Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/56FD67D89D96D39A39724C4AD614F457C08FA2784415BE3952C491BEBE4BE207/0/3134382e3230392e3134342e302f32322d3232203d3e203232313232.roa
File:                     3134382e3230392e3134342e302f32322d3232203d3e203232313232.roa (raw, json)
Hash identifier:          A6C0bmy1yhVyA0m/a++bR93EKwptFWLXcikADKX4gLw=
Subject key identifier:   73:89:2F:B0:9A:79:4F:1F:C3:9D:46:6E:9B:24:BB:D9:AC:25:DD:CD
Certificate issuer:       /CN=8D67A138567146B2E89E0918237CB2D076D67AFA
Certificate serial:       51406CCDE969D69991757AF1572F1F8026854769
Authority key identifier: 8D:67:A1:38:56:71:46:B2:E8:9E:09:18:23:7C:B2:D0:76:D6:7A:FA
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/8D67A138567146B2E89E0918237CB2D076D67AFA.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/56FD67D89D96D39A39724C4AD614F457C08FA2784415BE3952C491BEBE4BE207/0/3134382e3230392e3134342e302f32322d3232203d3e203232313232.roa
Signing time:             Tue 04 Feb 2025 18:38:58 +0000
ROA not before:           Tue 04 Feb 2025 18:33:58 +0000
ROA not after:            Tue 03 Feb 2026 18:38:58 +0000
asID:                     22122
IP address blocks:        148.209.144.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:40:6c:cd:e9:69:d6:99:91:75:7a:f1:57:2f:1f:80:26:85:47:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8D67A138567146B2E89E0918237CB2D076D67AFA
        Validity
            Not Before: Feb  4 18:33:58 2025 GMT
            Not After : Feb  3 18:38:58 2026 GMT
        Subject: CN=73892FB09A794F1FC39D466E9B24BBD9AC25DDCD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9c:70:7c:fb:9f:c6:db:ef:e7:c9:db:50:55:
                    ae:5e:1a:15:cf:69:78:ca:e0:cc:ec:ff:87:35:51:
                    c4:66:78:54:65:3f:bd:56:4d:b4:b9:6e:56:2b:72:
                    51:b5:27:4d:48:9c:23:31:27:0f:94:0a:7a:7b:bb:
                    95:d4:18:cb:52:71:83:74:fc:ba:b2:b9:c6:86:50:
                    f9:de:f9:ad:c8:79:11:05:95:74:29:97:18:b4:1a:
                    d5:e7:02:08:3e:8d:f8:f9:c8:57:ba:7d:c3:75:a8:
                    6e:13:bd:41:52:40:14:03:c8:3d:6a:31:48:38:5b:
                    35:0b:2d:0e:6d:f2:d9:7d:16:1f:2c:ef:da:65:97:
                    97:8f:0d:e2:e0:50:9b:5b:96:d9:5a:52:11:cd:4f:
                    50:ca:c5:74:ae:f8:2b:2f:bf:0c:e7:b3:d4:22:14:
                    71:b2:dd:e2:60:05:99:be:53:65:9a:68:7f:ce:55:
                    b8:fd:4d:68:e5:79:29:ec:34:4b:06:5d:0a:32:bd:
                    43:2c:fa:d5:27:c4:3b:80:d2:6d:73:dc:7d:06:3f:
                    08:f6:0e:87:64:a3:96:f5:67:14:ac:98:f7:25:10:
                    0b:ad:ab:3e:f6:42:90:9c:52:d5:e7:6d:da:69:d0:
                    3d:7d:eb:f2:0e:23:84:82:85:6a:20:45:1f:5d:e2:
                    2b:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:89:2F:B0:9A:79:4F:1F:C3:9D:46:6E:9B:24:BB:D9:AC:25:DD:CD
            X509v3 Authority Key Identifier:
                keyid:8D:67:A1:38:56:71:46:B2:E8:9E:09:18:23:7C:B2:D0:76:D6:7A:FA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/56FD67D89D96D39A39724C4AD614F457C08FA2784415BE3952C491BEBE4BE207/0/8D67A138567146B2E89E0918237CB2D076D67AFA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/8D67A138567146B2E89E0918237CB2D076D67AFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/56FD67D89D96D39A39724C4AD614F457C08FA2784415BE3952C491BEBE4BE207/0/3134382e3230392e3134342e302f32322d3232203d3e203232313232.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.209.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:e3:d3:85:d0:f9:ad:73:42:a8:7c:3a:10:a1:ea:68:51:57:
         2d:91:db:06:21:54:b5:2b:62:e7:a6:e0:69:6e:d7:0c:48:b0:
         a5:1a:59:ed:ad:08:c0:f2:85:15:58:fc:44:76:af:20:8c:be:
         bf:ab:48:2c:c9:64:81:aa:8f:47:d5:14:4b:8c:d7:f8:a6:69:
         36:71:1f:83:8e:07:c4:9b:d5:56:f9:6a:d9:6e:ec:4b:31:cd:
         d3:87:b2:01:af:c2:be:06:97:7c:51:68:1e:42:4e:8e:1a:de:
         b8:a3:fe:a6:a5:c5:a9:e5:c3:7e:8b:c1:56:dc:ec:b3:ec:f2:
         e8:4f:69:8d:28:ba:41:dd:71:bf:bf:b0:d7:68:0b:d6:03:20:
         d2:dc:51:ba:a2:de:41:1d:0a:f7:ef:cd:2d:55:f8:92:50:f8:
         0e:56:8b:bf:ac:a5:f7:92:cf:43:78:87:b1:0b:be:66:69:6d:
         e7:78:1e:53:d3:d0:d1:9e:ff:19:86:94:c6:0a:f5:11:00:64:
         81:6b:23:35:75:2d:61:35:eb:5c:7c:0e:d4:29:3d:eb:d9:b0:
         d0:72:f2:27:8d:36:2a:91:4e:82:21:d3:9b:c7:9d:2f:47:19:
         f7:6a:ce:38:ac:78:11:ff:04:50:02:b2:06:c9:12:83:74:79:
         63:b4:e9:ce
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUUUBszelp1pmRdXrxVy8fgCaFR2kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEQ2N0ExMzg1NjcxNDZCMkU4OUUwOTE4MjM3Q0IyRDA3
NkQ2N0FGQTAeFw0yNTAyMDQxODMzNThaFw0yNjAyMDMxODM4NThaMDMxMTAvBgNV
BAMTKDczODkyRkIwOUE3OTRGMUZDMzlENDY2RTlCMjRCQkQ5QUMyNUREQ0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYnHB8+5/G2+/nydtQVa5eGhXP
aXjK4Mzs/4c1UcRmeFRlP71WTbS5blYrclG1J01InCMxJw+UCnp7u5XUGMtScYN0
/LqyucaGUPne+a3IeREFlXQplxi0GtXnAgg+jfj5yFe6fcN1qG4TvUFSQBQDyD1q
MUg4WzULLQ5t8tl9Fh8s79pll5ePDeLgUJtbltlaUhHNT1DKxXSu+Csvvwzns9Qi
FHGy3eJgBZm+U2WaaH/OVbj9TWjleSnsNEsGXQoyvUMs+tUnxDuA0m1z3H0GPwj2
Dodko5b1ZxSsmPclEAutqz72QpCcUtXnbdpp0D196/IOI4SChWogRR9d4itdAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUc4kvsJp5Tx/DnUZumyS72awl3c0wHwYDVR0j
BBgwFoAUjWehOFZxRrLongkYI3yy0HbWevowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy81NkZENjdEODlEOTZEMzlBMzk3MjRDNEFENjE0RjQ1N0Mw
OEZBMjc4NDQxNUJFMzk1MkM0OTFCRUJFNEJFMjA3LzAvOEQ2N0ExMzg1NjcxNDZC
MkU4OUUwOTE4MjM3Q0IyRDA3NkQ2N0FGQS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC84RDY3QTEzODU2NzE0NkIyRTg5
RTA5MTgyMzdDQjJEMDc2RDY3QUZBLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvNTZGRDY3RDg5RDk2RDM5QTM5NzI0QzRBRDYxNEY0NTdDMDhGQTI3ODQ0
MTVCRTM5NTJDNDkxQkVCRTRCRTIwNy8wLzMxMzQzODJlMzIzMDM5MmUzMTM0MzQy
ZTMwMmYzMjMyMmQzMjMyMjAzZDNlMjAzMjMyMzEzMjMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClNGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCf49OF0Pmtc0KofDoQoepoUVctkdsGIVS1K2Ln
puBpbtcMSLClGlntrQjA8oUVWPxEdq8gjL6/q0gsyWSBqo9H1RRLjNf4pmk2cR+D
jgfEm9VW+WrZbuxLMc3Th7IBr8K+Bpd8UWgeQk6OGt64o/6mpcWp5cN+i8FW3Oyz
7PLoT2mNKLpB3XG/v7DXaAvWAyDS3FG6ot5BHQr3780tVfiSUPgOVou/rKX3ks9D
eIexC75maW3neB5T09DRnv8ZhpTGCvURAGSBayM1dS1hNetcfA7UKT3r2bDQcvIn
jTYqkU6CIdObx50vRxn3as44rHgR/wRQArIGyRKDdHljtOnO
-----END CERTIFICATE-----