Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/9B4E3744F24E907740AFF85CE9457F3FA8E3BF32359D4255C9B5FE81ED74EC44/0/3133382e3138362e3132302e302f32322d3234203d3e20323634363831.roa
File:                     3133382e3138362e3132302e302f32322d3234203d3e20323634363831.roa (raw, json)
Hash identifier:          6tI9hbMEX8MIEOkcTV4tRZkmPmVs+KbVS9Snaeeh42A=
Subject key identifier:   5C:D7:B9:83:56:3F:60:DA:BE:27:34:15:EF:04:B7:4D:D2:3C:8F:BD
Certificate issuer:       /CN=68FDDBE1BF749D2FC48F59317C6389C8186C4613
Certificate serial:       365794C459A139439E4C6D6EA7DBDAD5319C49B0
Authority key identifier: 68:FD:DB:E1:BF:74:9D:2F:C4:8F:59:31:7C:63:89:C8:18:6C:46:13
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/68FDDBE1BF749D2FC48F59317C6389C8186C4613.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/9B4E3744F24E907740AFF85CE9457F3FA8E3BF32359D4255C9B5FE81ED74EC44/0/3133382e3138362e3132302e302f32322d3234203d3e20323634363831.roa
Signing time:             Tue 04 Feb 2025 17:59:58 +0000
ROA not before:           Tue 04 Feb 2025 17:54:58 +0000
ROA not after:            Tue 03 Feb 2026 17:59:58 +0000
asID:                     264681
IP address blocks:        138.186.120.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:57:94:c4:59:a1:39:43:9e:4c:6d:6e:a7:db:da:d5:31:9c:49:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68FDDBE1BF749D2FC48F59317C6389C8186C4613
        Validity
            Not Before: Feb  4 17:54:58 2025 GMT
            Not After : Feb  3 17:59:58 2026 GMT
        Subject: CN=5CD7B983563F60DABE273415EF04B74DD23C8FBD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f0:4e:cd:c3:6c:37:62:1c:11:3a:c5:f2:ba:
                    17:8d:49:32:12:7a:cd:5b:5c:2c:06:cf:cb:da:3e:
                    ad:39:ba:a8:85:c1:f2:2b:59:d4:d5:ae:34:29:56:
                    ee:cc:0d:a6:9d:3b:f5:8d:21:d0:1e:25:a5:79:d0:
                    0a:f2:1b:18:1e:d7:cb:04:44:13:74:b4:07:ef:15:
                    6b:27:db:07:21:9e:52:f2:07:ed:f0:1e:a1:6e:02:
                    0a:33:39:45:8c:96:b0:49:82:f2:28:c2:eb:e4:ad:
                    3d:60:e3:a4:1b:07:0b:5c:b9:da:c0:a6:02:08:93:
                    d9:d2:29:d0:63:2a:00:d5:ea:49:c9:2b:07:a0:1e:
                    7d:5f:ef:37:97:31:00:52:17:03:6e:ad:17:41:e3:
                    47:b2:b6:f3:d3:18:b6:c1:e1:a5:d2:eb:76:04:8b:
                    57:04:a7:9a:49:7b:19:ec:0f:4e:04:db:de:d5:e5:
                    04:7d:c9:e3:bf:fb:37:6c:d0:bf:68:08:16:df:41:
                    eb:a8:03:c0:97:03:15:b7:24:f2:a8:2b:ca:48:39:
                    6d:10:b5:13:9d:ac:3b:08:8b:a3:8e:d4:61:d9:d3:
                    64:8e:21:15:b7:d0:9d:3e:0e:50:de:93:bb:98:f7:
                    d4:58:97:12:46:ff:47:b7:f1:89:2d:0c:13:13:74:
                    2a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D7:B9:83:56:3F:60:DA:BE:27:34:15:EF:04:B7:4D:D2:3C:8F:BD
            X509v3 Authority Key Identifier:
                keyid:68:FD:DB:E1:BF:74:9D:2F:C4:8F:59:31:7C:63:89:C8:18:6C:46:13

