Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3230302e31332e3136382e302f32322d3234203d3e203237373733.roa
File:                     3230302e31332e3136382e302f32322d3234203d3e203237373733.roa (raw, json)
Hash identifier:          S216qoWlosrBitz4gtKUS/mfHcGTcWEK/yFrWPAeV5k=
Subject key identifier:   D0:6F:40:5C:02:B3:4A:EB:3A:2C:93:6E:26:44:A9:54:6E:13:11:E8
Certificate issuer:       /CN=9BCCBD68EB22C37B886D81BDFC8BA77CD7312208
Certificate serial:       22E43E0336E0CE7BD87A8623AAF430708EAFAD6F
Authority key identifier: 9B:CC:BD:68:EB:22:C3:7B:88:6D:81:BD:FC:8B:A7:7C:D7:31:22:08
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3230302e31332e3136382e302f32322d3234203d3e203237373733.roa
Signing time:             Tue 04 Feb 2025 20:02:19 +0000
ROA not before:           Tue 04 Feb 2025 19:57:19 +0000
ROA not after:            Tue 03 Feb 2026 20:02:19 +0000
asID:                     27773
IP address blocks:        200.13.168.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:e4:3e:03:36:e0:ce:7b:d8:7a:86:23:aa:f4:30:70:8e:af:ad:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9BCCBD68EB22C37B886D81BDFC8BA77CD7312208
        Validity
            Not Before: Feb  4 19:57:19 2025 GMT
            Not After : Feb  3 20:02:19 2026 GMT
        Subject: CN=D06F405C02B34AEB3A2C936E2644A9546E1311E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:38:49:28:3f:29:b1:36:ca:45:95:80:49:db:
                    26:77:97:f6:5c:4d:21:ef:b2:09:86:37:f5:d4:f2:
                    16:b5:d6:e0:f3:33:af:e1:59:dc:27:ba:39:4d:1b:
                    9e:d1:6b:41:bd:0d:0d:0f:48:84:c7:d8:a3:62:95:
                    c3:9e:b3:ff:33:80:e4:89:b2:42:d9:c2:d6:18:36:
                    9d:16:54:c2:8b:bc:0c:17:70:65:dd:92:12:81:13:
                    04:8c:4f:68:87:aa:f5:f8:2a:f6:5a:c2:40:b6:0d:
                    c8:ca:01:9c:50:0b:c3:6a:93:67:f2:da:7b:97:af:
                    04:6f:98:2f:18:75:9b:41:d9:f7:27:87:56:fc:be:
                    a2:84:ea:36:31:4c:a6:e4:5c:01:ac:8d:77:a2:7f:
                    69:cf:67:33:ac:81:c4:e9:1e:c5:43:1d:de:e2:31:
                    4e:ad:d5:a4:a3:c3:22:0b:bd:21:c8:97:8a:08:34:
                    cd:6f:09:21:0c:c2:7c:f6:64:c2:09:f3:49:4d:39:
                    37:a8:5f:d7:14:8a:47:74:70:ae:3e:15:01:35:2e:
                    f5:eb:27:d6:ff:3d:19:5e:0f:de:2c:e2:c8:35:5b:
                    dd:f6:af:bb:1f:61:49:6d:05:28:ef:44:e3:5c:ea:
                    5d:4c:43:d5:25:e4:91:d6:e7:8c:dd:b1:ea:7c:00:
                    6f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:6F:40:5C:02:B3:4A:EB:3A:2C:93:6E:26:44:A9:54:6E:13:11:E8
            X509v3 Authority Key Identifier:
                keyid:9B:CC:BD:68:EB:22:C3:7B:88:6D:81:BD:FC:8B:A7:7C:D7:31:22:08

