Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/C862C92FE79571CDCE834A609053002A1212C9B70796AFAD01C6193D7F0DAAAB/0/3135322e3233312e3131302e302f32332d3234203d3e203237393836.roa
File:                     3135322e3233312e3131302e302f32332d3234203d3e203237393836.roa (raw, json)
Hash identifier:          /PQS15JvsXQobWyCsJq6Hnggl2hcGCHUqNGEEkVn8rQ=
Subject key identifier:   2E:68:53:98:52:FD:C2:CB:5A:8D:54:F3:44:35:AB:14:4F:58:C0:6A
Certificate issuer:       /CN=3FDB44D18BC16AB039C2B1B6BD3866AB29E122A7
Certificate serial:       1F9335D0907AEC7037776759296E5D966FCEF44F
Authority key identifier: 3F:DB:44:D1:8B:C1:6A:B0:39:C2:B1:B6:BD:38:66:AB:29:E1:22:A7
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/3FDB44D18BC16AB039C2B1B6BD3866AB29E122A7.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/C862C92FE79571CDCE834A609053002A1212C9B70796AFAD01C6193D7F0DAAAB/0/3135322e3233312e3131302e302f32332d3234203d3e203237393836.roa
Signing time:             Tue 04 Feb 2025 19:56:33 +0000
ROA not before:           Tue 04 Feb 2025 19:51:33 +0000
ROA not after:            Tue 03 Feb 2026 19:56:33 +0000
asID:                     27986
IP address blocks:        152.231.110.0/23 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:93:35:d0:90:7a:ec:70:37:77:67:59:29:6e:5d:96:6f:ce:f4:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3FDB44D18BC16AB039C2B1B6BD3866AB29E122A7
        Validity
            Not Before: Feb  4 19:51:33 2025 GMT
            Not After : Feb  3 19:56:33 2026 GMT
        Subject: CN=2E68539852FDC2CB5A8D54F34435AB144F58C06A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:bf:f3:a2:a9:9a:ee:82:85:fb:57:9d:97:43:
                    d5:ba:a2:f8:14:18:8c:cf:b5:b5:e5:cb:83:2b:53:
                    d3:bb:4c:79:24:d0:db:4e:4b:60:c7:35:af:bd:b0:
                    ea:59:a2:e7:76:41:31:0a:5d:ee:50:94:8e:67:26:
                    b1:3f:a2:b5:94:20:07:cf:59:70:9d:1f:eb:6a:3f:
                    33:03:7b:b1:60:c6:0e:a3:fe:09:2d:f5:78:a0:dc:
                    1a:83:06:6c:70:2a:33:dd:15:d7:45:bc:cf:85:3f:
                    37:ac:39:db:48:4c:a8:09:ab:5d:af:89:2f:8c:c1:
                    e9:3a:8d:c1:a1:83:62:fb:d9:4c:db:44:c3:17:89:
                    52:16:69:e8:0b:31:c6:4e:6f:51:ec:f3:ff:b9:6c:
                    ca:04:20:91:d3:11:5a:0a:70:89:bd:8a:a0:cf:9c:
                    f0:f2:e3:9f:c8:c7:e5:b9:a0:a8:16:d6:66:bb:8f:
                    58:f2:6c:e8:ea:69:09:4c:b7:80:d2:29:23:b7:14:
                    d3:3a:7c:d6:ea:b3:5c:2f:b3:64:de:f0:1b:c6:8b:
                    8d:fc:1e:32:c3:d6:62:73:3e:c2:3b:ed:e7:e8:f8:
                    6a:19:b9:05:71:d3:5c:52:17:ad:12:01:da:dd:5f:
                    a5:81:16:b1:ba:f5:04:55:a0:96:b6:ff:21:df:5f:
                    b3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:68:53:98:52:FD:C2:CB:5A:8D:54:F3:44:35:AB:14:4F:58:C0:6A
            X509v3 Authority Key Identifier:
                keyid:3F:DB:44:D1:8B:C1:6A:B0:39:C2:B1:B6:BD:38:66:AB:29:E1:22:A7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/C862C92FE79571CDCE834A609053002A1212C9B70796AFAD01C6193D7F0DAAAB/0/3FDB44D18BC16AB039C2B1B6BD3866AB29E122A7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/3FDB44D18BC16AB039C2B1B6BD3866AB29E122A7.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/C862C92FE79571CDCE834A609053002A1212C9B70796AFAD01C6193D7F0DAAAB/0/3135322e3233312e3131302e302f32332d3234203d3e203237393836.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.231.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:82:68:eb:8a:f3:cd:ae:b4:7e:6c:a4:10:ea:e0:1b:e2:4a:
         e6:d1:27:ec:6a:55:88:a9:9e:f7:99:aa:ef:83:0d:c0:3c:c0:
         cd:cf:c5:31:7a:08:1f:06:98:bc:ec:7d:c8:d4:72:38:80:ea:
         bc:1f:6a:52:56:3d:ab:de:71:c3:e2:30:10:4b:6c:1b:f4:d3:
         0a:59:40:43:92:39:a2:23:69:ea:75:a2:cc:24:71:c9:a8:ab:
         e7:a9:74:ea:a0:a8:ac:1f:88:b6:12:d8:0a:1d:76:92:ad:20:
         30:8a:6a:db:cb:31:58:31:2c:f0:d7:46:af:a3:d2:69:16:8b:
         33:bf:13:c0:3b:6b:d8:b4:42:56:d6:0b:6b:50:66:20:e1:d4:
         90:49:51:0f:cb:bf:02:0b:9c:01:f2:1e:c5:b0:57:51:c9:83:
         78:0d:4f:b2:c2:0a:b3:91:9f:c2:6e:c9:84:7f:f5:6e:70:9f:
         64:1a:d7:73:90:9f:17:39:7e:09:2a:c7:77:3d:0b:62:09:76:
         a2:f1:10:ad:3c:25:10:f0:e6:1e:cf:69:a6:ac:78:8e:28:d8:
         4b:b9:24:b6:bb:45:82:19:e2:e4:b3:4e:a1:e7:34:90:a5:c5:
         6d:b5:6a:97:09:50:fe:56:d5:1d:df:54:c9:04:5e:0a:38:16:
         36:19:31:d9
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUH5M10JB67HA3d2dZKW5dlm/O9E8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM0ZEQjQ0RDE4QkMxNkFCMDM5QzJCMUI2QkQzODY2QUIy
OUUxMjJBNzAeFw0yNTAyMDQxOTUxMzNaFw0yNjAyMDMxOTU2MzNaMDMxMTAvBgNV
BAMTKDJFNjg1Mzk4NTJGREMyQ0I1QThENTRGMzQ0MzVBQjE0NEY1OEMwNkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1v/OiqZrugoX7V52XQ9W6ovgU
GIzPtbXly4MrU9O7THkk0NtOS2DHNa+9sOpZoud2QTEKXe5QlI5nJrE/orWUIAfP
WXCdH+tqPzMDe7Fgxg6j/gkt9Xig3BqDBmxwKjPdFddFvM+FPzesOdtITKgJq12v
iS+Mwek6jcGhg2L72UzbRMMXiVIWaegLMcZOb1Hs8/+5bMoEIJHTEVoKcIm9iqDP
nPDy45/Ix+W5oKgW1ma7j1jybOjqaQlMt4DSKSO3FNM6fNbqs1wvs2Te8BvGi438
HjLD1mJzPsI77efo+GoZuQVx01xSF60SAdrdX6WBFrG69QRVoJa2/yHfX7ObAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQULmhTmFL9wstajVTzRDWrFE9YwGowHwYDVR0j
BBgwFoAUP9tE0YvBarA5wrG2vThmqynhIqcwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9DODYyQzkyRkU3OTU3MUNEQ0U4MzRBNjA5MDUzMDAyQTEy
MTJDOUI3MDc5NkFGQUQwMUM2MTkzRDdGMERBQUFCLzAvM0ZEQjQ0RDE4QkMxNkFC
MDM5QzJCMUI2QkQzODY2QUIyOUUxMjJBNy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8zRkRCNDREMThCQzE2QUIwMzlD
MkIxQjZCRDM4NjZBQjI5RTEyMkE3LmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvQzg2MkM5MkZFNzk1NzFDRENFODM0QTYwOTA1MzAwMkExMjEyQzlCNzA3
OTZBRkFEMDFDNjE5M0Q3RjBEQUFBQi8wLzMxMzUzMjJlMzIzMzMxMmUzMTMxMzAy
ZTMwMmYzMjMzMmQzMjM0MjAzZDNlMjAzMjM3MzkzODM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBmOdu
MA0GCSqGSIb3DQEBCwUAA4IBAQB3gmjrivPNrrR+bKQQ6uAb4krm0SfsalWIqZ73
marvgw3APMDNz8UxeggfBpi87H3I1HI4gOq8H2pSVj2r3nHD4jAQS2wb9NMKWUBD
kjmiI2nqdaLMJHHJqKvnqXTqoKisH4i2EtgKHXaSrSAwimrbyzFYMSzw10avo9Jp
FoszvxPAO2vYtEJW1gtrUGYg4dSQSVEPy78CC5wB8h7FsFdRyYN4DU+ywgqzkZ/C
bsmEf/VucJ9kGtdzkJ8XOX4JKsd3PQtiCXai8RCtPCUQ8OYez2mmrHiOKNhLuSS2
u0WCGeLks06h5zSQpcVttWqXCVD+VtUd31TJBF4KOBY2GTHZ
-----END CERTIFICATE-----