Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/5CAE46B541E73DC58456DDDDB4F2BBB47FE0ACF9829BA51D04D1F28712D635C1/0/3136302e32302e3138382e302f32322d3234203d3e20323635373033.roa
File:                     3136302e32302e3138382e302f32322d3234203d3e20323635373033.roa (raw, json)
Hash identifier:          kNoSdG53tztCO2LRmjAg6iz9ut035wYO0R76+UHTkOw=
Subject key identifier:   08:8A:A5:20:22:D5:1B:A4:4E:97:41:AC:57:DE:06:A4:E8:45:49:66
Certificate issuer:       /CN=AD41D33C8DD7CAC23396EB6CC42EE6A3691330E6
Certificate serial:       35E3DD7C1881AD7F3C4C25BCA87FFC8B2BF5AE96
Authority key identifier: AD:41:D3:3C:8D:D7:CA:C2:33:96:EB:6C:C4:2E:E6:A3:69:13:30:E6
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/AD41D33C8DD7CAC23396EB6CC42EE6A3691330E6.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/5CAE46B541E73DC58456DDDDB4F2BBB47FE0ACF9829BA51D04D1F28712D635C1/0/3136302e32302e3138382e302f32322d3234203d3e20323635373033.roa
Signing time:             Tue 04 Feb 2025 20:06:03 +0000
ROA not before:           Tue 04 Feb 2025 20:01:03 +0000
ROA not after:            Tue 03 Feb 2026 20:06:03 +0000
asID:                     265703
IP address blocks:        160.20.188.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:e3:dd:7c:18:81:ad:7f:3c:4c:25:bc:a8:7f:fc:8b:2b:f5:ae:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=AD41D33C8DD7CAC23396EB6CC42EE6A3691330E6
        Validity
            Not Before: Feb  4 20:01:03 2025 GMT
            Not After : Feb  3 20:06:03 2026 GMT
        Subject: CN=088AA52022D51BA44E9741AC57DE06A4E8454966
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c4:d7:01:f9:2d:a7:08:30:12:be:8c:bb:73:
                    bb:48:d5:85:1c:eb:48:86:c2:fc:cc:b4:0f:fe:d0:
                    77:3a:84:46:4e:a9:b8:b2:0b:98:f6:4e:4a:9c:ea:
                    8d:63:49:f8:3a:59:db:2a:bc:f2:cd:d0:51:44:d4:
                    47:2f:77:68:56:93:0b:f2:a3:7c:8d:78:d6:ed:bf:
                    76:ff:df:1a:81:7e:9e:4b:d3:77:46:b0:a9:91:90:
                    84:39:05:02:1c:06:f9:70:f5:6b:83:f8:9e:b4:53:
                    83:94:b6:c0:5b:df:61:7b:bb:00:70:a1:59:c7:8b:
                    7b:4f:f1:ad:5f:5c:76:54:74:95:87:8b:a0:65:6e:
                    00:a1:e3:cf:47:00:61:f9:7f:2f:d4:86:61:08:95:
                    a6:d2:45:41:0f:40:f8:63:70:97:e0:89:29:35:5d:
                    46:ce:11:d7:0d:e5:6b:dd:dc:af:f1:50:79:58:c5:
                    15:da:52:56:32:ff:94:2f:d8:11:3a:f4:f1:fd:33:
                    52:bf:3b:4f:b8:12:5c:41:c1:2b:66:2f:51:52:b6:
                    9c:f6:80:cb:88:cd:f3:3b:f8:33:30:e2:b9:b2:62:
                    28:76:5a:8e:0c:72:93:d4:0b:4f:90:47:7e:02:db:
                    84:d0:60:d8:a4:42:64:ff:78:f9:44:d9:07:77:50:
                    eb:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:8A:A5:20:22:D5:1B:A4:4E:97:41:AC:57:DE:06:A4:E8:45:49:66
            X509v3 Authority Key Identifier:
                keyid:AD:41:D3:3C:8D:D7:CA:C2:33:96:EB:6C:C4:2E:E6:A3:69:13:30:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/5CAE46B541E73DC58456DDDDB4F2BBB47FE0ACF9829BA51D04D1F28712D635C1/0/AD41D33C8DD7CAC23396EB6CC42EE6A3691330E6.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/AD41D33C8DD7CAC23396EB6CC42EE6A3691330E6.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/5CAE46B541E73DC58456DDDDB4F2BBB47FE0ACF9829BA51D04D1F28712D635C1/0/3136302e32302e3138382e302f32322d3234203d3e20323635373033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:78:96:51:47:82:49:6a:06:71:89:f1:11:f5:cf:48:aa:81:
         59:5f:49:62:ea:e1:7f:8b:bb:12:5d:07:0e:05:31:74:75:cc:
         d2:02:9d:2d:82:42:f8:08:7f:8c:b6:93:0b:f0:94:21:01:59:
         f4:a8:32:f9:70:b3:f0:6e:84:3f:b3:90:a7:83:43:35:34:6a:
         d3:e9:84:15:5f:83:30:0c:52:bc:03:bb:de:e4:39:af:bd:46:
         c3:7a:e2:1d:ce:39:54:31:84:4e:66:db:00:5c:8f:3d:af:ba:
         26:bf:96:40:0f:d4:b2:7a:b7:1a:98:6b:b1:2f:ba:22:af:a9:
         8c:c4:08:87:10:9a:4d:de:37:15:72:e5:dc:53:4d:a7:07:e2:
         82:56:a6:88:1c:87:c4:6f:1b:83:0e:3f:a0:bb:70:fd:fe:7c:
         40:61:f0:6d:f5:23:e3:5b:72:a7:ca:2a:c9:df:32:2b:03:52:
         c4:06:15:33:d1:65:16:cd:bb:9f:c7:77:f4:ed:b0:f5:d5:db:
         f1:08:96:a1:ed:3e:78:b3:f6:14:58:22:7e:98:86:f7:96:fa:
         d4:01:da:49:29:1d:fa:3a:cc:09:e4:e6:f5:33:bc:17:26:95:
         33:b7:97:e7:62:11:5c:a4:ed:82:63:00:41:97:ff:fe:90:b8:
         3d:66:72:f3
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUNePdfBiBrX88TCW8qH/8iyv1rpYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQUQ0MUQzM0M4REQ3Q0FDMjMzOTZFQjZDQzQyRUU2QTM2
OTEzMzBFNjAeFw0yNTAyMDQyMDAxMDNaFw0yNjAyMDMyMDA2MDNaMDMxMTAvBgNV
BAMTKDA4OEFBNTIwMjJENTFCQTQ0RTk3NDFBQzU3REUwNkE0RTg0NTQ5NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJxNcB+S2nCDASvoy7c7tI1YUc
60iGwvzMtA/+0Hc6hEZOqbiyC5j2Tkqc6o1jSfg6WdsqvPLN0FFE1Ecvd2hWkwvy
o3yNeNbtv3b/3xqBfp5L03dGsKmRkIQ5BQIcBvlw9WuD+J60U4OUtsBb32F7uwBw
oVnHi3tP8a1fXHZUdJWHi6BlbgCh489HAGH5fy/UhmEIlabSRUEPQPhjcJfgiSk1
XUbOEdcN5Wvd3K/xUHlYxRXaUlYy/5Qv2BE69PH9M1K/O0+4ElxBwStmL1FStpz2
gMuIzfM7+DMw4rmyYih2Wo4McpPUC0+QR34C24TQYNikQmT/ePlE2Qd3UOvXAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUCIqlICLVG6ROl0GsV94GpOhFSWYwHwYDVR0j
BBgwFoAUrUHTPI3XysIzlutsxC7mo2kTMOYwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy81Q0FFNDZCNTQxRTczREM1ODQ1NkRERERCNEYyQkJCNDdG
RTBBQ0Y5ODI5QkE1MUQwNEQxRjI4NzEyRDYzNUMxLzAvQUQ0MUQzM0M4REQ3Q0FD
MjMzOTZFQjZDQzQyRUU2QTM2OTEzMzBFNi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9BRDQxRDMzQzhERDdDQUMyMzM5
NkVCNkNDNDJFRTZBMzY5MTMzMEU2LmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvNUNBRTQ2QjU0MUU3M0RDNTg0NTZEREREQjRGMkJCQjQ3RkUwQUNGOTgy
OUJBNTFEMDREMUYyODcxMkQ2MzVDMS8wLzMxMzYzMDJlMzIzMDJlMzEzODM4MmUz
MDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzNjM1MzczMDMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCoBS8
MA0GCSqGSIb3DQEBCwUAA4IBAQBCeJZRR4JJagZxifER9c9IqoFZX0li6uF/i7sS
XQcOBTF0dczSAp0tgkL4CH+MtpML8JQhAVn0qDL5cLPwboQ/s5Cng0M1NGrT6YQV
X4MwDFK8A7ve5DmvvUbDeuIdzjlUMYROZtsAXI89r7omv5ZAD9SyercamGuxL7oi
r6mMxAiHEJpN3jcVcuXcU02nB+KCVqaIHIfEbxuDDj+gu3D9/nxAYfBt9SPjW3Kn
yirJ3zIrA1LEBhUz0WUWzbufx3f07bD11dvxCJah7T54s/YUWCJ+mIb3lvrUAdpJ
KR36OswJ5Ob1M7wXJpUzt5fnYhFcpO2CYwBBl//+kLg9ZnLz
-----END CERTIFICATE-----