Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/93C2E4031050C2D10ED8B812E317448BC2C683B4C5CB73E9F5D9F02F74A1B3F1/0/3137302e38322e3135362e302f32322d3234203d3e20323634363638.roa
File:                     3137302e38322e3135362e302f32322d3234203d3e20323634363638.roa (raw, json)
Hash identifier:          7DfcByGWuKgjUTSTMmNwLMf7WOsuDZXNYZSonP9R4yU=
Subject key identifier:   4D:F4:24:16:7B:C1:F9:70:CA:BE:21:C1:4D:E1:DF:8C:25:0C:71:6B
Certificate issuer:       /CN=04D30653956EB19B20571B774DBED43F32A8824E
Certificate serial:       0D45D8E7DD8C4795A42684C2B0EA977538D88C41
Authority key identifier: 04:D3:06:53:95:6E:B1:9B:20:57:1B:77:4D:BE:D4:3F:32:A8:82:4E
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/04D30653956EB19B20571B774DBED43F32A8824E.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/93C2E4031050C2D10ED8B812E317448BC2C683B4C5CB73E9F5D9F02F74A1B3F1/0/3137302e38322e3135362e302f32322d3234203d3e20323634363638.roa
Signing time:             Tue 04 Feb 2025 18:17:46 +0000
ROA not before:           Tue 04 Feb 2025 18:12:46 +0000
ROA not after:            Tue 03 Feb 2026 18:17:46 +0000
asID:                     264668
IP address blocks:        170.82.156.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:45:d8:e7:dd:8c:47:95:a4:26:84:c2:b0:ea:97:75:38:d8:8c:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04D30653956EB19B20571B774DBED43F32A8824E
        Validity
            Not Before: Feb  4 18:12:46 2025 GMT
            Not After : Feb  3 18:17:46 2026 GMT
        Subject: CN=4DF424167BC1F970CABE21C14DE1DF8C250C716B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:0b:e9:84:bd:6e:fb:4c:22:ab:fc:65:41:3d:
                    96:1c:7d:f8:e8:01:e9:1d:e9:b1:28:a7:f6:84:6b:
                    87:d2:77:f1:cc:eb:82:2d:fb:da:ba:8d:0c:4f:d0:
                    4d:33:a7:12:a3:86:b9:49:83:5c:78:7e:3b:2f:e7:
                    26:8e:24:df:de:72:65:dc:2b:66:27:f9:c9:cb:e0:
                    a8:6e:49:36:b8:25:3d:1e:ad:29:69:70:b8:02:72:
                    2d:cd:c7:f4:09:7a:a6:19:c2:e2:b6:84:75:82:69:
                    bb:e4:1b:d7:86:7e:8b:84:96:65:2d:7e:f4:6e:93:
                    6d:38:8f:34:bc:0a:e2:60:e2:85:b8:d2:04:90:22:
                    aa:e4:3f:6b:6b:61:b5:67:59:5a:4e:93:c5:e5:71:
                    15:04:59:0d:6f:3f:9f:60:e0:94:10:52:d2:65:46:
                    3f:20:3d:a6:02:7a:bf:8e:70:40:0d:99:64:e1:3e:
                    4f:52:f3:6c:4a:37:7d:39:bc:a3:e2:25:a8:f2:83:
                    9e:c1:27:2f:e5:52:1d:d9:7e:ab:0a:91:56:a5:9c:
                    c6:f1:bd:49:57:c2:57:81:bc:db:ff:6b:68:a9:58:
                    7c:3b:40:0a:86:2b:f6:e4:35:ed:46:2b:3e:98:a2:
                    73:2a:99:a2:e8:e8:b5:f0:1c:6f:ef:f0:56:2d:89:
                    94:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:F4:24:16:7B:C1:F9:70:CA:BE:21:C1:4D:E1:DF:8C:25:0C:71:6B
            X509v3 Authority Key Identifier:
                keyid:04:D3:06:53:95:6E:B1:9B:20:57:1B:77:4D:BE:D4:3F:32:A8:82:4E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/93C2E4031050C2D10ED8B812E317448BC2C683B4C5CB73E9F5D9F02F74A1B3F1/0/04D30653956EB19B20571B774DBED43F32A8824E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/04D30653956EB19B20571B774DBED43F32A8824E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/93C2E4031050C2D10ED8B812E317448BC2C683B4C5CB73E9F5D9F02F74A1B3F1/0/3137302e38322e3135362e302f32322d3234203d3e20323634363638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.82.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:57:db:f1:7c:5d:c3:d7:52:5c:b2:b5:d2:bc:cb:d7:b4:d1:
         44:ca:71:89:b6:6a:a9:2b:da:03:1c:f7:7c:02:e6:6a:0f:27:
         ff:23:4b:e0:07:15:38:f7:0d:d2:73:ff:95:ea:16:72:92:5e:
         39:16:22:b5:8d:73:c7:02:5e:54:66:8c:ab:64:3d:91:83:b8:
         10:c9:92:df:b0:c4:65:42:06:4c:e7:c6:ed:12:33:2c:4f:89:
         c4:f4:af:2f:6e:ee:ef:07:f6:a2:ad:34:30:11:00:38:f0:d7:
         4d:4e:13:98:4a:73:d2:84:8d:ec:49:14:05:83:54:1e:3d:18:
         44:43:04:d5:b7:bc:18:70:d4:32:c7:5d:fc:5b:00:b7:c7:29:
         2a:e8:91:39:c9:fe:2d:0b:aa:dc:2d:09:95:5f:a7:4f:36:59:
         24:87:7f:ba:b6:15:14:c7:91:5d:fb:97:4d:f8:0e:2d:b8:d3:
         b5:a6:df:50:07:89:70:85:8e:c6:f2:5c:9b:4a:b3:b5:18:5f:
         2b:e3:05:1e:6d:28:cd:9c:3d:8d:3c:b1:6a:bf:0c:a9:2f:74:
         81:e2:fb:c2:2a:be:cf:65:0e:73:99:d4:9b:50:08:97:07:63:
         97:fc:1d:d5:27:3b:5f:b0:2e:95:ff:6e:a9:9a:d3:8a:47:0f:
         fd:e3:33:21
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUDUXY592MR5WkJoTCsOqXdTjYjEEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDREMzA2NTM5NTZFQjE5QjIwNTcxQjc3NERCRUQ0M0Yz
MkE4ODI0RTAeFw0yNTAyMDQxODEyNDZaFw0yNjAyMDMxODE3NDZaMDMxMTAvBgNV
BAMTKDRERjQyNDE2N0JDMUY5NzBDQUJFMjFDMTRERTFERjhDMjUwQzcxNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5C+mEvW77TCKr/GVBPZYcffjo
Aekd6bEop/aEa4fSd/HM64It+9q6jQxP0E0zpxKjhrlJg1x4fjsv5yaOJN/ecmXc
K2Yn+cnL4KhuSTa4JT0erSlpcLgCci3Nx/QJeqYZwuK2hHWCabvkG9eGfouElmUt
fvRuk204jzS8CuJg4oW40gSQIqrkP2trYbVnWVpOk8XlcRUEWQ1vP59g4JQQUtJl
Rj8gPaYCer+OcEANmWThPk9S82xKN305vKPiJajyg57BJy/lUh3ZfqsKkValnMbx
vUlXwleBvNv/a2ipWHw7QAqGK/bkNe1GKz6YonMqmaLo6LXwHG/v8FYtiZSnAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUTfQkFnvB+XDKviHBTeHfjCUMcWswHwYDVR0j
BBgwFoAUBNMGU5VusZsgVxt3Tb7UPzKogk4wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy85M0MyRTQwMzEwNTBDMkQxMEVEOEI4MTJFMzE3NDQ4QkMy
QzY4M0I0QzVDQjczRTlGNUQ5RjAyRjc0QTFCM0YxLzAvMDREMzA2NTM5NTZFQjE5
QjIwNTcxQjc3NERCRUQ0M0YzMkE4ODI0RS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8wNEQzMDY1Mzk1NkVCMTlCMjA1
NzFCNzc0REJFRDQzRjMyQTg4MjRFLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvOTNDMkU0MDMxMDUwQzJEMTBFRDhCODEyRTMxNzQ0OEJDMkM2ODNCNEM1
Q0I3M0U5RjVEOUYwMkY3NEExQjNGMS8wLzMxMzczMDJlMzgzMjJlMzEzNTM2MmUz
MDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzNjM0MzYzNjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqlKc
MA0GCSqGSIb3DQEBCwUAA4IBAQAtV9vxfF3D11JcsrXSvMvXtNFEynGJtmqpK9oD
HPd8AuZqDyf/I0vgBxU49w3Sc/+V6hZykl45FiK1jXPHAl5UZoyrZD2Rg7gQyZLf
sMRlQgZM58btEjMsT4nE9K8vbu7vB/airTQwEQA48NdNThOYSnPShI3sSRQFg1Qe
PRhEQwTVt7wYcNQyx138WwC3xykq6JE5yf4tC6rcLQmVX6dPNlkkh3+6thUUx5Fd
+5dN+A4tuNO1pt9QB4lwhY7G8lybSrO1GF8r4wUebSjNnD2NPLFqvwypL3SB4vvC
Kr7PZQ5zmdSbUAiXB2OX/B3VJztfsC6V/26pmtOKRw/94zMh
-----END CERTIFICATE-----