Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/B4B9AA7740AEAAC1942C6D49BD0C759EECBC0A6F31BE3828958A9A9A763ABB11/0/3135392e31362e342e302f32342d3234203d3e20323732333233.roa
File:                     3135392e31362e342e302f32342d3234203d3e20323732333233.roa (raw, json)
Hash identifier:          55A0DSBDVGnQxzrEHnANVVjGJnC9ghv4z1JutFVyy9c=
Subject key identifier:   F1:26:64:24:8B:5E:90:2B:2B:07:F4:6B:09:95:B5:20:B6:01:F7:53
Certificate issuer:       /CN=D3ECA9E328BAD678A3AD28C9C53518EF9ED06703
Certificate serial:       68B55B3F7CEBDFC240688953959DA8933462F7FD
Authority key identifier: D3:EC:A9:E3:28:BA:D6:78:A3:AD:28:C9:C5:35:18:EF:9E:D0:67:03
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D3ECA9E328BAD678A3AD28C9C53518EF9ED06703.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/B4B9AA7740AEAAC1942C6D49BD0C759EECBC0A6F31BE3828958A9A9A763ABB11/0/3135392e31362e342e302f32342d3234203d3e20323732333233.roa
Signing time:             Fri 19 Jul 2024 17:05:04 +0000
ROA not before:           Fri 19 Jul 2024 17:00:04 +0000
ROA not after:            Fri 18 Jul 2025 17:05:04 +0000
asID:                     272323
IP address blocks:        159.16.4.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:b5:5b:3f:7c:eb:df:c2:40:68:89:53:95:9d:a8:93:34:62:f7:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=D3ECA9E328BAD678A3AD28C9C53518EF9ED06703
        Validity
            Not Before: Jul 19 17:00:04 2024 GMT
            Not After : Jul 18 17:05:04 2025 GMT
        Subject: CN=F12664248B5E902B2B07F46B0995B520B601F753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e4:c3:b1:3f:84:8d:c7:26:99:89:9c:fc:d1:
                    b2:9d:cf:28:08:42:d3:30:5b:be:07:33:ff:b7:f9:
                    56:12:d7:18:1c:73:23:7c:dc:47:66:c6:a0:c7:8b:
                    a0:49:3e:df:d1:60:cd:58:ae:54:4e:b5:4d:43:94:
                    a0:b1:cc:60:e9:75:b0:4e:9d:cf:e1:09:6d:11:ba:
                    b3:86:1c:50:ad:6e:c4:ea:b6:19:29:86:f4:15:54:
                    77:35:ab:8c:3e:aa:95:ac:49:f9:6f:c7:1c:a6:d3:
                    a3:4b:b0:09:42:60:ee:55:82:d1:64:cb:16:19:df:
                    fa:ca:51:c7:d6:87:5a:c3:f5:9d:4a:39:d9:08:3b:
                    d8:92:18:f4:09:bb:25:c5:c6:bf:65:79:ac:2a:73:
                    5c:f6:89:d7:fb:8f:0c:0f:33:3d:63:5c:a3:81:db:
                    94:28:0e:de:69:51:21:5c:1c:52:9f:59:75:87:0c:
                    d6:b0:bd:6d:2f:ac:98:eb:3a:02:ef:57:19:5b:06:
                    af:e0:02:ce:58:e5:2a:e3:52:aa:22:0e:5b:c4:21:
                    19:f5:73:58:f3:3f:cc:f6:7f:9a:b1:62:e7:76:fb:
                    48:98:c0:7d:a6:94:de:8e:6d:67:6e:61:7a:1d:7d:
                    b3:68:4d:9a:1f:6b:0a:d8:46:10:c5:22:2a:a4:bc:
                    68:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:26:64:24:8B:5E:90:2B:2B:07:F4:6B:09:95:B5:20:B6:01:F7:53
            X509v3 Authority Key Identifier:
                keyid:D3:EC:A9:E3:28:BA:D6:78:A3:AD:28:C9:C5:35:18:EF:9E:D0:67:03

