Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/A1BD3A4FA722A25F6559ACE6DEF9D7CBFFAF5643CD009E7913DBE50679A51636/0/323830333a6463303a3a2f33322d3332203d3e20323635373139.roa
File:                     323830333a6463303a3a2f33322d3332203d3e20323635373139.roa (raw, json)
Hash identifier:          xOt5VixUgUQuFro0aZ1/sZqUfQk7dLgS7zQVHAYEvOk=
Subject key identifier:   01:3C:7D:CC:D9:69:57:C0:14:88:6A:BA:E4:6B:E7:58:0D:21:C0:24
Certificate issuer:       /CN=86B23684C23826B0D30069E095D5822718033CB5
Certificate serial:       21CDE08CC3D9A75516C02C8077A985ECB4A7BF13
Authority key identifier: 86:B2:36:84:C2:38:26:B0:D3:00:69:E0:95:D5:82:27:18:03:3C:B5
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/86B23684C23826B0D30069E095D5822718033CB5.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/A1BD3A4FA722A25F6559ACE6DEF9D7CBFFAF5643CD009E7913DBE50679A51636/0/323830333a6463303a3a2f33322d3332203d3e20323635373139.roa
Signing time:             Tue 04 Feb 2025 18:35:46 +0000
ROA not before:           Tue 04 Feb 2025 18:30:46 +0000
ROA not after:            Tue 03 Feb 2026 18:35:46 +0000
asID:                     265719
IP address blocks:        2803:dc0::/32 maxlen: 32
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:cd:e0:8c:c3:d9:a7:55:16:c0:2c:80:77:a9:85:ec:b4:a7:bf:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86B23684C23826B0D30069E095D5822718033CB5
        Validity
            Not Before: Feb  4 18:30:46 2025 GMT
            Not After : Feb  3 18:35:46 2026 GMT
        Subject: CN=013C7DCCD96957C014886ABAE46BE7580D21C024
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8f:65:82:91:0c:4d:c4:df:3b:96:d6:a2:7c:
                    85:0f:3a:40:75:37:1f:bd:bf:0f:4a:de:e6:04:84:
                    b2:f9:11:f7:bd:3b:a3:59:1e:cd:ca:92:a9:d4:ea:
                    3c:b6:ef:a4:b7:19:87:69:f1:60:b6:80:06:c0:b8:
                    9a:8b:1a:6c:05:e1:f8:5d:36:53:ab:2f:11:da:a2:
                    cb:23:2a:be:ee:ca:b9:bd:ce:4c:5b:ee:18:72:a9:
                    51:18:4b:b8:f7:c4:f6:50:bb:ce:2a:c1:d8:83:ba:
                    3b:50:3f:dd:da:cb:9c:da:fc:f4:07:99:38:bf:69:
                    5c:e6:bb:ce:ec:67:16:24:91:4c:88:03:e5:93:5b:
                    d0:1d:c1:b2:11:24:6f:7f:40:9c:2b:5b:67:3d:dc:
                    e1:69:ff:fd:e8:78:e1:b5:e5:6d:1d:76:0e:1d:11:
                    0c:9d:6d:1e:d5:56:80:70:5b:91:71:07:6a:8e:34:
                    98:e3:4e:e7:43:ae:99:82:92:81:db:b4:f8:9f:9c:
                    5f:ca:dd:ee:5c:47:70:f8:81:9b:86:5c:34:15:3c:
                    84:8b:56:41:c5:06:8f:b2:16:13:04:dd:ae:33:a6:
                    10:ae:6e:87:bd:2a:3e:74:8a:f3:2b:89:17:c9:ed:
                    03:16:2d:bd:a1:b7:ea:5c:f6:d0:84:a1:53:11:3a:
                    a8:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:3C:7D:CC:D9:69:57:C0:14:88:6A:BA:E4:6B:E7:58:0D:21:C0:24
            X509v3 Authority Key Identifier:
                keyid:86:B2:36:84:C2:38:26:B0:D3:00:69:E0:95:D5:82:27:18:03:3C:B5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/A1BD3A4FA722A25F6559ACE6DEF9D7CBFFAF5643CD009E7913DBE50679A51636/0/86B23684C23826B0D30069E095D5822718033CB5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/86B23684C23826B0D30069E095D5822718033CB5.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/A1BD3A4FA722A25F6559ACE6DEF9D7CBFFAF5643CD009E7913DBE50679A51636/0/323830333a6463303a3a2f33322d3332203d3e20323635373139.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2803:dc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:2c:10:e3:d8:93:5f:41:9a:b1:8b:6f:9f:ff:88:db:0e:03:
         f5:55:b0:7b:87:21:d9:24:51:ca:ff:9e:d8:f8:ba:63:03:01:
         f0:be:ec:52:f2:8c:14:d1:0c:34:d2:ae:4b:f0:88:5d:5d:79:
         69:2b:ef:92:ee:16:d2:06:30:5c:33:7b:89:5c:4a:fa:ab:1f:
         32:e1:1a:2f:3e:36:c9:d1:6d:6d:eb:dd:f1:43:80:a8:b0:22:
         2e:69:c2:70:e4:d3:ac:0c:ea:fa:59:6c:14:5e:bc:9a:cc:16:
         28:38:39:c4:c8:d1:c2:f9:42:76:53:80:8e:32:72:71:80:39:
         42:4c:96:c9:08:87:1d:fc:1d:6f:33:af:79:60:92:97:db:3b:
         97:ab:fc:2c:a0:98:07:69:df:23:a0:03:a1:58:dd:91:76:d7:
         1d:6b:7c:68:bd:b0:92:8e:80:9f:e3:34:50:04:76:ab:24:b9:
         53:29:ea:0e:4c:a3:9a:8b:85:1f:e3:1b:7c:5c:31:b9:b8:6b:
         3b:97:b1:6d:35:24:79:c4:9f:75:bc:66:d2:1a:ed:32:92:78:
         9e:94:3f:8c:20:b7:23:59:0f:f3:0b:39:09:d0:cd:e3:1a:a5:
         d3:fe:4a:82:44:40:d0:e9:7b:de:56:36:84:fb:70:a3:93:55:
         25:e6:c2:ef
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgIUIc3gjMPZp1UWwCyAd6mF7LSnvxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODZCMjM2ODRDMjM4MjZCMEQzMDA2OUUwOTVENTgyMjcx
ODAzM0NCNTAeFw0yNTAyMDQxODMwNDZaFw0yNjAyMDMxODM1NDZaMDMxMTAvBgNV
BAMTKDAxM0M3RENDRDk2OTU3QzAxNDg4NkFCQUU0NkJFNzU4MEQyMUMwMjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdj2WCkQxNxN87ltaifIUPOkB1
Nx+9vw9K3uYEhLL5Efe9O6NZHs3KkqnU6jy276S3GYdp8WC2gAbAuJqLGmwF4fhd
NlOrLxHaossjKr7uyrm9zkxb7hhyqVEYS7j3xPZQu84qwdiDujtQP93ay5za/PQH
mTi/aVzmu87sZxYkkUyIA+WTW9AdwbIRJG9/QJwrW2c93OFp//3oeOG15W0ddg4d
EQydbR7VVoBwW5FxB2qONJjjTudDrpmCkoHbtPifnF/K3e5cR3D4gZuGXDQVPISL
VkHFBo+yFhME3a4zphCuboe9Kj50ivMriRfJ7QMWLb2ht+pc9tCEoVMROqhlAgMB
AAGjggLHMIICwzAdBgNVHQ4EFgQUATx9zNlpV8AUiGq65GvnWA0hwCQwHwYDVR0j
BBgwFoAUhrI2hMI4JrDTAGngldWCJxgDPLUwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9BMUJEM0E0RkE3MjJBMjVGNjU1OUFDRTZERUY5RDdDQkZG
QUY1NjQzQ0QwMDlFNzkxM0RCRTUwNjc5QTUxNjM2LzAvODZCMjM2ODRDMjM4MjZC
MEQzMDA2OUUwOTVENTgyMjcxODAzM0NCNS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC84NkIyMzY4NEMyMzgyNkIwRDMw
MDY5RTA5NUQ1ODIyNzE4MDMzQ0I1LmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQTFCRDNBNEZBNzIyQTI1RjY1NTlBQ0U2REVGOUQ3Q0JGRkFGNTY0M0NE
MDA5RTc5MTNEQkU1MDY3OUE1MTYzNi8wLzMyMzgzMDMzM2E2NDYzMzAzYTNhMmYz
MzMyMmQzMzMyMjAzZDNlMjAzMjM2MzUzNzMxMzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAoAw3AMA0G
CSqGSIb3DQEBCwUAA4IBAQAQLBDj2JNfQZqxi2+f/4jbDgP1VbB7hyHZJFHK/57Y
+LpjAwHwvuxS8owU0Qw00q5L8IhdXXlpK++S7hbSBjBcM3uJXEr6qx8y4RovPjbJ
0W1t693xQ4CosCIuacJw5NOsDOr6WWwUXryazBYoODnEyNHC+UJ2U4COMnJxgDlC
TJbJCIcd/B1vM695YJKX2zuXq/wsoJgHad8joAOhWN2Rdtcda3xovbCSjoCf4zRQ
BHarJLlTKeoOTKOai4Uf4xt8XDG5uGs7l7FtNSR5xJ91vGbSGu0yknielD+MILcj
WQ/zCzkJ0M3jGqXT/kqCREDQ6XveVjaE+3Cjk1Ul5sLv
-----END CERTIFICATE-----