Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/72EA4D136B20E59E7C2644AF459C7B77DF7EF53984D3A9388E6850324C266FF0/0/3133382e3230342e3135322e302f32322d3234203d3e20323633383038.roa
File:                     3133382e3230342e3135322e302f32322d3234203d3e20323633383038.roa (raw, json)
Hash identifier:          AM3woYI3N05JTrf6vEMef1UZD0oBGr1kfPcCo6m/jWE=
Subject key identifier:   28:4C:E5:D4:E3:BC:D6:A6:D5:3C:C4:4A:87:14:FE:D3:FA:40:7B:18
Certificate issuer:       /CN=EC10C9CADB7DBD590B08CF5996AE27024C9DD050
Certificate serial:       69636BFCDC10526E82F466BAB7ED4F843D6037E8
Authority key identifier: EC:10:C9:CA:DB:7D:BD:59:0B:08:CF:59:96:AE:27:02:4C:9D:D0:50
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/EC10C9CADB7DBD590B08CF5996AE27024C9DD050.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/72EA4D136B20E59E7C2644AF459C7B77DF7EF53984D3A9388E6850324C266FF0/0/3133382e3230342e3135322e302f32322d3234203d3e20323633383038.roa
Signing time:             Tue 04 Feb 2025 20:04:24 +0000
ROA not before:           Tue 04 Feb 2025 19:59:24 +0000
ROA not after:            Tue 03 Feb 2026 20:04:24 +0000
asID:                     263808
IP address blocks:        138.204.152.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:63:6b:fc:dc:10:52:6e:82:f4:66:ba:b7:ed:4f:84:3d:60:37:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EC10C9CADB7DBD590B08CF5996AE27024C9DD050
        Validity
            Not Before: Feb  4 19:59:24 2025 GMT
            Not After : Feb  3 20:04:24 2026 GMT
        Subject: CN=284CE5D4E3BCD6A6D53CC44A8714FED3FA407B18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:23:a0:d1:d2:3e:af:32:81:0f:84:a9:10:7b:
                    e9:5c:7e:90:e0:e5:a6:0a:3c:66:d0:71:59:0b:cc:
                    9a:7f:c9:b9:71:16:eb:3e:5d:0e:c8:e9:6d:c2:72:
                    fd:74:07:7c:e9:47:a7:97:b2:84:a0:66:eb:5b:76:
                    7e:ff:09:38:f6:b6:f0:02:57:65:f2:dc:2a:64:aa:
                    cc:a7:9d:5b:ec:65:71:c7:26:cd:74:2f:7d:3d:b2:
                    a6:f2:f6:a6:4b:ba:1c:8e:a3:04:99:25:5d:64:0e:
                    02:60:89:95:e2:d0:41:08:e9:9d:94:04:0d:92:f5:
                    77:ad:da:7e:9d:a7:48:b6:8d:13:e3:3b:b3:fe:ef:
                    ba:de:3f:3b:a5:31:8b:1f:26:7a:f7:5c:a3:60:c5:
                    3c:91:a1:d9:aa:12:a7:34:15:7c:97:b5:ec:f9:dc:
                    66:ea:0b:c0:df:b6:30:dd:b2:78:a2:dd:2b:75:1d:
                    97:01:15:15:37:c4:6c:67:40:6f:7f:d6:e6:6d:39:
                    b2:55:1c:28:a7:fd:83:f4:7e:7c:ed:e9:ac:10:8d:
                    65:f4:02:5f:4e:2f:24:ee:f7:36:4a:76:57:2f:af:
                    9e:ca:eb:9f:31:23:b0:4f:23:78:e8:5f:37:f0:e1:
                    67:b0:0f:2c:6e:00:07:f0:21:fd:2c:65:e3:ec:ec:
                    97:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:4C:E5:D4:E3:BC:D6:A6:D5:3C:C4:4A:87:14:FE:D3:FA:40:7B:18
            X509v3 Authority Key Identifier:
                keyid:EC:10:C9:CA:DB:7D:BD:59:0B:08:CF:59:96:AE:27:02:4C:9D:D0:50

