Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/BFF9744E64C56E138AEC517D910F61D895CAD645CCF21CB7C16A278D5C2F944C/0/3230302e3232392e3135322e302f32322d3234203d3e203231383236.roa
File:                     3230302e3232392e3135322e302f32322d3234203d3e203231383236.roa (raw, json)
Hash identifier:          V/Ut0hDwGDx9zO5avGxHggjUKg3RAzYGWPpT/ivhPFM=
Subject key identifier:   54:FE:CE:35:34:92:57:79:22:45:A0:9B:B3:E0:46:53:38:75:6D:56
Certificate issuer:       /CN=165E0F133EF8A6DF2ECCBFDD6E915964893A4324
Certificate serial:       405F906A65AFD61E64DA440FD5D49297E2BB5C61
Authority key identifier: 16:5E:0F:13:3E:F8:A6:DF:2E:CC:BF:DD:6E:91:59:64:89:3A:43:24
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/165E0F133EF8A6DF2ECCBFDD6E915964893A4324.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/BFF9744E64C56E138AEC517D910F61D895CAD645CCF21CB7C16A278D5C2F944C/0/3230302e3232392e3135322e302f32322d3234203d3e203231383236.roa
Signing time:             Tue 04 Feb 2025 18:44:33 +0000
ROA not before:           Tue 04 Feb 2025 18:39:33 +0000
ROA not after:            Tue 03 Feb 2026 18:44:33 +0000
asID:                     21826
IP address blocks:        200.229.152.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:5f:90:6a:65:af:d6:1e:64:da:44:0f:d5:d4:92:97:e2:bb:5c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=165E0F133EF8A6DF2ECCBFDD6E915964893A4324
        Validity
            Not Before: Feb  4 18:39:33 2025 GMT
            Not After : Feb  3 18:44:33 2026 GMT
        Subject: CN=54FECE35349257792245A09BB3E0465338756D56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:35:69:d0:e2:4e:40:bc:a5:79:77:6e:28:25:
                    bd:11:cb:e3:c3:b2:4e:45:c8:62:27:65:30:ca:d6:
                    ff:05:1a:ab:85:f6:ce:4f:70:62:96:4c:89:53:eb:
                    b2:d7:ce:bb:22:0b:04:48:f9:72:48:cf:61:89:02:
                    94:70:24:d0:cf:8b:60:23:81:bd:e7:26:33:b0:58:
                    ea:b1:72:35:ff:cc:34:73:70:2f:59:dd:47:57:38:
                    c3:52:64:84:e9:76:ee:4b:d9:96:21:57:bc:2d:10:
                    00:9d:20:fc:d7:b5:55:9c:6e:cd:e2:c7:82:96:ee:
                    ff:fa:5c:e4:c3:ce:84:94:2a:3b:61:de:90:50:4f:
                    d8:cc:a5:ba:e0:99:fc:a4:c4:1a:a9:ce:54:cf:8b:
                    e5:62:17:b4:99:57:51:39:f6:bf:b2:7d:07:c7:5b:
                    2b:14:95:05:13:de:06:4e:c2:ea:26:1c:44:f2:4e:
                    38:0d:ba:0a:94:89:0d:2d:a1:45:50:56:2f:22:88:
                    ba:9b:20:30:cd:c3:56:af:97:c3:84:65:0a:1e:50:
                    85:9a:66:d9:2e:e4:ad:fe:e2:41:47:40:8a:a6:19:
                    94:df:5e:f4:e2:63:d3:4b:53:19:f8:be:70:29:26:
                    ed:92:de:af:d8:43:a8:24:71:e6:1d:db:52:2d:b7:
                    be:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:FE:CE:35:34:92:57:79:22:45:A0:9B:B3:E0:46:53:38:75:6D:56
            X509v3 Authority Key Identifier:
                keyid:16:5E:0F:13:3E:F8:A6:DF:2E:CC:BF:DD:6E:91:59:64:89:3A:43:24

