKA1Ue
cfgBrd5IMp2MLhPTTwPQCbbabyodJNSVZiV4U2yf6NOUzJd1CzN0/VRtVOsJwsuF
Doo8hJ3lv/W4GE5v27vuIsdtxvnWy9WWqr3RXGMMzwIHyMyZIfsSQB8q/AhHAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUncB/lokJ9aHQqwrlmprWvtfWLgwwHwYDVR0j
BBgwFoAUm8y9aOsiw3uIbYG9/IunfNcxIggwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zQTVGMkY4N0QxMTc4NkZCM0ZDQURBQTA0MzQzMUVCMDEz
Q0RCQUQwMDI0N0VEQjdBNjUwMkJGRkQ4QjRDQzI0LzAvOUJDQ0JENjhFQjIyQzM3
Qjg4NkQ4MUJERkM4QkE3N0NENzMxMjIwOC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85QkNDQkQ2OEVCMjJDMzdCODg2
RDgxQkRGQzhCQTc3Q0Q3MzEyMjA4LmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvM0E1RjJGODdEMTE3ODZGQjNGQ0FEQUEwNDM0MzFFQjAxM0NEQkFEMDAy
NDdFREI3QTY1MDJCRkZEOEI0Q0MyNC8wLzMyMzAzMDJlMzEzMDM2MmUzMjMyMzgy
ZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjMzMzMzODMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyGrk
MA0GCSqGSIb3DQEBCwUAA4IBAQB2FR9a9jHWD/UXjCnlTWjYm3k663xRww2iz+7b
Yo/UJLhGVyCaeyBVbMiLPLBBasTrCSafV9766m/0pwhzApZzZuPY1EsLrH961jEu
jspTMnqD8G3cR1i1K20b/QWu4P65alac4y6xjObU/JVYm0ERsj7kAK/gOEc7XMgt
2iZ+1iuaGXBvqJ0WLp65YvQ9mreQTbcBGGcXXCwDQySnwDopv50cCiSqUxkBbGV+
6fIG3cKaDoJW5DzFNp6OYx+ON5wcuj56wV91FNPjVmWB4c4fhjKjsek/glU0vCqS
bm8/gxbHbMImlDspalxMdeml+ICoIRRKp2k7Q+m+1VsGBKZG
-----END CERTIFICATE-----