Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/A8BD316F7A70022B0DB5C55A10771B026BA0B85A6B3689531C327CD596D606F5/0/3230302e35332e39362e302f32302d3234203d3e203139333332.roa
File:                     3230302e35332e39362e302f32302d3234203d3e203139333332.roa (raw, json)
Hash identifier:          1ZN1CXDPFJUqkHNkoZkxVV0k62C+wIp6m96C5q4pGiE=
Subject key identifier:   67:F5:7F:75:36:BC:18:8C:6E:7F:8D:DD:04:6D:1D:26:C8:40:29:D2
Certificate issuer:       /CN=955DB46C4EFAEA760561376C9A5F35873B9F1567
Certificate serial:       25FD77844E14F00A873F38EE4246E61C2AB42BD5
Authority key identifier: 95:5D:B4:6C:4E:FA:EA:76:05:61:37:6C:9A:5F:35:87:3B:9F:15:67
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/955DB46C4EFAEA760561376C9A5F35873B9F1567.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/A8BD316F7A70022B0DB5C55A10771B026BA0B85A6B3689531C327CD596D606F5/0/3230302e35332e39362e302f32302d3234203d3e203139333332.roa
Signing time:             Tue 04 Feb 2025 18:10:53 +0000
ROA not before:           Tue 04 Feb 2025 18:05:53 +0000
ROA not after:            Tue 03 Feb 2026 18:10:53 +0000
asID:                     19332
IP address blocks:        200.53.96.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:fd:77:84:4e:14:f0:0a:87:3f:38:ee:42:46:e6:1c:2a:b4:2b:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=955DB46C4EFAEA760561376C9A5F35873B9F1567
        Validity
            Not Before: Feb  4 18:05:53 2025 GMT
            Not After : Feb  3 18:10:53 2026 GMT
        Subject: CN=67F57F7536BC188C6E7F8DDD046D1D26C84029D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:df:73:c3:c4:05:92:e7:81:bd:46:43:58:a0:
                    15:20:14:b6:f5:4c:d5:8b:d7:da:98:a3:3c:1e:ec:
                    96:46:a2:9f:3d:79:b8:c7:6f:e1:bc:0e:4f:d5:37:
                    97:dc:db:ae:6a:b9:a0:c8:35:a3:cc:f9:79:89:76:
                    4f:33:57:e3:c1:cf:7d:42:bb:55:49:4c:20:bf:6e:
                    73:3c:db:6d:cc:95:29:65:79:02:23:c1:51:ba:44:
                    79:38:8c:72:f8:26:e6:59:5e:ae:8a:36:4e:fc:76:
                    e7:28:fe:f5:d1:93:4b:b2:28:a4:9c:c7:29:6f:25:
                    ac:af:0a:5f:1f:00:e1:78:a3:6e:d0:54:f0:14:c0:
                    e6:e7:b2:18:f0:89:d5:89:e1:45:2b:f3:33:4c:6f:
                    05:f7:4b:3d:c8:a0:57:7b:8a:d6:87:e4:7a:47:1d:
                    b3:0e:f5:5a:cf:cf:e7:13:b5:e2:dc:dd:aa:38:32:
                    00:f8:d5:69:7b:50:48:b8:f7:66:3d:c1:d8:ac:aa:
                    c4:51:b8:e2:71:90:16:ce:c2:3a:fb:6b:4a:c7:bd:
                    8f:90:f8:88:ed:a6:e5:68:b7:5f:35:2b:49:da:42:
                    11:99:ac:a7:94:dc:d0:32:b3:6c:eb:0e:f6:0a:f4:
                    2b:6e:41:4d:c9:d5:11:83:bb:2f:89:78:94:4f:e5:
                    7c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:F5:7F:75:36:BC:18:8C:6E:7F:8D:DD:04:6D:1D:26:C8:40:29:D2
            X509v3 Authority Key Identifier:
                keyid:95:5D:B4:6C:4E:FA:EA:76:05:61:37:6C:9A:5F:35:87:3B:9F:15:67