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/9B4E3744F24E907740AFF85CE9457F3FA8E3BF32359D4255C9B5FE81ED74EC44/0/68FDDBE1BF749D2FC48F59317C6389C8186C4613.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/68FDDBE1BF749D2FC48F59317C6389C8186C4613.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/9B4E3744F24E907740AFF85CE9457F3FA8E3BF32359D4255C9B5FE81ED74EC44/0/3133382e3138362e3132302e302f32322d3234203d3e20323634363831.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.186.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         31:1c:91:b7:e2:dd:e3:71:7f:af:43:70:0c:04:d0:5d:5f:bb:
         21:7a:9c:b4:a9:ce:28:1a:eb:cd:8f:6f:66:a0:e0:19:06:d8:
         e7:49:66:be:ca:ab:f5:75:7a:f4:b9:cf:2c:3d:f3:88:8a:b6:
         fd:03:1a:9b:63:20:90:91:cc:9f:b2:66:2d:ea:ff:41:58:61:
         a6:6d:9a:c8:6d:e3:9f:a9:9f:d6:70:ab:87:44:6d:1a:28:42:
         c5:f6:14:dd:90:d1:b6:df:a1:8d:76:ff:8f:df:5e:da:f8:a3:
         d0:8b:07:e0:67:60:87:fd:96:33:f3:e5:9e:a9:ec:b1:11:06:
         2c:b5:e8:1a:a6:f9:91:90:7c:58:96:7a:4c:31:23:e3:1f:51:
         16:71:ab:6d:94:8d:07:d1:e7:86:4b:2c:e3:7c:bd:eb:a3:db:
         ba:c8:93:0f:a0:1a:bb:96:d3:c6:ad:40:8b:66:1e:11:78:67:
         6e:4d:aa:7b:57:88:3c:8e:ca:16:16:cb:ee:4c:c5:03:42:3e:
         d0:bf:67:43:8d:63:fe:5f:dd:8c:5a:b0:4e:17:51:f7:06:d3:
         63:2c:f5:5a:a3:80:a1:5c:9d:f0:ae:92:6f:57:c4:df:19:b7:
         86:87:dc:8e:88:f0:ba:06:27:e7:33:00:3b:02:a3:2d:9d:09:
         5c:19:f0:c4
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIUNleUxFmhOUOeTG1up9va1TGcSbAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjhGRERCRTFCRjc0OUQyRkM0OEY1OTMxN0M2Mzg5Qzgx
ODZDNDYxMzAeFw0yNTAyMDQxNzU0NThaFw0yNjAyMDMxNzU5NThaMDMxMTAvBgNV
BAMTKDVDRDdCOTgzNTYzRjYwREFCRTI3MzQxNUVGMDRCNzRERDIzQzhGQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC98E7Nw2w3YhwROsXyuheNSTIS
es1bXCwGz8vaPq05uqiFwfIrWdTVrjQpVu7MDaadO/WNIdAeJaV50AryGxge18sE
RBN0tAfvFWsn2wchnlLyB+3wHqFuAgozOUWMlrBJgvIowuvkrT1g46QbBwtcudrA
pgIIk9nSKdBjKgDV6knJKwegHn1f7zeXMQBSFwNurRdB40eytvPTGLbB4aXS63YE
i1cEp5pJexnsD04E297V5QR9yeO/+zds0L9oCBbfQeuoA8CXAxW3JPKoK8pIOW0Q
tROdrDsIi6OO1GHZ02SOIRW30J0+DlDek7uY99RYlxJG/0e38YktDBMTdCpjAgMB
AAGjggLMMIICyDAdBgNVHQ4EFgQUXNe5g1Y/YNq+JzQV7wS3TdI8j70wHwYDVR0j
BBgwFoAUaP3b4b90nS/Ej1kxfGOJyBhsRhMwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy85QjRFMzc0NEYyNEU5MDc3NDBBRkY4NUNFOTQ1N0YzRkE4
RTNCRjMyMzU5RDQyNTVDOUI1RkU4MUVENzRFQzQ0LzAvNjhGRERCRTFCRjc0OUQy
RkM0OEY1OTMxN0M2Mzg5QzgxODZDNDYxMy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC82OEZEREJFMUJGNzQ5RDJGQzQ4
RjU5MzE3QzYzODlDODE4NkM0NjEzLmNlcjCBywYIKwYBBQUHAQsEgb4wgbswgbgG
CCsGAQUFBzALhoGrcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvOUI0RTM3NDRGMjRFOTA3NzQwQUZGODVDRTk0NTdGM0ZBOEUzQkYzMjM1
OUQ0MjU1QzlCNUZFODFFRDc0RUM0NC8wLzMxMzMzODJlMzEzODM2MmUzMTMyMzAy
ZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMjM2MzQzNjM4MzEucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKK
ungwDQYJKoZIhvcNAQELBQADggEBADEckbfi3eNxf69DcAwE0F1fuyF6nLSpziga
682Pb2ag4BkG2OdJZr7Kq/V1evS5zyw984iKtv0DGptjIJCRzJ+yZi3q/0FYYaZt
msht45+pn9Zwq4dEbRooQsX2FN2Q0bbfoY12/4/fXtr4o9CLB+BnYIf9ljPz5Z6p
7LERBiy16Bqm+ZGQfFiWekwxI+MfURZxq22UjQfR54ZLLON8veuj27rIkw+gGruW
08atQItmHhF4Z25NqntXiDyOyhYWy+5MxQNCPtC/Z0ONY/5f3YxasE4XUfcG02Ms
9VqjgKFcnfCukm9XxN8Zt4aH3I6I8LoGJ+czADsCoy2dCVwZ8MQ=
-----END CERTIFICATE-----