Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/80E070B8BB52E4E9798E81C2D826AF3F0D607547DE9117D95E41110FAE79A1CC/0/3230302e322e382e302f32312d3234203d3e2037393635.roa
File:                     3230302e322e382e302f32312d3234203d3e2037393635.roa (raw, json)
Hash identifier:          GBt0LF0wD0AEXLm+SncJBLRCwHbVDJSxJkxZObjNe9w=
Subject key identifier:   42:3F:51:26:B3:64:6A:34:E1:07:2F:CC:6C:2D:70:82:1B:8E:9F:66
Certificate issuer:       /CN=BC068F475265AE58CC288A4ED10CEBA18C51FD83
Certificate serial:       7E65589D7562724728EF1B25FCB9E0C3730F4D1D
Authority key identifier: BC:06:8F:47:52:65:AE:58:CC:28:8A:4E:D1:0C:EB:A1:8C:51:FD:83
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BC068F475265AE58CC288A4ED10CEBA18C51FD83.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/80E070B8BB52E4E9798E81C2D826AF3F0D607547DE9117D95E41110FAE79A1CC/0/3230302e322e382e302f32312d3234203d3e2037393635.roa
Signing time:             Tue 04 Feb 2025 19:58:45 +0000
ROA not before:           Tue 04 Feb 2025 19:53:45 +0000
ROA not after:            Tue 03 Feb 2026 19:58:45 +0000
asID:                     7965
IP address blocks:        200.2.8.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:65:58:9d:75:62:72:47:28:ef:1b:25:fc:b9:e0:c3:73:0f:4d:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=BC068F475265AE58CC288A4ED10CEBA18C51FD83
        Validity
            Not Before: Feb  4 19:53:45 2025 GMT
            Not After : Feb  3 19:58:45 2026 GMT
        Subject: CN=423F5126B3646A34E1072FCC6C2D70821B8E9F66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:52:46:51:1c:78:1a:f6:6d:77:da:67:ae:0d:
                    4f:df:3b:e9:06:3e:0b:8d:49:d1:3f:5b:9e:0a:b0:
                    22:48:fb:ab:82:8d:52:fa:be:4a:8e:b0:e1:ab:85:
                    12:de:75:02:c5:b4:52:01:8f:71:8e:fd:f4:50:70:
                    be:77:d9:26:ec:b5:11:83:bc:cd:9f:af:a0:9f:89:
                    75:ca:79:45:9d:68:17:31:48:99:80:aa:a8:6f:ef:
                    96:ae:bf:d8:58:fb:0b:37:c5:0d:8a:79:c4:b5:2f:
                    56:48:9e:f2:63:65:77:a2:36:b1:c1:a4:f9:ca:f4:
                    70:b2:eb:2c:1b:68:04:a0:81:30:43:36:64:bf:d4:
                    c7:fb:f9:b7:e8:73:9c:34:6c:11:32:fb:1c:1e:7a:
                    84:2b:37:a9:f7:8a:9f:80:df:ae:8a:c2:86:be:17:
                    ff:b3:ca:de:60:78:85:e7:21:ea:78:a9:a8:29:04:
                    01:e4:2a:64:df:e6:e5:fb:80:80:ae:05:bd:1a:27:
                    33:8e:51:b1:9f:a9:fc:97:c6:e6:bc:1f:d2:31:76:
                    71:a8:a2:b3:22:6e:4f:b6:c6:e1:e6:b4:dc:59:11:
                    3a:0e:98:c2:57:7e:79:18:fb:3f:9c:94:70:ce:7c:
                    7b:b1:7b:f8:39:78:5e:ca:f8:88:18:be:03:b9:f6:
                    da:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:3F:51:26:B3:64:6A:34:E1:07:2F:CC:6C:2D:70:82:1B:8E:9F:66
            X509v3 Authority Key Identifier:
                keyid:BC:06:8F:47:52:65:AE:58:CC:28:8A:4E:D1:0C:EB:A1:8C:51:FD:83

