Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/C7C0CEFC626A9497234DD7A29F57CA3F8FBAB5C6E605A40ADAB1E09A0393DA16/0/3135322e3137322e302e302f31362d3234203d3e2037343138.roa
File:                     3135322e3137322e302e302f31362d3234203d3e2037343138.roa (raw, json)
Hash identifier:          +ky7t9IdLbGtGXgedzSbA31rSNl/DyLOGPpccI+syRU=
Subject key identifier:   A9:DA:DC:0B:95:8C:70:A1:69:F3:65:63:08:BD:93:A6:76:42:4C:CA
Certificate issuer:       /CN=29B391F5577514E30F64EDF6E361905CA08CF572
Certificate serial:       58B5167DCFEE310FEB05946A00F18A6D3D7F219E
Authority key identifier: 29:B3:91:F5:57:75:14:E3:0F:64:ED:F6:E3:61:90:5C:A0:8C:F5:72
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/29B391F5577514E30F64EDF6E361905CA08CF572.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/C7C0CEFC626A9497234DD7A29F57CA3F8FBAB5C6E605A40ADAB1E09A0393DA16/0/3135322e3137322e302e302f31362d3234203d3e2037343138.roa
Signing time:             Tue 04 Feb 2025 18:12:59 +0000
ROA not before:           Tue 04 Feb 2025 18:07:59 +0000
ROA not after:            Tue 03 Feb 2026 18:12:59 +0000
asID:                     7418
IP address blocks:        152.172.0.0/16 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:b5:16:7d:cf:ee:31:0f:eb:05:94:6a:00:f1:8a:6d:3d:7f:21:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29B391F5577514E30F64EDF6E361905CA08CF572
        Validity
            Not Before: Feb  4 18:07:59 2025 GMT
            Not After : Feb  3 18:12:59 2026 GMT
        Subject: CN=A9DADC0B958C70A169F3656308BD93A676424CCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:10:dc:90:bd:ba:f1:39:7f:c6:7f:a2:a7:e1:
                    21:6f:24:31:f2:aa:1b:f7:11:88:87:e0:66:ed:73:
                    32:a8:ab:f9:cf:53:91:b2:6c:75:ac:e3:08:5f:30:
                    6f:ad:0b:e4:71:cf:b1:e6:f8:33:a6:5b:03:bb:fb:
                    77:8d:82:da:56:c5:0b:c3:89:88:fc:8e:19:4e:72:
                    e8:95:9a:fa:24:2d:89:f5:6c:86:d7:dc:4d:6f:c0:
                    6b:af:b8:17:bc:e5:8c:4e:bb:68:39:94:86:80:a9:
                    93:07:3c:ec:00:8d:a7:46:71:88:81:8f:87:84:c6:
                    7b:87:1a:b7:56:34:2d:d3:9e:93:7c:72:b1:10:44:
                    62:cf:c1:a5:5d:76:89:8c:5e:c4:18:ea:01:3b:2f:
                    9a:89:3c:80:84:82:dc:aa:ce:a5:99:a8:66:fa:f5:
                    c0:c5:48:6d:72:5f:ef:bb:54:10:d1:b2:4d:a1:7b:
                    df:b3:01:fa:e5:0b:4a:80:66:23:c1:df:e1:26:b5:
                    e4:1b:f6:4a:2c:ba:bd:62:14:d1:d6:27:b9:f6:3e:
                    be:37:39:8b:2c:e7:4c:71:23:49:7c:87:c7:3b:26:
                    b1:d6:bd:0f:73:d6:ca:dc:b8:5a:e4:af:75:77:e1:
                    3a:ba:6b:1c:ca:37:42:8c:9b:00:78:cc:9f:52:98:
                    68:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:DA:DC:0B:95:8C:70:A1:69:F3:65:63:08:BD:93:A6:76:42:4C:CA
            X509v3 Authority Key Identifier:
                keyid:29:B3:91:F5:57:75:14:E3:0F:64:ED:F6:E3:61:90:5C:A0:8C:F5:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/C7C0CEFC626A9497234DD7A29F57CA3F8FBAB5C6E605A40ADAB1E09A0393DA16/0/29B391F5577514E30F64EDF6E361905CA08CF572.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/29B391F5577514E30F64EDF6E361905CA08CF572.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/C7C0CEFC626A9497234DD7A29F57CA3F8FBAB5C6E605A40ADAB1E09A0393DA16/0/3135322e3137322e302e302f31362d3234203d3e2037343138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.172.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b7:15:b4:d9:58:a1:7b:36:77:83:42:7b:52:00:39:71:ad:68:
         f0:28:c4:7c:46:81:5b:98:1d:09:74:83:17:51:bc:34:c0:92:
         cd:7c:a9:c9:ba:02:56:f1:67:da:e8:60:a8:6a:70:49:3c:bf:
         36:42:ec:88:0b:6b:3c:a8:82:f5:d7:ea:ec:29:5a:87:41:f8:
         aa:e6:44:ec:be:5c:b3:29:b1:8b:68:09:d7:3d:a0:45:fb:9b:
         d3:47:12:87:e6:11:09:27:1d:c5:30:0e:13:02:d2:db:26:dc:
         3d:fd:73:be:d7:68:0e:18:9b:7e:15:d1:7b:32:94:09:84:97:
         ab:0f:34:61:9c:d9:e3:3c:c7:4d:e0:7c:ce:c3:31:fe:e4:3c:
         db:df:26:a9:11:84:36:4e:99:15:6d:54:16:e8:df:a6:7f:86:
         e2:4c:90:22:fd:e4:04:e9:82:7b:5d:cc:e1:d4:d6:6f:a4:6e:
         90:56:c7:1f:5f:90:2d:29:34:42:eb:f3:c5:e6:b2:a6:7e:27:
         25:96:ab:b0:fc:54:e7:3a:c5:39:ac:6d:7b:b1:e4:e1:b4:20:
         a3:99:73:a0:33:36:8e:42:70:49:80:c8:b7:9f:33:ac:3b:bd:
         fe:ea:c3:6c:c6:aa:85:1c:47:b2:6c:d5:2c:64:8c:f0:ba:58:
         08:38:97:ea
-----BEGIN CERTIFICATE-----
MIIFuTCCBKGgAwIBAgIUWLUWfc/uMQ/rBZRqAPGKbT1/IZ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjlCMzkxRjU1Nzc1MTRFMzBGNjRFREY2RTM2MTkwNUNB
MDhDRjU3MjAeFw0yNTAyMDQxODA3NTlaFw0yNjAyMDMxODEyNTlaMDMxMTAvBgNV
BAMTKEE5REFEQzBCOTU4QzcwQTE2OUYzNjU2MzA4QkQ5M0E2NzY0MjRDQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyENyQvbrxOX/Gf6Kn4SFvJDHy
qhv3EYiH4GbtczKoq/nPU5GybHWs4whfMG+tC+Rxz7Hm+DOmWwO7+3eNgtpWxQvD
iYj8jhlOcuiVmvokLYn1bIbX3E1vwGuvuBe85YxOu2g5lIaAqZMHPOwAjadGcYiB
j4eExnuHGrdWNC3TnpN8crEQRGLPwaVddomMXsQY6gE7L5qJPICEgtyqzqWZqGb6
9cDFSG1yX++7VBDRsk2he9+zAfrlC0qAZiPB3+EmteQb9kosur1iFNHWJ7n2Pr43
OYss50xxI0l8h8c7JrHWvQ9z1srcuFrkr3V34Tq6axzKN0KMmwB4zJ9SmGgRAgMB
AAGjggLDMIICvzAdBgNVHQ4EFgQUqdrcC5WMcKFp82VjCL2TpnZCTMowHwYDVR0j
BBgwFoAUKbOR9Vd1FOMPZO3242GQXKCM9XIwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9DN0MwQ0VGQzYyNkE5NDk3MjM0REQ3QTI5RjU3Q0EzRjhG
QkFCNUM2RTYwNUE0MEFEQUIxRTA5QTAzOTNEQTE2LzAvMjlCMzkxRjU1Nzc1MTRF
MzBGNjRFREY2RTM2MTkwNUNBMDhDRjU3Mi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yOUIzOTFGNTU3NzUxNEUzMEY2
NEVERjZFMzYxOTA1Q0EwOENGNTcyLmNlcjCBwwYIKwYBBQUHAQsEgbYwgbMwgbAG
CCsGAQUFBzALhoGjcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQzdDMENFRkM2MjZBOTQ5NzIzNEREN0EyOUY1N0NBM0Y4RkJBQjVDNkU2
MDVBNDBBREFCMUUwOUEwMzkzREExNi8wLzMxMzUzMjJlMzEzNzMyMmUzMDJlMzAy
ZjMxMzYyZDMyMzQyMDNkM2UyMDM3MzQzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmKwwDQYJKoZI
hvcNAQELBQADggEBALcVtNlYoXs2d4NCe1IAOXGtaPAoxHxGgVuYHQl0gxdRvDTA
ks18qcm6AlbxZ9roYKhqcEk8vzZC7IgLazyogvXX6uwpWodB+KrmROy+XLMpsYto
Cdc9oEX7m9NHEofmEQknHcUwDhMC0tsm3D39c77XaA4Ym34V0XsylAmEl6sPNGGc
2eM8x03gfM7DMf7kPNvfJqkRhDZOmRVtVBbo36Z/huJMkCL95ATpgntdzOHU1m+k
bpBWxx9fkC0pNELr88XmsqZ+JyWWq7D8VOc6xTmsbXux5OG0IKOZc6AzNo5CcEmA
yLefM6w7vf7qw2zGqoUcR7Js1SxkjPC6WAg4l+o=
-----END CERTIFICATE-----