Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/3A8D32DDEB4727A34D781E42F81E3084692E9A32CA02C6C52A5BA410CE190F4B/0/3139302e3138352e3139362e302f32332d3234203d3e20323635363833.roa
File:                     3139302e3138352e3139362e302f32332d3234203d3e20323635363833.roa (raw, json)
Hash identifier:          Z4jdGdV31JBKDzuY14mMU8oosgfj6vAUUIE5eNrcv80=
Subject key identifier:   D5:FB:2B:B9:88:09:29:B0:DC:8C:07:32:74:0A:7D:7B:07:9B:43:B6
Certificate issuer:       /CN=F1C35B9CF45BDDABE829A9F78BC24DC58AFD7ECA
Certificate serial:       5870571EA12C0C58C80E991B893413717A394FDC
Authority key identifier: F1:C3:5B:9C:F4:5B:DD:AB:E8:29:A9:F7:8B:C2:4D:C5:8A:FD:7E:CA
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/F1C35B9CF45BDDABE829A9F78BC24DC58AFD7ECA.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/3A8D32DDEB4727A34D781E42F81E3084692E9A32CA02C6C52A5BA410CE190F4B/0/3139302e3138352e3139362e302f32332d3234203d3e20323635363833.roa
Signing time:             Tue 04 Feb 2025 18:30:32 +0000
ROA not before:           Tue 04 Feb 2025 18:25:32 +0000
ROA not after:            Tue 03 Feb 2026 18:30:32 +0000
asID:                     265683
IP address blocks:        190.185.196.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:70:57:1e:a1:2c:0c:58:c8:0e:99:1b:89:34:13:71:7a:39:4f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F1C35B9CF45BDDABE829A9F78BC24DC58AFD7ECA
        Validity
            Not Before: Feb  4 18:25:32 2025 GMT
            Not After : Feb  3 18:30:32 2026 GMT
        Subject: CN=D5FB2BB9880929B0DC8C0732740A7D7B079B43B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:04:5b:5c:fa:a1:ba:3a:bb:38:59:45:98:0a:
                    d7:75:9d:24:fc:57:21:ba:9f:5d:64:3c:e7:b9:78:
                    35:c0:eb:b0:98:d4:e0:1e:f0:ea:4f:94:d0:44:03:
                    f8:01:bc:1d:2b:a9:79:2f:88:cb:48:90:9b:81:50:
                    c9:db:c4:0f:c5:d6:24:a4:2b:ab:76:84:e1:0e:54:
                    56:34:8e:0c:70:e4:87:1c:39:cc:8f:ef:0a:38:23:
                    7a:4f:34:04:82:d8:63:48:85:22:b6:7f:b2:85:70:
                    56:65:85:0f:ab:a8:ad:0f:05:7a:b9:a3:0e:13:a2:
                    f6:34:87:15:ca:db:4d:46:3e:7e:3f:b3:c4:b9:4e:
                    19:d4:70:11:f7:5f:f0:46:96:07:1c:6c:b6:fc:06:
                    d1:9a:86:44:e6:46:43:f5:ef:ad:54:dd:e5:97:cf:
                    ec:60:24:9a:11:1a:fd:44:76:ac:0c:53:75:aa:a5:
                    d7:30:97:35:65:fa:d5:32:0c:8e:e4:b4:09:63:40:
                    d8:36:40:23:c4:42:87:7c:27:ff:4b:b4:f7:53:9b:
                    d3:68:b8:ed:a1:8a:2d:c6:78:38:f5:bb:1d:3f:0b:
                    0c:25:77:52:80:65:2a:e5:59:77:21:82:79:c3:d5:
                    8c:ad:66:d2:1c:27:08:60:9d:6a:ed:35:b7:bf:49:
                    dc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:FB:2B:B9:88:09:29:B0:DC:8C:07:32:74:0A:7D:7B:07:9B:43:B6
            X509v3 Authority Key Identifier:
                keyid:F1:C3:5B:9C:F4:5B:DD:AB:E8:29:A9:F7:8B:C2:4D:C5:8A:FD:7E:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/3A8D32DDEB4727A34D781E42F81E3084692E9A32CA02C6C52A5BA410CE190F4B/0/F1C35B9CF45BDDABE829A9F78BC24DC58AFD7ECA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/F1C35B9CF45BDDABE829A9F78BC24DC58AFD7ECA.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/3A8D32DDEB4727A34D781E42F81E3084692E9A32CA02C6C52A5BA410CE190F4B/0/3139302e3138352e3139362e302f32332d3234203d3e20323635363833.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.185.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:d2:f2:07:85:27:ef:ee:69:ae:1b:2f:cb:0c:f3:59:82:e8:
         d6:1b:0c:38:4e:4c:39:e1:1e:42:3f:33:a5:a7:8e:89:40:53:
         e9:19:0b:ba:c1:64:1e:a1:32:38:41:2b:9b:ce:68:4b:86:8c:
         72:60:c9:47:86:fc:e8:b1:96:69:67:12:43:1a:af:c0:ad:84:
         44:c4:2d:94:1b:c9:1c:eb:1a:48:e6:3a:b8:20:15:6b:f0:7e:
         4a:40:e2:cb:5c:97:53:aa:3a:79:32:91:07:75:63:59:5e:bb:
         8b:0d:bc:bd:58:2f:a9:84:db:3d:5e:c8:e6:f1:7f:4c:82:02:
         82:71:e3:91:09:a7:ac:20:8c:f6:13:89:51:2f:63:6a:c6:2b:
         ac:f3:24:d2:51:71:7f:ff:41:eb:bd:2c:29:8e:d5:e6:0f:d6:
         dc:df:6f:26:f1:22:00:70:49:7b:59:64:a4:da:59:14:12:f3:
         89:41:c9:1f:4c:ea:f1:fd:22:12:82:c7:c0:01:a7:e8:2e:d5:
         00:f8:b3:5c:7a:ef:79:23:20:9c:9d:c3:08:c9:65:e2:52:04:
         1b:38:88:ec:86:ba:91:e6:a9:52:13:14:b7:26:12:24:0e:11:
         f3:b6:0e:19:99:fd:cd:41:97:34:40:76:4f:60:4a:b6:5a:33:
         1e:e2:c3:6b
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIUWHBXHqEsDFjIDpkbiTQTcXo5T9wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRjFDMzVCOUNGNDVCRERBQkU4MjlBOUY3OEJDMjREQzU4
QUZEN0VDQTAeFw0yNTAyMDQxODI1MzJaFw0yNjAyMDMxODMwMzJaMDMxMTAvBgNV
BAMTKEQ1RkIyQkI5ODgwOTI5QjBEQzhDMDczMjc0MEE3RDdCMDc5QjQzQjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEBFtc+qG6Ors4WUWYCtd1nST8
VyG6n11kPOe5eDXA67CY1OAe8OpPlNBEA/gBvB0rqXkviMtIkJuBUMnbxA/F1iSk
K6t2hOEOVFY0jgxw5IccOcyP7wo4I3pPNASC2GNIhSK2f7KFcFZlhQ+rqK0PBXq5
ow4TovY0hxXK201GPn4/s8S5ThnUcBH3X/BGlgccbLb8BtGahkTmRkP1761U3eWX
z+xgJJoRGv1EdqwMU3WqpdcwlzVl+tUyDI7ktAljQNg2QCPEQod8J/9LtPdTm9No
uO2hii3GeDj1ux0/Cwwld1KAZSrlWXchgnnD1YytZtIcJwhgnWrtNbe/SdwlAgMB
AAGjggLMMIICyDAdBgNVHQ4EFgQU1fsruYgJKbDcjAcydAp9ewebQ7YwHwYDVR0j
BBgwFoAU8cNbnPRb3avoKan3i8JNxYr9fsowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zQThEMzJEREVCNDcyN0EzNEQ3ODFFNDJGODFFMzA4NDY5
MkU5QTMyQ0EwMkM2QzUyQTVCQTQxMENFMTkwRjRCLzAvRjFDMzVCOUNGNDVCRERB
QkU4MjlBOUY3OEJDMjREQzU4QUZEN0VDQS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9GMUMzNUI5Q0Y0NUJEREFCRTgy
OUE5Rjc4QkMyNERDNThBRkQ3RUNBLmNlcjCBywYIKwYBBQUHAQsEgb4wgbswgbgG
CCsGAQUFBzALhoGrcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvM0E4RDMyRERFQjQ3MjdBMzRENzgxRTQyRjgxRTMwODQ2OTJFOUEzMkNB
MDJDNkM1MkE1QkE0MTBDRTE5MEY0Qi8wLzMxMzkzMDJlMzEzODM1MmUzMTM5MzYy
ZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzMjM2MzUzNjM4MzMucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAG+
ucQwDQYJKoZIhvcNAQELBQADggEBAELS8geFJ+/uaa4bL8sM81mC6NYbDDhOTDnh
HkI/M6WnjolAU+kZC7rBZB6hMjhBK5vOaEuGjHJgyUeG/OixlmlnEkMar8CthETE
LZQbyRzrGkjmOrggFWvwfkpA4stcl1OqOnkykQd1Y1leu4sNvL1YL6mE2z1eyObx
f0yCAoJx45EJp6wgjPYTiVEvY2rGK6zzJNJRcX//Qeu9LCmO1eYP1tzfbybxIgBw
SXtZZKTaWRQS84lByR9M6vH9IhKCx8ABp+gu1QD4s1x673kjIJydwwjJZeJSBBs4
iOyGupHmqVITFLcmEiQOEfO2DhmZ/c1BlzRAdk9gSrZaMx7iw2s=
-----END CERTIFICATE-----