Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/93FCEDB9F6E2C46A3F82B14D50AE8F334AC64287131F1FF475AB64EB7F96E10D/0/3133382e39392e3137342e302f32342d3234203d3e203532333238.roa
File:                     3133382e39392e3137342e302f32342d3234203d3e203532333238.roa (raw, json)
Hash identifier:          p3BWh2q7Y+XzjcEY3scTVrUS79opbNocx9YOVrHAKvc=
Subject key identifier:   3E:26:4C:30:E8:39:28:64:BB:5C:FE:CA:80:DE:34:94:CA:88:BF:6C
Certificate issuer:       /CN=D3BEE2BC3DBF41E55940899128EEA1A38DD0778F
Certificate serial:       1144759126205862A2F1A471472EA9985ACD146C
Authority key identifier: D3:BE:E2:BC:3D:BF:41:E5:59:40:89:91:28:EE:A1:A3:8D:D0:77:8F
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D3BEE2BC3DBF41E55940899128EEA1A38DD0778F.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/93FCEDB9F6E2C46A3F82B14D50AE8F334AC64287131F1FF475AB64EB7F96E10D/0/3133382e39392e3137342e302f32342d3234203d3e203532333238.roa
Signing time:             Tue 04 Feb 2025 18:16:31 +0000
ROA not before:           Tue 04 Feb 2025 18:11:31 +0000
ROA not after:            Tue 03 Feb 2026 18:16:31 +0000
asID:                     52328
IP address blocks:        138.99.174.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:44:75:91:26:20:58:62:a2:f1:a4:71:47:2e:a9:98:5a:cd:14:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D3BEE2BC3DBF41E55940899128EEA1A38DD0778F
        Validity
            Not Before: Feb  4 18:11:31 2025 GMT
            Not After : Feb  3 18:16:31 2026 GMT
        Subject: CN=3E264C30E8392864BB5CFECA80DE3494CA88BF6C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:21:b4:d5:d2:4e:ee:05:13:98:91:fe:b6:fd:
                    c6:f5:05:ab:dd:15:b9:07:ce:d4:41:40:f9:eb:88:
                    b3:c1:cd:5c:9d:c7:41:36:0d:ea:d1:ea:e2:18:8d:
                    4a:71:6b:98:7b:ad:2e:b5:6b:43:67:ec:68:ed:b3:
                    e3:d8:52:10:1d:d7:b6:e2:76:b7:0d:e9:e5:f3:37:
                    79:97:c7:54:6b:f6:a5:10:8f:35:93:c7:eb:b5:bf:
                    8d:f1:97:62:51:e5:18:b2:73:93:11:f7:67:ea:64:
                    00:c8:44:12:08:95:b6:3c:f9:49:e5:bd:14:27:cf:
                    02:7f:fd:aa:36:90:bf:dc:ef:e5:09:d5:06:f9:d6:
                    b3:f2:f0:af:4e:6e:67:ce:67:7f:14:40:1e:4c:e3:
                    95:10:05:57:9e:2a:6e:db:e7:ac:c1:5e:95:35:71:
                    1d:a0:a6:34:0f:f7:0c:51:46:63:a9:e1:07:ab:ce:
                    c9:97:48:af:39:95:9f:64:7d:8e:65:97:1e:b9:37:
                    25:6d:e7:a7:f8:c5:fa:a9:ae:9c:b0:94:cb:61:fb:
                    59:da:d4:6b:ab:3f:28:3e:77:24:90:bf:dc:b1:5b:
                    49:d8:ef:d7:57:28:ff:80:52:12:46:57:f4:68:06:
                    b3:99:a2:7b:7d:f4:fd:67:40:87:38:3f:1c:66:be:
                    25:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:26:4C:30:E8:39:28:64:BB:5C:FE:CA:80:DE:34:94:CA:88:BF:6C
            X509v3 Authority Key Identifier:
                keyid:D3:BE:E2:BC:3D:BF:41:E5:59:40:89:91:28:EE:A1:A3:8D:D0:77:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/93FCEDB9F6E2C46A3F82B14D50AE8F334AC64287131F1FF475AB64EB7F96E10D/0/D3BEE2BC3DBF41E55940899128EEA1A38DD0778F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D3BEE2BC3DBF41E55940899128EEA1A38DD0778F.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/93FCEDB9F6E2C46A3F82B14D50AE8F334AC64287131F1FF475AB64EB7F96E10D/0/3133382e39392e3137342e302f32342d3234203d3e203532333238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.99.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:8d:0d:42:92:f8:54:0c:18:08:67:a1:32:fc:46:37:85:91:
         8a:6f:26:f7:18:02:37:1c:bb:ae:e0:1d:1f:08:91:01:c5:3f:
         7d:23:e5:b5:62:cc:34:e5:2c:7f:27:3d:5c:6b:89:9b:bb:e8:
         fd:b0:77:b9:aa:0a:c3:08:c5:a6:54:db:b7:e6:23:db:74:f4:
         07:24:16:73:c8:b4:8b:a4:37:7c:5f:a5:3f:26:4b:ab:77:c3:
         a7:a5:9f:ac:50:bb:85:ce:0a:ea:ba:30:e3:ad:f4:0f:21:31:
         69:2f:1c:2d:dd:8f:c1:a6:1d:f6:3b:63:95:73:e8:de:0a:87:
         84:b8:ee:3d:04:bc:60:2b:59:f0:f2:68:16:15:be:2c:fe:a2:
         19:33:cd:ec:18:e0:e7:75:3b:ba:90:98:41:d1:9c:74:61:fb:
         ca:de:e3:79:b0:9a:8d:58:46:e7:ea:8a:7e:f9:0e:3f:57:d5:
         d1:34:33:9e:59:e1:fe:3c:fc:08:e4:48:f4:61:c3:4c:11:c4:
         80:cd:43:3c:6d:dc:e4:0f:92:2a:31:fa:41:65:76:35:b1:9d:
         7b:54:66:dc:53:79:c5:dc:d2:65:89:38:d2:6c:99:eb:96:96:
         23:38:18:98:07:05:41:84:92:8c:b2:ff:bc:16:db:7f:e7:44:
         8e:3e:16:6c
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUEUR1kSYgWGKi8aRxRy6pmFrNFGwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDNCRUUyQkMzREJGNDFFNTU5NDA4OTkxMjhFRUExQTM4
REQwNzc4RjAeFw0yNTAyMDQxODExMzFaFw0yNjAyMDMxODE2MzFaMDMxMTAvBgNV
BAMTKDNFMjY0QzMwRTgzOTI4NjRCQjVDRkVDQTgwREUzNDk0Q0E4OEJGNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChIbTV0k7uBROYkf62/cb1Bavd
FbkHztRBQPnriLPBzVydx0E2DerR6uIYjUpxa5h7rS61a0Nn7Gjts+PYUhAd17bi
drcN6eXzN3mXx1Rr9qUQjzWTx+u1v43xl2JR5Riyc5MR92fqZADIRBIIlbY8+Unl
vRQnzwJ//ao2kL/c7+UJ1Qb51rPy8K9ObmfOZ38UQB5M45UQBVeeKm7b56zBXpU1
cR2gpjQP9wxRRmOp4QerzsmXSK85lZ9kfY5llx65NyVt56f4xfqprpywlMth+1na
1GurPyg+dySQv9yxW0nY79dXKP+AUhJGV/RoBrOZont99P1nQIc4PxxmviWRAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQUPiZMMOg5KGS7XP7KgN40lMqIv2wwHwYDVR0j
BBgwFoAU077ivD2/QeVZQImRKO6ho43Qd48wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy85M0ZDRURCOUY2RTJDNDZBM0Y4MkIxNEQ1MEFFOEYzMzRB
QzY0Mjg3MTMxRjFGRjQ3NUFCNjRFQjdGOTZFMTBELzAvRDNCRUUyQkMzREJGNDFF
NTU5NDA4OTkxMjhFRUExQTM4REQwNzc4Ri5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EM0JFRTJCQzNEQkY0MUU1NTk0
MDg5OTEyOEVFQTFBMzhERDA3NzhGLmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvOTNGQ0VEQjlGNkUyQzQ2QTNGODJCMTRENTBBRThGMzM0QUM2NDI4NzEz
MUYxRkY0NzVBQjY0RUI3Rjk2RTEwRC8wLzMxMzMzODJlMzkzOTJlMzEzNzM0MmUz
MDJmMzIzNDJkMzIzNDIwM2QzZTIwMzUzMjMzMzIzOC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAIpjrjAN
BgkqhkiG9w0BAQsFAAOCAQEAYI0NQpL4VAwYCGehMvxGN4WRim8m9xgCNxy7ruAd
HwiRAcU/fSPltWLMNOUsfyc9XGuJm7vo/bB3uaoKwwjFplTbt+Yj23T0ByQWc8i0
i6Q3fF+lPyZLq3fDp6WfrFC7hc4K6row4630DyExaS8cLd2PwaYd9jtjlXPo3gqH
hLjuPQS8YCtZ8PJoFhW+LP6iGTPN7Bjg53U7upCYQdGcdGH7yt7jebCajVhG5+qK
fvkOP1fV0TQznlnh/jz8CORI9GHDTBHEgM1DPG3c5A+SKjH6QWV2NbGde1Rm3FN5
xdzSZYk40myZ65aWIzgYmAcFQYSSjLL/vBbbf+dEjj4WbA==
-----END CERTIFICATE-----