Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/8D4BB2421C24D19F3123B0C681B01AD82A92941582C9DABB9493E097F3F2F893/0/3137302e302e392e302f32342d3234203d3e20323730303838.roa
File:                     3137302e302e392e302f32342d3234203d3e20323730303838.roa (raw, json)
Hash identifier:          7LN0OQnsmAXvYStNmVOiIvjNkgFfua6RqoHMout/whc=
Subject key identifier:   82:A6:5C:5A:9C:06:F1:A8:03:6C:0F:E4:E2:49:A1:F3:57:15:C6:44
Certificate issuer:       /CN=08AA2E4D3C7CDF9626D331ACD38D1719F3D4A72D
Certificate serial:       100DF6B674D9971B87209C6F232A87F88A45A46D
Authority key identifier: 08:AA:2E:4D:3C:7C:DF:96:26:D3:31:AC:D3:8D:17:19:F3:D4:A7:2D
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/08AA2E4D3C7CDF9626D331ACD38D1719F3D4A72D.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/8D4BB2421C24D19F3123B0C681B01AD82A92941582C9DABB9493E097F3F2F893/0/3137302e302e392e302f32342d3234203d3e20323730303838.roa
Signing time:             Wed 29 Jan 2025 15:30:01 +0000
ROA not before:           Wed 29 Jan 2025 15:25:01 +0000
ROA not after:            Wed 28 Jan 2026 15:30:01 +0000
asID:                     270088
IP address blocks:        170.0.9.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:0d:f6:b6:74:d9:97:1b:87:20:9c:6f:23:2a:87:f8:8a:45:a4:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08AA2E4D3C7CDF9626D331ACD38D1719F3D4A72D
        Validity
            Not Before: Jan 29 15:25:01 2025 GMT
            Not After : Jan 28 15:30:01 2026 GMT
        Subject: CN=82A65C5A9C06F1A8036C0FE4E249A1F35715C644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:fe:af:f4:fe:53:17:3d:ea:77:43:9c:39:dd:
                    02:bb:0b:00:8d:c0:78:b8:90:25:98:3a:6a:b3:de:
                    fe:bf:2c:ea:12:0c:13:12:4f:33:b3:ee:44:5c:87:
                    c6:7d:ad:99:1b:3b:56:a2:7e:95:34:1a:d6:f0:bd:
                    02:16:35:e8:ce:9a:9d:7b:2a:68:45:7e:dd:f7:53:
                    3d:35:ff:fa:10:1f:3d:37:f1:d2:cd:c8:81:f4:32:
                    45:77:2a:31:46:7d:bd:55:e8:02:d9:67:32:6f:36:
                    88:c3:b0:bb:ed:5c:47:88:76:69:c4:15:97:b2:00:
                    8e:8b:6f:13:10:f7:44:0d:6e:e4:8c:43:08:98:a4:
                    39:d3:a1:4c:97:ee:15:23:79:56:2d:3e:9b:be:e1:
                    16:2d:fe:62:cb:7a:7e:5f:53:d2:db:92:a0:48:79:
                    6d:dd:fe:7e:21:5c:b4:62:e3:23:a7:ad:f1:b5:c6:
                    b2:0a:35:b7:a8:87:10:91:51:58:9d:3d:b5:dc:1c:
                    d2:57:cf:03:c9:f6:db:79:e8:08:04:48:73:74:ce:
                    9d:9b:d6:cc:86:69:9a:17:2b:84:d2:42:44:a5:d7:
                    11:c5:4c:22:5d:6c:4c:00:90:15:4b:6d:c8:94:33:
                    9a:e1:79:3d:7f:c9:5d:7b:7d:18:2e:03:a8:e7:59:
                    fc:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:A6:5C:5A:9C:06:F1:A8:03:6C:0F:E4:E2:49:A1:F3:57:15:C6:44
            X509v3 Authority Key Identifier:
                keyid:08:AA:2E:4D:3C:7C:DF:96:26:D3:31:AC:D3:8D:17:19:F3:D4:A7:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/8D4BB2421C24D19F3123B0C681B01AD82A92941582C9DABB9493E097F3F2F893/0/08AA2E4D3C7CDF9626D331ACD38D1719F3D4A72D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/08AA2E4D3C7CDF9626D331ACD38D1719F3D4A72D.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/8D4BB2421C24D19F3123B0C681B01AD82A92941582C9DABB9493E097F3F2F893/0/3137302e302e392e302f32342d3234203d3e20323730303838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.0.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:da:ba:20:de:12:e7:55:2a:c8:0b:a4:0a:08:ce:07:42:33:
         3d:77:d6:ca:a0:0c:c1:a7:3e:8c:f7:6e:7a:38:a5:e7:0b:c4:
         8f:e7:82:b8:14:8d:92:90:67:56:bb:d4:92:1c:78:c6:1b:92:
         23:e9:0e:aa:40:21:18:b6:d3:4d:38:74:f1:06:5c:fd:5a:17:
         98:89:89:7d:c9:d3:74:c3:1f:08:b4:8c:8b:bd:52:70:5f:98:
         2d:60:65:d2:52:e8:59:56:19:d1:98:58:a9:fb:2b:d7:1f:4a:
         cb:28:30:40:3c:f7:6f:b6:0d:5a:43:ea:61:ad:ff:f1:75:92:
         72:e2:ea:5f:33:5d:22:75:5f:57:26:72:8a:c6:67:74:f4:91:
         72:6d:12:0f:8b:60:59:80:a9:3f:86:41:97:85:2b:a3:68:5e:
         c6:5e:cd:53:c7:78:9e:ba:5b:83:b0:8a:b6:71:0c:b8:9c:f5:
         fc:c6:c8:77:f6:1a:f7:c1:8d:e0:df:c0:17:ac:28:e0:b5:f0:
         20:c2:3c:b5:b8:69:e4:34:ec:c3:6b:6f:c8:93:59:6b:79:f5:
         bd:d1:5b:b3:5e:92:57:9a:5b:d6:04:cc:3b:aa:dd:f5:d8:ce:
         ae:43:e0:1a:c8:86:17:e1:cc:da:76:6b:71:05:3c:4e:14:b5:
         d4:8d:a0:8a
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIUEA32tnTZlxuHIJxvIyqH+IpFpG0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDhBQTJFNEQzQzdDREY5NjI2RDMzMUFDRDM4RDE3MTlG
M0Q0QTcyRDAeFw0yNTAxMjkxNTI1MDFaFw0yNjAxMjgxNTMwMDFaMDMxMTAvBgNV
BAMTKDgyQTY1QzVBOUMwNkYxQTgwMzZDMEZFNEUyNDlBMUYzNTcxNUM2NDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO/q/0/lMXPep3Q5w53QK7CwCN
wHi4kCWYOmqz3v6/LOoSDBMSTzOz7kRch8Z9rZkbO1aifpU0GtbwvQIWNejOmp17
KmhFft33Uz01//oQHz038dLNyIH0MkV3KjFGfb1V6ALZZzJvNojDsLvtXEeIdmnE
FZeyAI6LbxMQ90QNbuSMQwiYpDnToUyX7hUjeVYtPpu+4RYt/mLLen5fU9LbkqBI
eW3d/n4hXLRi4yOnrfG1xrIKNbeohxCRUVidPbXcHNJXzwPJ9tt56AgESHN0zp2b
1syGaZoXK4TSQkSl1xHFTCJdbEwAkBVLbciUM5rheT1/yV17fRguA6jnWfxnAgMB
AAGjggLEMIICwDAdBgNVHQ4EFgQUgqZcWpwG8agDbA/k4kmh81cVxkQwHwYDVR0j
BBgwFoAUCKouTTx835Ym0zGs040XGfPUpy0wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy84RDRCQjI0MjFDMjREMTlGMzEyM0IwQzY4MUIwMUFEODJB
OTI5NDE1ODJDOURBQkI5NDkzRTA5N0YzRjJGODkzLzAvMDhBQTJFNEQzQzdDREY5
NjI2RDMzMUFDRDM4RDE3MTlGM0Q0QTcyRC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8wOEFBMkU0RDNDN0NERjk2MjZE
MzMxQUNEMzhEMTcxOUYzRDRBNzJELmNlcjCBwwYIKwYBBQUHAQsEgbYwgbMwgbAG
CCsGAQUFBzALhoGjcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvOEQ0QkIyNDIxQzI0RDE5RjMxMjNCMEM2ODFCMDFBRDgyQTkyOTQxNTgy
QzlEQUJCOTQ5M0UwOTdGM0YyRjg5My8wLzMxMzczMDJlMzAyZTM5MmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzIzNzMwMzAzODM4LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqgAJMA0GCSqG
SIb3DQEBCwUAA4IBAQAE2rog3hLnVSrIC6QKCM4HQjM9d9bKoAzBpz6M9256OKXn
C8SP54K4FI2SkGdWu9SSHHjGG5Ij6Q6qQCEYttNNOHTxBlz9WheYiYl9ydN0wx8I
tIyLvVJwX5gtYGXSUuhZVhnRmFip+yvXH0rLKDBAPPdvtg1aQ+phrf/xdZJy4upf
M10idV9XJnKKxmd09JFybRIPi2BZgKk/hkGXhSujaF7GXs1Tx3ieuluDsIq2cQy4
nPX8xsh39hr3wY3g38AXrCjgtfAgwjy1uGnkNOzDa2/Ik1lrefW90VuzXpJXmlvW
BMw7qt312M6uQ+AayIYX4czadmtxBTxOFLXUjaCK
-----END CERTIFICATE-----