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/72EA4D136B20E59E7C2644AF459C7B77DF7EF53984D3A9388E6850324C266FF0/0/EC10C9CADB7DBD590B08CF5996AE27024C9DD050.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/EC10C9CADB7DBD590B08CF5996AE27024C9DD050.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/72EA4D136B20E59E7C2644AF459C7B77DF7EF53984D3A9388E6850324C266FF0/0/3133382e3230342e3135322e302f32322d3234203d3e20323633383038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.204.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:2a:cf:78:92:f8:6e:b4:89:cf:21:bc:d7:6a:41:44:a4:84:
         c8:4f:f1:1f:cb:13:54:70:03:f1:bb:42:e9:f3:24:49:7e:dd:
         7c:9e:ce:05:11:09:08:28:87:e4:f6:28:2a:d7:9f:ba:25:ec:
         dd:55:dd:ca:09:c5:f5:52:95:ea:20:89:5c:7c:b0:4a:01:c5:
         bd:d8:ca:8f:e2:3e:d4:88:05:c4:29:4c:e7:fc:f9:f4:e7:42:
         54:19:c2:c1:f7:77:2c:49:07:70:27:06:ca:76:18:52:a5:99:
         05:ae:30:a4:2e:3c:e8:c0:5f:b0:ec:32:8f:c8:ca:b4:42:2c:
         b3:38:55:d4:d2:7c:10:b5:f8:9d:7a:bb:09:c5:d2:05:7c:61:
         50:63:ba:c7:7e:8c:ab:c4:59:6d:29:e9:74:b3:6a:74:eb:4b:
         da:13:79:27:3d:7a:94:56:8f:13:e3:ad:e9:87:e5:0f:c6:f0:
         ab:d6:29:5a:60:ac:a7:7b:30:26:83:ba:59:b5:da:04:2b:f0:
         0e:68:a7:0e:64:9b:03:c0:15:ba:77:6b:b6:16:2a:4f:72:af:
         25:15:01:72:f6:cd:8a:3c:fb:dd:a5:9d:f1:1f:34:a9:8b:70:
         d4:a4:58:83:c9:40:3a:68:82:17:03:e0:25:dd:d1:0b:ed:2d:
         15:3a:52:4e
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIUaWNr/NwQUm6C9Ga6t+1PhD1gN+gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRUMxMEM5Q0FEQjdEQkQ1OTBCMDhDRjU5OTZBRTI3MDI0
QzlERDA1MDAeFw0yNTAyMDQxOTU5MjRaFw0yNjAyMDMyMDA0MjRaMDMxMTAvBgNV
BAMTKDI4NENFNUQ0RTNCQ0Q2QTZENTNDQzQ0QTg3MTRGRUQzRkE0MDdCMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYI6DR0j6vMoEPhKkQe+lcfpDg
5aYKPGbQcVkLzJp/yblxFus+XQ7I6W3Ccv10B3zpR6eXsoSgZutbdn7/CTj2tvAC
V2Xy3CpkqsynnVvsZXHHJs10L309sqby9qZLuhyOowSZJV1kDgJgiZXi0EEI6Z2U
BA2S9Xet2n6dp0i2jRPjO7P+77rePzulMYsfJnr3XKNgxTyRodmqEqc0FXyXtez5
3GbqC8DftjDdsnii3St1HZcBFRU3xGxnQG9/1uZtObJVHCin/YP0fnzt6awQjWX0
Al9OLyTu9zZKdlcvr57K658xI7BPI3joXzfw4WewDyxuAAfwIf0sZePs7JctAgMB
AAGjggLMMIICyDAdBgNVHQ4EFgQUKEzl1OO81qbVPMRKhxT+0/pAexgwHwYDVR0j
BBgwFoAU7BDJytt9vVkLCM9Zlq4nAkyd0FAwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy83MkVBNEQxMzZCMjBFNTlFN0MyNjQ0QUY0NTlDN0I3N0RG
N0VGNTM5ODREM0E5Mzg4RTY4NTAzMjRDMjY2RkYwLzAvRUMxMEM5Q0FEQjdEQkQ1
OTBCMDhDRjU5OTZBRTI3MDI0QzlERDA1MC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9FQzEwQzlDQURCN0RCRDU5MEIw
OENGNTk5NkFFMjcwMjRDOUREMDUwLmNlcjCBywYIKwYBBQUHAQsEgb4wgbswgbgG
CCsGAQUFBzALhoGrcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvNzJFQTREMTM2QjIwRTU5RTdDMjY0NEFGNDU5QzdCNzdERjdFRjUzOTg0
RDNBOTM4OEU2ODUwMzI0QzI2NkZGMC8wLzMxMzMzODJlMzIzMDM0MmUzMTM1MzIy
ZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMjM2MzMzODMwMzgucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKK
zJgwDQYJKoZIhvcNAQELBQADggEBAHMqz3iS+G60ic8hvNdqQUSkhMhP8R/LE1Rw
A/G7QunzJEl+3XyezgURCQgoh+T2KCrXn7ol7N1V3coJxfVSleogiVx8sEoBxb3Y
yo/iPtSIBcQpTOf8+fTnQlQZwsH3dyxJB3AnBsp2GFKlmQWuMKQuPOjAX7DsMo/I
yrRCLLM4VdTSfBC1+J16uwnF0gV8YVBjusd+jKvEWW0p6XSzanTrS9oTeSc9epRW
jxPjremH5Q/G8KvWKVpgrKd7MCaDulm12gQr8A5opw5kmwPAFbp3a7YWKk9yryUV
AXL2zYo8+92lnfEfNKmLcNSkWIPJQDpoghcD4CXd0QvtLRU6Uk4=
-----END CERTIFICATE-----