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9BCCBD68EB22C37B886D81BDFC8BA77CD7312208.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/3A5F2F87D11786FB3FCADAA043431EB013CDBAD00247EDB7A6502BFFD8B4CC24/0/3230302e31332e3136382e302f32322d3234203d3e203237373733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.13.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:d7:33:6a:26:ff:0f:6e:60:ba:5a:ff:59:56:72:8b:73:85:
         8f:1b:d0:f0:32:81:53:e1:5e:02:a6:6e:d7:14:9d:b7:13:8a:
         7f:ed:d1:ab:73:fd:fe:4b:ce:41:44:51:05:ac:ce:c5:52:bf:
         00:35:44:92:c8:4f:90:50:9b:2a:36:2b:18:f2:2d:6a:9a:1a:
         63:3e:15:2f:51:c4:e8:7b:52:1e:ea:9a:af:1f:6d:97:0e:13:
         61:1c:64:e8:bc:21:b1:12:1f:a9:13:67:19:5c:8d:e7:da:1d:
         2c:70:c8:2f:44:e1:62:1d:e5:ba:3e:72:99:bd:e9:c0:03:71:
         03:d9:d7:08:ac:8f:3e:07:53:07:8f:4b:f5:15:9f:2e:0a:3b:
         a9:39:1a:d7:b3:0d:31:26:e0:6e:bc:c4:71:59:22:27:5b:2c:
         70:aa:58:55:56:a6:1c:34:2d:47:81:0b:dd:1a:40:8a:5b:16:
         ab:c9:84:ae:78:82:51:3c:f5:a4:9f:3f:1e:01:62:ca:15:52:
         28:8b:bd:91:ee:ca:a3:9c:da:4e:ba:bd:5e:16:0d:f9:53:f4:
         2b:74:46:12:9a:b7:02:5c:86:4b:ee:94:0e:a9:3d:c2:46:74:
         6a:44:a5:df:e4:cf:e8:41:90:a5:5d:35:aa:35:0a:ea:f2:9a:
         23:05:88:4f
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUIuQ+AzbgznvYeoYjqvQwcI6vrW8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOUJDQ0JENjhFQjIyQzM3Qjg4NkQ4MUJERkM4QkE3N0NE
NzMxMjIwODAeFw0yNTAyMDQxOTU3MTlaFw0yNjAyMDMyMDAyMTlaMDMxMTAvBgNV
BAMTKEQwNkY0MDVDMDJCMzRBRUIzQTJDOTM2RTI2NDRBOTU0NkUxMzExRTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPOEkoPymxNspFlYBJ2yZ3l/Zc
TSHvsgmGN/XU8ha11uDzM6/hWdwnujlNG57Ra0G9DQ0PSITH2KNilcOes/8zgOSJ
skLZwtYYNp0WVMKLvAwXcGXdkhKBEwSMT2iHqvX4KvZawkC2DcjKAZxQC8Nqk2fy
2nuXrwRvmC8YdZtB2fcnh1b8vqKE6jYxTKbkXAGsjXeif2nPZzOsgcTpHsVDHd7i
MU6t1aSjwyILvSHIl4oINM1vCSEMwnz2ZMIJ80lNOTeoX9cUikd0cK4+FQE1LvXr
J9b/PRleD94s4sg1W932r7sfYUltBSjvRONc6l1MQ9Ul5JHW54zdsep8AG9ZAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQU0G9AXAKzSus6LJNuJkSpVG4TEegwHwYDVR0j
BBgwFoAUm8y9aOsiw3uIbYG9/IunfNcxIggwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zQTVGMkY4N0QxMTc4NkZCM0ZDQURBQTA0MzQzMUVCMDEz
Q0RCQUQwMDI0N0VEQjdBNjUwMkJGRkQ4QjRDQzI0LzAvOUJDQ0JENjhFQjIyQzM3
Qjg4NkQ4MUJERkM4QkE3N0NENzMxMjIwOC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85QkNDQkQ2OEVCMjJDMzdCODg2
RDgxQkRGQzhCQTc3Q0Q3MzEyMjA4LmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvM0E1RjJGODdEMTE3ODZGQjNGQ0FEQUEwNDM0MzFFQjAxM0NEQkFEMDAy
NDdFREI3QTY1MDJCRkZEOEI0Q0MyNC8wLzMyMzAzMDJlMzEzMzJlMzEzNjM4MmUz
MDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzNzM3MzczMy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsgNqDAN
BgkqhkiG9w0BAQsFAAOCAQEAB9czaib/D25gulr/WVZyi3OFjxvQ8DKBU+FeAqZu
1xSdtxOKf+3Rq3P9/kvOQURRBazOxVK/ADVEkshPkFCbKjYrGPItapoaYz4VL1HE
6HtSHuqarx9tlw4TYRxk6LwhsRIfqRNnGVyN59odLHDIL0ThYh3luj5ymb3pwANx
A9nXCKyPPgdTB49L9RWfLgo7qTka17MNMSbgbrzEcVkiJ1sscKpYVVamHDQtR4EL
3RpAilsWq8mErniCUTz1pJ8/HgFiyhVSKIu9ke7Ko5zaTrq9XhYN+VP0K3RGEpq3
AlyGS+6UDqk9wkZ0akSl3+TP6EGQpV01qjUK6vKaIwWITw==
-----END CERTIFICATE-----