Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/48CFB26AC27A17BFC28C29A05A939D7C38B550A25B9D6FAE345819CE34D49516/0/3133382e39372e3230302e302f32322d3234203d3e20323633383030.roa
File:                     3133382e39372e3230302e302f32322d3234203d3e20323633383030.roa (raw, json)
Hash identifier:          9cnM8v4zRxM/X6cDHyF+9niNxOJk38+pVYt7/xvF0qc=
Subject key identifier:   8C:66:B9:6A:4D:6E:49:53:60:3F:C2:9E:57:EF:7A:4E:4C:CB:30:1F
Certificate issuer:       /CN=F27FE8F5D134BDBCB727C1FA5EA363B4B589267E
Certificate serial:       1D99C346659328E6CD4024D30B49072E3228D6B4
Authority key identifier: F2:7F:E8:F5:D1:34:BD:BC:B7:27:C1:FA:5E:A3:63:B4:B5:89:26:7E
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/F27FE8F5D134BDBCB727C1FA5EA363B4B589267E.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/48CFB26AC27A17BFC28C29A05A939D7C38B550A25B9D6FAE345819CE34D49516/0/3133382e39372e3230302e302f32322d3234203d3e20323633383030.roa
Signing time:             Tue 04 Feb 2025 18:26:47 +0000
ROA not before:           Tue 04 Feb 2025 18:21:47 +0000
ROA not after:            Tue 03 Feb 2026 18:26:47 +0000
asID:                     263800
IP address blocks:        138.97.200.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:99:c3:46:65:93:28:e6:cd:40:24:d3:0b:49:07:2e:32:28:d6:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=F27FE8F5D134BDBCB727C1FA5EA363B4B589267E
        Validity
            Not Before: Feb  4 18:21:47 2025 GMT
            Not After : Feb  3 18:26:47 2026 GMT
        Subject: CN=8C66B96A4D6E4953603FC29E57EF7A4E4CCB301F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b1:d4:ab:7b:59:e7:d6:bc:c4:62:c4:a8:79:
                    ac:75:12:c9:9f:bf:cf:a8:54:cd:c1:e6:90:2b:b6:
                    ab:4a:1d:45:29:6b:b3:be:4e:d3:18:3e:e4:6e:e0:
                    37:f9:2b:9a:a8:f3:47:d6:dd:e3:e8:70:8f:41:e6:
                    2f:29:70:91:34:1a:57:8f:7f:0d:2e:19:dd:b0:f9:
                    2a:6d:fb:40:19:1e:0b:42:ad:9a:76:db:4a:aa:c7:
                    91:aa:70:ee:27:ac:21:11:0e:72:f6:68:90:10:90:
                    69:fa:d5:23:42:bf:76:b4:b0:15:4e:16:c9:9e:c2:
                    b5:f7:3c:59:c4:99:83:06:43:3d:65:8a:72:b1:ea:
                    6b:8c:99:e7:33:4f:f8:c9:11:89:82:49:a3:f6:74:
                    5b:5d:ac:f5:f3:78:fe:0b:c6:0d:9c:b1:7d:c0:e4:
                    05:bd:e2:76:cf:8d:7a:47:b5:01:3b:d6:7c:51:37:
                    76:ca:fd:9d:a8:14:bb:0a:43:d0:d8:42:4d:d3:69:
                    03:ce:09:f1:9b:6d:cb:ca:dc:48:0e:0e:a9:26:98:
                    75:02:67:6f:80:a2:8e:0f:dd:41:0c:3a:57:78:a5:
                    05:bc:30:ae:80:94:ff:82:9a:ff:13:b6:0a:2a:ea:
                    f6:32:01:3e:23:32:79:da:e5:01:0b:52:ca:40:6b:
                    8e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:66:B9:6A:4D:6E:49:53:60:3F:C2:9E:57:EF:7A:4E:4C:CB:30:1F
            X509v3 Authority Key Identifier:
                keyid:F2:7F:E8:F5:D1:34:BD:BC:B7:27:C1:FA:5E:A3:63:B4:B5:89:26:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/48CFB26AC27A17BFC28C29A05A939D7C38B550A25B9D6FAE345819CE34D49516/0/F27FE8F5D134BDBCB727C1FA5EA363B4B589267E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/F27FE8F5D134BDBCB727C1FA5EA363B4B589267E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/48CFB26AC27A17BFC28C29A05A939D7C38B550A25B9D6FAE345819CE34D49516/0/3133382e39372e3230302e302f32322d3234203d3e20323633383030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.97.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:b9:c5:86:d9:51:4c:4c:f5:47:81:fe:04:70:7c:41:3d:1b:
         e2:03:d2:31:4c:d3:1d:97:ad:97:8b:fd:4a:83:06:4b:f9:00:
         74:4a:30:f9:a8:29:c3:b8:7b:8e:3e:f8:08:8d:b0:b6:9d:03:
         00:5e:2b:15:1b:7e:27:43:91:f8:95:63:d3:e0:fd:36:cf:51:
         a9:57:89:e7:34:e9:2f:14:7e:76:38:c5:76:85:bc:3a:f0:9e:
         e3:4e:96:bf:b1:1c:0a:76:f9:20:fd:2e:d6:d4:24:fb:f0:de:
         e4:c7:c0:1d:5d:35:bf:9c:d2:91:b7:68:8d:30:ed:32:2e:63:
         51:9e:95:e4:07:94:f0:25:fd:da:73:43:3d:7b:12:e2:a5:f1:
         bd:42:d1:3d:b5:e2:b3:a2:4b:02:fc:b0:01:8d:43:d6:11:1f:
         b0:08:4b:07:43:ab:40:cd:78:d7:6c:6b:9d:45:35:87:fc:2a:
         f7:c2:5a:b0:e7:5d:2d:b1:ec:a3:80:b1:b6:f4:de:e1:94:96:
         e4:2c:ba:fc:f8:a2:6c:c4:01:86:9d:a2:b5:cb:a2:f0:a3:5e:
         f8:6e:b4:10:ee:24:ab:b3:25:1e:79:e0:c4:3e:ab:63:58:3f:
         cb:96:b0:59:f7:50:e0:b3:0d:eb:24:2c:96:df:db:64:8d:3b:
         98:b2:89:a5
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUHZnDRmWTKObNQCTTC0kHLjIo1rQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRjI3RkU4RjVEMTM0QkRCQ0I3MjdDMUZBNUVBMzYzQjRC
NTg5MjY3RTAeFw0yNTAyMDQxODIxNDdaFw0yNjAyMDMxODI2NDdaMDMxMTAvBgNV
BAMTKDhDNjZCOTZBNEQ2RTQ5NTM2MDNGQzI5RTU3RUY3QTRFNENDQjMwMUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUsdSre1nn1rzEYsSoeax1Esmf
v8+oVM3B5pArtqtKHUUpa7O+TtMYPuRu4Df5K5qo80fW3ePocI9B5i8pcJE0GleP
fw0uGd2w+Spt+0AZHgtCrZp220qqx5GqcO4nrCERDnL2aJAQkGn61SNCv3a0sBVO
FsmewrX3PFnEmYMGQz1linKx6muMmeczT/jJEYmCSaP2dFtdrPXzeP4Lxg2csX3A
5AW94nbPjXpHtQE71nxRN3bK/Z2oFLsKQ9DYQk3TaQPOCfGbbcvK3EgODqkmmHUC
Z2+Aoo4P3UEMOld4pQW8MK6AlP+Cmv8Ttgoq6vYyAT4jMnna5QELUspAa453AgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUjGa5ak1uSVNgP8KeV+96TkzLMB8wHwYDVR0j
BBgwFoAU8n/o9dE0vby3J8H6XqNjtLWJJn4wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy80OENGQjI2QUMyN0ExN0JGQzI4QzI5QTA1QTkzOUQ3QzM4
QjU1MEEyNUI5RDZGQUUzNDU4MTlDRTM0RDQ5NTE2LzAvRjI3RkU4RjVEMTM0QkRC
Q0I3MjdDMUZBNUVBMzYzQjRCNTg5MjY3RS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9GMjdGRThGNUQxMzRCREJDQjcy
N0MxRkE1RUEzNjNCNEI1ODkyNjdFLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvNDhDRkIyNkFDMjdBMTdCRkMyOEMyOUEwNUE5MzlEN0MzOEI1NTBBMjVC
OUQ2RkFFMzQ1ODE5Q0UzNEQ0OTUxNi8wLzMxMzMzODJlMzkzNzJlMzIzMDMwMmUz
MDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzNjMzMzgzMDMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCimHI
MA0GCSqGSIb3DQEBCwUAA4IBAQAMucWG2VFMTPVHgf4EcHxBPRviA9IxTNMdl62X
i/1KgwZL+QB0SjD5qCnDuHuOPvgIjbC2nQMAXisVG34nQ5H4lWPT4P02z1GpV4nn
NOkvFH52OMV2hbw68J7jTpa/sRwKdvkg/S7W1CT78N7kx8AdXTW/nNKRt2iNMO0y
LmNRnpXkB5TwJf3ac0M9exLipfG9QtE9teKzoksC/LABjUPWER+wCEsHQ6tAzXjX
bGudRTWH/Cr3wlqw510tseyjgLG29N7hlJbkLLr8+KJsxAGGnaK1y6Lwo174brQQ
7iSrsyUeeeDEPqtjWD/LlrBZ91Dgsw3rJCyW39tkjTuYsoml
-----END CERTIFICATE-----