Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/8FECD5798E3294C3D469818A080FF5CECA775E61554192DD987E1EE7363DB6F7/0/3137302e3231302e33362e302f32322d3234203d3e203237393933.roa
File:                     3137302e3231302e33362e302f32322d3234203d3e203237393933.roa (raw, json)
Hash identifier:          enZZqx7lrdbFGWDIwE1OnuzN+SNgjJ+oswO10WY14cg=
Subject key identifier:   C8:5A:38:4E:A2:FF:96:77:99:5A:80:2C:AC:D0:99:24:59:84:76:8C
Certificate issuer:       /CN=22D4B25C65781140A2B8DB968C7D0B813D457F0B
Certificate serial:       3B299A0D092920BAB7DF05505BCBAB3BD237D08C
Authority key identifier: 22:D4:B2:5C:65:78:11:40:A2:B8:DB:96:8C:7D:0B:81:3D:45:7F:0B
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/22D4B25C65781140A2B8DB968C7D0B813D457F0B.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/8FECD5798E3294C3D469818A080FF5CECA775E61554192DD987E1EE7363DB6F7/0/3137302e3231302e33362e302f32322d3234203d3e203237393933.roa
Signing time:             Tue 04 Feb 2025 18:27:00 +0000
ROA not before:           Tue 04 Feb 2025 18:22:00 +0000
ROA not after:            Tue 03 Feb 2026 18:27:00 +0000
asID:                     27993
IP address blocks:        170.210.36.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:29:9a:0d:09:29:20:ba:b7:df:05:50:5b:cb:ab:3b:d2:37:d0:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22D4B25C65781140A2B8DB968C7D0B813D457F0B
        Validity
            Not Before: Feb  4 18:22:00 2025 GMT
            Not After : Feb  3 18:27:00 2026 GMT
        Subject: CN=C85A384EA2FF9677995A802CACD099245984768C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2b:b9:56:96:77:a7:2c:2b:de:ff:a7:84:8a:
                    bd:81:26:24:6c:62:b8:0a:9a:14:ca:68:e9:59:de:
                    85:8d:56:07:2f:f4:07:19:aa:67:0e:32:bb:63:a9:
                    95:aa:7f:bd:ea:68:1c:99:d4:12:d9:5d:25:b1:8b:
                    6f:fd:02:03:d3:52:21:d2:71:44:8f:8f:05:6c:e8:
                    cb:37:3e:64:0c:fc:b1:c8:d2:f0:2d:93:7d:35:50:
                    f7:d6:cd:bc:d3:8b:c8:70:a4:0a:ff:d0:3f:bb:a3:
                    ec:be:0e:52:b1:b5:a5:44:b0:37:1e:e4:fd:71:05:
                    da:50:c7:7a:3b:38:02:05:11:88:4b:c3:b6:55:19:
                    be:1e:29:76:ed:9c:95:71:25:f9:7b:79:2f:74:12:
                    07:00:d7:9a:de:4d:b7:41:2c:81:54:f7:4a:7f:20:
                    b5:f7:ca:f9:cf:e1:9a:e0:8b:07:4c:34:9c:00:da:
                    90:1f:69:da:f9:e5:2f:c5:b3:02:51:50:58:3c:c5:
                    15:2b:79:ce:8d:6f:f1:89:f4:66:96:a7:c6:b9:fc:
                    61:a7:82:af:13:20:72:d5:48:e8:a9:ce:60:cd:56:
                    34:b2:e6:aa:41:c9:a5:8c:e0:59:e0:5f:6e:c3:b5:
                    7d:b9:21:e8:3e:1a:f4:e7:90:1b:f5:31:be:cc:54:
                    72:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:5A:38:4E:A2:FF:96:77:99:5A:80:2C:AC:D0:99:24:59:84:76:8C
            X509v3 Authority Key Identifier:
                keyid:22:D4:B2:5C:65:78:11:40:A2:B8:DB:96:8C:7D:0B:81:3D:45:7F:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/8FECD5798E3294C3D469818A080FF5CECA775E61554192DD987E1EE7363DB6F7/0/22D4B25C65781140A2B8DB968C7D0B813D457F0B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/22D4B25C65781140A2B8DB968C7D0B813D457F0B.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/8FECD5798E3294C3D469818A080FF5CECA775E61554192DD987E1EE7363DB6F7/0/3137302e3231302e33362e302f32322d3234203d3e203237393933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.210.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:f2:4a:48:76:04:03:a5:04:bc:88:fc:16:ac:61:21:4a:63:
         b2:8d:95:74:7a:a8:3a:d2:a7:1f:a0:46:46:92:b1:b8:fa:ad:
         62:bd:37:ee:42:f8:f5:21:af:b7:51:2a:b7:ba:14:88:78:89:
         03:5d:49:b5:78:16:78:6d:40:e6:de:0b:b3:89:e0:31:83:a6:
         68:2c:f2:0c:6e:36:5a:e3:de:cb:32:c7:76:c3:ad:c4:bb:f7:
         98:aa:b8:36:39:4f:40:67:a1:23:e9:3d:3a:fa:fc:be:b4:30:
         37:ba:e3:58:a5:a7:dc:8c:f7:02:64:fd:76:1f:78:7a:05:24:
         25:4a:0b:bc:e0:6c:75:96:86:24:7b:6a:bf:e6:7f:b4:92:8b:
         e6:25:2e:98:09:71:f2:2d:65:13:01:7e:9b:72:1f:ad:2c:f6:
         ad:4c:68:41:cb:3b:41:5d:a3:4c:e4:07:84:00:c5:40:ee:84:
         23:c2:33:54:20:cc:57:48:fc:76:9e:8a:f6:fb:ed:ad:fd:22:
         0a:62:84:69:49:4d:61:15:c3:21:36:3b:b8:72:41:82:74:09:
         4b:44:74:dd:12:38:79:ac:61:b4:10:c9:4f:20:40:46:ad:9a:
         1e:e5:22:93:22:a8:aa:97:f5:ab:1a:42:39:f4:a3:44:45:54:
         5d:46:f0:09
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUOymaDQkpILq33wVQW8urO9I30IwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjJENEIyNUM2NTc4MTE0MEEyQjhEQjk2OEM3RDBCODEz
RDQ1N0YwQjAeFw0yNTAyMDQxODIyMDBaFw0yNjAyMDMxODI3MDBaMDMxMTAvBgNV
BAMTKEM4NUEzODRFQTJGRjk2Nzc5OTVBODAyQ0FDRDA5OTI0NTk4NDc2OEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzK7lWlnenLCve/6eEir2BJiRs
YrgKmhTKaOlZ3oWNVgcv9AcZqmcOMrtjqZWqf73qaByZ1BLZXSWxi2/9AgPTUiHS
cUSPjwVs6Ms3PmQM/LHI0vAtk301UPfWzbzTi8hwpAr/0D+7o+y+DlKxtaVEsDce
5P1xBdpQx3o7OAIFEYhLw7ZVGb4eKXbtnJVxJfl7eS90EgcA15reTbdBLIFU90p/
ILX3yvnP4ZrgiwdMNJwA2pAfadr55S/FswJRUFg8xRUrec6Nb/GJ9GaWp8a5/GGn
gq8TIHLVSOipzmDNVjSy5qpByaWM4FngX27DtX25Ieg+GvTnkBv1Mb7MVHK/AgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQUyFo4TqL/lneZWoAsrNCZJFmEdowwHwYDVR0j
BBgwFoAUItSyXGV4EUCiuNuWjH0LgT1FfwswDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy84RkVDRDU3OThFMzI5NEMzRDQ2OTgxOEEwODBGRjVDRUNB
Nzc1RTYxNTU0MTkyREQ5ODdFMUVFNzM2M0RCNkY3LzAvMjJENEIyNUM2NTc4MTE0
MEEyQjhEQjk2OEM3RDBCODEzRDQ1N0YwQi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yMkQ0QjI1QzY1NzgxMTQwQTJC
OERCOTY4QzdEMEI4MTNENDU3RjBCLmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvOEZFQ0Q1Nzk4RTMyOTRDM0Q0Njk4MThBMDgwRkY1Q0VDQTc3NUU2MTU1
NDE5MkREOTg3RTFFRTczNjNEQjZGNy8wLzMxMzczMDJlMzIzMTMwMmUzMzM2MmUz
MDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzNzM5MzkzMy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAqrSJDAN
BgkqhkiG9w0BAQsFAAOCAQEAPvJKSHYEA6UEvIj8FqxhIUpjso2VdHqoOtKnH6BG
RpKxuPqtYr037kL49SGvt1Eqt7oUiHiJA11JtXgWeG1A5t4Ls4ngMYOmaCzyDG42
WuPeyzLHdsOtxLv3mKq4NjlPQGehI+k9Ovr8vrQwN7rjWKWn3Iz3AmT9dh94egUk
JUoLvOBsdZaGJHtqv+Z/tJKL5iUumAlx8i1lEwF+m3IfrSz2rUxoQcs7QV2jTOQH
hADFQO6EI8IzVCDMV0j8dp6K9vvtrf0iCmKEaUlNYRXDITY7uHJBgnQJS0R03RI4
eaxhtBDJTyBARq2aHuUikyKoqpf1qxpCOfSjREVUXUbwCQ==
-----END CERTIFICATE-----