Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/3c234cf8-7fc4-463c-92b0-3a9015cfcb0c/85655b51d80736a2500e914d618adb4ac11f7d42.roa
File:                     85655b51d80736a2500e914d618adb4ac11f7d42.roa (raw, json)
Hash identifier:          RbuAzCJPSb7Ht0NFLrGfQeXA+Cps9aLMiBPxNwQEL1I=
Subject key identifier:   D1:B7:E0:F6:94:93:47:DA:6A:81:65:77:8F:1E:1C:8C:43:25:81:D4
Certificate issuer:       /CN=ef788f83ad12f7488de1d2fc19482e9274b780f6
Certificate serial:       26F7A4
Authority key identifier: 8B:E8:87:5F:E4:12:90:64:23:50:28:2A:14:DB:8C:0A:9F:3A:20:6A
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ef788f83ad12f7488de1d2fc19482e9274b780f6.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/3c234cf8-7fc4-463c-92b0-3a9015cfcb0c/85655b51d80736a2500e914d618adb4ac11f7d42.roa
Signing time:             Mon 22 Jan 2024 14:40:47 +0000
ROA not before:           Mon 22 Jan 2024 14:40:47 +0000
ROA not after:            Thu 22 Jan 2026 14:40:47 +0000
asID:                     264750
IP address blocks:        168.232.108.0/22 maxlen: 22
                          143.137.80.0/22 maxlen: 22
                          170.239.164.0/22 maxlen: 22
                          170.244.80.0/22 maxlen: 22
                          2803:3640::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2553764 (0x26f7a4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef788f83ad12f7488de1d2fc19482e9274b780f6
        Validity
            Not Before: Jan 22 14:40:47 2024 GMT
            Not After : Jan 22 14:40:47 2026 GMT
        Subject: CN=85655b51d80736a2500e914d618adb4ac11f7d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c8:e4:a2:c3:0c:a3:78:31:74:89:9b:8d:79:
                    32:a9:b9:9b:ea:62:c3:92:ef:81:68:a4:96:e1:cf:
                    fb:f4:98:52:5e:24:ce:a8:55:23:26:09:e8:87:ee:
                    cc:ef:9d:1a:6e:d0:89:8a:4d:20:06:e9:e4:4a:cb:
                    f5:b3:90:a9:03:51:c8:cd:12:61:f2:1c:e7:65:41:
                    09:89:9a:e3:ce:06:a3:4f:4e:2f:16:a1:ee:a4:8f:
                    39:88:03:12:b8:83:1f:89:a7:03:48:80:c3:c4:99:
                    3d:ad:54:ec:93:38:ce:00:db:c6:2b:36:21:4b:59:
                    07:4d:06:8a:5e:24:12:80:8a:b5:ec:7c:4d:bc:73:
                    18:a0:38:b8:94:5f:eb:b7:c6:23:86:04:24:ad:cc:
                    8a:16:1f:f6:dc:a1:a4:29:63:62:f7:d2:52:f3:e3:
                    85:3d:44:b6:f3:87:b4:8b:ef:5d:40:d0:47:68:cc:
                    5a:d2:8e:4c:51:f9:73:44:80:37:4c:2f:2c:ff:a3:
                    6d:3e:48:79:43:56:8d:d7:24:25:a0:ab:d1:33:6e:
                    72:de:e1:7d:7a:92:fe:d3:a0:8b:3e:a4:0a:6e:dd:
                    1f:86:80:e6:ee:5b:2d:09:a4:85:0e:d6:f2:6e:f7:
                    a0:f1:15:c5:09:cd:13:30:ea:6e:2f:ca:4a:1e:38:
                    3b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:B7:E0:F6:94:93:47:DA:6A:81:65:77:8F:1E:1C:8C:43:25:81:D4
            X509v3 Authority Key Identifier:
                keyid:8B:E8:87:5F:E4:12:90:64:23:50:28:2A:14:DB:8C:0A:9F:3A:20:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ef788f83ad12f7488de1d2fc19482e9274b780f6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/3c234cf8-7fc4-463c-92b0-3a9015cfcb0c/85655b51d80736a2500e914d618adb4ac11f7d42.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/3c234cf8-7fc4-463c-92b0-3a9015cfcb0c/ef788f83ad12f7488de1d2fc19482e9274b780f6.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.137.80.0/22
                  168.232.108.0/22
                  170.239.164.0/22
                  170.244.80.0/22
                IPv6:
                  2803:3640::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:ca:65:30:57:b3:6a:ca:2b:c2:35:4b:36:55:d0:ed:96:0a:
         03:b1:7d:58:83:6f:23:39:7d:34:31:2d:7c:6c:4b:80:8c:e2:
         17:8b:b5:84:75:dd:e0:fc:22:7e:0b:ac:01:69:6f:eb:3e:5c:
         da:a5:50:1c:27:e4:7a:fb:ab:c2:fc:17:6b:c2:c6:87:8b:30:
         f1:18:3f:ad:aa:cb:9a:1d:29:20:1a:dc:89:87:eb:20:81:62:
         31:50:51:d3:b9:61:60:63:13:5a:c4:19:d1:05:1b:39:1c:8e:
         a5:2c:f8:c9:a6:50:b3:f4:48:26:e9:c4:db:e4:55:63:ec:84:
         e8:af:cf:a7:ea:44:6c:06:56:19:a5:46:8b:03:21:f4:8a:d2:
         3d:70:ce:75:17:91:ba:3b:35:e7:db:8e:d8:a5:37:9f:5c:f2:
         af:36:b5:7f:9f:e2:b8:be:3e:fa:25:fc:18:55:b4:02:f6:05:
         64:a9:9c:bb:a9:28:1e:76:8c:1a:41:21:fa:3a:99:40:a0:ee:
         30:c4:ab:01:e5:94:cc:49:da:31:9a:f8:98:83:2a:cc:8b:df:
         df:7c:7e:c7:a1:94:c5:a4:1a:5d:84:14:9a:20:27:da:ef:16:
         6e:8e:a7:bc:a5:28:7a:d9:c7:24:5a:c6:e4:25:e6:bf:b6:2e:
         85:b7:bb:a9
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIDJvekMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGVm
Nzg4ZjgzYWQxMmY3NDg4ZGUxZDJmYzE5NDgyZTkyNzRiNzgwZjYwHhcNMjQwMTIy
MTQ0MDQ3WhcNMjYwMTIyMTQ0MDQ3WjAzMTEwLwYDVQQDEyg4NTY1NWI1MWQ4MDcz
NmEyNTAwZTkxNGQ2MThhZGI0YWMxMWY3ZDQyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEApcjkosMMo3gxdImbjXkyqbmb6mLDku+BaKSW4c/79JhSXiTO
qFUjJgnoh+7M750abtCJik0gBunkSsv1s5CpA1HIzRJh8hznZUEJiZrjzgajT04v
FqHupI85iAMSuIMfiacDSIDDxJk9rVTskzjOANvGKzYhS1kHTQaKXiQSgIq17HxN
vHMYoDi4lF/rt8YjhgQkrcyKFh/23KGkKWNi99JS8+OFPUS284e0i+9dQNBHaMxa
0o5MUflzRIA3TC8s/6NtPkh5Q1aN1yQloKvRM25y3uF9epL+06CLPqQKbt0fhoDm
7lstCaSFDtbybveg8RXFCc0TMOpuL8pKHjg7mQIDAQABo4ICfDCCAngwHQYDVR0O
BBYEFNG34PaUk0faaoFld48eHIxDJYHUMB8GA1UdIwQYMBaAFIvoh1/kEpBkI1Ao
KhTbjAqfOiBqMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvZWY3ODhm
ODNhZDEyZjc0ODhkZTFkMmZjMTk0ODJlOTI3NGI3ODBmNi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvM2MyMzRjZjgtN2ZjNC00NjNjLTkyYjAtM2E5MDE1
Y2ZjYjBjLzg1NjU1YjUxZDgwNzM2YTI1MDBlOTE0ZDYxOGFkYjRhYzExZjdkNDIu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy8zYzIzNGNmOC03ZmM0LTQ2M2MtOTJiMC0zYTkw
MTVjZmNiMGMvZWY3ODhmODNhZDEyZjc0ODhkZTFkMmZjMTk0ODJlOTI3NGI3ODBm
Ni5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBABggrBgEFBQcBBwEB/wQx
MC8wHgQCAAEwGAMEAo+JUAMEAqjobAMEAqrvpAMEAqr0UDANBAIAAjAHAwUAKAM2
QDANBgkqhkiG9w0BAQsFAAOCAQEAFcplMFezasorwjVLNlXQ7ZYKA7F9WINvIzl9
NDEtfGxLgIziF4u1hHXd4PwifgusAWlv6z5c2qVQHCfkevurwvwXa8LGh4sw8Rg/
rarLmh0pIBrciYfrIIFiMVBR07lhYGMTWsQZ0QUbORyOpSz4yaZQs/RIJunE2+RV
Y+yE6K/Pp+pEbAZWGaVGiwMh9IrSPXDOdReRujs159uO2KU3n1zyrza1f5/iuL4+
+iX8GFW0AvYFZKmcu6koHnaMGkEh+jqZQKDuMMSrAeWUzEnaMZr4mIMqzIvf33x+
x6GUxaQaXYQUmiAn2u8Wbo6nvKUoetnHJFrG5CXmv7Yuhbe7qQ==
-----END CERTIFICATE-----