Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/449ecc19-c291-4fcf-9697-4a9669b30e80/b6bb807f4b299da978bfae561ecc6e46396e6b51.roa
File:                     b6bb807f4b299da978bfae561ecc6e46396e6b51.roa (raw, json)
Hash identifier:          kSUyv63oiJVUOW5DW7Em6wAfcx8+vrmbEmXgNl/QZ8w=
Subject key identifier:   05:59:81:3E:C7:9D:7F:3C:BD:79:AD:4C:A3:C3:3E:8F:83:F7:59:CD
Certificate issuer:       /CN=5b7dbb1482b4705c4115f4698d018750070bcecb
Certificate serial:       0BC7D0
Authority key identifier: 2B:3B:AC:72:9D:0E:A7:42:1F:BD:B8:90:D9:23:BD:A4:77:D7:CA:29
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/5b7dbb1482b4705c4115f4698d018750070bcecb.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/449ecc19-c291-4fcf-9697-4a9669b30e80/b6bb807f4b299da978bfae561ecc6e46396e6b51.roa
Signing time:             Fri 27 Jan 2023 15:02:14 +0000
ROA not before:           Mon 18 Apr 2022 03:00:00 +0000
ROA not after:            Wed 30 Apr 2025 03:00:00 +0000
asID:                     271891
IP address blocks:        2801:151:f::/48 maxlen: 48
                          2801:151:3d::/48 maxlen: 48
                          2801:151:52::/48 maxlen: 48
                          2801:151:53::/48 maxlen: 48
                          2801:151:c3::/48 maxlen: 48
                          2801:151:ea::/48 maxlen: 48
                          2801:151:c4::/48 maxlen: 48
                          2801:151:11::/48 maxlen: 48
                          2801:151:57::/48 maxlen: 48
                          2801:151:58::/48 maxlen: 48
                          2801:151:59::/48 maxlen: 48
                          2801:151:a3::/48 maxlen: 48
                          2801:151:a4::/48 maxlen: 48
                          2801:151:a2::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 772048 (0xbc7d0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b7dbb1482b4705c4115f4698d018750070bcecb
        Validity
            Not Before: Apr 18 03:00:00 2022 GMT
            Not After : Apr 30 03:00:00 2025 GMT
        Subject: CN=b6bb807f4b299da978bfae561ecc6e46396e6b51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:67:ac:4f:56:2c:f9:da:d4:a1:e3:4d:86:f8:
                    c3:1b:03:6e:71:46:32:64:fa:83:58:5b:8f:2f:8c:
                    00:5e:27:f4:42:2a:81:0e:5d:ad:f3:c0:fe:53:24:
                    1a:03:06:e5:c8:44:04:44:54:9a:95:1b:f4:f3:e3:
                    7e:68:02:0f:17:c8:48:8d:7e:4b:f3:34:7e:98:d6:
                    ea:08:eb:1d:71:95:41:33:95:97:d9:7b:f3:16:b2:
                    2b:d3:45:73:c0:83:2e:2f:dc:5c:aa:6e:05:19:d4:
                    ba:fa:f7:01:b5:91:9a:79:83:93:96:a1:3e:ea:1d:
                    44:e8:60:dd:3f:02:6e:0f:89:44:79:d1:c1:8b:5f:
                    73:c7:d1:ba:f4:1b:dc:07:b3:8b:da:e2:a1:c0:2c:
                    c6:4d:d0:0c:8d:3c:80:ae:b1:5f:ad:88:ac:bc:99:
                    21:67:cb:e0:5d:f2:39:fa:db:b0:55:ec:b1:2e:48:
                    d3:58:c5:f1:d0:b5:5b:68:40:71:7b:fe:0a:e6:fb:
                    c3:9f:7b:c4:38:bc:ad:03:51:df:31:92:d9:42:b4:
                    26:7d:d4:b5:45:a2:77:72:82:d3:d4:f3:4a:84:ad:
                    f2:55:fd:02:7a:e6:c5:d9:f5:52:1c:49:0d:8e:21:
                    3b:76:d1:78:44:b4:84:6f:ba:39:b0:d0:08:83:e3:
                    32:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:59:81:3E:C7:9D:7F:3C:BD:79:AD:4C:A3:C3:3E:8F:83:F7:59:CD
            X509v3 Authority Key Identifier:
                keyid:2B:3B:AC:72:9D:0E:A7:42:1F:BD:B8:90:D9:23:BD:A4:77:D7:CA:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/5b7dbb1482b4705c4115f4698d018750070bcecb.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/449ecc19-c291-4fcf-9697-4a9669b30e80/b6bb807f4b299da978bfae561ecc6e46396e6b51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/449ecc19-c291-4fcf-9697-4a9669b30e80/5b7dbb1482b4705c4115f4698d018750070bcecb.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2801:151:f::/48
                  2801:151:11::/48
                  2801:151:3d::/48
                  2801:151:52::/47
                  2801:151:57::-2801:151:59:ffff:ffff:ffff:ffff:ffff
                  2801:151:a2::-2801:151:a4:ffff:ffff:ffff:ffff:ffff
                  2801:151:c3::-2801:151:c4:ffff:ffff:ffff:ffff:ffff
                  2801:151:ea::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:fa:4c:1a:cb:ab:dd:41:a0:cc:09:72:b0:04:07:75:39:4f:
         89:af:d6:ac:88:00:97:c2:5e:4a:f4:07:37:da:82:47:cd:5f:
         b7:f4:65:e6:35:f6:5e:e4:c9:3a:fb:54:62:de:a9:e7:e8:25:
         f4:41:1a:1d:fe:70:26:88:0b:af:93:83:69:09:9e:d5:bd:7d:
         1f:65:e7:69:ae:c2:95:a4:04:cc:ba:f5:16:c1:39:7c:31:ea:
         a3:83:39:9e:22:07:92:9b:02:83:73:f8:1d:a3:75:9b:67:86:
         17:5d:2d:1f:99:f4:20:13:a7:10:1c:40:c1:0d:b7:d7:22:1d:
         39:43:55:1e:43:9d:56:c4:a1:ba:0e:32:10:a0:c0:c4:c1:03:
         e1:81:aa:45:f8:04:ac:59:a4:67:ed:5a:5e:5c:d0:e1:e5:e8:
         a7:4d:21:d5:14:d3:ba:11:09:7c:b1:32:38:a1:56:bd:9c:80:
         d6:15:f5:58:11:c2:6d:53:2a:2f:c3:98:5e:b6:2e:5c:8e:7f:
         5b:0a:af:56:a6:25:68:45:6e:f2:6b:c9:d4:61:92:28:37:7c:
         ac:f7:dc:dc:98:b0:7d:5e:03:37:d8:1c:7f:c0:e0:45:20:2d:
         46:9b:78:3d:30:b3:00:c3:8a:09:09:16:a9:c9:e4:65:07:a4:
         05:c5:3e:45
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgIDC8fQMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDVi
N2RiYjE0ODJiNDcwNWM0MTE1ZjQ2OThkMDE4NzUwMDcwYmNlY2IwHhcNMjIwNDE4
MDMwMDAwWhcNMjUwNDMwMDMwMDAwWjAzMTEwLwYDVQQDEyhiNmJiODA3ZjRiMjk5
ZGE5NzhiZmFlNTYxZWNjNmU0NjM5NmU2YjUxMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAmWesT1Ys+drUoeNNhvjDGwNucUYyZPqDWFuPL4wAXif0QiqB
Dl2t88D+UyQaAwblyEQERFSalRv08+N+aAIPF8hIjX5L8zR+mNbqCOsdcZVBM5WX
2XvzFrIr00VzwIMuL9xcqm4FGdS6+vcBtZGaeYOTlqE+6h1E6GDdPwJuD4lEedHB
i19zx9G69BvcB7OL2uKhwCzGTdAMjTyArrFfrYisvJkhZ8vgXfI5+tuwVeyxLkjT
WMXx0LVbaEBxe/4K5vvDn3vEOLytA1HfMZLZQrQmfdS1RaJ3coLT1PNKhK3yVf0C
eubF2fVSHEkNjiE7dtF4RLSEb7o5sNAIg+MyXwIDAQABo4ICvzCCArswHQYDVR0O
BBYEFAVZgT7HnX88vXmtTKPDPo+D91nNMB8GA1UdIwQYMBaAFCs7rHKdDqdCH724
kNkjvaR318opMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvNWI3ZGJi
MTQ4MmI0NzA1YzQxMTVmNDY5OGQwMTg3NTAwNzBiY2VjYi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNDQ5ZWNjMTktYzI5MS00ZmNmLTk2OTctNGE5NjY5
YjMwZTgwL2I2YmI4MDdmNGIyOTlkYTk3OGJmYWU1NjFlY2M2ZTQ2Mzk2ZTZiNTEu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy80NDllY2MxOS1jMjkxLTRmY2YtOTY5Ny00YTk2
NjliMzBlODAvNWI3ZGJiMTQ4MmI0NzA1YzQxMTVmNDY5OGQwMTg3NTAwNzBiY2Vj
Yi5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCBggYIKwYBBQUHAQcBAf8E
czBxMG8EAgACMGkDBwAoAQFRAA8DBwAoAQFRABEDBwAoAQFRAD0DBwEoAQFRAFIw
EgMHACgBAVEAVwMHASgBAVEAWDASAwcBKAEBUQCiAwcAKAEBUQCkMBIDBwAoAQFR
AMMDBwAoAQFRAMQDBwAoAQFRAOowDQYJKoZIhvcNAQELBQADggEBAEL6TBrLq91B
oMwJcrAEB3U5T4mv1qyIAJfCXkr0BzfagkfNX7f0ZeY19l7kyTr7VGLeqefoJfRB
Gh3+cCaIC6+Tg2kJntW9fR9l52muwpWkBMy69RbBOXwx6qODOZ4iB5KbAoNz+B2j
dZtnhhddLR+Z9CATpxAcQMENt9ciHTlDVR5DnVbEoboOMhCgwMTBA+GBqkX4BKxZ
pGftWl5c0OHl6KdNIdUU07oRCXyxMjihVr2cgNYV9VgRwm1TKi/DmF62LlyOf1sK
r1amJWhFbvJrydRhkig3fKz33NyYsH1eAzfYHH/A4EUgLUabeD0wswDDigkJFqnJ
5GUHpAXFPkU=
-----END CERTIFICATE-----