Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/8210C58519C542AEAA87CCC4B5F1AEAF4AAD063AB3E1F521F2EA624DC0FA92B6/0/3230312e3133392e3137362e302f32312d3235203d3e203238333837.roa
File:                     3230312e3133392e3137362e302f32312d3235203d3e203238333837.roa (raw, json)
Hash identifier:          QV8x/AWwnCs3Mlto3d3xDMIbVp409qWRuX022sXrFK0=
Subject key identifier:   D9:F9:76:68:F1:13:16:1F:34:65:49:DA:08:4A:BF:B6:CF:1B:FD:E6
Certificate issuer:       /CN=A4B2986F7A8CC114EFB00E4A3F4C5F6F4A690D13
Certificate serial:       4D38F6AA46C1DCCAF7FD71BFEDE9BC31452A699E
Authority key identifier: A4:B2:98:6F:7A:8C:C1:14:EF:B0:0E:4A:3F:4C:5F:6F:4A:69:0D:13
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A4B2986F7A8CC114EFB00E4A3F4C5F6F4A690D13.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/8210C58519C542AEAA87CCC4B5F1AEAF4AAD063AB3E1F521F2EA624DC0FA92B6/0/3230312e3133392e3137362e302f32312d3235203d3e203238333837.roa
Signing time:             Fri 09 Aug 2024 16:50:00 +0000
ROA not before:           Fri 09 Aug 2024 16:45:00 +0000
ROA not after:            Fri 08 Aug 2025 16:50:00 +0000
asID:                     28387
IP address blocks:        201.139.176.0/21 maxlen: 25
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:38:f6:aa:46:c1:dc:ca:f7:fd:71:bf:ed:e9:bc:31:45:2a:69:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A4B2986F7A8CC114EFB00E4A3F4C5F6F4A690D13
        Validity
            Not Before: Aug  9 16:45:00 2024 GMT
            Not After : Aug  8 16:50:00 2025 GMT
        Subject: CN=D9F97668F113161F346549DA084ABFB6CF1BFDE6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:5c:a0:0e:23:54:42:d4:de:91:f5:75:84:2b:
                    c6:2a:23:50:dd:03:f3:c6:6e:f7:07:46:b3:4b:9f:
                    2a:fa:f9:76:79:2c:9a:ff:18:a2:91:f6:81:e9:c3:
                    18:7f:0c:12:95:e8:18:9d:54:cc:4e:e8:ad:e5:34:
                    56:fe:ab:d9:be:32:6e:c3:81:c1:1d:b0:71:d2:bf:
                    66:00:fb:35:2f:40:65:95:43:06:db:33:91:50:e1:
                    f1:1f:5a:ee:33:69:90:f9:9c:f8:ec:35:47:49:09:
                    77:16:ef:ff:2a:93:1f:8c:23:7b:dd:a0:b8:0e:97:
                    dc:80:72:7d:3c:37:d3:5b:4c:25:c0:e3:ae:6f:f3:
                    0a:2f:f2:75:c4:c0:c2:42:52:88:5e:00:4a:90:7b:
                    28:d4:2a:67:a8:28:97:7f:42:6b:2a:17:a4:b2:b8:
                    6e:ca:67:8d:53:27:7a:82:79:d2:c6:0a:8a:8a:bd:
                    72:74:d7:ce:1f:2b:fd:c4:c3:f4:46:a9:4a:75:50:
                    ee:01:a6:50:35:44:2e:dc:33:9a:00:42:01:71:5b:
                    7c:30:c0:ad:2e:c2:57:63:77:d1:d8:5f:9e:62:a5:
                    cd:6f:12:53:72:0a:f5:64:bd:a1:92:d4:a3:9d:89:
                    1d:b1:40:a2:1c:4f:25:21:30:d6:7c:ae:4d:2d:c8:
                    08:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F9:76:68:F1:13:16:1F:34:65:49:DA:08:4A:BF:B6:CF:1B:FD:E6
            X509v3 Authority Key Identifier:
                keyid:A4:B2:98:6F:7A:8C:C1:14:EF:B0:0E:4A:3F:4C:5F:6F:4A:69:0D:13

