Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/4ED6EB0CD247E17FF0A8DCE6B46C64555E8B6E899F5580B5E4C02BE5DC9F96EF/0/3136382e302e3231322e302f32322d3232203d3e203532333933.roa
File:                     3136382e302e3231322e302f32322d3232203d3e203532333933.roa (raw, json)
Hash identifier:          e581Yz3IM6VFTuwxmyalnf3yo8HUsDsozcLjmDu46BU=
Subject key identifier:   E7:C0:9A:30:6D:EF:FB:80:23:27:80:FB:B9:73:22:04:30:91:F7:05
Certificate issuer:       /CN=DB11B7707911064B45F88A13AD77795D0BCE5CC6
Certificate serial:       769F2679B2649EBC234FADAC334D089A398979AA
Authority key identifier: DB:11:B7:70:79:11:06:4B:45:F8:8A:13:AD:77:79:5D:0B:CE:5C:C6
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DB11B7707911064B45F88A13AD77795D0BCE5CC6.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/4ED6EB0CD247E17FF0A8DCE6B46C64555E8B6E899F5580B5E4C02BE5DC9F96EF/0/3136382e302e3231322e302f32322d3232203d3e203532333933.roa
Signing time:             Tue 04 Feb 2025 18:28:56 +0000
ROA not before:           Tue 04 Feb 2025 18:23:56 +0000
ROA not after:            Tue 03 Feb 2026 18:28:56 +0000
asID:                     52393
IP address blocks:        168.0.212.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:9f:26:79:b2:64:9e:bc:23:4f:ad:ac:33:4d:08:9a:39:89:79:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DB11B7707911064B45F88A13AD77795D0BCE5CC6
        Validity
            Not Before: Feb  4 18:23:56 2025 GMT
            Not After : Feb  3 18:28:56 2026 GMT
        Subject: CN=E7C09A306DEFFB80232780FBB97322043091F705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:0e:dd:b0:03:71:54:e6:2f:63:5e:bb:95:33:
                    f6:ac:bd:ac:37:38:80:42:b0:9f:ac:0a:27:15:ae:
                    87:73:24:64:ce:bb:05:4e:ae:8e:3b:3e:38:71:2f:
                    ec:28:18:ce:cd:25:80:08:26:f6:89:ed:c5:52:9c:
                    dc:d5:b1:ec:fe:eb:a6:91:54:24:25:d2:a0:3e:c3:
                    bc:9a:a1:85:c2:4a:7c:2f:62:3d:96:98:4f:04:0b:
                    1c:5c:64:e1:3a:d1:36:9c:c1:cc:f0:85:54:78:1f:
                    3c:9b:18:96:0f:b3:a0:fb:5d:17:5a:65:c5:39:bc:
                    eb:ab:6a:d0:e2:60:40:f6:59:ce:cb:f3:80:64:de:
                    58:30:65:94:73:63:d3:48:4c:b6:c3:7f:4c:b4:97:
                    2a:2a:e1:76:f8:38:9b:37:22:ee:f8:b1:79:c9:07:
                    14:9b:1d:59:dd:81:99:09:f6:63:34:af:43:bf:8c:
                    ca:5d:85:2f:eb:e6:4e:de:1a:d2:81:aa:df:61:32:
                    6f:b9:b8:ba:29:a2:5e:c0:2d:06:66:26:d8:2b:e2:
                    de:b3:da:4e:d6:d7:03:80:e9:27:8f:f2:97:1a:ef:
                    c9:62:f6:53:83:9e:4e:2c:08:bd:c9:50:cf:89:c6:
                    05:4b:6e:d2:d0:43:9a:b7:4d:3a:a0:11:04:b9:d1:
                    2f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:C0:9A:30:6D:EF:FB:80:23:27:80:FB:B9:73:22:04:30:91:F7:05
            X509v3 Authority Key Identifier:
