Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/C7B2A63D66F42CB6E50354A629BFB5A68A3FC6F96DC2A2043A751D3A9C9D4321/0/3139302e3132382e3132382e302f31372d3234203d3e203233323031.roa
File:                     3139302e3132382e3132382e302f31372d3234203d3e203233323031.roa (raw, json)
Hash identifier:          fYjiCBRr/faBmNubcnojfIEOl+EOmdyODs+O80St2Xs=
Subject key identifier:   06:D1:98:2C:A5:C1:51:B5:FB:06:3B:54:27:7E:27:58:CB:E3:9D:53
Certificate issuer:       /CN=9857400AE42A0A22A3E618304A1502E0E0C01DCA
Certificate serial:       0F7114EFDF0DC663C299D38EF56A0A840F084EC0
Authority key identifier: 98:57:40:0A:E4:2A:0A:22:A3:E6:18:30:4A:15:02:E0:E0:C0:1D:CA
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9857400AE42A0A22A3E618304A1502E0E0C01DCA.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/C7B2A63D66F42CB6E50354A629BFB5A68A3FC6F96DC2A2043A751D3A9C9D4321/0/3139302e3132382e3132382e302f31372d3234203d3e203233323031.roa
Signing time:             Tue 04 Feb 2025 18:40:29 +0000
ROA not before:           Tue 04 Feb 2025 18:35:29 +0000
ROA not after:            Tue 03 Feb 2026 18:40:29 +0000
asID:                     23201
IP address blocks:        190.128.128.0/17 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:71:14:ef:df:0d:c6:63:c2:99:d3:8e:f5:6a:0a:84:0f:08:4e:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9857400AE42A0A22A3E618304A1502E0E0C01DCA
        Validity
            Not Before: Feb  4 18:35:29 2025 GMT
            Not After : Feb  3 18:40:29 2026 GMT
        Subject: CN=06D1982CA5C151B5FB063B54277E2758CBE39D53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b2:6d:49:42:3d:08:7c:a6:9a:f4:43:74:e7:
                    86:3d:05:ba:2b:5e:b8:84:21:ca:fe:75:2c:0e:05:
                    eb:7d:b8:06:43:df:e1:e4:43:01:9e:6a:b1:bd:4f:
                    98:60:06:27:93:06:08:f2:e3:bd:65:d4:b3:78:e7:
                    56:6d:cc:95:85:86:2f:cd:f1:53:91:46:e3:87:2e:
                    be:36:9c:52:28:67:85:79:f2:60:e7:16:4c:b9:b6:
                    54:e2:b6:79:ee:d2:5e:89:32:02:ad:47:06:b6:dd:
                    e5:a2:95:8a:3b:43:39:0a:be:6a:17:b2:5b:c0:1f:
                    49:19:63:31:5a:de:bd:ca:87:95:3e:a1:ce:f7:bf:
                    e4:68:08:f2:ef:2e:be:28:16:f8:c6:e9:52:7a:99:
                    3d:34:2f:14:64:93:80:34:33:b6:c0:b3:8e:1b:21:
                    37:de:69:d3:39:22:f4:82:f2:5c:3c:83:b4:c9:50:
                    9a:79:ad:8b:6d:0f:14:c9:bb:98:5e:ec:65:da:81:
                    b6:f9:8e:2f:78:8b:2a:83:45:66:86:4d:1c:c9:db:
                    a9:98:31:ae:68:b6:21:fa:0e:55:f0:01:3e:3f:76:
                    43:c6:0c:49:fd:6c:53:bc:5a:a2:b5:c3:80:a8:c8:
                    cd:66:54:4c:fd:fc:a9:db:9a:8e:34:f6:10:36:3a:
                    98:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:D1:98:2C:A5:C1:51:B5:FB:06:3B:54:27:7E:27:58:CB:E3:9D:53
            X509v3 Authority Key Identifier:
                keyid:98:57:40:0A:E4:2A:0A:22:A3:E6:18:30:4A:15:02:E0:E0:C0:1D:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/C7B2A63D66F42CB6E50354A629BFB5A68A3FC6F96DC2A2043A751D3A9C9D4321/0/9857400AE42A0A22A3E618304A1502E0E0C01DCA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9857400AE42A0A22A3E618304A1502E0E0C01DCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/C7B2A63D66F42CB6E50354A629BFB5A68A3FC6F96DC2A2043A751D3A9C9D4321/0/3139302e3132382e3132382e302f31372d3234203d3e203233323031.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.128.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         19:47:d0:45:9c:5a:a3:7a:61:95:c5:cd:ce:f5:a7:3b:3d:cb:
         68:08:64:de:d2:6b:8b:75:da:63:9d:bf:16:f5:8a:10:c8:30:
         a3:8f:e6:63:6a:61:7f:64:a5:99:69:26:17:5f:fc:65:02:26:
         f3:db:bd:60:62:55:05:2b:e1:96:4b:ea:aa:41:ea:88:b8:6a:
         c9:eb:64:4b:78:8d:29:da:6b:dc:0c:2f:bf:3e:3a:5a:e9:63:
         27:71:3d:86:c9:df:ab:1e:58:99:7b:48:5f:13:34:fa:55:0f:
         7d:2c:46:c9:04:d9:4d:cd:68:bf:71:ad:ad:22:d4:97:18:39:
         65:b1:90:5c:03:78:78:27:24:aa:2b:3b:85:10:a8:10:8e:ab:
         51:44:8e:ed:9d:68:c8:7f:92:3e:a5:33:f3:0a:fd:3a:b6:ff:
         b6:fd:9f:5b:62:d3:21:9f:2c:b8:b4:44:dd:86:05:58:0d:aa:
         ee:e8:87:6d:fa:3c:7f:c7:ed:80:1f:e5:24:44:7e:16:ff:78:
         b1:ce:f5:f7:47:6b:a0:60:5d:f6:11:e9:81:a1:93:4d:1d:82:
         e6:28:c8:ba:4c:60:3a:11:21:08:28:ba:26:8b:f1:68:7f:91:
         a8:3a:8a:1c:f6:b7:4c:b0:18:62:c5:19:f7:00:a6:a6:e4:11:
         c1:e4:64:94
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUD3EU798NxmPCmdOO9WoKhA8ITsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTg1NzQwMEFFNDJBMEEyMkEzRTYxODMwNEExNTAyRTBF
MEMwMURDQTAeFw0yNTAyMDQxODM1MjlaFw0yNjAyMDMxODQwMjlaMDMxMTAvBgNV
BAMTKDA2RDE5ODJDQTVDMTUxQjVGQjA2M0I1NDI3N0UyNzU4Q0JFMzlENTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYsm1JQj0IfKaa9EN054Y9Bbor
XriEIcr+dSwOBet9uAZD3+HkQwGearG9T5hgBieTBgjy471l1LN451ZtzJWFhi/N
8VORRuOHLr42nFIoZ4V58mDnFky5tlTitnnu0l6JMgKtRwa23eWilYo7QzkKvmoX
slvAH0kZYzFa3r3Kh5U+oc73v+RoCPLvLr4oFvjG6VJ6mT00LxRkk4A0M7bAs44b
ITfeadM5IvSC8lw8g7TJUJp5rYttDxTJu5he7GXagbb5ji94iyqDRWaGTRzJ26mY
Ma5otiH6DlXwAT4/dkPGDEn9bFO8WqK1w4CoyM1mVEz9/Knbmo409hA2OphhAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUBtGYLKXBUbX7BjtUJ34nWMvjnVMwHwYDVR0j
BBgwFoAUmFdACuQqCiKj5hgwShUC4ODAHcowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9DN0IyQTYzRDY2RjQyQ0I2RTUwMzU0QTYyOUJGQjVBNjhB
M0ZDNkY5NkRDMkEyMDQzQTc1MUQzQTlDOUQ0MzIxLzAvOTg1NzQwMEFFNDJBMEEy
MkEzRTYxODMwNEExNTAyRTBFMEMwMURDQS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85ODU3NDAwQUU0MkEwQTIyQTNF
NjE4MzA0QTE1MDJFMEUwQzAxRENBLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQzdCMkE2M0Q2NkY0MkNCNkU1MDM1NEE2MjlCRkI1QTY4QTNGQzZGOTZE
QzJBMjA0M0E3NTFEM0E5QzlENDMyMS8wLzMxMzkzMDJlMzEzMjM4MmUzMTMyMzgy
ZTMwMmYzMTM3MmQzMjM0MjAzZDNlMjAzMjMzMzIzMDMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHvoCA
MA0GCSqGSIb3DQEBCwUAA4IBAQAZR9BFnFqjemGVxc3O9ac7PctoCGTe0muLddpj
nb8W9YoQyDCjj+ZjamF/ZKWZaSYXX/xlAibz271gYlUFK+GWS+qqQeqIuGrJ62RL
eI0p2mvcDC+/Pjpa6WMncT2Gyd+rHliZe0hfEzT6VQ99LEbJBNlNzWi/ca2tItSX
GDllsZBcA3h4JySqKzuFEKgQjqtRRI7tnWjIf5I+pTPzCv06tv+2/Z9bYtMhnyy4
tETdhgVYDaru6Idt+jx/x+2AH+UkRH4W/3ixzvX3R2ugYF32EemBoZNNHYLmKMi6
TGA6ESEIKLomi/Fof5GoOooc9rdMsBhixRn3AKam5BHB5GSU
-----END CERTIFICATE-----