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/8210C58519C542AEAA87CCC4B5F1AEAF4AAD063AB3E1F521F2EA624DC0FA92B6/0/A4B2986F7A8CC114EFB00E4A3F4C5F6F4A690D13.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/A4B2986F7A8CC114EFB00E4A3F4C5F6F4A690D13.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/8210C58519C542AEAA87CCC4B5F1AEAF4AAD063AB3E1F521F2EA624DC0FA92B6/0/3230312e3133392e3137362e302f32312d3235203d3e203238333837.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.139.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         60:2b:95:ac:38:73:e9:4b:ae:b7:34:ae:58:23:3c:59:72:7f:
         d7:a0:0f:0f:43:50:7e:68:a9:8b:fa:1a:25:35:94:23:0c:b1:
         8b:68:c4:f0:84:89:b4:8b:7a:92:e2:3a:39:17:9f:be:ad:f7:
         10:7c:cc:58:18:3e:fd:0d:79:82:78:05:12:86:70:3e:67:96:
         58:3f:9d:8a:bf:35:19:bf:a3:5f:c9:17:80:e8:31:99:e8:3b:
         f4:d9:79:0b:04:bd:c8:d9:71:9c:90:7a:ac:2a:e7:8f:4f:16:
         f2:1c:87:ea:48:e6:3e:0f:fd:9a:99:71:ab:32:30:a3:5a:4a:
         99:a3:ed:bc:a1:78:60:c6:78:5f:1e:2e:ce:82:38:9c:8c:f0:
         9d:4b:0c:b8:46:2d:01:a6:a2:d4:0b:a1:fe:0c:2c:77:04:c0:
         c3:df:ab:80:3b:fd:64:57:ad:38:e6:cd:54:65:d8:63:87:df:
         c8:2c:6d:13:2b:ca:8d:05:00:b6:ca:fa:f1:33:18:92:45:38:
         a7:07:11:20:f0:ad:41:3f:57:db:02:b4:cc:30:6a:20:94:4c:
         8c:ca:2d:5a:d6:f8:b2:65:af:14:68:d0:ae:86:9e:5b:c4:bf:
         31:a4:82:39:93:03:1f:c4:a8:b6:5b:d5:3d:bb:b7:99:33:95:
         7d:d2:54:ff
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUTTj2qkbB3Mr3/XG/7em8MUUqaZ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQTRCMjk4NkY3QThDQzExNEVGQjAwRTRBM0Y0QzVGNkY0
QTY5MEQxMzAeFw0yNDA4MDkxNjQ1MDBaFw0yNTA4MDgxNjUwMDBaMDMxMTAvBgNV
BAMTKEQ5Rjk3NjY4RjExMzE2MUYzNDY1NDlEQTA4NEFCRkI2Q0YxQkZERTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XKAOI1RC1N6R9XWEK8YqI1Dd
A/PGbvcHRrNLnyr6+XZ5LJr/GKKR9oHpwxh/DBKV6BidVMxO6K3lNFb+q9m+Mm7D
gcEdsHHSv2YA+zUvQGWVQwbbM5FQ4fEfWu4zaZD5nPjsNUdJCXcW7/8qkx+MI3vd
oLgOl9yAcn08N9NbTCXA465v8wov8nXEwMJCUoheAEqQeyjUKmeoKJd/QmsqF6Sy
uG7KZ41TJ3qCedLGCoqKvXJ0184fK/3Ew/RGqUp1UO4BplA1RC7cM5oAQgFxW3ww
wK0uwldjd9HYX55ipc1vElNyCvVkvaGS1KOdiR2xQKIcTyUhMNZ8rk0tyAgvAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQU2fl2aPETFh80ZUnaCEq/ts8b/eYwHwYDVR0j
BBgwFoAUpLKYb3qMwRTvsA5KP0xfb0ppDRMwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy84MjEwQzU4NTE5QzU0MkFFQUE4N0NDQzRCNUYxQUVBRjRB
QUQwNjNBQjNFMUY1MjFGMkVBNjI0REMwRkE5MkI2LzAvQTRCMjk4NkY3QThDQzEx
NEVGQjAwRTRBM0Y0QzVGNkY0QTY5MEQxMy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9BNEIyOTg2RjdBOENDMTE0RUZC
MDBFNEEzRjRDNUY2RjRBNjkwRDEzLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvODIxMEM1ODUxOUM1NDJBRUFBODdDQ0M0QjVGMUFFQUY0QUFEMDYzQUIz
RTFGNTIxRjJFQTYyNERDMEZBOTJCNi8wLzMyMzAzMTJlMzEzMzM5MmUzMTM3MzYy
ZTMwMmYzMjMxMmQzMjM1MjAzZDNlMjAzMjM4MzMzODM3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDyYuw
MA0GCSqGSIb3DQEBCwUAA4IBAQBgK5WsOHPpS663NK5YIzxZcn/XoA8PQ1B+aKmL
+holNZQjDLGLaMTwhIm0i3qS4jo5F5++rfcQfMxYGD79DXmCeAUShnA+Z5ZYP52K
vzUZv6NfyReA6DGZ6Dv02XkLBL3I2XGckHqsKuePTxbyHIfqSOY+D/2amXGrMjCj
WkqZo+28oXhgxnhfHi7OgjicjPCdSwy4Ri0BpqLUC6H+DCx3BMDD36uAO/1kV604
5s1UZdhjh9/ILG0TK8qNBQC2yvrxMxiSRTinBxEg8K1BP1fbArTMMGoglEyMyi1a
1viyZa8UaNCuhp5bxL8xpII5kwMfxKi2W9U9u7eZM5V90lT/
-----END CERTIFICATE-----