                keyid:DB:11:B7:70:79:11:06:4B:45:F8:8A:13:AD:77:79:5D:0B:CE:5C:C6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/4ED6EB0CD247E17FF0A8DCE6B46C64555E8B6E899F5580B5E4C02BE5DC9F96EF/0/DB11B7707911064B45F88A13AD77795D0BCE5CC6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DB11B7707911064B45F88A13AD77795D0BCE5CC6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/4ED6EB0CD247E17FF0A8DCE6B46C64555E8B6E899F5580B5E4C02BE5DC9F96EF/0/3136382e302e3231322e302f32322d3232203d3e203532333933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.0.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:5e:2f:3c:40:3d:ea:fc:38:e0:b2:fc:97:3c:a8:28:0c:c6:
         9a:33:a6:81:3d:a6:16:5c:27:eb:28:20:96:b6:54:c6:f1:bf:
         06:42:33:ae:df:89:1f:7f:87:5e:6e:07:36:3b:40:10:b4:8f:
         c0:ed:ea:d6:a7:fd:0d:c5:c0:0c:8c:d8:7d:4a:b5:cc:b2:8b:
         f5:6f:16:e1:44:af:a3:2e:d1:40:e1:b0:ac:87:2c:9c:97:65:
         82:43:ae:10:f6:9a:cf:b5:94:0e:5c:ae:ff:74:87:03:06:1c:
         61:97:64:7b:e4:c3:cd:c1:4f:70:89:06:1f:37:ee:52:95:75:
         e8:cb:e4:b2:9e:04:43:14:b9:6b:c9:5c:df:f2:f9:a8:29:54:
         5e:43:6f:66:2f:f8:68:e7:f3:26:ce:19:3c:21:02:7c:67:2c:
         ab:f3:b5:71:8d:e0:b2:0f:ab:cd:91:75:2e:f5:eb:8e:e5:c2:
         9b:60:9b:6c:16:f6:30:21:ef:c2:89:be:57:1d:a1:a5:22:51:
         99:11:43:0e:c9:df:71:f1:e1:40:75:63:7f:9b:4b:81:85:39:
         b7:34:3f:d2:e3:f4:d6:3b:81:f3:bc:2e:5a:8e:bb:7e:c8:0c:
         02:1c:6c:ed:b9:89:cf:7e:8d:40:db:4d:c4:4b:d7:83:2d:46:
         4f:84:1d:41
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUdp8mebJknrwjT62sM00ImjmJeaowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREIxMUI3NzA3OTExMDY0QjQ1Rjg4QTEzQUQ3Nzc5NUQw
QkNFNUNDNjAeFw0yNTAyMDQxODIzNTZaFw0yNjAyMDMxODI4NTZaMDMxMTAvBgNV
BAMTKEU3QzA5QTMwNkRFRkZCODAyMzI3ODBGQkI5NzMyMjA0MzA5MUY3MDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLDt2wA3FU5i9jXruVM/asvaw3
OIBCsJ+sCicVrodzJGTOuwVOro47PjhxL+woGM7NJYAIJvaJ7cVSnNzVsez+66aR
VCQl0qA+w7yaoYXCSnwvYj2WmE8ECxxcZOE60TacwczwhVR4HzybGJYPs6D7XRda
ZcU5vOuratDiYED2Wc7L84Bk3lgwZZRzY9NITLbDf0y0lyoq4Xb4OJs3Iu74sXnJ
BxSbHVndgZkJ9mM0r0O/jMpdhS/r5k7eGtKBqt9hMm+5uLopol7ALQZmJtgr4t6z
2k7W1wOA6SeP8pca78li9lODnk4sCL3JUM+JxgVLbtLQQ5q3TTqgEQS50S+FAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQU58CaMG3v+4AjJ4D7uXMiBDCR9wUwHwYDVR0j
BBgwFoAU2xG3cHkRBktF+IoTrXd5XQvOXMYwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy80RUQ2RUIwQ0QyNDdFMTdGRjBBOERDRTZCNDZDNjQ1NTVF
OEI2RTg5OUY1NTgwQjVFNEMwMkJFNURDOUY5NkVGLzAvREIxMUI3NzA3OTExMDY0
QjQ1Rjg4QTEzQUQ3Nzc5NUQwQkNFNUNDNi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EQjExQjc3MDc5MTEwNjRCNDVG
ODhBMTNBRDc3Nzk1RDBCQ0U1Q0M2LmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvNEVENkVCMENEMjQ3RTE3RkYwQThEQ0U2QjQ2QzY0NTU1RThCNkU4OTlG
NTU4MEI1RTRDMDJCRTVEQzlGOTZFRi8wLzMxMzYzODJlMzAyZTMyMzEzMjJlMzAy
ZjMyMzIyZDMyMzIyMDNkM2UyMDM1MzIzMzM5MzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKoANQwDQYJ
KoZIhvcNAQELBQADggEBAEJeLzxAPer8OOCy/Jc8qCgMxpozpoE9phZcJ+soIJa2
VMbxvwZCM67fiR9/h15uBzY7QBC0j8Dt6tan/Q3FwAyM2H1Ktcyyi/VvFuFEr6Mu
0UDhsKyHLJyXZYJDrhD2ms+1lA5crv90hwMGHGGXZHvkw83BT3CJBh837lKVdejL
5LKeBEMUuWvJXN/y+agpVF5Db2Yv+Gjn8ybOGTwhAnxnLKvztXGN4LIPq82RdS71
647lwptgm2wW9jAh78KJvlcdoaUiUZkRQw7J33Hx4UB1Y3+bS4GFObc0P9Lj9NY7
gfO8LlqOu37IDAIcbO25ic9+jUDbTcRL14MtRk+EHUE=
-----END CERTIFICATE-----