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/B4B9AA7740AEAAC1942C6D49BD0C759EECBC0A6F31BE3828958A9A9A763ABB11/0/D3ECA9E328BAD678A3AD28C9C53518EF9ED06703.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/D3ECA9E328BAD678A3AD28C9C53518EF9ED06703.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/B4B9AA7740AEAAC1942C6D49BD0C759EECBC0A6F31BE3828958A9A9A763ABB11/0/3135392e31362e342e302f32342d3234203d3e20323732333233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.16.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:c1:39:69:55:dc:da:e8:b7:b0:6b:c1:a1:cc:20:08:92:29:
         de:ee:fa:1b:e2:b7:e0:35:d5:ec:13:31:00:54:25:7e:42:70:
         c5:c8:e4:f4:61:eb:f5:05:9b:48:59:af:17:b9:ef:07:a9:9d:
         3a:3d:70:08:85:19:2b:8d:05:7b:3e:47:69:b9:99:65:e6:86:
         93:61:75:87:ed:c5:68:5a:e5:81:28:8b:7f:be:da:fd:fd:05:
         89:a8:ac:7d:7a:ab:ee:5b:83:73:14:e5:c2:5c:83:bd:4a:84:
         40:c6:e0:bb:b7:a0:a9:ee:f6:64:d0:6c:9f:34:f1:df:04:8d:
         18:7a:b5:fe:0e:8d:c6:c1:9c:d5:89:62:20:ff:4d:f0:d9:06:
         cb:98:b8:0d:32:57:8b:40:ab:02:b2:70:ed:d4:aa:86:d3:c4:
         ed:4a:d0:dd:38:5d:40:6a:b7:93:1d:24:9a:ec:c9:31:32:7d:
         ac:59:19:a2:b1:84:a4:40:05:2e:44:13:2c:43:8f:61:1a:10:
         36:ca:d7:b8:83:af:93:f3:bb:6f:84:11:6f:5e:80:9d:2f:29:
         15:90:09:64:09:85:23:88:ec:c7:0b:39:d7:6e:e9:a0:50:30:
         3f:93:9e:e9:33:94:37:2e:e6:b4:78:33:ec:ba:8e:a2:2e:a1:
         0e:c7:c5:8e
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUaLVbP3zr38JAaIlTlZ2okzRi9/0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRDNFQ0E5RTMyOEJBRDY3OEEzQUQyOEM5QzUzNTE4RUY5
RUQwNjcwMzAeFw0yNDA3MTkxNzAwMDRaFw0yNTA3MTgxNzA1MDRaMDMxMTAvBgNV
BAMTKEYxMjY2NDI0OEI1RTkwMkIyQjA3RjQ2QjA5OTVCNTIwQjYwMUY3NTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa5MOxP4SNxyaZiZz80bKdzygI
QtMwW74HM/+3+VYS1xgccyN83EdmxqDHi6BJPt/RYM1YrlROtU1DlKCxzGDpdbBO
nc/hCW0RurOGHFCtbsTqthkphvQVVHc1q4w+qpWsSflvxxym06NLsAlCYO5VgtFk
yxYZ3/rKUcfWh1rD9Z1KOdkIO9iSGPQJuyXFxr9leawqc1z2idf7jwwPMz1jXKOB
25QoDt5pUSFcHFKfWXWHDNawvW0vrJjrOgLvVxlbBq/gAs5Y5SrjUqoiDlvEIRn1
c1jzP8z2f5qxYud2+0iYwH2mlN6ObWduYXodfbNoTZofawrYRhDFIiqkvGh/AgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQU8SZkJItekCsrB/RrCZW1ILYB91MwHwYDVR0j
BBgwFoAU0+yp4yi61nijrSjJxTUY757QZwMwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9CNEI5QUE3NzQwQUVBQUMxOTQyQzZENDlCRDBDNzU5RUVD
QkMwQTZGMzFCRTM4Mjg5NThBOUE5QTc2M0FCQjExLzAvRDNFQ0E5RTMyOEJBRDY3
OEEzQUQyOEM5QzUzNTE4RUY5RUQwNjcwMy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9EM0VDQTlFMzI4QkFENjc4QTNB
RDI4QzlDNTM1MThFRjlFRDA2NzAzLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQjRCOUFBNzc0MEFFQUFDMTk0MkM2RDQ5QkQwQzc1OUVFQ0JDMEE2RjMx
QkUzODI4OTU4QTlBOUE3NjNBQkIxMS8wLzMxMzUzOTJlMzEzNjJlMzQyZTMwMmYz
MjM0MmQzMjM0MjAzZDNlMjAzMjM3MzIzMzMyMzMucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACfEAQwDQYJ
KoZIhvcNAQELBQADggEBABbBOWlV3Nrot7BrwaHMIAiSKd7u+hvit+A11ewTMQBU
JX5CcMXI5PRh6/UFm0hZrxe57wepnTo9cAiFGSuNBXs+R2m5mWXmhpNhdYftxWha
5YEoi3++2v39BYmorH16q+5bg3MU5cJcg71KhEDG4Lu3oKnu9mTQbJ808d8EjRh6
tf4OjcbBnNWJYiD/TfDZBsuYuA0yV4tAqwKycO3UqobTxO1K0N04XUBqt5MdJJrs
yTEyfaxZGaKxhKRABS5EEyxDj2EaEDbK17iDr5Pzu2+EEW9egJ0vKRWQCWQJhSOI
7McLOddu6aBQMD+TnukzlDcu5rR4M+y6jqIuoQ7HxY4=
-----END CERTIFICATE-----