Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/A3A4E0D18D97D39C5390FFDE26FC78BE4AB5068967B888AD988E4BB0D48F9819/0/3230312e3231372e32312e302f32342d3234203d3e203237373638.roa
File:                     3230312e3231372e32312e302f32342d3234203d3e203237373638.roa (raw, json)
Hash identifier:          QLLjl+b9XKiW4bWe0/z4UCfm31PQtDKcwv4XSzYsMRo=
Subject key identifier:   FE:00:94:F4:59:FA:26:44:6C:B2:9E:EF:5C:35:8A:F1:70:23:20:EC
Certificate issuer:       /CN=EC2EAE5BF883D3DFD8B270D082FF89DD81090C53
Certificate serial:       9A6E86AA078237AA495368DC4CAC1DD8CE5845
Authority key identifier: EC:2E:AE:5B:F8:83:D3:DF:D8:B2:70:D0:82:FF:89:DD:81:09:0C:53
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/EC2EAE5BF883D3DFD8B270D082FF89DD81090C53.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/A3A4E0D18D97D39C5390FFDE26FC78BE4AB5068967B888AD988E4BB0D48F9819/0/3230312e3231372e32312e302f32342d3234203d3e203237373638.roa
Signing time:             Tue 04 Feb 2025 18:31:14 +0000
ROA not before:           Tue 04 Feb 2025 18:26:14 +0000
ROA not after:            Tue 03 Feb 2026 18:31:14 +0000
asID:                     27768
IP address blocks:        201.217.21.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            9a:6e:86:aa:07:82:37:aa:49:53:68:dc:4c:ac:1d:d8:ce:58:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=EC2EAE5BF883D3DFD8B270D082FF89DD81090C53
        Validity
            Not Before: Feb  4 18:26:14 2025 GMT
            Not After : Feb  3 18:31:14 2026 GMT
        Subject: CN=FE0094F459FA26446CB29EEF5C358AF1702320EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:39:de:4d:40:28:77:47:b4:c4:ef:72:49:06:
                    00:28:f1:2b:2e:4e:61:f4:13:aa:f6:99:b8:6d:d3:
                    92:bd:9e:06:83:17:e7:af:17:66:34:12:ca:3e:c4:
                    95:58:dd:06:e3:aa:22:f8:22:6b:e2:51:8a:42:9b:
                    57:a9:c3:86:27:e6:0b:e6:7e:5b:22:75:22:10:72:
                    35:9c:a5:9d:65:a5:e0:20:5b:da:a3:d4:dc:82:c4:
                    4e:6c:d2:d3:2e:32:9a:38:11:cd:b0:32:42:7b:b7:
                    81:e5:44:87:8f:12:87:ca:19:41:af:c2:cf:74:57:
                    5b:da:35:ab:95:05:26:5d:62:3a:3d:88:ff:70:0f:
                    99:12:53:8e:df:4b:50:3f:d8:e8:4b:3c:4a:ad:cc:
                    8a:05:23:35:80:cb:3e:dc:b0:4e:bf:67:67:11:6b:
                    1b:34:24:c7:59:8d:15:8d:95:73:c3:28:69:a4:57:
                    c8:9f:4b:b7:3b:70:6b:14:1b:64:2f:7e:23:2b:7a:
                    dd:36:ea:da:6f:13:03:7f:9a:68:a8:a4:8c:8f:ad:
                    93:3f:6d:d1:95:8b:64:7d:71:30:08:e1:67:d8:7f:
                    93:fe:cf:3a:4e:3b:04:87:68:57:bb:75:1c:5e:3e:
                    4b:ba:1e:78:44:e2:6e:ee:03:f5:8b:cf:ca:31:b1:
                    d6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:00:94:F4:59:FA:26:44:6C:B2:9E:EF:5C:35:8A:F1:70:23:20:EC
            X509v3 Authority Key Identifier:
                keyid:EC:2E:AE:5B:F8:83:D3:DF:D8:B2:70:D0:82:FF:89:DD:81:09:0C:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/A3A4E0D18D97D39C5390FFDE26FC78BE4AB5068967B888AD988E4BB0D48F9819/0/EC2EAE5BF883D3DFD8B270D082FF89DD81090C53.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/EC2EAE5BF883D3DFD8B270D082FF89DD81090C53.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/A3A4E0D18D97D39C5390FFDE26FC78BE4AB5068967B888AD988E4BB0D48F9819/0/3230312e3231372e32312e302f32342d3234203d3e203237373638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.217.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:f7:4b:e6:af:1e:94:77:b6:d0:52:2f:06:68:43:66:88:93:
         f2:bf:0a:a1:ab:87:44:42:04:58:05:7e:13:a0:ec:2f:bd:7e:
         ad:c3:c4:9b:ef:95:a8:89:0d:66:f6:1a:ff:cc:5a:b7:0b:ff:
         1b:29:c8:6e:1e:69:30:ea:a4:07:a4:f0:ab:fe:1e:99:2b:08:
         5c:04:ca:47:3f:1c:ab:93:1d:68:35:26:5c:c8:f5:54:8a:20:
         d5:5c:d8:37:de:c5:04:3b:f5:f0:82:3f:aa:26:d5:33:8e:9f:
         ed:d8:31:f8:f9:d7:4f:70:30:89:1a:e7:ba:ee:f4:56:9b:03:
         c6:58:28:cb:bb:99:9f:3a:50:1a:b1:42:46:64:2f:48:a3:89:
         74:2c:71:6b:fd:8e:43:f9:9f:2d:8f:c0:b5:cb:f4:a4:ec:92:
         df:92:46:84:52:fe:79:4f:43:e8:e7:36:dc:61:8b:7c:77:e5:
         09:6a:e6:f2:eb:f9:e1:1e:4e:be:ee:20:1c:f1:57:ef:ee:c6:
         9a:e6:dd:e6:c2:44:ee:a4:71:a1:99:cc:52:68:66:9e:02:ac:
         a8:0d:8c:1d:57:79:73:3f:c4:77:64:7b:94:35:5b:db:0e:75:
         e7:a8:32:eb:af:bb:e3:d2:d8:98:40:bf:d3:fe:3c:fa:de:ca:
         d1:50:17:f5
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUAJpuhqoHgjeqSVNo3EysHdjOWEUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRUMyRUFFNUJGODgzRDNERkQ4QjI3MEQwODJGRjg5REQ4
MTA5MEM1MzAeFw0yNTAyMDQxODI2MTRaFw0yNjAyMDMxODMxMTRaMDMxMTAvBgNV
BAMTKEZFMDA5NEY0NTlGQTI2NDQ2Q0IyOUVFRjVDMzU4QUYxNzAyMzIwRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFOd5NQCh3R7TE73JJBgAo8Ssu
TmH0E6r2mbht05K9ngaDF+evF2Y0Eso+xJVY3QbjqiL4ImviUYpCm1epw4Yn5gvm
flsidSIQcjWcpZ1lpeAgW9qj1NyCxE5s0tMuMpo4Ec2wMkJ7t4HlRIePEofKGUGv
ws90V1vaNauVBSZdYjo9iP9wD5kSU47fS1A/2OhLPEqtzIoFIzWAyz7csE6/Z2cR
axs0JMdZjRWNlXPDKGmkV8ifS7c7cGsUG2QvfiMret026tpvEwN/mmiopIyPrZM/
bdGVi2R9cTAI4WfYf5P+zzpOOwSHaFe7dRxePku6HnhE4m7uA/WLz8oxsdZfAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQU/gCU9Fn6JkRssp7vXDWK8XAjIOwwHwYDVR0j
BBgwFoAU7C6uW/iD09/YsnDQgv+J3YEJDFMwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9BM0E0RTBEMThEOTdEMzlDNTM5MEZGREUyNkZDNzhCRTRB
QjUwNjg5NjdCODg4QUQ5ODhFNEJCMEQ0OEY5ODE5LzAvRUMyRUFFNUJGODgzRDNE
RkQ4QjI3MEQwODJGRjg5REQ4MTA5MEM1My5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9FQzJFQUU1QkY4ODNEM0RGRDhC
MjcwRDA4MkZGODlERDgxMDkwQzUzLmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQTNBNEUwRDE4RDk3RDM5QzUzOTBGRkRFMjZGQzc4QkU0QUI1MDY4OTY3
Qjg4OEFEOTg4RTRCQjBENDhGOTgxOS8wLzMyMzAzMTJlMzIzMTM3MmUzMjMxMmUz
MDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNzM3MzYzOC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMnZFTAN
BgkqhkiG9w0BAQsFAAOCAQEAJvdL5q8elHe20FIvBmhDZoiT8r8KoauHREIEWAV+
E6DsL71+rcPEm++VqIkNZvYa/8xatwv/GynIbh5pMOqkB6Twq/4emSsIXATKRz8c
q5MdaDUmXMj1VIog1VzYN97FBDv18II/qibVM46f7dgx+PnXT3AwiRrnuu70VpsD
xlgoy7uZnzpQGrFCRmQvSKOJdCxxa/2OQ/mfLY/Atcv0pOyS35JGhFL+eU9D6Oc2
3GGLfHflCWrm8uv54R5Ovu4gHPFX7+7Gmubd5sJE7qRxoZnMUmhmngKsqA2MHVd5
cz/Ed2R7lDVb2w5156gy66+749LYmEC/0/48+t7K0VAX9Q==
-----END CERTIFICATE-----