Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/A0248B8B40C06DB6031A12D4C78E102F32790EB2FD0CCA4B5F36CFA9FAB1559C/0/3139382e31322e33362e302f32322d3234203d3e203237393838.roa
File:                     3139382e31322e33362e302f32322d3234203d3e203237393838.roa (raw, json)
Hash identifier:          ORJiVznUim9VDyDHqb41kvzPfmlxpsvkDSCPLT19ZqI=
Subject key identifier:   89:8A:C2:43:08:D8:C3:2F:2A:B5:E3:4E:58:7D:5B:F3:78:A8:B4:E8
Certificate issuer:       /CN=DC7E31CF805B81CB499CF0807375C76F26BC2117
Certificate serial:       03C4BD3DF24778AC662F425E678AAD116C103473
Authority key identifier: DC:7E:31:CF:80:5B:81:CB:49:9C:F0:80:73:75:C7:6F:26:BC:21:17
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DC7E31CF805B81CB499CF0807375C76F26BC2117.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/A0248B8B40C06DB6031A12D4C78E102F32790EB2FD0CCA4B5F36CFA9FAB1559C/0/3139382e31322e33362e302f32322d3234203d3e203237393838.roa
Signing time:             Tue 04 Feb 2025 20:02:38 +0000
ROA not before:           Tue 04 Feb 2025 19:57:38 +0000
ROA not after:            Tue 03 Feb 2026 20:02:38 +0000
asID:                     27988
IP address blocks:        198.12.36.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:c4:bd:3d:f2:47:78:ac:66:2f:42:5e:67:8a:ad:11:6c:10:34:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DC7E31CF805B81CB499CF0807375C76F26BC2117
        Validity
            Not Before: Feb  4 19:57:38 2025 GMT
            Not After : Feb  3 20:02:38 2026 GMT
        Subject: CN=898AC24308D8C32F2AB5E34E587D5BF378A8B4E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:9e:cb:8c:8c:91:fa:34:dc:b0:53:70:93:9c:
                    86:b5:20:1e:2d:07:c5:b5:df:78:33:d3:3e:f3:d1:
                    57:56:e3:56:d9:ca:c3:62:f3:ce:0f:5a:1c:70:6c:
                    e7:01:d8:32:ee:3b:a6:d3:1f:f4:13:22:ca:fb:d2:
                    c2:a8:f0:74:12:3b:3d:4c:ec:4d:14:0a:60:03:3b:
                    ee:10:25:24:49:5c:15:59:f8:be:42:b4:5c:1f:b9:
                    b4:45:df:5e:83:96:49:9c:97:93:10:bb:f6:76:ea:
                    05:78:89:53:52:b2:28:f3:44:ae:38:5e:f2:b7:6c:
                    1c:2f:53:d1:6e:4a:f4:73:08:7f:b0:09:b4:34:52:
                    39:d3:6d:c1:cd:32:30:35:74:e0:68:aa:b8:ee:74:
                    90:96:6d:a8:b6:4d:9e:54:b4:38:94:2a:29:02:81:
                    a3:c5:31:06:14:cf:a7:bf:07:2e:5a:46:5b:f0:e4:
                    98:d0:ca:6d:6c:f0:56:73:96:c4:85:21:00:1f:24:
                    eb:ed:bb:89:29:17:9c:c2:72:c7:b1:ea:f1:db:17:
                    fc:09:e3:ef:05:28:02:ed:f2:28:6d:fe:d6:45:c5:
                    c5:6c:7a:39:b7:24:ff:b3:dd:08:13:ae:63:2d:65:
                    27:16:c7:0a:13:9a:2a:fd:eb:76:7f:99:6a:26:9d:
                    6b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:8A:C2:43:08:D8:C3:2F:2A:B5:E3:4E:58:7D:5B:F3:78:A8:B4:E8
            X509v3 Authority Key Identifier:
                keyid:DC:7E:31:CF:80:5B:81:CB:49:9C:F0:80:73:75:C7:6F:26:BC:21:17

