Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/C7B2A63D66F42CB6E50354A629BFB5A68A3FC6F96DC2A2043A751D3A9C9D4321/0/3139302e322e3139322e302f32342d3234203d3e203238303038.roa
File:                     3139302e322e3139322e302f32342d3234203d3e203238303038.roa (raw, json)
Hash identifier:          3rI2hDekztQrH3/MOFzJoUq2sUeMiFwjure2Klqou7A=
Subject key identifier:   69:C7:7B:5B:07:57:95:78:5B:1C:9A:98:4F:18:3B:ED:DB:C7:4C:4A
Certificate issuer:       /CN=9857400AE42A0A22A3E618304A1502E0E0C01DCA
Certificate serial:       3C43644C17DCE7AE55C16772074A5648A106B1A7
Authority key identifier: 98:57:40:0A:E4:2A:0A:22:A3:E6:18:30:4A:15:02:E0:E0:C0:1D:CA
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9857400AE42A0A22A3E618304A1502E0E0C01DCA.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/C7B2A63D66F42CB6E50354A629BFB5A68A3FC6F96DC2A2043A751D3A9C9D4321/0/3139302e322e3139322e302f32342d3234203d3e203238303038.roa
Signing time:             Tue 04 Feb 2025 18:40:29 +0000
ROA not before:           Tue 04 Feb 2025 18:35:29 +0000
ROA not after:            Tue 03 Feb 2026 18:40:29 +0000
asID:                     28008
IP address blocks:        190.2.192.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:43:64:4c:17:dc:e7:ae:55:c1:67:72:07:4a:56:48:a1:06:b1:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9857400AE42A0A22A3E618304A1502E0E0C01DCA
        Validity
            Not Before: Feb  4 18:35:29 2025 GMT
            Not After : Feb  3 18:40:29 2026 GMT
        Subject: CN=69C77B5B075795785B1C9A984F183BEDDBC74C4A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:5f:12:f4:8f:8c:db:97:68:50:a7:4a:7c:88:
                    e2:56:6b:3c:22:01:ef:13:96:03:b8:cc:73:a1:ad:
                    53:2b:27:e7:83:8b:a7:b6:b9:ba:b4:4d:91:d4:6d:
                    24:51:06:9a:23:58:e5:9b:83:94:60:8c:78:2b:c2:
                    77:66:a1:d3:60:36:87:47:fc:e7:fc:0b:b6:ba:e5:
                    e9:a8:9e:a5:02:12:06:08:21:9c:20:ec:e7:3b:6f:
                    6f:a9:1f:6a:65:07:97:59:db:0e:ca:50:10:30:72:
                    a2:57:6e:bf:84:18:d8:4a:80:3e:dd:7b:c2:e1:65:
                    02:f6:1e:fe:f1:33:85:ff:63:2a:bd:a7:eb:13:f4:
                    5c:15:41:6b:de:b5:a6:55:32:1f:d1:fd:e6:8e:92:
                    7c:33:5f:9e:a1:c7:38:05:0f:8e:f7:31:a1:ce:cc:
                    2e:4b:61:d1:6f:c5:44:41:da:53:ae:64:e8:2a:71:
                    7a:64:44:12:d3:0c:ba:a6:98:b6:71:4d:65:43:1a:
                    ba:eb:88:4e:32:e8:ee:b6:0c:1f:74:f8:f1:57:d1:
                    ee:cc:a6:bc:cd:67:8b:b7:6e:e0:29:58:8b:b2:2e:
                    39:26:07:4f:a1:b4:85:68:e7:15:a2:4b:ff:2f:8b:
                    f2:0f:ff:54:46:ff:5c:29:ff:54:e3:53:c9:f4:ad:
                    5c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C7:7B:5B:07:57:95:78:5B:1C:9A:98:4F:18:3B:ED:DB:C7:4C:4A
            X509v3 Authority Key Identifier:
                keyid:98:57:40:0A:E4:2A:0A:22:A3:E6:18:30:4A:15:02:E0:E0:C0:1D:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/C7B2A63D66F42CB6E50354A629BFB5A68A3FC6F96DC2A2043A751D3A9C9D4321/0/9857400AE42A0A22A3E618304A1502E0E0C01DCA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9857400AE42A0A22A3E618304A1502E0E0C01DCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/C7B2A63D66F42CB6E50354A629BFB5A68A3FC6F96DC2A2043A751D3A9C9D4321/0/3139302e322e3139322e302f32342d3234203d3e203238303038.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.2.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:66:3a:7e:0a:e6:39:8a:96:09:69:8f:e5:10:1a:ae:62:68:
         2c:31:a5:bc:b7:e0:2d:28:00:01:a2:3b:4c:ec:71:bc:08:33:
         15:3d:9f:c1:c4:05:b6:4c:63:28:c8:ea:ca:24:6c:57:2c:14:
         ca:d3:22:7c:d7:63:3f:0b:a0:5b:73:60:63:e0:3e:a8:48:0d:
         fe:99:c7:01:f1:af:b4:00:d5:d9:b0:52:8a:17:70:2b:f8:4a:
         04:cc:7b:33:92:44:9a:95:28:f3:71:95:8c:c5:a4:ac:ce:17:
         da:d1:fd:5d:5e:28:a6:df:da:8e:14:fc:3d:da:17:60:eb:c8:
         20:17:65:9b:88:aa:c7:5a:42:c9:ec:18:1d:5e:e6:33:0f:bb:
         1e:65:9d:77:80:9e:70:ab:ef:c6:6d:da:51:08:44:cb:ee:35:
         a2:c1:df:7a:db:ed:ac:d5:26:db:ff:d8:81:2e:8d:f4:44:e6:
         d5:bd:ab:fb:d1:f8:8e:a2:3d:7e:b5:3f:ea:f8:60:24:e8:f3:
         0f:3f:ee:2a:15:e9:22:ed:fc:98:42:84:21:98:58:f9:0b:73:
         7d:00:7e:57:95:16:c9:de:c9:f6:4d:c8:4c:91:ca:55:87:95:
         c7:c0:57:4c:e0:15:0c:fe:e1:ad:91:d6:6a:f0:36:4b:55:19:
         57:36:84:89
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUPENkTBfc565VwWdyB0pWSKEGsacwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTg1NzQwMEFFNDJBMEEyMkEzRTYxODMwNEExNTAyRTBF
MEMwMURDQTAeFw0yNTAyMDQxODM1MjlaFw0yNjAyMDMxODQwMjlaMDMxMTAvBgNV
BAMTKDY5Qzc3QjVCMDc1Nzk1Nzg1QjFDOUE5ODRGMTgzQkVEREJDNzRDNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUXxL0j4zbl2hQp0p8iOJWazwi
Ae8TlgO4zHOhrVMrJ+eDi6e2ubq0TZHUbSRRBpojWOWbg5RgjHgrwndmodNgNodH
/Of8C7a65emonqUCEgYIIZwg7Oc7b2+pH2plB5dZ2w7KUBAwcqJXbr+EGNhKgD7d
e8LhZQL2Hv7xM4X/Yyq9p+sT9FwVQWvetaZVMh/R/eaOknwzX56hxzgFD473MaHO
zC5LYdFvxURB2lOuZOgqcXpkRBLTDLqmmLZxTWVDGrrriE4y6O62DB90+PFX0e7M
przNZ4u3buApWIuyLjkmB0+htIVo5xWiS/8vi/IP/1RG/1wp/1TjU8n0rVy5AgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUacd7WwdXlXhbHJqYTxg77dvHTEowHwYDVR0j
BBgwFoAUmFdACuQqCiKj5hgwShUC4ODAHcowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9DN0IyQTYzRDY2RjQyQ0I2RTUwMzU0QTYyOUJGQjVBNjhB
M0ZDNkY5NkRDMkEyMDQzQTc1MUQzQTlDOUQ0MzIxLzAvOTg1NzQwMEFFNDJBMEEy
MkEzRTYxODMwNEExNTAyRTBFMEMwMURDQS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85ODU3NDAwQUU0MkEwQTIyQTNF
NjE4MzA0QTE1MDJFMEUwQzAxRENBLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQzdCMkE2M0Q2NkY0MkNCNkU1MDM1NEE2MjlCRkI1QTY4QTNGQzZGOTZE
QzJBMjA0M0E3NTFEM0E5QzlENDMyMS8wLzMxMzkzMDJlMzIyZTMxMzkzMjJlMzAy
ZjMyMzQyZDMyMzQyMDNkM2UyMDMyMzgzMDMwMzgucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC+AsAwDQYJ
KoZIhvcNAQELBQADggEBAINmOn4K5jmKlglpj+UQGq5iaCwxpby34C0oAAGiO0zs
cbwIMxU9n8HEBbZMYyjI6sokbFcsFMrTInzXYz8LoFtzYGPgPqhIDf6ZxwHxr7QA
1dmwUooXcCv4SgTMezOSRJqVKPNxlYzFpKzOF9rR/V1eKKbf2o4U/D3aF2DryCAX
ZZuIqsdaQsnsGB1e5jMPux5lnXeAnnCr78Zt2lEIRMvuNaLB33rb7azVJtv/2IEu
jfRE5tW9q/vR+I6iPX61P+r4YCTo8w8/7ioV6SLt/JhChCGYWPkLc30AfleVFsne
yfZNyEyRylWHlcfAV0zgFQz+4a2R1mrwNktVGVc2hIk=
-----END CERTIFICATE-----