Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/459165A8D5EE5A52C2A85AAFE14F1D8FF39A3C3A2A9B461B0C499224877EA89B/0/3230302e302e32342e302f32322d3232203d3e203237373235.roa
File:                     3230302e302e32342e302f32322d3232203d3e203237373235.roa (raw, json)
Hash identifier:          mCEfIfONyLgDBohYZL13GTY9ikzGSiFuGro/y503V/4=
Subject key identifier:   C8:F8:A6:39:CF:AC:FF:26:85:76:B5:C9:25:B1:9C:08:8A:95:C9:BF
Certificate issuer:       /CN=4C37F09FA8BF8F7FD26FDBDDD9ABEF8931F15B0C
Certificate serial:       23765334C47BA1D71DD24F76AAC7E6A990685EFB
Authority key identifier: 4C:37:F0:9F:A8:BF:8F:7F:D2:6F:DB:DD:D9:AB:EF:89:31:F1:5B:0C
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/4C37F09FA8BF8F7FD26FDBDDD9ABEF8931F15B0C.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/459165A8D5EE5A52C2A85AAFE14F1D8FF39A3C3A2A9B461B0C499224877EA89B/0/3230302e302e32342e302f32322d3232203d3e203237373235.roa
Signing time:             Tue 04 Feb 2025 18:38:04 +0000
ROA not before:           Tue 04 Feb 2025 18:33:04 +0000
ROA not after:            Tue 03 Feb 2026 18:38:04 +0000
asID:                     27725
IP address blocks:        200.0.24.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:76:53:34:c4:7b:a1:d7:1d:d2:4f:76:aa:c7:e6:a9:90:68:5e:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4C37F09FA8BF8F7FD26FDBDDD9ABEF8931F15B0C
        Validity
            Not Before: Feb  4 18:33:04 2025 GMT
            Not After : Feb  3 18:38:04 2026 GMT
        Subject: CN=C8F8A639CFACFF268576B5C925B19C088A95C9BF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:cd:84:a1:a3:66:00:20:b1:a7:c2:87:6e:c8:
                    27:e3:29:a2:c2:fc:57:53:46:00:37:b9:78:5f:64:
                    76:f3:52:76:13:ca:9d:6d:df:b1:70:43:f7:71:79:
                    8a:0a:3b:c7:f7:a4:08:ac:ce:b4:ab:a4:47:b9:95:
                    b2:f0:5c:28:ac:ab:2b:4c:55:1b:ca:2e:da:f0:f8:
                    e4:09:71:3e:7f:d9:c6:dc:97:e2:81:c9:c7:47:43:
                    ac:e2:97:fd:27:5e:b9:70:c8:84:d7:3e:5a:0d:9c:
                    a8:e9:6c:66:4c:fe:45:47:56:d2:2f:9f:69:0e:f3:
                    40:99:31:24:c5:ea:d2:f0:25:77:9d:5a:ef:61:70:
                    b3:47:3a:a1:6e:3e:17:8d:8f:e9:ad:0e:34:c2:82:
                    db:75:76:07:30:5d:5d:f1:e8:f9:3b:eb:f5:18:4e:
                    90:78:ea:9a:0a:00:c3:12:2e:20:25:0d:ad:4c:f3:
                    4c:70:11:39:00:dd:0e:0d:6a:e2:4d:0b:81:d1:bb:
                    19:76:02:a9:72:73:68:c5:eb:25:2f:2e:1e:bb:c2:
                    f9:27:87:ac:e9:70:6a:5b:4e:98:23:e6:b3:af:f3:
                    58:e3:c1:ba:cf:e5:93:27:8f:b7:dd:2a:c3:ae:32:
                    b5:92:65:19:b5:db:14:95:db:87:61:70:95:4f:a7:
                    cd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:F8:A6:39:CF:AC:FF:26:85:76:B5:C9:25:B1:9C:08:8A:95:C9:BF
            X509v3 Authority Key Identifier:
                keyid:4C:37:F0:9F:A8:BF:8F:7F:D2:6F:DB:DD:D9:AB:EF:89:31:F1:5B:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/459165A8D5EE5A52C2A85AAFE14F1D8FF39A3C3A2A9B461B0C499224877EA89B/0/4C37F09FA8BF8F7FD26FDBDDD9ABEF8931F15B0C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/4C37F09FA8BF8F7FD26FDBDDD9ABEF8931F15B0C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/459165A8D5EE5A52C2A85AAFE14F1D8FF39A3C3A2A9B461B0C499224877EA89B/0/3230302e302e32342e302f32322d3232203d3e203237373235.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.0.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:be:f0:62:5e:e5:4c:af:d2:d8:35:a4:bf:0c:c5:bc:76:d1:
         52:76:d3:26:38:db:ce:70:0f:fc:7f:ac:71:e4:f4:49:34:61:
         a4:08:04:53:55:ba:25:a9:5b:46:e9:e6:65:cd:43:4b:5e:8f:
         eb:e2:9e:c4:39:cb:a2:fd:8a:de:3f:02:5f:c0:5e:e6:a8:d7:
         84:bc:8a:2a:26:32:a8:0c:45:b1:a2:fa:e5:2c:2f:ed:2d:61:
         5c:f1:50:87:a0:d7:ca:be:55:e5:0a:09:15:b1:16:90:8c:e7:
         a0:6c:4e:45:78:00:9e:fe:1d:ca:2a:10:d1:ad:2a:35:d0:0c:
         f4:3f:e3:d2:1a:65:b9:92:43:3e:ba:35:6c:20:7b:1f:d7:3d:
         e7:06:f1:1a:7b:2f:e5:04:39:03:d5:a2:03:e2:e6:eb:60:8e:
         93:2f:6f:10:cf:a6:20:3b:c8:97:c2:33:23:73:0f:cf:08:4e:
         21:de:c6:23:12:5a:bb:b2:14:da:9d:50:d2:d9:1e:14:bf:23:
         7a:9a:95:8b:90:68:ce:71:e2:95:e1:0e:3d:3b:db:93:06:29:
         24:63:08:e5:34:27:11:45:2b:16:5e:4b:4f:e5:27:47:70:8d:
         9a:0e:76:85:45:03:61:b9:2d:bf:e3:06:30:7f:b4:26:9d:c8:
         d7:94:36:50
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIUI3ZTNMR7odcd0k92qsfmqZBoXvswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNEMzN0YwOUZBOEJGOEY3RkQyNkZEQkRERDlBQkVGODkz
MUYxNUIwQzAeFw0yNTAyMDQxODMzMDRaFw0yNjAyMDMxODM4MDRaMDMxMTAvBgNV
BAMTKEM4RjhBNjM5Q0ZBQ0ZGMjY4NTc2QjVDOTI1QjE5QzA4OEE5NUM5QkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYzYSho2YAILGnwoduyCfjKaLC
/FdTRgA3uXhfZHbzUnYTyp1t37FwQ/dxeYoKO8f3pAiszrSrpEe5lbLwXCisqytM
VRvKLtrw+OQJcT5/2cbcl+KBycdHQ6zil/0nXrlwyITXPloNnKjpbGZM/kVHVtIv
n2kO80CZMSTF6tLwJXedWu9hcLNHOqFuPheNj+mtDjTCgtt1dgcwXV3x6Pk76/UY
TpB46poKAMMSLiAlDa1M80xwETkA3Q4NauJNC4HRuxl2Aqlyc2jF6yUvLh67wvkn
h6zpcGpbTpgj5rOv81jjwbrP5ZMnj7fdKsOuMrWSZRm12xSV24dhcJVPp80LAgMB
AAGjggLEMIICwDAdBgNVHQ4EFgQUyPimOc+s/yaFdrXJJbGcCIqVyb8wHwYDVR0j
BBgwFoAUTDfwn6i/j3/Sb9vd2avviTHxWwwwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy80NTkxNjVBOEQ1RUU1QTUyQzJBODVBQUZFMTRGMUQ4RkYz
OUEzQzNBMkE5QjQ2MUIwQzQ5OTIyNDg3N0VBODlCLzAvNEMzN0YwOUZBOEJGOEY3
RkQyNkZEQkRERDlBQkVGODkzMUYxNUIwQy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC80QzM3RjA5RkE4QkY4RjdGRDI2
RkRCREREOUFCRUY4OTMxRjE1QjBDLmNlcjCBwwYIKwYBBQUHAQsEgbYwgbMwgbAG
CCsGAQUFBzALhoGjcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvNDU5MTY1QThENUVFNUE1MkMyQTg1QUFGRTE0RjFEOEZGMzlBM0MzQTJB
OUI0NjFCMEM0OTkyMjQ4NzdFQTg5Qi8wLzMyMzAzMDJlMzAyZTMyMzQyZTMwMmYz
MjMyMmQzMjMyMjAzZDNlMjAzMjM3MzczMjM1LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCyAAYMA0GCSqG
SIb3DQEBCwUAA4IBAQBlvvBiXuVMr9LYNaS/DMW8dtFSdtMmONvOcA/8f6xx5PRJ
NGGkCARTVbolqVtG6eZlzUNLXo/r4p7EOcui/YrePwJfwF7mqNeEvIoqJjKoDEWx
ovrlLC/tLWFc8VCHoNfKvlXlCgkVsRaQjOegbE5FeACe/h3KKhDRrSo10Az0P+PS
GmW5kkM+ujVsIHsf1z3nBvEaey/lBDkD1aID4ubrYI6TL28Qz6YgO8iXwjMjcw/P
CE4h3sYjElq7shTanVDS2R4UvyN6mpWLkGjOceKV4Q49O9uTBikkYwjlNCcRRSsW
XktP5SdHcI2aDnaFRQNhuS2/4wYwf7QmncjXlDZQ
-----END CERTIFICATE-----