Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/84ca4a46-921c-423b-95b3-483990f131e7/a9ae33867c5e16339ad78575ff1525928e7acc2a.roa
File:                     a9ae33867c5e16339ad78575ff1525928e7acc2a.roa (raw, json)
Hash identifier:          AtiaMcHeEbquPXwSq95xla7QiEHt6HVSC0hdaHMgisk=
Subject key identifier:   15:0D:68:0E:23:06:44:21:F6:2D:2A:69:78:D2:D5:EC:90:38:BB:F3
Certificate issuer:       /CN=9c368afe09296bcb4b3b2e5244ed71e85b0700e5
Certificate serial:       04E960
Authority key identifier: 4D:71:31:8E:AA:E7:BF:B3:9D:B3:21:55:AD:B0:7B:16:2F:63:10:35
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/9c368afe09296bcb4b3b2e5244ed71e85b0700e5.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/84ca4a46-921c-423b-95b3-483990f131e7/a9ae33867c5e16339ad78575ff1525928e7acc2a.roa
Signing time:             Tue 28 Jun 2022 13:44:37 +0000
ROA not before:           Tue 05 Apr 2022 03:00:00 +0000
ROA not after:            Fri 05 Apr 2024 03:00:00 +0000
asID:                     264628
IP address blocks:        190.120.248.0/21 maxlen: 21
                          190.120.248.0/22 maxlen: 22
                          190.120.252.0/22 maxlen: 22
                          190.120.248.0/23 maxlen: 23
                          190.120.250.0/23 maxlen: 23
                          190.120.252.0/23 maxlen: 23
                          190.120.254.0/23 maxlen: 23
                          190.120.248.0/24 maxlen: 24
                          190.120.249.0/24 maxlen: 24
                          190.120.250.0/24 maxlen: 24
                          190.120.251.0/24 maxlen: 24
                          190.120.252.0/24 maxlen: 24
                          190.120.253.0/24 maxlen: 24
                          190.120.254.0/24 maxlen: 24
                          190.120.255.0/24 maxlen: 24
                          190.8.164.0/22 maxlen: 22
                          190.8.164.0/23 maxlen: 23
                          190.8.166.0/23 maxlen: 23
                          190.8.164.0/24 maxlen: 24
                          190.8.165.0/24 maxlen: 24
                          190.8.166.0/24 maxlen: 24
                          190.8.167.0/24 maxlen: 24
                          2803:3900::/32 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 321888 (0x4e960)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c368afe09296bcb4b3b2e5244ed71e85b0700e5
        Validity
            Not Before: Apr  5 03:00:00 2022 GMT
            Not After : Apr  5 03:00:00 2024 GMT
        Subject: CN=a9ae33867c5e16339ad78575ff1525928e7acc2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:33:01:ad:bd:17:c6:47:66:1d:23:28:b7:4e:
                    2c:18:37:03:67:b8:03:69:4a:f3:c5:5d:da:86:f1:
                    11:3e:ab:85:ee:37:ec:7a:2f:d8:64:73:00:2b:91:
                    7e:83:93:72:61:98:8b:f6:39:dd:85:5e:71:5b:c0:
                    53:a2:59:0e:8d:d1:a1:a8:8f:a5:64:06:be:8d:54:
                    fc:64:85:f7:9f:cf:d0:d6:95:d2:80:40:79:09:7b:
                    e8:40:b3:21:b1:16:10:55:15:51:a4:f4:90:3b:6c:
                    1d:dd:9d:fc:c5:c6:8a:3d:5e:60:65:5a:f4:52:ec:
                    9e:86:16:31:da:01:99:d5:5e:c6:ec:ac:01:11:17:
                    d1:ee:46:95:69:18:c8:dc:aa:5b:1e:d2:98:df:67:
                    6f:8f:a7:7c:75:fd:18:ed:df:58:7a:a0:2a:90:b9:
                    d0:7a:c5:c6:4d:e4:f7:11:72:3a:d1:aa:a0:7f:d1:
                    43:49:97:f4:5e:9d:1c:1b:d3:af:91:e9:04:cb:1a:
                    fb:f0:fe:20:40:14:fc:8a:4a:3c:ed:4d:06:43:99:
                    74:72:d0:fd:36:a3:b3:17:12:58:2d:79:9b:da:3b:
                    d8:7b:1e:64:78:a7:2f:db:f0:34:14:3e:b1:f2:f0:
                    c6:1b:c0:07:e8:a2:7d:40:ea:7a:6d:9d:00:0e:0e:
                    ec:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:0D:68:0E:23:06:44:21:F6:2D:2A:69:78:D2:D5:EC:90:38:BB:F3
            X509v3 Authority Key Identifier:
                keyid:4D:71:31:8E:AA:E7:BF:B3:9D:B3:21:55:AD:B0:7B:16:2F:63:10:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/9c368afe09296bcb4b3b2e5244ed71e85b0700e5.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/84ca4a46-921c-423b-95b3-483990f131e7/a9ae33867c5e16339ad78575ff1525928e7acc2a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/84ca4a46-921c-423b-95b3-483990f131e7/9c368afe09296bcb4b3b2e5244ed71e85b0700e5.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.8.164.0/22
                  190.120.248.0/21
                IPv6:
                  2803:3900::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:41:6a:bd:5d:9c:54:b7:d2:95:a6:77:f2:6b:34:69:14:9d:
         33:8c:61:7f:56:12:54:e5:1c:93:24:be:59:47:23:8e:9f:44:
         c3:f5:6f:72:e7:d0:ee:82:0b:12:8f:c4:8b:0f:3c:6e:5b:11:
         d9:d8:ba:d8:13:79:e2:7f:6e:89:d8:3d:c7:b0:9b:21:92:ab:
         f8:d7:f3:22:a1:9c:a4:86:b9:04:f2:5b:69:b4:af:4d:6a:44:
         45:f5:d9:9d:3a:09:ba:fd:60:cf:4f:9a:77:df:81:ab:13:c8:
         e8:cd:29:69:4a:e4:64:f4:b0:f3:81:4a:50:e6:20:06:aa:33:
         e0:2a:8a:35:49:d8:77:07:1e:d1:ea:a5:7f:8c:3d:3e:85:9a:
         64:21:fc:a1:8a:36:9b:99:66:d5:30:ef:6c:f9:94:89:0e:80:
         d2:ea:48:b5:8c:8b:6f:ed:fe:12:29:05:8b:80:98:7a:f1:35:
         54:66:c8:9e:80:c9:1a:bb:ee:cd:58:ee:06:97:be:ad:9c:ee:
         28:66:73:27:dc:c3:73:48:5d:10:b6:75:d0:69:6c:8b:6a:27:
         b6:6e:61:6c:4d:80:29:ed:38:ce:9d:39:1b:4d:13:f3:9d:a4:
         1e:a2:5a:2a:00:93:7a:40:ef:c6:d5:64:76:d4:15:c2:b8:bf:
         5f:54:81:e7
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgIDBOlgMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDlj
MzY4YWZlMDkyOTZiY2I0YjNiMmU1MjQ0ZWQ3MWU4NWIwNzAwZTUwHhcNMjIwNDA1
MDMwMDAwWhcNMjQwNDA1MDMwMDAwWjAzMTEwLwYDVQQDEyhhOWFlMzM4NjdjNWUx
NjMzOWFkNzg1NzVmZjE1MjU5MjhlN2FjYzJhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAlDMBrb0XxkdmHSMot04sGDcDZ7gDaUrzxV3ahvERPquF7jfs
ei/YZHMAK5F+g5NyYZiL9jndhV5xW8BTolkOjdGhqI+lZAa+jVT8ZIX3n8/Q1pXS
gEB5CXvoQLMhsRYQVRVRpPSQO2wd3Z38xcaKPV5gZVr0UuyehhYx2gGZ1V7G7KwB
ERfR7kaVaRjI3KpbHtKY32dvj6d8df0Y7d9YeqAqkLnQesXGTeT3EXI60aqgf9FD
SZf0Xp0cG9OvkekEyxr78P4gQBT8iko87U0GQ5l0ctD9NqOzFxJYLXmb2jvYex5k
eKcv2/A0FD6x8vDGG8AH6KJ9QOp6bZ0ADg7sJQIDAQABo4ICcDCCAmwwHQYDVR0O
BBYEFBUNaA4jBkQh9i0qaXjS1eyQOLvzMB8GA1UdIwQYMBaAFE1xMY6q57+znbMh
Va2wexYvYxA1MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvOWMzNjhh
ZmUwOTI5NmJjYjRiM2IyZTUyNDRlZDcxZTg1YjA3MDBlNS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvODRjYTRhNDYtOTIxYy00MjNiLTk1YjMtNDgzOTkw
ZjEzMWU3L2E5YWUzMzg2N2M1ZTE2MzM5YWQ3ODU3NWZmMTUyNTkyOGU3YWNjMmEu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy84NGNhNGE0Ni05MjFjLTQyM2ItOTViMy00ODM5
OTBmMTMxZTcvOWMzNjhhZmUwOTI5NmJjYjRiM2IyZTUyNDRlZDcxZTg1YjA3MDBl
NS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEAr4IpAMEA754+DANBAIAAjAHAwUAKAM5ADANBgkqhkiG9w0B
AQsFAAOCAQEAPUFqvV2cVLfSlaZ38ms0aRSdM4xhf1YSVOUckyS+WUcjjp9Ew/Vv
cufQ7oILEo/Eiw88blsR2di62BN54n9uidg9x7CbIZKr+NfzIqGcpIa5BPJbabSv
TWpERfXZnToJuv1gz0+ad9+BqxPI6M0paUrkZPSw84FKUOYgBqoz4CqKNUnYdwce
0eqlf4w9PoWaZCH8oYo2m5lm1TDvbPmUiQ6A0upItYyLb+3+EikFi4CYevE1VGbI
noDJGrvuzVjuBpe+rZzuKGZzJ9zDc0hdELZ10Glsi2ontm5hbE2AKe04zp05G00T
852kHqJaKgCTekDvxtVkdtQVwri/X1SB5w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:53 2024 by rpki-client on console-fra.rpki-client.org