Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/9d2fd41d-f92d-4048-be53-748543426001/f2202ea6a45a02aaa794a9a41055b957206f251a.roa
File:                     f2202ea6a45a02aaa794a9a41055b957206f251a.roa (raw, json)
Hash identifier:          Qw+54k1E4ZFF0zc+L8BxVl93saz1xqOxPYYJ9WBHUcc=
Subject key identifier:   D7:C3:63:81:56:75:52:5A:6D:A3:A8:91:1F:18:93:9D:41:45:8A:3E
Certificate issuer:       /CN=ef2d0ae672567bf0e707903589365faae1ff0bbc
Certificate serial:       218992
Authority key identifier: 72:63:61:20:20:8A:C6:CE:8A:0F:E5:98:7E:0E:C5:8D:74:C5:69:D5
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ef2d0ae672567bf0e707903589365faae1ff0bbc.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/9d2fd41d-f92d-4048-be53-748543426001/f2202ea6a45a02aaa794a9a41055b957206f251a.roa
Signing time:             Mon 10 Jul 2023 16:23:10 +0000
ROA not before:           Sun 09 Jul 2023 16:23:10 +0000
ROA not after:            Thu 10 Jul 2025 16:23:10 +0000
asID:                     21826
IP address blocks:        186.188.0.0/17 maxlen: 24
                          167.249.32.0/22 maxlen: 24
                          170.84.136.0/22 maxlen: 24
                          200.82.128.0/17 maxlen: 24
                          200.75.96.0/19 maxlen: 24
                          181.208.0.0/16 maxlen: 24
                          200.8.0.0/16 maxlen: 24
                          200.229.152.0/22 maxlen: 24
                          186.14.0.0/16 maxlen: 24
                          190.142.0.0/16 maxlen: 24
                          2803:8100::/32 maxlen: 48
                          2803:8100::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2197906 (0x218992)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef2d0ae672567bf0e707903589365faae1ff0bbc
        Validity
            Not Before: Jul  9 16:23:10 2023 GMT
            Not After : Jul 10 16:23:10 2025 GMT
        Subject: CN=f2202ea6a45a02aaa794a9a41055b957206f251a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:dc:6d:58:24:81:91:2d:9e:77:0f:d1:5d:ee:
                    7e:f0:99:76:8e:17:f3:b0:5b:8a:6e:dd:6a:f4:78:
                    91:05:b7:4c:3f:69:6c:eb:7d:81:93:e3:b8:7e:4d:
                    87:9f:43:34:a8:a4:59:d5:2d:e4:3c:34:79:6b:4d:
                    58:98:4c:ee:59:8b:bc:19:f3:87:ee:0b:8d:24:20:
                    40:2e:d7:5d:67:4a:a6:67:fd:30:83:83:14:1b:e9:
                    1f:69:1e:86:56:6c:7a:61:a6:e6:2c:4d:f7:b9:0a:
                    98:58:b5:25:97:51:cd:60:ea:6c:3a:2b:0e:9c:2c:
                    f4:f9:84:10:a1:be:d3:8f:28:c3:af:f3:fc:48:94:
                    4a:b7:90:2a:01:13:89:d8:87:d7:43:d2:f3:27:f1:
                    52:1a:80:02:3f:89:53:ff:7d:56:70:69:e6:5e:28:
                    db:ff:6a:ac:23:90:d9:d2:68:5b:62:6b:d8:f6:da:
                    8a:fd:37:7c:33:79:bc:62:85:68:9f:dc:9d:d4:6d:
                    18:5d:81:fe:c0:74:99:93:04:f9:09:47:ae:82:ed:
                    11:dc:c0:5f:05:5c:a4:de:3b:6f:c5:7f:01:c2:83:
                    db:9e:07:b9:37:5b:06:32:79:12:dc:ce:b6:b3:bc:
                    77:8c:50:a3:a0:ec:c5:84:7d:d0:18:ae:4d:b0:28:
                    81:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C3:63:81:56:75:52:5A:6D:A3:A8:91:1F:18:93:9D:41:45:8A:3E
            X509v3 Authority Key Identifier:
                keyid:72:63:61:20:20:8A:C6:CE:8A:0F:E5:98:7E:0E:C5:8D:74:C5:69:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/ef2d0ae672567bf0e707903589365faae1ff0bbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/9d2fd41d-f92d-4048-be53-748543426001/f2202ea6a45a02aaa794a9a41055b957206f251a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/9d2fd41d-f92d-4048-be53-748543426001/ef2d0ae672567bf0e707903589365faae1ff0bbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.249.32.0/22
                  170.84.136.0/22
                  181.208.0.0/16
                  186.14.0.0/16
                  186.188.0.0/17
                  190.142.0.0/16
                  200.8.0.0/16
                  200.75.96.0/19
                  200.82.128.0/17
                  200.229.152.0/22
                IPv6:
                  2803:8100::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:f0:bd:a8:21:4a:40:b7:b0:cd:3e:19:24:ef:66:71:1b:1c:
         15:bb:3b:97:87:66:52:00:45:17:ec:eb:78:f7:1d:12:65:60:
         e9:4b:7b:4b:f2:b6:7a:67:e0:1f:a5:37:a3:74:2a:a4:1d:61:
         be:34:32:07:17:46:c4:60:b1:49:e5:6a:a4:eb:f9:2f:f8:af:
         d2:89:26:f4:57:3d:a8:0d:12:9b:25:80:79:c4:25:fe:7d:24:
         43:d7:29:fc:ef:5d:19:99:05:f4:a6:4a:20:7b:bb:8c:fa:6b:
         6c:5c:ee:83:61:e8:65:b7:93:b2:b7:dd:98:3c:9a:7a:b4:d1:
         91:06:bc:60:85:9c:55:5e:b4:e5:49:49:98:fa:2a:18:8c:8a:
         2b:ab:0a:04:ae:fd:58:3b:4c:20:d8:70:bb:f3:8c:d8:ba:90:
         78:05:a9:a6:56:eb:9e:5a:74:36:73:bc:01:0b:ec:f9:ef:35:
         c6:c4:20:c5:c8:dd:75:f9:0f:3a:e0:49:fc:c7:7d:d7:16:5f:
         63:4d:c9:2f:ac:66:72:0e:00:87:f2:53:bf:f3:70:ec:e0:76:
         c9:67:15:96:e2:4a:f7:df:24:be:d6:e1:1d:5b:91:e3:d6:14:
         95:e5:8f:c9:56:0f:a1:ac:4f:6d:fd:eb:7a:fa:8e:ef:27:b7:
         54:85:94:0b
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDIYmSMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGVm
MmQwYWU2NzI1NjdiZjBlNzA3OTAzNTg5MzY1ZmFhZTFmZjBiYmMwHhcNMjMwNzA5
MTYyMzEwWhcNMjUwNzEwMTYyMzEwWjAzMTEwLwYDVQQDEyhmMjIwMmVhNmE0NWEw
MmFhYTc5NGE5YTQxMDU1Yjk1NzIwNmYyNTFhMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAqtxtWCSBkS2edw/RXe5+8Jl2jhfzsFuKbt1q9HiRBbdMP2ls
632Bk+O4fk2Hn0M0qKRZ1S3kPDR5a01YmEzuWYu8GfOH7guNJCBALtddZ0qmZ/0w
g4MUG+kfaR6GVmx6YabmLE33uQqYWLUll1HNYOpsOisOnCz0+YQQob7TjyjDr/P8
SJRKt5AqAROJ2IfXQ9LzJ/FSGoACP4lT/31WcGnmXijb/2qsI5DZ0mhbYmvY9tqK
/Td8M3m8YoVon9yd1G0YXYH+wHSZkwT5CUeugu0R3MBfBVyk3jtvxX8BwoPbnge5
N1sGMnkS3M62s7x3jFCjoOzFhH3QGK5NsCiBVQIDAQABo4ICnDCCApgwHQYDVR0O
BBYEFNfDY4FWdVJabaOokR8Yk51BRYo+MB8GA1UdIwQYMBaAFHJjYSAgisbOig/l
mH4OxY10xWnVMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvZWYyZDBh
ZTY3MjU2N2JmMGU3MDc5MDM1ODkzNjVmYWFlMWZmMGJiYy5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvOWQyZmQ0MWQtZjkyZC00MDQ4LWJlNTMtNzQ4NTQz
NDI2MDAxL2YyMjAyZWE2YTQ1YTAyYWFhNzk0YTlhNDEwNTViOTU3MjA2ZjI1MWEu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy85ZDJmZDQxZC1mOTJkLTQwNDgtYmU1My03NDg1
NDM0MjYwMDEvZWYyZDBhZTY3MjU2N2JmMGU3MDc5MDM1ODkzNjVmYWFlMWZmMGJi
Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBgBggrBgEFBQcBBwEB/wRR
ME8wPgQCAAEwOAMEAqf5IAMEAqpUiAMDALXQAwMAug4DBAe6vAADAwC+jgMDAMgI
AwQFyEtgAwQHyFKAAwQCyOWYMA0EAgACMAcDBQAoA4EAMA0GCSqGSIb3DQEBCwUA
A4IBAQB+8L2oIUpAt7DNPhkk72ZxGxwVuzuXh2ZSAEUX7Ot49x0SZWDpS3tL8rZ6
Z+AfpTejdCqkHWG+NDIHF0bEYLFJ5Wqk6/kv+K/SiSb0Vz2oDRKbJYB5xCX+fSRD
1yn8710ZmQX0pkoge7uM+mtsXO6DYehlt5Oyt92YPJp6tNGRBrxghZxVXrTlSUmY
+ioYjIorqwoErv1YO0wg2HC784zYupB4BammVuueWnQ2c7wBC+z57zXGxCDFyN11
+Q864En8x33XFl9jTckvrGZyDgCH8lO/83Ds4HbJZxWW4kr33yS+1uEdW5Hj1hSV
5Y/JVg+hrE9t/et6+o7vJ7dUhZQL
-----END CERTIFICATE-----