Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/4FCBD94D88BF929AA50D775062E0A115AF04A18FBF4D9FF1512B9CBA509E4042/0/3139302e35322e3132352e302f32342d3234203d3e20323632313832.roa
File:                     3139302e35322e3132352e302f32342d3234203d3e20323632313832.roa (raw, json)
Hash identifier:          0Ck2iWrD4eTHFoMZiaL9p3a0FT3ndCHsm1qko+oP8g0=
Subject key identifier:   B4:9C:F5:A2:42:87:49:0A:82:8B:B9:D6:9B:57:85:C4:F6:0C:4B:D9
Certificate issuer:       /CN=3D608F1A58C367A78F93EDCEF6DA6EACD069209B
Certificate serial:       72FAA58C76EBCF0A659722BB2411F0BD172FB7F1
Authority key identifier: 3D:60:8F:1A:58:C3:67:A7:8F:93:ED:CE:F6:DA:6E:AC:D0:69:20:9B
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/3D608F1A58C367A78F93EDCEF6DA6EACD069209B.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/4FCBD94D88BF929AA50D775062E0A115AF04A18FBF4D9FF1512B9CBA509E4042/0/3139302e35322e3132352e302f32342d3234203d3e20323632313832.roa
Signing time:             Wed 12 Feb 2025 20:09:40 +0000
ROA not before:           Wed 12 Feb 2025 20:04:40 +0000
ROA not after:            Wed 11 Feb 2026 20:09:40 +0000
asID:                     262182
IP address blocks:        190.52.125.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:fa:a5:8c:76:eb:cf:0a:65:97:22:bb:24:11:f0:bd:17:2f:b7:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3D608F1A58C367A78F93EDCEF6DA6EACD069209B
        Validity
            Not Before: Feb 12 20:04:40 2025 GMT
            Not After : Feb 11 20:09:40 2026 GMT
        Subject: CN=B49CF5A24287490A828BB9D69B5785C4F60C4BD9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:43:6e:8d:81:e7:55:de:27:0a:61:94:3b:c4:
                    03:01:45:75:3b:e1:e2:73:8a:f1:ec:69:18:9d:e8:
                    f5:f5:bc:b5:1b:04:14:79:e7:77:7c:ae:89:b7:2b:
                    cf:cb:3a:bd:77:42:7b:c6:97:5a:f7:74:c1:a5:3b:
                    ad:99:24:7b:9f:bc:cd:b2:a9:7f:ee:0c:5a:e1:dc:
                    a0:bb:f9:ea:15:54:17:6b:05:ef:37:d7:e8:43:9f:
                    b0:bc:9e:63:ee:ea:7e:f8:81:2d:a8:d3:65:e7:ed:
                    47:d8:cc:88:72:41:5d:df:af:04:e4:7d:ad:6e:5a:
                    7d:cd:8f:b7:76:35:f1:56:00:70:f7:d5:f7:74:81:
                    c5:32:6f:8d:42:4e:ee:3e:1e:63:0c:d4:f2:58:31:
                    9d:a9:cd:83:2e:7c:ff:a0:b3:46:39:95:85:3c:da:
                    a7:e4:51:72:6f:f3:94:0b:78:9e:bb:10:f8:60:58:
                    fe:77:a2:ec:12:7c:c7:a7:a6:90:2b:2a:57:3e:73:
                    78:ce:d0:46:d5:b4:37:53:0b:31:d9:19:6d:10:f5:
                    a7:e5:3d:9a:d7:34:71:b8:63:33:e6:e5:81:2e:f2:
                    e8:ae:2f:d9:d0:2d:7f:81:b6:8f:9b:10:86:bc:8e:
                    27:c5:3d:d9:ba:f8:b1:b0:fc:10:9c:28:07:1d:13:
                    b2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:9C:F5:A2:42:87:49:0A:82:8B:B9:D6:9B:57:85:C4:F6:0C:4B:D9
            X509v3 Authority Key Identifier:
                keyid:3D:60:8F:1A:58:C3:67:A7:8F:93:ED:CE:F6:DA:6E:AC:D0:69:20:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/4FCBD94D88BF929AA50D775062E0A115AF04A18FBF4D9FF1512B9CBA509E4042/0/3D608F1A58C367A78F93EDCEF6DA6EACD069209B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/3D608F1A58C367A78F93EDCEF6DA6EACD069209B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/4FCBD94D88BF929AA50D775062E0A115AF04A18FBF4D9FF1512B9CBA509E4042/0/3139302e35322e3132352e302f32342d3234203d3e20323632313832.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.52.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:b3:57:0e:48:db:d9:49:10:90:7c:ee:db:df:d5:b8:11:ef:
         88:90:8b:ea:4d:1a:4f:d7:d1:fc:e1:ac:6e:cf:79:ef:9d:32:
         15:82:e9:37:d5:a3:5d:ae:5b:d3:ab:3b:87:81:3d:8e:2f:3b:
         8f:df:a0:12:99:f7:af:c4:e8:db:f6:0a:80:e6:31:8c:d7:87:
         0f:60:11:9c:a8:b4:fe:7e:04:95:56:2f:33:8f:b4:e5:2d:8f:
         c8:9a:f7:57:8d:92:87:37:af:0b:8c:5a:4d:13:42:e9:b4:84:
         37:e1:d1:27:0d:4a:ec:63:54:d1:17:04:ba:04:c1:ac:32:93:
         e1:2f:c6:6f:63:0d:ef:76:9e:28:5f:72:d2:b7:6d:a8:21:d9:
         e4:c7:5a:54:7b:07:ef:23:14:57:b2:e7:97:40:5d:4d:94:63:
         d4:c4:25:3d:16:97:7c:8c:e3:75:5f:b2:ae:b8:28:77:9f:9d:
         4a:a4:d8:a2:03:bd:8c:5e:53:9a:bd:97:9d:17:ca:67:e4:2b:
         c8:38:b4:16:2d:52:d2:49:24:b8:f6:ac:a5:44:19:f7:f4:d0:
         87:fd:fa:0a:67:e2:74:d9:77:75:81:4d:16:f8:fb:55:38:6e:
         c9:fc:46:d0:78:cd:c1:fd:a0:e4:a8:6f:cd:a5:39:c2:d1:be:
         1b:67:b0:16
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUcvqljHbrzwpllyK7JBHwvRcvt/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0Q2MDhGMUE1OEMzNjdBNzhGOTNFRENFRjZEQTZFQUNE
MDY5MjA5QjAeFw0yNTAyMTIyMDA0NDBaFw0yNjAyMTEyMDA5NDBaMDMxMTAvBgNV
BAMTKEI0OUNGNUEyNDI4NzQ5MEE4MjhCQjlENjlCNTc4NUM0RjYwQzRCRDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Q26NgedV3icKYZQ7xAMBRXU7
4eJzivHsaRid6PX1vLUbBBR553d8rom3K8/LOr13QnvGl1r3dMGlO62ZJHufvM2y
qX/uDFrh3KC7+eoVVBdrBe831+hDn7C8nmPu6n74gS2o02Xn7UfYzIhyQV3frwTk
fa1uWn3Nj7d2NfFWAHD31fd0gcUyb41CTu4+HmMM1PJYMZ2pzYMufP+gs0Y5lYU8
2qfkUXJv85QLeJ67EPhgWP53ouwSfMenppArKlc+c3jO0EbVtDdTCzHZGW0Q9afl
PZrXNHG4YzPm5YEu8uiuL9nQLX+Bto+bEIa8jifFPdm6+LGw/BCcKAcdE7KxAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUtJz1okKHSQqCi7nWm1eFxPYMS9kwHwYDVR0j
BBgwFoAUPWCPGljDZ6ePk+3O9tpurNBpIJswDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy80RkNCRDk0RDg4QkY5MjlBQTUwRDc3NTA2MkUwQTExNUFG
MDRBMThGQkY0RDlGRjE1MTJCOUNCQTUwOUU0MDQyLzAvM0Q2MDhGMUE1OEMzNjdB
NzhGOTNFRENFRjZEQTZFQUNEMDY5MjA5Qi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8zRDYwOEYxQTU4QzM2N0E3OEY5
M0VEQ0VGNkRBNkVBQ0QwNjkyMDlCLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvNEZDQkQ5NEQ4OEJGOTI5QUE1MEQ3NzUwNjJFMEExMTVBRjA0QTE4RkJG
NEQ5RkYxNTEyQjlDQkE1MDlFNDA0Mi8wLzMxMzkzMDJlMzUzMjJlMzEzMjM1MmUz
MDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNjMyMzEzODMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvjR9
MA0GCSqGSIb3DQEBCwUAA4IBAQB5s1cOSNvZSRCQfO7b39W4Ee+IkIvqTRpP19H8
4axuz3nvnTIVguk31aNdrlvTqzuHgT2OLzuP36ASmfevxOjb9gqA5jGM14cPYBGc
qLT+fgSVVi8zj7TlLY/ImvdXjZKHN68LjFpNE0LptIQ34dEnDUrsY1TRFwS6BMGs
MpPhL8ZvYw3vdp4oX3LSt22oIdnkx1pUewfvIxRXsueXQF1NlGPUxCU9Fpd8jON1
X7KuuCh3n51KpNiiA72MXlOavZedF8pn5CvIOLQWLVLSSSS49qylRBn39NCH/foK
Z+J02Xd1gU0W+PtVOG7J/EbQeM3B/aDkqG/NpTnC0b4bZ7AW
-----END CERTIFICATE-----