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/BFF9744E64C56E138AEC517D910F61D895CAD645CCF21CB7C16A278D5C2F944C/0/165E0F133EF8A6DF2ECCBFDD6E915964893A4324.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/165E0F133EF8A6DF2ECCBFDD6E915964893A4324.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/BFF9744E64C56E138AEC517D910F61D895CAD645CCF21CB7C16A278D5C2F944C/0/3230302e3232392e3135322e302f32322d3234203d3e203231383236.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.229.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c4:32:19:31:ea:82:e3:29:c2:4c:aa:4a:45:93:65:b7:90:69:
         19:4e:e6:3e:5d:40:e3:4c:37:5c:b3:fa:bf:c3:fb:e1:9e:f5:
         e1:c5:cd:1d:3b:2d:26:bb:51:43:83:9f:f0:91:34:5c:85:d4:
         ee:d2:44:cd:39:71:23:18:ee:f4:6e:6c:ac:01:23:03:3e:58:
         32:55:03:e9:f9:8e:7a:0f:ff:fa:65:66:35:5f:eb:95:d1:3e:
         e3:95:73:44:47:ab:bb:92:1b:29:31:b5:b0:8c:31:a4:63:fc:
         e8:5c:a2:61:bf:c7:cf:2e:9e:4d:ed:f7:2c:55:1f:52:c1:81:
         66:41:c9:65:9b:ea:18:88:29:fc:d3:43:6e:b8:4d:36:8e:21:
         c9:84:58:85:ec:32:6d:bc:de:56:6a:bc:02:40:e2:c1:ff:46:
         5a:19:1d:24:20:cb:8c:ba:8b:62:8b:98:2a:80:ba:a5:a2:93:
         54:86:44:d1:7e:ae:3e:a5:8f:0e:1f:21:77:b2:1b:9c:f9:a5:
         45:d1:7e:1c:c7:c8:6d:bc:9e:14:a6:50:a1:c3:7b:09:8e:02:
         4d:14:53:22:e9:79:ad:be:b7:65:53:24:bd:88:d6:7d:bb:46:
         7c:9e:81:06:9e:75:4f:cf:12:a5:ac:a5:72:bc:49:63:17:c7:
         40:ac:23:96
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUQF+QamWv1h5k2kQP1dSSl+K7XGEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTY1RTBGMTMzRUY4QTZERjJFQ0NCRkRENkU5MTU5NjQ4
OTNBNDMyNDAeFw0yNTAyMDQxODM5MzNaFw0yNjAyMDMxODQ0MzNaMDMxMTAvBgNV
BAMTKDU0RkVDRTM1MzQ5MjU3NzkyMjQ1QTA5QkIzRTA0NjUzMzg3NTZENTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/NWnQ4k5AvKV5d24oJb0Ry+PD
sk5FyGInZTDK1v8FGquF9s5PcGKWTIlT67LXzrsiCwRI+XJIz2GJApRwJNDPi2Aj
gb3nJjOwWOqxcjX/zDRzcC9Z3UdXOMNSZITpdu5L2ZYhV7wtEACdIPzXtVWcbs3i
x4KW7v/6XOTDzoSUKjth3pBQT9jMpbrgmfykxBqpzlTPi+ViF7SZV1E59r+yfQfH
WysUlQUT3gZOwuomHETyTjgNugqUiQ0toUVQVi8iiLqbIDDNw1avl8OEZQoeUIWa
Ztku5K3+4kFHQIqmGZTfXvTiY9NLUxn4vnApJu2S3q/YQ6gkceYd21Itt77HAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUVP7ONTSSV3kiRaCbs+BGUzh1bVYwHwYDVR0j
BBgwFoAUFl4PEz74pt8uzL/dbpFZZIk6QyQwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9CRkY5NzQ0RTY0QzU2RTEzOEFFQzUxN0Q5MTBGNjFEODk1
Q0FENjQ1Q0NGMjFDQjdDMTZBMjc4RDVDMkY5NDRDLzAvMTY1RTBGMTMzRUY4QTZE
RjJFQ0NCRkRENkU5MTU5NjQ4OTNBNDMyNC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8xNjVFMEYxMzNFRjhBNkRGMkVD
Q0JGREQ2RTkxNTk2NDg5M0E0MzI0LmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQkZGOTc0NEU2NEM1NkUxMzhBRUM1MTdEOTEwRjYxRDg5NUNBRDY0NUND
RjIxQ0I3QzE2QTI3OEQ1QzJGOTQ0Qy8wLzMyMzAzMDJlMzIzMjM5MmUzMTM1MzIy
ZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzMjMxMzgzMjM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCyOWY
MA0GCSqGSIb3DQEBCwUAA4IBAQDEMhkx6oLjKcJMqkpFk2W3kGkZTuY+XUDjTDdc
s/q/w/vhnvXhxc0dOy0mu1FDg5/wkTRchdTu0kTNOXEjGO70bmysASMDPlgyVQPp
+Y56D//6ZWY1X+uV0T7jlXNER6u7khspMbWwjDGkY/zoXKJhv8fPLp5N7fcsVR9S
wYFmQcllm+oYiCn800NuuE02jiHJhFiF7DJtvN5WarwCQOLB/0ZaGR0kIMuMuoti
i5gqgLqlopNUhkTRfq4+pY8OHyF3shuc+aVF0X4cx8htvJ4UplChw3sJjgJNFFMi
6XmtvrdlUyS9iNZ9u0Z8noEGnnVPzxKlrKVyvEljF8dArCOW
-----END CERTIFICATE-----