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/80E070B8BB52E4E9798E81C2D826AF3F0D607547DE9117D95E41110FAE79A1CC/0/BC068F475265AE58CC288A4ED10CEBA18C51FD83.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/BC068F475265AE58CC288A4ED10CEBA18C51FD83.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/80E070B8BB52E4E9798E81C2D826AF3F0D607547DE9117D95E41110FAE79A1CC/0/3230302e322e382e302f32312d3234203d3e2037393635.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.2.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6d:a4:2f:04:db:85:27:45:dc:4f:c0:98:f2:90:60:b6:0a:f3:
         35:b1:d4:bf:66:0e:a5:4b:e4:80:ed:3a:fc:c1:a9:3d:0f:19:
         b3:6e:6e:22:15:33:cc:74:6d:f7:41:be:2c:36:a6:15:d1:8b:
         c9:38:9f:04:8b:a8:73:78:98:4c:51:cd:3c:53:e5:ad:33:2b:
         71:f0:92:c8:62:56:1f:c2:55:31:e4:19:71:5d:2f:4f:d7:7f:
         c4:77:2f:e0:97:74:26:78:bf:37:ce:f6:7d:18:6e:78:7f:41:
         f0:06:57:b5:bc:85:11:6e:7d:9d:30:0c:0a:1b:12:bd:2d:92:
         57:a2:12:05:d2:6a:3f:cb:a0:96:f5:5b:70:6d:5f:30:a1:7a:
         38:91:f0:df:56:2d:38:ef:7f:ed:f6:fa:a6:3e:47:59:90:fc:
         ab:d6:89:05:57:08:97:c9:b5:f8:2c:9c:89:30:2b:d9:c0:41:
         1d:81:d9:64:83:f1:25:d9:7a:fd:64:56:9d:85:f2:f4:e1:a2:
         da:29:6c:80:5f:30:e4:b6:12:37:6b:b9:c3:d9:d4:6f:03:ca:
         08:99:50:02:63:87:6b:2a:ac:50:0f:f5:0d:ba:ab:67:8e:ca:
         ef:fd:c8:ed:f4:85:13:f6:bb:45:34:ae:9b:7a:f1:2c:4f:a2:
         ae:90:34:e2
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgIUfmVYnXVickco7xsl/Lngw3MPTR0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQkMwNjhGNDc1MjY1QUU1OENDMjg4QTRFRDEwQ0VCQTE4
QzUxRkQ4MzAeFw0yNTAyMDQxOTUzNDVaFw0yNjAyMDMxOTU4NDVaMDMxMTAvBgNV
BAMTKDQyM0Y1MTI2QjM2NDZBMzRFMTA3MkZDQzZDMkQ3MDgyMUI4RTlGNjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1UkZRHHga9m132meuDU/fO+kG
PguNSdE/W54KsCJI+6uCjVL6vkqOsOGrhRLedQLFtFIBj3GO/fRQcL532SbstRGD
vM2fr6CfiXXKeUWdaBcxSJmAqqhv75auv9hY+ws3xQ2KecS1L1ZInvJjZXeiNrHB
pPnK9HCy6ywbaASggTBDNmS/1Mf7+bfoc5w0bBEy+xweeoQrN6n3ip+A366Kwoa+
F/+zyt5geIXnIep4qagpBAHkKmTf5uX7gICuBb0aJzOOUbGfqfyXxua8H9IxdnGo
orMibk+2xuHmtNxZEToOmMJXfnkY+z+clHDOfHuxe/g5eF7K+IgYvgO59tp3AgMB
AAGjggLAMIICvDAdBgNVHQ4EFgQUQj9RJrNkajThBy/MbC1wghuOn2YwHwYDVR0j
BBgwFoAUvAaPR1JlrljMKIpO0QzroYxR/YMwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy84MEUwNzBCOEJCNTJFNEU5Nzk4RTgxQzJEODI2QUYzRjBE
NjA3NTQ3REU5MTE3RDk1RTQxMTEwRkFFNzlBMUNDLzAvQkMwNjhGNDc1MjY1QUU1
OENDMjg4QTRFRDEwQ0VCQTE4QzUxRkQ4My5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9CQzA2OEY0NzUyNjVBRTU4Q0My
ODhBNEVEMTBDRUJBMThDNTFGRDgzLmNlcjCBvwYIKwYBBQUHAQsEgbIwga8wgawG
CCsGAQUFBzALhoGfcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvODBFMDcwQjhCQjUyRTRFOTc5OEU4MUMyRDgyNkFGM0YwRDYwNzU0N0RF
OTExN0Q5NUU0MTExMEZBRTc5QTFDQy8wLzMyMzAzMDJlMzIyZTM4MmUzMDJmMzIz
MTJkMzIzNDIwM2QzZTIwMzczOTM2MzUucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYB
BQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPIAggwDQYJKoZIhvcN
AQELBQADggEBAG2kLwTbhSdF3E/AmPKQYLYK8zWx1L9mDqVL5IDtOvzBqT0PGbNu
biIVM8x0bfdBviw2phXRi8k4nwSLqHN4mExRzTxT5a0zK3HwkshiVh/CVTHkGXFd
L0/Xf8R3L+CXdCZ4vzfO9n0Ybnh/QfAGV7W8hRFufZ0wDAobEr0tkleiEgXSaj/L
oJb1W3BtXzChejiR8N9WLTjvf+32+qY+R1mQ/KvWiQVXCJfJtfgsnIkwK9nAQR2B
2WSD8SXZev1kVp2F8vThotopbIBfMOS2EjdrucPZ1G8DygiZUAJjh2sqrFAP9Q26
q2eOyu/9yO30hRP2u0U0rpt68SxPoq6QNOI=
-----END CERTIFICATE-----