Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/B305B50C3C45F59BD2BD635A7A773BF770A1FA7F3DBF5CC0903892285BC2AD1C/0/3230302e38392e38302e302f32312d3234203d3e203237393033.roa
File:                     3230302e38392e38302e302f32312d3234203d3e203237393033.roa (raw, json)
Hash identifier:          2p9tlY9TQBPixfbryqWYef1hnt2yiFgQ/i1yfF58uAA=
Subject key identifier:   B3:84:BB:97:4A:68:B0:E7:9A:36:0E:6D:07:A4:A8:30:35:D2:97:D7
Certificate issuer:       /CN=3A8250F8B4617B7DF97D5F420D32F9DFDDEE82EB
Certificate serial:       5A383155DDE04969FC2956AAF13155875E162A63
Authority key identifier: 3A:82:50:F8:B4:61:7B:7D:F9:7D:5F:42:0D:32:F9:DF:DD:EE:82:EB
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/3A8250F8B4617B7DF97D5F420D32F9DFDDEE82EB.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/B305B50C3C45F59BD2BD635A7A773BF770A1FA7F3DBF5CC0903892285BC2AD1C/0/3230302e38392e38302e302f32312d3234203d3e203237393033.roa
Signing time:             Tue 04 Feb 2025 18:22:06 +0000
ROA not before:           Tue 04 Feb 2025 18:17:06 +0000
ROA not after:            Tue 03 Feb 2026 18:22:06 +0000
asID:                     27903
IP address blocks:        200.89.80.0/21 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:38:31:55:dd:e0:49:69:fc:29:56:aa:f1:31:55:87:5e:16:2a:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3A8250F8B4617B7DF97D5F420D32F9DFDDEE82EB
        Validity
            Not Before: Feb  4 18:17:06 2025 GMT
            Not After : Feb  3 18:22:06 2026 GMT
        Subject: CN=B384BB974A68B0E79A360E6D07A4A83035D297D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:ac:2c:9a:02:e7:32:2f:99:70:24:64:64:5e:
                    5a:17:5a:f4:5d:0e:87:35:d2:21:b9:78:6d:40:3f:
                    cd:34:9f:50:49:07:ed:7c:9b:b7:da:d3:13:92:7f:
                    c5:81:f6:50:76:06:a0:8d:a0:f7:d4:df:94:61:c5:
                    83:92:78:44:e9:cd:f1:d1:23:54:32:da:29:b6:68:
                    c5:1a:78:b6:95:89:31:b0:7f:1e:ec:f6:69:92:08:
                    0b:e8:ea:e9:3e:3a:2a:9b:27:45:90:e7:ee:79:a0:
                    60:58:06:7c:73:93:ba:a2:d1:7c:52:fc:97:8f:6e:
                    90:2e:de:d8:cf:bc:e6:c5:70:4f:5e:52:ce:c0:d3:
                    7b:63:2d:ad:46:5e:f0:db:38:fc:eb:3b:a9:f8:60:
                    2c:0e:b5:a4:06:27:ec:21:0f:2a:af:98:b2:37:11:
                    ae:13:d4:c8:37:ad:e1:fe:6d:40:98:21:60:b2:58:
                    a0:78:28:58:a9:56:c0:29:cf:86:49:f5:61:c5:cf:
                    ef:be:7f:8c:56:d0:ba:47:65:d3:57:2f:f1:bb:b0:
                    3e:fd:2f:bb:8b:85:5a:13:c1:52:e4:bc:87:3d:e3:
                    be:8a:c5:b6:19:c7:9d:2b:06:b1:6f:36:79:39:a1:
                    aa:e1:00:3b:65:60:22:04:39:1f:0b:56:32:1b:20:
                    aa:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:84:BB:97:4A:68:B0:E7:9A:36:0E:6D:07:A4:A8:30:35:D2:97:D7
            X509v3 Authority Key Identifier:
                keyid:3A:82:50:F8:B4:61:7B:7D:F9:7D:5F:42:0D:32:F9:DF:DD:EE:82:EB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/B305B50C3C45F59BD2BD635A7A773BF770A1FA7F3DBF5CC0903892285BC2AD1C/0/3A8250F8B4617B7DF97D5F420D32F9DFDDEE82EB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/3A8250F8B4617B7DF97D5F420D32F9DFDDEE82EB.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/B305B50C3C45F59BD2BD635A7A773BF770A1FA7F3DBF5CC0903892285BC2AD1C/0/3230302e38392e38302e302f32312d3234203d3e203237393033.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.89.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7f:36:30:38:75:b2:cd:b0:ab:81:d5:55:6d:9b:43:2a:05:78:
         6e:ef:b7:ea:f8:da:0c:ba:66:9e:6a:36:84:e9:e1:b2:7a:38:
         de:7e:c7:39:7c:3f:a4:06:51:eb:68:68:25:42:24:69:f7:ff:
         37:12:de:95:06:b0:8a:08:32:fd:09:4f:ba:4f:b5:8f:70:1e:
         49:06:9e:b8:d7:5b:63:8b:1e:4b:68:8b:5b:e7:e3:23:1c:20:
         e1:53:40:06:eb:98:cb:50:37:ad:ab:4c:39:ca:4b:b5:da:77:
         fd:2d:20:a4:c2:4c:29:af:fd:b6:db:18:62:1b:57:da:63:df:
         a3:c6:d5:c6:00:12:06:d4:27:35:8d:ef:5c:f3:f4:30:ad:e0:
         fc:28:59:ce:79:03:ff:66:d9:91:69:83:2e:dd:81:3f:2f:37:
         e5:52:36:fc:66:36:18:58:77:5b:ce:ca:f2:86:5b:b5:da:74:
         a4:1b:41:7e:72:f9:24:ae:98:08:98:1c:74:68:15:70:7a:a2:
         65:ae:6a:76:33:d5:3a:5c:dc:86:e5:22:60:7b:93:2d:c9:f7:
         3f:aa:6a:00:9c:e8:eb:1e:b3:c2:ca:15:61:38:33:27:35:6b:
         80:48:d8:44:02:d1:47:21:9f:a1:0c:7b:58:ab:9a:03:c3:b9:
         6d:d9:17:df
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUWjgxVd3gSWn8KVaq8TFVh14WKmMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0E4MjUwRjhCNDYxN0I3REY5N0Q1RjQyMEQzMkY5REZE
REVFODJFQjAeFw0yNTAyMDQxODE3MDZaFw0yNjAyMDMxODIyMDZaMDMxMTAvBgNV
BAMTKEIzODRCQjk3NEE2OEIwRTc5QTM2MEU2RDA3QTRBODMwMzVEMjk3RDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWrCyaAucyL5lwJGRkXloXWvRd
Doc10iG5eG1AP800n1BJB+18m7fa0xOSf8WB9lB2BqCNoPfU35RhxYOSeETpzfHR
I1Qy2im2aMUaeLaViTGwfx7s9mmSCAvo6uk+OiqbJ0WQ5+55oGBYBnxzk7qi0XxS
/JePbpAu3tjPvObFcE9eUs7A03tjLa1GXvDbOPzrO6n4YCwOtaQGJ+whDyqvmLI3
Ea4T1Mg3reH+bUCYIWCyWKB4KFipVsApz4ZJ9WHFz+++f4xW0LpHZdNXL/G7sD79
L7uLhVoTwVLkvIc9476KxbYZx50rBrFvNnk5oarhADtlYCIEOR8LVjIbIKpjAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUs4S7l0posOeaNg5tB6SoMDXSl9cwHwYDVR0j
BBgwFoAUOoJQ+LRhe335fV9CDTL5393uguswDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9CMzA1QjUwQzNDNDVGNTlCRDJCRDYzNUE3QTc3M0JGNzcw
QTFGQTdGM0RCRjVDQzA5MDM4OTIyODVCQzJBRDFDLzAvM0E4MjUwRjhCNDYxN0I3
REY5N0Q1RjQyMEQzMkY5REZEREVFODJFQi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8zQTgyNTBGOEI0NjE3QjdERjk3
RDVGNDIwRDMyRjlERkRERUU4MkVCLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQjMwNUI1MEMzQzQ1RjU5QkQyQkQ2MzVBN0E3NzNCRjc3MEExRkE3RjNE
QkY1Q0MwOTAzODkyMjg1QkMyQUQxQy8wLzMyMzAzMDJlMzgzOTJlMzgzMDJlMzAy
ZjMyMzEyZDMyMzQyMDNkM2UyMDMyMzczOTMwMzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPIWVAwDQYJ
KoZIhvcNAQELBQADggEBAH82MDh1ss2wq4HVVW2bQyoFeG7vt+r42gy6Zp5qNoTp
4bJ6ON5+xzl8P6QGUetoaCVCJGn3/zcS3pUGsIoIMv0JT7pPtY9wHkkGnrjXW2OL
Hktoi1vn4yMcIOFTQAbrmMtQN62rTDnKS7Xad/0tIKTCTCmv/bbbGGIbV9pj36PG
1cYAEgbUJzWN71zz9DCt4PwoWc55A/9m2ZFpgy7dgT8vN+VSNvxmNhhYd1vOyvKG
W7XadKQbQX5y+SSumAiYHHRoFXB6omWuanYz1Tpc3IblImB7ky3J9z+qagCc6Ose
s8LKFWE4Myc1a4BI2EQC0Uchn6EMe1irmgPDuW3ZF98=
-----END CERTIFICATE-----