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/A8BD316F7A70022B0DB5C55A10771B026BA0B85A6B3689531C327CD596D606F5/0/955DB46C4EFAEA760561376C9A5F35873B9F1567.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/955DB46C4EFAEA760561376C9A5F35873B9F1567.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/A8BD316F7A70022B0DB5C55A10771B026BA0B85A6B3689531C327CD596D606F5/0/3230302e35332e39362e302f32302d3234203d3e203139333332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.53.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         17:e1:c8:3f:fe:14:1e:be:30:5f:96:8e:3c:1b:9f:f8:0d:0d:
         6a:a5:8f:1a:28:51:76:11:4d:d1:5b:84:73:e9:fb:e3:d3:66:
         1c:d6:50:98:cd:cf:18:12:b6:3c:df:d2:82:d3:74:cc:9b:04:
         6e:1a:72:94:aa:f7:3d:db:fc:ff:46:a2:5e:1c:d7:c5:e6:51:
         04:09:29:55:4e:68:58:29:61:d6:7c:3e:8e:60:36:84:8c:dc:
         36:75:ac:f0:94:ba:77:89:98:37:54:d8:4d:de:19:f8:69:fb:
         87:53:73:d8:a8:96:3a:ee:7a:14:b3:f0:ba:28:32:e6:32:35:
         05:af:59:c3:ec:29:e4:f9:36:ca:b7:6d:b0:9a:6e:41:9c:ba:
         8a:7d:75:6e:90:df:e6:1d:6e:88:5d:31:da:6e:62:0b:a6:52:
         04:5b:15:69:86:7c:4f:f2:90:b4:9c:00:21:86:ef:12:f2:72:
         af:61:8c:0e:37:cd:52:1c:f0:d3:bd:b9:25:40:f7:38:1c:6a:
         95:b0:71:33:18:96:61:1f:4d:5b:c0:f3:86:01:4e:40:33:38:
         08:c6:44:f2:fb:6f:de:4e:0f:6c:84:9e:de:0d:83:54:b0:8f:
         de:ee:e0:d8:1d:38:3a:d2:b7:ad:02:dc:b1:1b:43:d4:ae:41:
         bb:70:e3:db
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUJf13hE4U8AqHPzjuQkbmHCq0K9UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTU1REI0NkM0RUZBRUE3NjA1NjEzNzZDOUE1RjM1ODcz
QjlGMTU2NzAeFw0yNTAyMDQxODA1NTNaFw0yNjAyMDMxODEwNTNaMDMxMTAvBgNV
BAMTKDY3RjU3Rjc1MzZCQzE4OEM2RTdGOERERDA0NkQxRDI2Qzg0MDI5RDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA33PDxAWS54G9RkNYoBUgFLb1
TNWL19qYozwe7JZGop89ebjHb+G8Dk/VN5fc265quaDINaPM+XmJdk8zV+PBz31C
u1VJTCC/bnM8223MlSlleQIjwVG6RHk4jHL4JuZZXq6KNk78duco/vXRk0uyKKSc
xylvJayvCl8fAOF4o27QVPAUwObnshjwidWJ4UUr8zNMbwX3Sz3IoFd7itaH5HpH
HbMO9VrPz+cTteLc3ao4MgD41Wl7UEi492Y9wdisqsRRuOJxkBbOwjr7a0rHvY+Q
+IjtpuVot181K0naQhGZrKeU3NAys2zrDvYK9CtuQU3J1RGDuy+JeJRP5XzPAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUZ/V/dTa8GIxuf43dBG0dJshAKdIwHwYDVR0j
BBgwFoAUlV20bE766nYFYTdsml81hzufFWcwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9BOEJEMzE2RjdBNzAwMjJCMERCNUM1NUExMDc3MUIwMjZC
QTBCODVBNkIzNjg5NTMxQzMyN0NENTk2RDYwNkY1LzAvOTU1REI0NkM0RUZBRUE3
NjA1NjEzNzZDOUE1RjM1ODczQjlGMTU2Ny5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85NTVEQjQ2QzRFRkFFQTc2MDU2
MTM3NkM5QTVGMzU4NzNCOUYxNTY3LmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQThCRDMxNkY3QTcwMDIyQjBEQjVDNTVBMTA3NzFCMDI2QkEwQjg1QTZC
MzY4OTUzMUMzMjdDRDU5NkQ2MDZGNS8wLzMyMzAzMDJlMzUzMzJlMzkzNjJlMzAy
ZjMyMzAyZDMyMzQyMDNkM2UyMDMxMzkzMzMzMzIucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBATINWAwDQYJ
KoZIhvcNAQELBQADggEBABfhyD/+FB6+MF+Wjjwbn/gNDWqljxooUXYRTdFbhHPp
++PTZhzWUJjNzxgStjzf0oLTdMybBG4acpSq9z3b/P9Gol4c18XmUQQJKVVOaFgp
YdZ8Po5gNoSM3DZ1rPCUuneJmDdU2E3eGfhp+4dTc9ioljruehSz8LooMuYyNQWv
WcPsKeT5Nsq3bbCabkGcuop9dW6Q3+YdbohdMdpuYgumUgRbFWmGfE/ykLScACGG
7xLycq9hjA43zVIc8NO9uSVA9zgcapWwcTMYlmEfTVvA84YBTkAzOAjGRPL7b95O
D2yEnt4Ng1Swj97u4NgdODrSt60C3LEbQ9SuQbtw49s=
-----END CERTIFICATE-----