Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/7BA04F3BF61DC0454379E83625D7693221D247D7E77E1CEB2F9E7A49974AB707/0/AS27921.roa
File:                     AS27921.roa (raw, json)
Hash identifier:          aOHZ68SD8tP5JcbRD8D57qvzDCv3qGAjDAoGe4DFs5E=
Subject key identifier:   B6:91:91:10:FD:01:AB:27:78:89:4E:D7:A5:C7:3C:16:C6:50:7E:68
Certificate issuer:       /CN=DB06236B96EE00934FCD39A560E5BC04EB7B9EA4
Certificate serial:       33499255F0A67B26BE58F454DD2C8BAF21DC946C
Authority key identifier: DB:06:23:6B:96:EE:00:93:4F:CD:39:A5:60:E5:BC:04:EB:7B:9E:A4
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DB06236B96EE00934FCD39A560E5BC04EB7B9EA4.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/7BA04F3BF61DC0454379E83625D7693221D247D7E77E1CEB2F9E7A49974AB707/0/AS27921.roa
Signing time:             Tue 04 Feb 2025 18:19:59 +0000
ROA not before:           Tue 04 Feb 2025 18:14:59 +0000
ROA not after:            Tue 03 Feb 2026 18:19:59 +0000
asID:                     27921
IP address blocks:        190.13.96.0/24 maxlen: 24
                          190.13.108.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:49:92:55:f0:a6:7b:26:be:58:f4:54:dd:2c:8b:af:21:dc:94:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DB06236B96EE00934FCD39A560E5BC04EB7B9EA4
        Validity
            Not Before: Feb  4 18:14:59 2025 GMT
            Not After : Feb  3 18:19:59 2026 GMT
        Subject: CN=B6919110FD01AB2778894ED7A5C73C16C6507E68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:75:f0:8a:71:5f:97:0f:2e:01:84:fd:34:9e:
                    09:c1:3f:85:ee:19:92:a8:c3:ff:b9:36:86:5f:92:
                    71:68:b0:c2:34:36:69:a3:69:de:23:16:2b:91:45:
                    e9:5a:a0:4d:d9:d3:2c:fd:80:ba:bf:37:ca:6a:58:
                    65:35:66:0c:01:69:d0:11:48:ab:2c:20:5f:8a:56:
                    4e:f9:bd:2b:68:5c:7e:e3:d0:e0:22:cf:25:6c:23:
                    f2:fb:19:6a:e5:f0:14:b4:b8:42:76:95:2e:72:dc:
                    71:f1:b8:32:dd:be:6f:68:8f:73:89:f6:bb:49:84:
                    d0:8e:63:71:17:ac:f7:01:b5:bf:a7:a5:15:0f:93:
                    34:3c:5a:a5:d4:76:cb:1f:13:a9:23:73:be:0b:ee:
                    78:2f:cc:e6:f9:62:f0:5b:b8:b7:25:95:fd:51:e8:
                    9f:d8:19:68:0a:db:31:97:f5:e2:69:da:7d:bb:a3:
                    26:44:c7:38:92:49:40:c9:ed:3f:72:7b:6c:47:d4:
                    5d:42:64:5a:ec:8a:09:d9:b3:24:0b:cb:68:a7:4a:
                    1c:44:bd:c6:96:ae:99:91:ad:03:d2:71:2a:b6:23:
                    36:63:b6:12:7c:5e:b3:18:60:fb:e8:54:b2:f1:e0:
                    63:50:e8:02:a2:86:e1:fe:87:08:39:5a:e5:13:b2:
                    07:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:91:91:10:FD:01:AB:27:78:89:4E:D7:A5:C7:3C:16:C6:50:7E:68
            X509v3 Authority Key Identifier:
                keyid:DB:06:23:6B:96:EE:00:93:4F:CD:39:A5:60:E5:BC:04:EB:7B:9E:A4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/7BA04F3BF61DC0454379E83625D7693221D247D7E77E1CEB2F9E7A49974AB707/0/DB06236B96EE00934FCD39A560E5BC04EB7B9EA4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DB06236B96EE00934FCD39A560E5BC04EB7B9EA4.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/7BA04F3BF61DC0454379E83625D7693221D247D7E77E1CEB2F9E7A49974AB707/0/AS27921.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.13.96.0/24
                  190.13.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:b5:c1:d7:57:2a:fe:a4:30:fd:d0:37:b9:a0:26:8b:32:10:
         d8:43:3f:08:be:51:f9:4d:d0:1c:3a:5f:75:4b:ed:b4:f1:7a:
         fb:eb:ea:be:7b:b7:b1:0b:d5:ec:cb:09:38:04:34:3e:4e:7a:
         24:d0:12:ab:04:b2:22:05:52:8a:bc:f3:bb:75:62:1d:37:89:
         7e:0e:5b:be:e6:fd:04:08:e8:c7:82:5a:b4:ab:5c:fc:4e:8d:
         c8:87:34:11:50:3a:f6:2a:d8:1f:7e:a7:49:c6:e6:8a:2b:e1:
         95:c0:5a:3b:cc:19:d2:f7:3c:aa:a1:98:8e:d5:13:3c:94:5e:
         33:09:f3:5a:7a:52:aa:9a:ef:e4:9f:51:7c:01:9f:c3:c9:6f:
         f7:85:00:50:5f:ba:89:46:64:9b:70:ef:68:99:14:0e:2e:ac:
         f0:db:a2:c2:fd:f4:82:70:25:dd:4d:fa:35:1c:44:c1:2f:8e:
         6e:05:95:6f:ad:94:a8:b1:66:34:2a:8f:94:a7:2a:98:5b:7a:
         64:94:ed:32:8b:ae:d4:0d:77:4b:2f:d2:13:7f:5b:74:a4:d4:
         aa:a5:bc:11:7e:53:33:8d:a2:31:8d:aa:9d:b8:c8:9c:04:b4:
         5e:69:1e:f6:ee:c0:12:70:56:9c:5e:1c:1e:80:59:a2:77:d8:
         56:86:6c:87
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgIUM0mSVfCmeya+WPRU3SyLryHclGwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREIwNjIzNkI5NkVFMDA5MzRGQ0QzOUE1NjBFNUJDMDRF
QjdCOUVBNDAeFw0yNTAyMDQxODE0NTlaFw0yNjAyMDMxODE5NTlaMDMxMTAvBgNV
BAMTKEI2OTE5MTEwRkQwMUFCMjc3ODg5NEVEN0E1QzczQzE2QzY1MDdFNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDidfCKcV+XDy4BhP00ngnBP4Xu
GZKow/+5NoZfknFosMI0Nmmjad4jFiuRRelaoE3Z0yz9gLq/N8pqWGU1ZgwBadAR
SKssIF+KVk75vStoXH7j0OAizyVsI/L7GWrl8BS0uEJ2lS5y3HHxuDLdvm9oj3OJ
9rtJhNCOY3EXrPcBtb+npRUPkzQ8WqXUdssfE6kjc74L7ngvzOb5YvBbuLcllf1R
6J/YGWgK2zGX9eJp2n27oyZExziSSUDJ7T9ye2xH1F1CZFrsignZsyQLy2inShxE
vcaWrpmRrQPScSq2IzZjthJ8XrMYYPvoVLLx4GNQ6AKihuH+hwg5WuUTsgePAgMB
AAGjggKeMIICmjAdBgNVHQ4EFgQUtpGREP0Bqyd4iU7Xpcc8FsZQfmgwHwYDVR0j
BBgwFoAU2wYja5buAJNPzTmlYOW8BOt7nqQwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy83QkEwNEYzQkY2MURDMDQ1NDM3OUU4MzYyNUQ3NjkzMjIx
RDI0N0Q3RTc3RTFDRUIyRjlFN0E0OTk3NEFCNzA3LzAvREIwNjIzNkI5NkVFMDA5
MzRGQ0QzOUE1NjBFNUJDMDRFQjdCOUVBNC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EQjA2MjM2Qjk2RUUwMDkzNEZD
RDM5QTU2MEU1QkMwNEVCN0I5RUE0LmNlcjCBlwYIKwYBBQUHAQsEgYowgYcwgYQG
CCsGAQUFBzALhnhyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy83QkEwNEYzQkY2MURDMDQ1NDM3OUU4MzYyNUQ3NjkzMjIxRDI0N0Q3RTc3
RTFDRUIyRjlFN0E0OTk3NEFCNzA3LzAvQVMyNzkyMS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAL4NYAME
AL4NbDANBgkqhkiG9w0BAQsFAAOCAQEAOLXB11cq/qQw/dA3uaAmizIQ2EM/CL5R
+U3QHDpfdUvttPF6++vqvnu3sQvV7MsJOAQ0Pk56JNASqwSyIgVSirzzu3ViHTeJ
fg5bvub9BAjox4JatKtc/E6NyIc0EVA69irYH36nScbmiivhlcBaO8wZ0vc8qqGY
jtUTPJReMwnzWnpSqprv5J9RfAGfw8lv94UAUF+6iUZkm3DvaJkUDi6s8Nuiwv30
gnAl3U36NRxEwS+ObgWVb62UqLFmNCqPlKcqmFt6ZJTtMouu1A13Sy/SE39bdKTU
qqW8EX5TM42iMY2qnbjInAS0Xmke9u7AEnBWnF4cHoBZonfYVoZshw==
-----END CERTIFICATE-----