Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/5D1A5E65ACB417339855ADA5A6C5416DC041CCF0640803843898BE56C4DF6C32/0/AS267786.roa
File:                     AS267786.roa (raw, json)
Hash identifier:          trLFBLkLsEsjDdrcAZjwmi29ojIVe3EWVADXdx0TwZ4=
Subject key identifier:   F4:09:D2:59:3B:62:DA:2F:ED:1D:2A:3F:AE:E9:F1:1F:CA:7D:B9:C3
Certificate issuer:       /CN=410819C7C9B4C85CE0B1D22741BE5E40A1F0E7B1
Certificate serial:       113945169A088B4A4A19C3FE09B315C8F9516CEE
Authority key identifier: 41:08:19:C7:C9:B4:C8:5C:E0:B1:D2:27:41:BE:5E:40:A1:F0:E7:B1
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/410819C7C9B4C85CE0B1D22741BE5E40A1F0E7B1.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/5D1A5E65ACB417339855ADA5A6C5416DC041CCF0640803843898BE56C4DF6C32/0/AS267786.roa
Signing time:             Tue 04 Feb 2025 18:13:42 +0000
ROA not before:           Tue 04 Feb 2025 18:08:42 +0000
ROA not after:            Tue 03 Feb 2026 18:13:42 +0000
asID:                     267786
IP address blocks:        186.38.99.0/24 maxlen: 24
                          201.251.146.0/24 maxlen: 24
                          201.251.206.0/24 maxlen: 24
                          201.251.207.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:39:45:16:9a:08:8b:4a:4a:19:c3:fe:09:b3:15:c8:f9:51:6c:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=410819C7C9B4C85CE0B1D22741BE5E40A1F0E7B1
        Validity
            Not Before: Feb  4 18:08:42 2025 GMT
            Not After : Feb  3 18:13:42 2026 GMT
        Subject: CN=F409D2593B62DA2FED1D2A3FAEE9F11FCA7DB9C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:17:9b:66:51:fc:15:ff:bd:da:c5:84:d9:28:
                    ba:c4:47:79:88:da:b9:16:aa:45:30:07:cb:a5:8d:
                    dd:30:5a:25:7e:d5:df:e4:00:71:c6:05:05:55:e2:
                    25:3c:b9:7c:c7:71:76:af:87:aa:e8:29:e6:45:af:
                    1a:59:86:0b:4e:ed:78:22:d8:f8:f4:87:53:46:a8:
                    d9:ef:6b:1e:19:a1:1f:de:17:7b:8f:cf:a6:64:18:
                    0d:fb:78:d2:a8:f4:4f:db:2d:a2:0d:bf:ca:85:9d:
                    65:18:2d:98:c1:54:71:ce:33:81:ac:f4:41:b2:f6:
                    25:63:3e:e3:39:8d:a4:66:9c:79:56:37:44:d5:9e:
                    55:c3:b6:48:73:31:0d:c8:f9:61:5d:d9:e1:e7:52:
                    d7:98:9a:5a:1a:59:6b:17:e2:ae:2c:50:c2:b2:f6:
                    3e:84:a1:de:c0:4b:22:11:f2:f8:4b:47:d6:c9:6f:
                    cb:e4:6f:66:ac:1f:c4:42:a1:ca:f2:31:16:78:9f:
                    b0:62:bb:30:72:61:e4:9f:89:bc:39:7c:c0:f9:27:
                    61:43:1c:27:1c:e7:83:a2:ec:44:ef:33:39:35:ca:
                    1a:03:c2:04:db:50:0b:c5:21:f7:f8:ce:7f:1e:00:
                    73:11:6e:9c:7d:9c:4f:23:01:80:8b:21:3e:85:3f:
                    26:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:09:D2:59:3B:62:DA:2F:ED:1D:2A:3F:AE:E9:F1:1F:CA:7D:B9:C3
            X509v3 Authority Key Identifier:
                keyid:41:08:19:C7:C9:B4:C8:5C:E0:B1:D2:27:41:BE:5E:40:A1:F0:E7:B1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/5D1A5E65ACB417339855ADA5A6C5416DC041CCF0640803843898BE56C4DF6C32/0/410819C7C9B4C85CE0B1D22741BE5E40A1F0E7B1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/410819C7C9B4C85CE0B1D22741BE5E40A1F0E7B1.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/5D1A5E65ACB417339855ADA5A6C5416DC041CCF0640803843898BE56C4DF6C32/0/AS267786.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  186.38.99.0/24
                  201.251.146.0/24
                  201.251.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b8:07:ef:fa:f9:1f:ad:b8:aa:c0:88:38:e3:00:8c:0f:da:69:
         c6:5d:ba:44:ff:b7:c6:af:e7:a5:3c:92:73:db:dc:3d:54:f5:
         50:4f:72:db:25:62:c1:ff:bc:b1:18:54:1d:47:65:e8:a0:a4:
         ef:cd:a5:14:e1:5d:8b:91:d0:17:15:ab:0e:82:49:16:a7:ca:
         f5:d5:39:f7:41:3d:d4:77:17:3a:c5:ce:19:fc:38:b7:17:53:
         d0:0e:89:8f:a9:cd:25:62:c4:0f:28:3b:86:f0:ee:9f:4a:60:
         8e:c8:45:da:3f:ca:e0:a9:05:90:0f:da:2e:7c:73:dd:b8:86:
         83:9d:75:fa:b5:69:23:6a:51:4d:58:a7:17:fa:dc:d6:3d:b0:
         6b:b0:bb:0b:84:a0:6e:0a:06:7b:b7:37:16:a2:39:a4:b0:ab:
         00:d0:9e:21:b7:d9:a1:c4:36:4d:9b:aa:b8:4b:ba:11:42:7c:
         47:81:18:2a:36:b4:dc:22:47:d5:e2:b5:55:c9:50:29:11:17:
         df:fd:10:18:9d:9f:c2:19:20:8f:58:0c:a3:49:22:f8:51:f7:
         74:2e:92:07:d5:c0:22:f9:1b:76:ab:ed:0e:46:94:fa:56:6f:
         b7:4e:e4:77:e8:df:da:4c:9f:2a:15:c7:df:6f:a7:82:1d:67:
         e7:01:d7:9f
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgIUETlFFpoIi0pKGcP+CbMVyPlRbO4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDEwODE5QzdDOUI0Qzg1Q0UwQjFEMjI3NDFCRTVFNDBB
MUYwRTdCMTAeFw0yNTAyMDQxODA4NDJaFw0yNjAyMDMxODEzNDJaMDMxMTAvBgNV
BAMTKEY0MDlEMjU5M0I2MkRBMkZFRDFEMkEzRkFFRTlGMTFGQ0E3REI5QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4F5tmUfwV/73axYTZKLrER3mI
2rkWqkUwB8uljd0wWiV+1d/kAHHGBQVV4iU8uXzHcXavh6roKeZFrxpZhgtO7Xgi
2Pj0h1NGqNnvax4ZoR/eF3uPz6ZkGA37eNKo9E/bLaINv8qFnWUYLZjBVHHOM4Gs
9EGy9iVjPuM5jaRmnHlWN0TVnlXDtkhzMQ3I+WFd2eHnUteYmloaWWsX4q4sUMKy
9j6Eod7ASyIR8vhLR9bJb8vkb2asH8RCocryMRZ4n7BiuzByYeSfibw5fMD5J2FD
HCcc54Oi7ETvMzk1yhoDwgTbUAvFIff4zn8eAHMRbpx9nE8jAYCLIT6FPyZvAgMB
AAGjggKlMIICoTAdBgNVHQ4EFgQU9AnSWTti2i/tHSo/runxH8p9ucMwHwYDVR0j
BBgwFoAUQQgZx8m0yFzgsdInQb5eQKHw57EwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy81RDFBNUU2NUFDQjQxNzMzOTg1NUFEQTVBNkM1NDE2REMw
NDFDQ0YwNjQwODAzODQzODk4QkU1NkM0REY2QzMyLzAvNDEwODE5QzdDOUI0Qzg1
Q0UwQjFEMjI3NDFCRTVFNDBBMUYwRTdCMS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC80MTA4MTlDN0M5QjRDODVDRTBC
MUQyMjc0MUJFNUU0MEExRjBFN0IxLmNlcjCBmAYIKwYBBQUHAQsEgYswgYgwgYUG
CCsGAQUFBzALhnlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy81RDFBNUU2NUFDQjQxNzMzOTg1NUFEQTVBNkM1NDE2REMwNDFDQ0YwNjQw
ODAzODQzODk4QkU1NkM0REY2QzMyLzAvQVMyNjc3ODYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAC6JmMD
BADJ+5IDBAHJ+84wDQYJKoZIhvcNAQELBQADggEBALgH7/r5H624qsCIOOMAjA/a
acZdukT/t8av56U8knPb3D1U9VBPctslYsH/vLEYVB1HZeigpO/NpRThXYuR0BcV
qw6CSRanyvXVOfdBPdR3FzrFzhn8OLcXU9AOiY+pzSVixA8oO4bw7p9KYI7IRdo/
yuCpBZAP2i58c924hoOddfq1aSNqUU1Ypxf63NY9sGuwuwuEoG4KBnu3NxaiOaSw
qwDQniG32aHENk2bqrhLuhFCfEeBGCo2tNwiR9XitVXJUCkRF9/9EBidn8IZII9Y
DKNJIvhR93QukgfVwCL5G3ar7Q5GlPpWb7dO5Hfo39pMnyoVx99vp4IdZ+cB158=
-----END CERTIFICATE-----