Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/67ed9008-ae34-44be-882f-59381201b1e1/1bebc479da9521e0687cc4d51c2de308964fe65b.roa
File:                     1bebc479da9521e0687cc4d51c2de308964fe65b.roa (raw, json)
Hash identifier:          Gvbse0cle6YwfqFGEpUp2m5fowyxsoARGSSObZt8TXU=
Subject key identifier:   31:67:31:AB:C8:0B:6C:E3:AE:9F:13:C4:93:09:07:4D:C4:5C:B3:A3
Certificate issuer:       /CN=a7237d32fd35bbf0fdba7734a8368fd9626eca5a
Certificate serial:       281152
Authority key identifier: BE:02:D2:36:F8:B0:06:BA:87:81:2A:20:2E:F5:B7:66:DC:8E:30:3F
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/a7237d32fd35bbf0fdba7734a8368fd9626eca5a.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/67ed9008-ae34-44be-882f-59381201b1e1/1bebc479da9521e0687cc4d51c2de308964fe65b.roa
Signing time:             Mon 12 Feb 2024 15:10:22 +0000
ROA not before:           Mon 12 Feb 2024 15:09:57 +0000
ROA not after:            Mon 12 Feb 2029 15:09:57 +0000
asID:                     23520
IP address blocks:        190.242.173.0/24 maxlen: 24
                          190.242.177.0/24 maxlen: 24
                          190.242.178.0/24 maxlen: 24
                          190.242.179.0/24 maxlen: 24
                          190.242.181.0/24 maxlen: 24
                          190.242.20.0/24 maxlen: 24
                          190.242.255.0/24 maxlen: 24
                          190.242.31.0/24 maxlen: 24
                          190.242.48.0/24 maxlen: 24
                          190.242.49.0/24 maxlen: 24
                          190.242.56.0/23 maxlen: 24
                          190.242.57.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2625874 (0x281152)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7237d32fd35bbf0fdba7734a8368fd9626eca5a
        Validity
            Not Before: Feb 12 15:09:57 2024 GMT
            Not After : Feb 12 15:09:57 2029 GMT
        Subject: CN=1bebc479da9521e0687cc4d51c2de308964fe65b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ed:a7:1f:c7:cb:ee:a4:3f:bd:1f:be:27:a4:
                    ac:db:41:53:e3:29:65:52:ac:e7:cf:b6:dd:d7:fb:
                    9b:ea:54:3c:ad:44:e5:bb:b3:8e:9e:ae:42:30:04:
                    cc:70:46:e1:22:eb:d2:ee:ce:ce:95:e9:66:70:b7:
                    83:d8:e6:20:8b:fa:4d:7b:87:b4:0a:42:0d:b3:86:
                    a2:78:d6:33:5f:b8:95:ac:3f:0f:7b:da:55:93:c6:
                    82:6b:fe:26:3c:aa:d5:e9:15:6b:c8:d8:4a:a6:1e:
                    4d:f3:de:84:f8:6b:a6:e5:ab:ac:9b:a7:0b:f4:3d:
                    ea:e7:ba:ba:d2:d0:7a:59:85:75:e0:f8:bd:fb:65:
                    40:01:98:52:36:23:5c:e2:34:2d:f3:d4:56:fc:21:
                    aa:c8:f0:e5:83:f1:0f:5c:41:20:3d:52:96:08:f1:
                    e5:bb:a6:39:fe:c1:99:38:f1:e3:00:ce:6b:b9:a3:
                    67:d8:81:78:c3:ec:c2:81:fa:50:bb:71:f7:33:f8:
                    2a:5f:38:41:d2:79:7d:55:af:75:00:ed:0b:89:e8:
                    fc:5a:00:40:cb:f3:de:58:3e:d5:3c:ad:5c:7c:ea:
                    2b:ae:76:f6:e0:10:a6:59:ac:2a:28:99:0b:d6:71:
                    ad:c5:a5:1f:7d:5c:05:df:0b:80:a7:8e:87:f3:3e:
                    79:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:67:31:AB:C8:0B:6C:E3:AE:9F:13:C4:93:09:07:4D:C4:5C:B3:A3
            X509v3 Authority Key Identifier:
                keyid:BE:02:D2:36:F8:B0:06:BA:87:81:2A:20:2E:F5:B7:66:DC:8E:30:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/a7237d32fd35bbf0fdba7734a8368fd9626eca5a.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/67ed9008-ae34-44be-882f-59381201b1e1/1bebc479da9521e0687cc4d51c2de308964fe65b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/67ed9008-ae34-44be-882f-59381201b1e1/a7237d32fd35bbf0fdba7734a8368fd9626eca5a.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.242.20.0/24
                  190.242.31.0/24
                  190.242.48.0/23
                  190.242.56.0/23
                  190.242.173.0/24
                  190.242.177.0-190.242.179.255
                  190.242.181.0/24
                  190.242.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:97:47:c9:7b:24:2a:fb:0d:e1:16:bd:92:1f:32:e5:a2:00:
         f7:4a:3b:02:5b:ed:e2:0b:c9:ad:a3:a3:95:56:08:c4:81:55:
         fa:9e:82:be:2a:90:8e:98:82:c7:34:d0:53:1f:a5:c3:de:a0:
         a0:d6:1e:2c:de:7a:0a:fd:6f:db:7e:94:88:49:12:78:40:6e:
         2c:00:b6:7a:ff:a3:b7:06:ad:c8:42:54:bd:d8:76:f4:0d:b0:
         15:57:08:23:1e:ca:8e:59:92:b3:ff:f4:44:65:ed:77:1f:75:
         c2:39:da:70:e5:33:3a:92:14:78:9a:f7:c9:69:3f:ff:46:dd:
         30:4c:7e:e7:30:29:ba:ff:40:b6:f1:83:a1:5b:e4:a2:c4:8b:
         09:51:05:e2:40:90:c0:94:cf:a0:88:84:12:df:bc:b8:44:92:
         19:be:e2:22:ae:d6:61:03:a5:ce:7c:38:13:cc:3f:d0:54:39:
         10:7e:86:81:b2:d7:b8:de:ab:4c:e7:97:e9:86:ce:df:fd:18:
         45:0f:e7:48:54:00:16:11:ca:35:69:29:ba:c1:44:de:4d:dd:
         56:36:cf:d9:80:54:9a:4f:67:8f:ed:6f:a5:26:01:ab:e9:da:
         9a:a4:fc:1f:fc:db:0d:0b:6f:43:06:46:97:08:9b:79:60:57:
         d9:7b:5b:42
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIDKBFSMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGE3
MjM3ZDMyZmQzNWJiZjBmZGJhNzczNGE4MzY4ZmQ5NjI2ZWNhNWEwHhcNMjQwMjEy
MTUwOTU3WhcNMjkwMjEyMTUwOTU3WjAzMTEwLwYDVQQDEygxYmViYzQ3OWRhOTUy
MWUwNjg3Y2M0ZDUxYzJkZTMwODk2NGZlNjViMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAh+2nH8fL7qQ/vR++J6Ss20FT4yllUqznz7bd1/ub6lQ8rUTl
u7OOnq5CMATMcEbhIuvS7s7OlelmcLeD2OYgi/pNe4e0CkINs4aieNYzX7iVrD8P
e9pVk8aCa/4mPKrV6RVryNhKph5N896E+Gum5ausm6cL9D3q57q60tB6WYV14Pi9
+2VAAZhSNiNc4jQt89RW/CGqyPDlg/EPXEEgPVKWCPHlu6Y5/sGZOPHjAM5ruaNn
2IF4w+zCgfpQu3H3M/gqXzhB0nl9Va91AO0Liej8WgBAy/PeWD7VPK1cfOorrnb2
4BCmWawqKJkL1nGtxaUffVwF3wuAp46H8z55awIDAQABo4ICjTCCAokwHQYDVR0O
BBYEFDFnMavIC2zjrp8TxJMJB03EXLOjMB8GA1UdIwQYMBaAFL4C0jb4sAa6h4Eq
IC71t2bcjjA/MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYTcyMzdk
MzJmZDM1YmJmMGZkYmE3NzM0YTgzNjhmZDk2MjZlY2E1YS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNjdlZDkwMDgtYWUzNC00NGJlLTg4MmYtNTkzODEy
MDFiMWUxLzFiZWJjNDc5ZGE5NTIxZTA2ODdjYzRkNTFjMmRlMzA4OTY0ZmU2NWIu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy82N2VkOTAwOC1hZTM0LTQ0YmUtODgyZi01OTM4
MTIwMWIxZTEvYTcyMzdkMzJmZDM1YmJmMGZkYmE3NzM0YTgzNjhmZDk2MjZlY2E1
YS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBRBggrBgEFBQcBBwEB/wRC
MEAwPgQCAAEwOAMEAL7yFAMEAL7yHwMEAb7yMAMEAb7yOAMEAL7yrTAMAwQAvvKx
AwQCvvKwAwQAvvK1AwQAvvL/MA0GCSqGSIb3DQEBCwUAA4IBAQA5l0fJeyQq+w3h
Fr2SHzLlogD3SjsCW+3iC8mto6OVVgjEgVX6noK+KpCOmILHNNBTH6XD3qCg1h4s
3noK/W/bfpSISRJ4QG4sALZ6/6O3Bq3IQlS92Hb0DbAVVwgjHsqOWZKz//REZe13
H3XCOdpw5TM6khR4mvfJaT//Rt0wTH7nMCm6/0C28YOhW+SixIsJUQXiQJDAlM+g
iIQS37y4RJIZvuIirtZhA6XOfDgTzD/QVDkQfoaBste43qtM55fphs7f/RhFD+dI
VAAWEco1aSm6wUTeTd1WNs/ZgFSaT2eP7W+lJgGr6dqapPwf/NsNC29DBkaXCJt5
YFfZe1tC
-----END CERTIFICATE-----