Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/AC21DFD96188FF031874093BEF78B7FC7E5E3CC40F23922D9CDE59CD11658C84/0/323830333a663038303a613030303a3a2f33352d3433203d3e203634313230.roa
File:                     323830333a663038303a613030303a3a2f33352d3433203d3e203634313230.roa (raw, json)
Hash identifier:          3P3LR5yFetT9HXCWHCfJIkeWLFR9tdxGvAY/oFdfQb8=
Subject key identifier:   29:AE:41:BB:FD:CC:68:87:26:C2:69:6D:C5:63:AD:2A:58:5B:31:14
Certificate issuer:       /CN=D6017AACFB785EAB7EA56D24337CDCD724EAC2AD
Certificate serial:       66EF0C93B11F5DFA0ABE75DD354FDF050899D893
Authority key identifier: D6:01:7A:AC:FB:78:5E:AB:7E:A5:6D:24:33:7C:DC:D7:24:EA:C2:AD
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D6017AACFB785EAB7EA56D24337CDCD724EAC2AD.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/AC21DFD96188FF031874093BEF78B7FC7E5E3CC40F23922D9CDE59CD11658C84/0/323830333a663038303a613030303a3a2f33352d3433203d3e203634313230.roa
Signing time:             Tue 04 Feb 2025 18:42:02 +0000
ROA not before:           Tue 04 Feb 2025 18:37:02 +0000
ROA not after:            Tue 03 Feb 2026 18:42:02 +0000
asID:                     64120
IP address blocks:        2803:f080:a000::/35 maxlen: 43
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:ef:0c:93:b1:1f:5d:fa:0a:be:75:dd:35:4f:df:05:08:99:d8:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D6017AACFB785EAB7EA56D24337CDCD724EAC2AD
        Validity
            Not Before: Feb  4 18:37:02 2025 GMT
            Not After : Feb  3 18:42:02 2026 GMT
        Subject: CN=29AE41BBFDCC688726C2696DC563AD2A585B3114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:99:27:0d:74:13:b2:cc:f6:a4:d0:e7:23:79:
                    af:cb:0d:0d:e4:d0:d0:fb:76:3a:bc:97:f8:7f:b3:
                    90:64:ca:78:49:7c:80:71:7e:5b:0d:64:4f:c2:b4:
                    48:a0:c3:de:29:9f:b3:a8:5d:31:c6:9d:a3:bc:64:
                    30:66:42:04:05:6c:75:6f:e4:39:03:62:d1:cd:76:
                    46:52:1d:7b:8f:b6:bc:05:dd:89:ca:ad:1a:53:0b:
                    bc:42:f0:08:c5:1f:38:a0:7e:7e:d8:b7:b8:80:d7:
                    2b:17:89:9d:88:9c:9b:a4:4f:e0:ff:30:83:6e:d2:
                    ef:3a:27:05:2b:ac:3e:25:5e:58:3a:a7:1c:46:71:
                    8b:a4:b7:5f:82:bb:43:35:38:f6:12:e3:01:35:60:
                    f7:9a:ae:1a:c5:3c:6e:f0:15:49:f8:85:97:20:49:
                    18:d2:0f:70:6a:4f:33:28:15:52:e3:85:bf:79:f7:
                    17:77:a4:0b:87:42:14:28:cf:23:02:7c:e5:58:99:
                    0e:cf:57:b0:1f:39:9c:63:d5:03:d5:d0:a1:4a:e1:
                    09:49:dc:73:64:49:8e:db:37:56:cb:6d:9d:29:ba:
                    f0:4d:3d:ad:fc:50:02:36:17:82:a4:e4:5b:31:e7:
                    ba:6e:79:f8:64:8a:f6:c3:6b:72:40:cc:5b:df:02:
                    37:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:AE:41:BB:FD:CC:68:87:26:C2:69:6D:C5:63:AD:2A:58:5B:31:14
            X509v3 Authority Key Identifier:
                keyid:D6:01:7A:AC:FB:78:5E:AB:7E:A5:6D:24:33:7C:DC:D7:24:EA:C2:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/AC21DFD96188FF031874093BEF78B7FC7E5E3CC40F23922D9CDE59CD11658C84/0/D6017AACFB785EAB7EA56D24337CDCD724EAC2AD.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D6017AACFB785EAB7EA56D24337CDCD724EAC2AD.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/AC21DFD96188FF031874093BEF78B7FC7E5E3CC40F23922D9CDE59CD11658C84/0/323830333a663038303a613030303a3a2f33352d3433203d3e203634313230.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2803:f080:a000::/35

    Signature Algorithm: sha256WithRSAEncryption
         65:22:8c:5a:8e:f6:6e:2e:c5:19:17:97:89:60:59:65:24:39:
         2a:5d:d8:57:6f:b5:ec:29:53:04:11:23:d4:dd:81:f8:e9:aa:
         3e:26:cb:a8:55:f8:2d:7c:88:48:f8:9d:cb:92:6f:96:d0:b7:
         1e:76:a4:dc:6f:04:0f:4d:4d:7e:ac:98:18:3d:f5:c4:10:6c:
         2a:00:ab:cc:8d:70:22:93:9a:76:af:b6:97:b5:b9:76:87:4a:
         71:6d:21:ff:1d:7e:f8:c0:82:24:58:18:65:ad:7f:1e:5a:7f:
         6e:14:96:16:01:62:cb:d0:65:85:84:86:d8:55:9b:41:cd:40:
         ad:ab:4f:b4:92:4c:d2:72:d3:ab:1d:44:4f:2a:18:15:a2:e4:
         35:18:af:69:2c:7a:f2:38:9b:27:e4:31:87:fb:18:88:aa:09:
         04:72:d4:ce:07:86:f7:fa:79:57:7a:9a:a2:b4:e2:f4:44:06:
         d0:9d:1a:e4:e1:7b:1f:10:e4:c3:d4:a9:5c:43:6a:b7:67:7f:
         73:a4:96:dd:6f:34:d2:a0:0a:c6:3d:d8:6f:e1:82:15:0f:78:
         7c:71:fa:c5:f6:1a:d4:b1:d5:97:de:5d:02:19:94:b9:fe:83:
         94:01:d1:46:9f:99:ef:fe:4d:c4:27:7d:ad:61:6e:74:5a:b9:
         fb:51:12:b1
-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgIUZu8Mk7EfXfoKvnXdNU/fBQiZ2JMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDYwMTdBQUNGQjc4NUVBQjdFQTU2RDI0MzM3Q0RDRDcy
NEVBQzJBRDAeFw0yNTAyMDQxODM3MDJaFw0yNjAyMDMxODQyMDJaMDMxMTAvBgNV
BAMTKDI5QUU0MUJCRkRDQzY4ODcyNkMyNjk2REM1NjNBRDJBNTg1QjMxMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqmScNdBOyzPak0Ocjea/LDQ3k
0ND7djq8l/h/s5BkynhJfIBxflsNZE/CtEigw94pn7OoXTHGnaO8ZDBmQgQFbHVv
5DkDYtHNdkZSHXuPtrwF3YnKrRpTC7xC8AjFHzigfn7Yt7iA1ysXiZ2InJukT+D/
MINu0u86JwUrrD4lXlg6pxxGcYukt1+Cu0M1OPYS4wE1YPearhrFPG7wFUn4hZcg
SRjSD3BqTzMoFVLjhb959xd3pAuHQhQozyMCfOVYmQ7PV7AfOZxj1QPV0KFK4QlJ
3HNkSY7bN1bLbZ0puvBNPa38UAI2F4Kk5Fsx57puefhkivbDa3JAzFvfAjehAgMB
AAGjggLSMIICzjAdBgNVHQ4EFgQUKa5Bu/3MaIcmwmltxWOtKlhbMRQwHwYDVR0j
BBgwFoAU1gF6rPt4Xqt+pW0kM3zc1yTqwq0wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9BQzIxREZEOTYxODhGRjAzMTg3NDA5M0JFRjc4QjdGQzdF
NUUzQ0M0MEYyMzkyMkQ5Q0RFNTlDRDExNjU4Qzg0LzAvRDYwMTdBQUNGQjc4NUVB
QjdFQTU2RDI0MzM3Q0RDRDcyNEVBQzJBRC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9ENjAxN0FBQ0ZCNzg1RUFCN0VB
NTZEMjQzMzdDRENENzI0RUFDMkFELmNlcjCBzwYIKwYBBQUHAQsEgcIwgb8wgbwG
CCsGAQUFBzALhoGvcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQUMyMURGRDk2MTg4RkYwMzE4NzQwOTNCRUY3OEI3RkM3RTVFM0NDNDBG
MjM5MjJEOUNERTU5Q0QxMTY1OEM4NC8wLzMyMzgzMDMzM2E2NjMwMzgzMDNhNjEz
MDMwMzAzYTNhMmYzMzM1MmQzNDMzMjAzZDNlMjAzNjM0MzEzMjMwLnJvYTAYBgNV
HSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAI
AwYFKAPwgKAwDQYJKoZIhvcNAQELBQADggEBAGUijFqO9m4uxRkXl4lgWWUkOSpd
2FdvtewpUwQRI9Tdgfjpqj4my6hV+C18iEj4ncuSb5bQtx52pNxvBA9NTX6smBg9
9cQQbCoAq8yNcCKTmnavtpe1uXaHSnFtIf8dfvjAgiRYGGWtfx5af24UlhYBYsvQ
ZYWEhthVm0HNQK2rT7SSTNJy06sdRE8qGBWi5DUYr2ksevI4myfkMYf7GIiqCQRy
1M4Hhvf6eVd6mqK04vREBtCdGuThex8Q5MPUqVxDardnf3Oklt1vNNKgCsY92G/h
ghUPeHxx+sX2GtSx1ZfeXQIZlLn+g5QB0Uafme/+TcQnfa1hbnRauftRErE=
-----END CERTIFICATE-----