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/A0248B8B40C06DB6031A12D4C78E102F32790EB2FD0CCA4B5F36CFA9FAB1559C/0/DC7E31CF805B81CB499CF0807375C76F26BC2117.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DC7E31CF805B81CB499CF0807375C76F26BC2117.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/A0248B8B40C06DB6031A12D4C78E102F32790EB2FD0CCA4B5F36CFA9FAB1559C/0/3139382e31322e33362e302f32322d3234203d3e203237393838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.12.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:40:08:83:57:6e:67:69:78:64:ee:83:63:f3:3b:a6:b2:4d:
         3f:e6:16:ed:e1:53:b2:cd:bf:5b:61:d8:da:d9:ad:f3:49:4d:
         26:d5:9d:8d:8e:d5:6d:90:0a:7e:08:28:64:95:ee:be:86:13:
         ed:4f:e2:c0:ac:d3:a8:d2:01:3a:c3:0f:9c:34:bf:9f:54:b0:
         05:9c:b4:91:d5:ca:19:63:d1:d8:a6:1c:b4:62:da:91:6b:93:
         81:0f:cd:33:91:29:9c:9c:e6:7a:85:2f:da:39:b1:12:6a:03:
         5d:6b:41:04:3c:d9:1c:cd:60:0a:c6:33:58:54:bd:75:7c:49:
         c4:63:de:43:ba:11:8c:0b:98:a6:56:2d:bc:15:f3:de:6b:79:
         1a:bd:ce:77:95:0b:3b:84:72:b1:e0:7f:48:38:cd:fa:b9:95:
         81:6f:8c:3b:54:41:63:5a:8f:3f:bf:27:5e:81:9d:b3:22:38:
         d3:ad:c1:e5:8f:b9:71:46:1c:4c:06:1d:ca:85:9a:d9:d0:60:
         60:3b:9e:8b:e7:c0:87:85:ab:94:dd:79:76:6b:fc:0c:5c:31:
         f9:4e:38:3b:82:c9:4f:2b:ed:81:6d:d4:03:83:77:fa:92:59:
         04:cc:88:78:44:c0:14:3f:7c:bc:aa:75:41:23:97:71:f3:48:
         33:69:60:be
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUA8S9PfJHeKxmL0JeZ4qtEWwQNHMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREM3RTMxQ0Y4MDVCODFDQjQ5OUNGMDgwNzM3NUM3NkYy
NkJDMjExNzAeFw0yNTAyMDQxOTU3MzhaFw0yNjAyMDMyMDAyMzhaMDMxMTAvBgNV
BAMTKDg5OEFDMjQzMDhEOEMzMkYyQUI1RTM0RTU4N0Q1QkYzNzhBOEI0RTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWnsuMjJH6NNywU3CTnIa1IB4t
B8W133gz0z7z0VdW41bZysNi884PWhxwbOcB2DLuO6bTH/QTIsr70sKo8HQSOz1M
7E0UCmADO+4QJSRJXBVZ+L5CtFwfubRF316Dlkmcl5MQu/Z26gV4iVNSsijzRK44
XvK3bBwvU9FuSvRzCH+wCbQ0UjnTbcHNMjA1dOBoqrjudJCWbai2TZ5UtDiUKikC
gaPFMQYUz6e/By5aRlvw5JjQym1s8FZzlsSFIQAfJOvtu4kpF5zCcsex6vHbF/wJ
4+8FKALt8iht/tZFxcVsejm3JP+z3QgTrmMtZScWxwoTmir963Z/mWomnWspAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUiYrCQwjYwy8qteNOWH1b83iotOgwHwYDVR0j
BBgwFoAU3H4xz4BbgctJnPCAc3XHbya8IRcwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9BMDI0OEI4QjQwQzA2REI2MDMxQTEyRDRDNzhFMTAyRjMy
NzkwRUIyRkQwQ0NBNEI1RjM2Q0ZBOUZBQjE1NTlDLzAvREM3RTMxQ0Y4MDVCODFD
QjQ5OUNGMDgwNzM3NUM3NkYyNkJDMjExNy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EQzdFMzFDRjgwNUI4MUNCNDk5
Q0YwODA3Mzc1Qzc2RjI2QkMyMTE3LmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQTAyNDhCOEI0MEMwNkRCNjAzMUExMkQ0Qzc4RTEwMkYzMjc5MEVCMkZE
MENDQTRCNUYzNkNGQTlGQUIxNTU5Qy8wLzMxMzkzODJlMzEzMjJlMzMzNjJlMzAy
ZjMyMzIyZDMyMzQyMDNkM2UyMDMyMzczOTM4Mzgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALGDCQwDQYJ
KoZIhvcNAQELBQADggEBAAxACINXbmdpeGTug2PzO6ayTT/mFu3hU7LNv1th2NrZ
rfNJTSbVnY2O1W2QCn4IKGSV7r6GE+1P4sCs06jSATrDD5w0v59UsAWctJHVyhlj
0dimHLRi2pFrk4EPzTORKZyc5nqFL9o5sRJqA11rQQQ82RzNYArGM1hUvXV8ScRj
3kO6EYwLmKZWLbwV895reRq9zneVCzuEcrHgf0g4zfq5lYFvjDtUQWNajz+/J16B
nbMiONOtweWPuXFGHEwGHcqFmtnQYGA7novnwIeFq5TdeXZr/AxcMflOODuCyU8r
7YFt1AODd/qSWQTMiHhEwBQ/fLyqdUEjl3HzSDNpYL4=
-----END CERTIFICATE-----