Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/BAA3EE0AE062593ADBA5CEAB6EA414E942EE2D9BA2346BD02B1DD1AFE9415340/0/3139312e39372e34382e302f32302d3234203d3e203238303332.roa
File:                     3139312e39372e34382e302f32302d3234203d3e203238303332.roa (raw, json)
Hash identifier:          gaRU5QXF8xnZScdkCVvXlDnl1gvtfw828rGMEDyKwOk=
Subject key identifier:   E4:27:09:8D:11:9B:2D:1D:47:52:07:58:DF:A0:3E:9F:71:72:66:C3
Certificate issuer:       /CN=8E9E896ADF8041E07AB6735225935260B837E74D
Certificate serial:       3ACB7F49230E0424A71A5D5CA8E31977507B8372
Authority key identifier: 8E:9E:89:6A:DF:80:41:E0:7A:B6:73:52:25:93:52:60:B8:37:E7:4D
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/8E9E896ADF8041E07AB6735225935260B837E74D.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/BAA3EE0AE062593ADBA5CEAB6EA414E942EE2D9BA2346BD02B1DD1AFE9415340/0/3139312e39372e34382e302f32302d3234203d3e203238303332.roa
Signing time:             Tue 04 Feb 2025 18:31:36 +0000
ROA not before:           Tue 04 Feb 2025 18:26:36 +0000
ROA not after:            Tue 03 Feb 2026 18:31:36 +0000
asID:                     28032
IP address blocks:        191.97.48.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:cb:7f:49:23:0e:04:24:a7:1a:5d:5c:a8:e3:19:77:50:7b:83:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8E9E896ADF8041E07AB6735225935260B837E74D
        Validity
            Not Before: Feb  4 18:26:36 2025 GMT
            Not After : Feb  3 18:31:36 2026 GMT
        Subject: CN=E427098D119B2D1D47520758DFA03E9F717266C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1a:05:67:5e:be:51:90:2f:f6:6c:8b:e4:17:
                    1b:ac:ea:57:de:b5:48:ab:d1:10:4a:31:1f:ed:a0:
                    d2:8f:b3:12:a8:5f:fb:04:a6:95:9f:9d:67:bf:ff:
                    79:b1:3d:7f:0a:5c:be:6b:ba:06:c1:fa:b9:42:ed:
                    02:52:d2:2d:04:25:9e:f6:64:57:13:cc:49:30:5f:
                    7b:52:65:d8:75:9b:92:16:71:9a:a0:38:ad:86:be:
                    30:a9:b6:35:bd:8a:d4:29:44:60:41:56:15:1c:49:
                    03:18:e5:7a:9c:8e:6f:69:d9:b0:4f:d7:6a:95:01:
                    ee:c6:be:bd:8d:15:25:bc:b9:e8:78:b8:0a:2b:0c:
                    eb:93:f6:c6:40:10:83:e2:68:44:72:5e:d9:47:4c:
                    35:eb:b0:d6:58:82:58:cf:c7:f1:95:fe:9e:5a:63:
                    47:39:7c:21:00:d7:08:59:85:54:80:ac:82:1a:20:
                    fa:49:2d:77:a6:fc:5a:16:f4:27:75:00:b9:21:15:
                    5d:45:86:cd:29:3f:ea:50:b4:36:4f:c9:63:36:0d:
                    26:79:2a:e5:79:40:c5:df:e9:fa:16:83:d7:d1:6c:
                    38:ff:e7:00:69:df:7e:8d:2b:34:2f:11:59:e5:42:
                    21:d6:f5:ef:f2:c3:3f:ac:86:11:a5:4f:a5:63:f9:
                    b9:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:27:09:8D:11:9B:2D:1D:47:52:07:58:DF:A0:3E:9F:71:72:66:C3
            X509v3 Authority Key Identifier:
                keyid:8E:9E:89:6A:DF:80:41:E0:7A:B6:73:52:25:93:52:60:B8:37:E7:4D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/BAA3EE0AE062593ADBA5CEAB6EA414E942EE2D9BA2346BD02B1DD1AFE9415340/0/8E9E896ADF8041E07AB6735225935260B837E74D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/8E9E896ADF8041E07AB6735225935260B837E74D.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/BAA3EE0AE062593ADBA5CEAB6EA414E942EE2D9BA2346BD02B1DD1AFE9415340/0/3139312e39372e34382e302f32302d3234203d3e203238303332.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.97.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a4:2d:04:af:5f:08:72:fc:40:3d:63:08:2e:10:80:3b:40:70:
         f6:53:7a:af:b5:63:3d:31:67:73:95:0b:df:68:5a:15:1e:62:
         0c:3e:7a:53:c5:a3:97:4c:47:f9:80:50:7b:d9:89:98:49:d9:
         0f:fc:5c:0b:8d:17:cf:b1:a3:92:10:f6:3f:61:2c:73:f5:4b:
         a5:48:11:11:2b:26:93:6d:fa:84:c3:dc:6b:d0:0f:08:7e:ab:
         40:c5:9e:54:3a:60:f8:f2:b0:57:de:8d:5c:70:8f:88:14:eb:
         de:da:33:6d:d6:03:63:54:37:62:f1:0e:10:db:32:8e:96:bd:
         b1:9e:2a:e8:cd:9d:d7:0a:17:a1:e5:96:7c:8f:39:f2:29:0c:
         e5:6b:e5:ae:db:00:f6:62:66:ca:ac:26:b1:bf:e9:8c:f5:01:
         60:a5:45:f6:5b:10:08:03:c7:2b:7c:97:17:f0:62:57:b6:bd:
         1f:99:ad:fe:9b:6c:d4:7a:fc:a8:55:41:1f:a8:45:c4:98:c1:
         36:fd:a8:9d:3f:b0:48:94:68:9c:4e:78:ac:73:57:1a:51:f4:
         db:78:4a:38:97:1a:4c:70:a5:17:69:f8:09:64:4e:84:b2:6c:
         a4:ea:9c:57:c9:2c:3e:63:46:a5:11:9e:fe:d6:14:ff:98:89:
         a6:cf:32:35
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUOst/SSMOBCSnGl1cqOMZd1B7g3IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOEU5RTg5NkFERjgwNDFFMDdBQjY3MzUyMjU5MzUyNjBC
ODM3RTc0RDAeFw0yNTAyMDQxODI2MzZaFw0yNjAyMDMxODMxMzZaMDMxMTAvBgNV
BAMTKEU0MjcwOThEMTE5QjJEMUQ0NzUyMDc1OERGQTAzRTlGNzE3MjY2QzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaGgVnXr5RkC/2bIvkFxus6lfe
tUir0RBKMR/toNKPsxKoX/sEppWfnWe//3mxPX8KXL5rugbB+rlC7QJS0i0EJZ72
ZFcTzEkwX3tSZdh1m5IWcZqgOK2GvjCptjW9itQpRGBBVhUcSQMY5Xqcjm9p2bBP
12qVAe7Gvr2NFSW8ueh4uAorDOuT9sZAEIPiaERyXtlHTDXrsNZYgljPx/GV/p5a
Y0c5fCEA1whZhVSArIIaIPpJLXem/FoW9Cd1ALkhFV1Fhs0pP+pQtDZPyWM2DSZ5
KuV5QMXf6foWg9fRbDj/5wBp336NKzQvEVnlQiHW9e/ywz+shhGlT6Vj+bmfAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQU5CcJjRGbLR1HUgdY36A+n3FyZsMwHwYDVR0j
BBgwFoAUjp6Jat+AQeB6tnNSJZNSYLg3500wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9CQUEzRUUwQUUwNjI1OTNBREJBNUNFQUI2RUE0MTRFOTQy
RUUyRDlCQTIzNDZCRDAyQjFERDFBRkU5NDE1MzQwLzAvOEU5RTg5NkFERjgwNDFF
MDdBQjY3MzUyMjU5MzUyNjBCODM3RTc0RC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC84RTlFODk2QURGODA0MUUwN0FC
NjczNTIyNTkzNTI2MEI4MzdFNzRELmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQkFBM0VFMEFFMDYyNTkzQURCQTVDRUFCNkVBNDE0RTk0MkVFMkQ5QkEy
MzQ2QkQwMkIxREQxQUZFOTQxNTM0MC8wLzMxMzkzMTJlMzkzNzJlMzQzODJlMzAy
ZjMyMzAyZDMyMzQyMDNkM2UyMDMyMzgzMDMzMzIucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAS/YTAwDQYJ
KoZIhvcNAQELBQADggEBAKQtBK9fCHL8QD1jCC4QgDtAcPZTeq+1Yz0xZ3OVC99o
WhUeYgw+elPFo5dMR/mAUHvZiZhJ2Q/8XAuNF8+xo5IQ9j9hLHP1S6VIERErJpNt
+oTD3GvQDwh+q0DFnlQ6YPjysFfejVxwj4gU697aM23WA2NUN2LxDhDbMo6WvbGe
KujNndcKF6HllnyPOfIpDOVr5a7bAPZiZsqsJrG/6Yz1AWClRfZbEAgDxyt8lxfw
Yle2vR+Zrf6bbNR6/KhVQR+oRcSYwTb9qJ0/sEiUaJxOeKxzVxpR9Nt4SjiXGkxw
pRdp+AlkToSybKTqnFfJLD5jRqURnv7WFP+YiabPMjU=
-----END CERTIFICATE-----