Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/8715877014D6A3562B90597EC394B914F16FD3A53C58939A770388B3FE7D727A/0/3132382e3230312e32302e302f32342d3234203d3e2037303439.roa
File:                     3132382e3230312e32302e302f32342d3234203d3e2037303439.roa (raw, json)
Hash identifier:          RAgkM/z/+RK+WKswD249qEq93ktU1YUh8I7JSw5E9MU=
Subject key identifier:   2F:2E:C2:A7:10:41:14:9F:C0:97:28:6B:01:26:37:5D:D9:68:59:1B
Certificate issuer:       /CN=25AA12EC2868B90A693EEAD25632B15E24525ED3
Certificate serial:       3C27C1E78B72D07016844385EBEE2E716B9941C9
Authority key identifier: 25:AA:12:EC:28:68:B9:0A:69:3E:EA:D2:56:32:B1:5E:24:52:5E:D3
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/25AA12EC2868B90A693EEAD25632B15E24525ED3.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/8715877014D6A3562B90597EC394B914F16FD3A53C58939A770388B3FE7D727A/0/3132382e3230312e32302e302f32342d3234203d3e2037303439.roa
Signing time:             Tue 04 Feb 2025 18:34:59 +0000
ROA not before:           Tue 04 Feb 2025 18:29:59 +0000
ROA not after:            Tue 03 Feb 2026 18:34:59 +0000
asID:                     7049
IP address blocks:        128.201.20.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:27:c1:e7:8b:72:d0:70:16:84:43:85:eb:ee:2e:71:6b:99:41:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25AA12EC2868B90A693EEAD25632B15E24525ED3
        Validity
            Not Before: Feb  4 18:29:59 2025 GMT
            Not After : Feb  3 18:34:59 2026 GMT
        Subject: CN=2F2EC2A71041149FC097286B0126375DD968591B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:49:db:77:ee:aa:06:66:b4:39:04:cb:f0:83:
                    23:fb:3a:57:dd:41:57:75:07:b7:d1:cc:f1:a8:5e:
                    a1:27:98:68:fd:31:cf:54:a8:34:d9:33:bd:6d:90:
                    0f:3e:42:a4:ab:97:69:b5:81:3d:83:cd:01:e5:6d:
                    d5:35:c7:77:e6:01:84:c0:b4:a9:4b:a7:5b:1d:a4:
                    92:84:4b:43:7e:b3:e9:42:35:c8:9e:85:d6:b2:04:
                    b8:11:84:b1:e9:0c:ff:4f:64:24:c1:88:83:ee:85:
                    66:b2:ef:3c:a5:15:1d:29:e3:d8:3d:de:ea:62:7b:
                    c8:2f:fc:94:a1:b2:a4:0d:d6:2f:ce:79:24:32:4d:
                    ef:b8:40:a4:53:9a:cd:24:28:fd:be:df:36:90:21:
                    f8:c2:82:f6:82:46:4a:6a:d3:a1:9e:8b:04:9e:19:
                    fe:12:86:13:ce:f2:85:d1:21:6b:9a:e4:15:09:eb:
                    91:3c:f2:4e:5a:00:04:f6:7e:be:62:f6:49:04:98:
                    68:c5:47:be:c8:cc:3b:ee:35:f9:0d:a0:95:74:33:
                    04:8b:ae:2c:35:9d:76:a2:79:90:81:d1:c6:d9:0d:
                    db:be:28:e9:6e:3d:fe:0e:b8:8d:3e:bf:d5:e2:61:
                    b2:a3:22:36:6f:db:45:97:a7:17:06:e7:05:26:83:
                    56:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:2E:C2:A7:10:41:14:9F:C0:97:28:6B:01:26:37:5D:D9:68:59:1B
            X509v3 Authority Key Identifier:
                keyid:25:AA:12:EC:28:68:B9:0A:69:3E:EA:D2:56:32:B1:5E:24:52:5E:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/8715877014D6A3562B90597EC394B914F16FD3A53C58939A770388B3FE7D727A/0/25AA12EC2868B90A693EEAD25632B15E24525ED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/25AA12EC2868B90A693EEAD25632B15E24525ED3.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/8715877014D6A3562B90597EC394B914F16FD3A53C58939A770388B3FE7D727A/0/3132382e3230312e32302e302f32342d3234203d3e2037303439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.201.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:43:f7:55:2a:85:0c:8f:fb:4a:7d:ef:2e:bc:ae:cb:92:37:
         d0:f7:f2:96:1e:05:41:38:76:75:91:60:a9:b9:aa:88:ad:bd:
         cd:ef:dd:b3:44:0f:32:42:ce:41:e7:c0:58:85:df:ed:34:ff:
         37:7f:14:ef:bc:c1:16:50:5a:63:9d:19:68:63:19:f4:d0:d7:
         54:00:ca:ce:23:d6:12:2e:45:bf:ea:b6:b7:46:f2:9d:0f:8e:
         df:1f:c1:3c:fe:23:6c:1f:39:df:3f:94:40:72:fd:f0:78:16:
         ea:8a:f1:55:29:99:6c:85:aa:8a:50:47:76:ad:ec:50:d2:1d:
         fb:35:24:66:5d:ac:b0:d5:8d:95:83:4e:9b:3b:f8:9a:d8:1b:
         fd:27:87:e5:74:c4:cc:88:b3:5b:ac:be:98:bf:f0:8f:5f:54:
         81:31:96:af:03:17:ef:28:15:5b:35:a2:f7:3b:04:fa:4d:59:
         bc:d2:00:ba:5d:ec:ea:e3:97:68:61:04:98:2a:eb:1a:2c:fc:
         e0:a2:9d:d6:86:7a:13:97:c5:42:03:90:45:e2:8c:e8:0e:a3:
         69:ac:b3:27:90:82:58:01:09:ee:ce:be:21:36:98:8d:96:78:
         ca:d2:a9:bb:47:10:71:5c:31:31:85:36:ce:c3:ff:2e:a6:fd:
         73:60:da:2b
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUPCfB54ty0HAWhEOF6+4ucWuZQckwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjVBQTEyRUMyODY4QjkwQTY5M0VFQUQyNTYzMkIxNUUy
NDUyNUVEMzAeFw0yNTAyMDQxODI5NTlaFw0yNjAyMDMxODM0NTlaMDMxMTAvBgNV
BAMTKDJGMkVDMkE3MTA0MTE0OUZDMDk3Mjg2QjAxMjYzNzVERDk2ODU5MUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2Sdt37qoGZrQ5BMvwgyP7Olfd
QVd1B7fRzPGoXqEnmGj9Mc9UqDTZM71tkA8+QqSrl2m1gT2DzQHlbdU1x3fmAYTA
tKlLp1sdpJKES0N+s+lCNciehdayBLgRhLHpDP9PZCTBiIPuhWay7zylFR0p49g9
3upie8gv/JShsqQN1i/OeSQyTe+4QKRTms0kKP2+3zaQIfjCgvaCRkpq06GeiwSe
Gf4ShhPO8oXRIWua5BUJ65E88k5aAAT2fr5i9kkEmGjFR77IzDvuNfkNoJV0MwSL
riw1nXaieZCB0cbZDdu+KOluPf4OuI0+v9XiYbKjIjZv20WXpxcG5wUmg1ZhAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQULy7CpxBBFJ/AlyhrASY3XdloWRswHwYDVR0j
BBgwFoAUJaoS7ChouQppPurSVjKxXiRSXtMwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy84NzE1ODc3MDE0RDZBMzU2MkI5MDU5N0VDMzk0QjkxNEYx
NkZEM0E1M0M1ODkzOUE3NzAzODhCM0ZFN0Q3MjdBLzAvMjVBQTEyRUMyODY4Qjkw
QTY5M0VFQUQyNTYzMkIxNUUyNDUyNUVEMy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yNUFBMTJFQzI4NjhCOTBBNjkz
RUVBRDI1NjMyQjE1RTI0NTI1RUQzLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvODcxNTg3NzAxNEQ2QTM1NjJCOTA1OTdFQzM5NEI5MTRGMTZGRDNBNTND
NTg5MzlBNzcwMzg4QjNGRTdENzI3QS8wLzMxMzIzODJlMzIzMDMxMmUzMjMwMmUz
MDJmMzIzNDJkMzIzNDIwM2QzZTIwMzczMDM0Mzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACAyRQwDQYJ
KoZIhvcNAQELBQADggEBAIdD91UqhQyP+0p97y68rsuSN9D38pYeBUE4dnWRYKm5
qoitvc3v3bNEDzJCzkHnwFiF3+00/zd/FO+8wRZQWmOdGWhjGfTQ11QAys4j1hIu
Rb/qtrdG8p0Pjt8fwTz+I2wfOd8/lEBy/fB4FuqK8VUpmWyFqopQR3at7FDSHfs1
JGZdrLDVjZWDTps7+JrYG/0nh+V0xMyIs1usvpi/8I9fVIExlq8DF+8oFVs1ovc7
BPpNWbzSALpd7Orjl2hhBJgq6xos/OCindaGehOXxUIDkEXijOgOo2mssyeQglgB
Ce7OviE2mI2WeMrSqbtHEHFcMTGFNs7D/y6m/XNg2is=
-----END CERTIFICATE-----