Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/D0031AF9140330F49D96A996203C233366AF745032360C72A3E483578589C570/0/34352e36352e3230332e302f32342d3234203d3e2033333536.roa
File:                     34352e36352e3230332e302f32342d3234203d3e2033333536.roa (raw, json)
Hash identifier:          4fNS9E2EOdiplWwG7zCocV2R8n8+nX17nNhZvW9JpOI=
Subject key identifier:   7D:E1:21:F9:FF:50:7A:F6:89:7C:EC:22:BD:37:18:78:94:DC:4C:F6
Certificate issuer:       /CN=120EEB9D1E85BF303E5FAB185F5A397B834333F0
Certificate serial:       592303F8246DBAB6248B6171BA91DA4A9F4B0974
Authority key identifier: 12:0E:EB:9D:1E:85:BF:30:3E:5F:AB:18:5F:5A:39:7B:83:43:33:F0
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/120EEB9D1E85BF303E5FAB185F5A397B834333F0.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/D0031AF9140330F49D96A996203C233366AF745032360C72A3E483578589C570/0/34352e36352e3230332e302f32342d3234203d3e2033333536.roa
Signing time:             Tue 04 Feb 2025 18:38:01 +0000
ROA not before:           Tue 04 Feb 2025 18:33:01 +0000
ROA not after:            Tue 03 Feb 2026 18:38:01 +0000
asID:                     3356
IP address blocks:        45.65.203.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:23:03:f8:24:6d:ba:b6:24:8b:61:71:ba:91:da:4a:9f:4b:09:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=120EEB9D1E85BF303E5FAB185F5A397B834333F0
        Validity
            Not Before: Feb  4 18:33:01 2025 GMT
            Not After : Feb  3 18:38:01 2026 GMT
        Subject: CN=7DE121F9FF507AF6897CEC22BD37187894DC4CF6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:55:cf:a9:bc:35:c4:70:73:f2:95:b5:cd:18:
                    4d:d0:76:bf:99:2e:63:8f:b3:f4:c2:32:7e:40:be:
                    30:b6:17:5c:db:01:01:6d:b7:07:e4:33:79:a1:f9:
                    94:12:d9:86:5e:ea:1e:73:88:d3:8e:f7:fc:4a:d1:
                    c2:4e:67:06:51:8c:50:91:ed:55:00:76:20:f3:09:
                    ca:69:9a:c8:82:e1:49:5b:25:c3:40:91:56:19:1f:
                    9e:46:23:58:54:ec:e1:cc:de:d5:54:1a:66:43:9b:
                    98:67:71:4f:50:64:ee:5a:57:69:6f:02:7c:1d:0d:
                    d8:1a:b7:4a:60:6f:40:68:39:5c:0a:86:a7:ab:fd:
                    18:d4:dd:7a:ac:4a:aa:ae:ec:33:34:2c:3d:c8:e2:
                    9e:9d:31:3d:e8:07:41:9d:eb:57:d6:6d:8a:aa:22:
                    c6:74:32:45:1e:94:be:16:24:61:5b:b6:d9:54:ae:
                    54:5d:a5:05:4a:54:65:08:0d:19:03:c8:77:51:7c:
                    e9:71:a8:ec:73:60:9d:22:73:49:2a:4f:d7:22:86:
                    76:87:29:56:00:0b:78:3d:03:8d:c4:12:13:ff:0d:
                    1b:92:99:70:9d:f0:f1:6f:65:bf:19:04:68:af:d9:
                    dc:56:34:a5:6b:a1:e5:7a:2d:ea:80:ac:6b:48:74:
                    c5:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:E1:21:F9:FF:50:7A:F6:89:7C:EC:22:BD:37:18:78:94:DC:4C:F6
            X509v3 Authority Key Identifier:
                keyid:12:0E:EB:9D:1E:85:BF:30:3E:5F:AB:18:5F:5A:39:7B:83:43:33:F0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/D0031AF9140330F49D96A996203C233366AF745032360C72A3E483578589C570/0/120EEB9D1E85BF303E5FAB185F5A397B834333F0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/120EEB9D1E85BF303E5FAB185F5A397B834333F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/D0031AF9140330F49D96A996203C233366AF745032360C72A3E483578589C570/0/34352e36352e3230332e302f32342d3234203d3e2033333536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:db:5d:79:be:78:ae:5c:78:6e:20:ed:28:56:8b:e2:7a:3f:
         47:78:14:ab:9d:45:ec:8c:a6:08:17:a8:1f:da:9c:b9:9b:98:
         e0:40:41:1f:e6:2e:b1:9e:2b:1a:9a:57:8e:0f:2f:7a:b3:71:
         b1:3d:48:19:c0:f7:d8:0e:f3:66:c6:7f:b9:b6:92:96:c8:60:
         7c:1c:11:23:35:c4:fc:a3:55:62:be:c1:8e:f0:02:09:a5:24:
         22:1c:22:32:7e:73:f3:35:ce:aa:13:7f:a0:6c:ab:40:35:a4:
         0c:ca:e7:60:c3:36:49:53:86:39:27:82:74:59:fa:85:2f:d8:
         19:19:ff:72:7f:11:a9:75:52:8b:92:ff:44:c5:ad:7b:9f:6d:
         43:b4:d7:32:34:d8:44:90:22:e5:68:d4:bb:4f:03:56:71:04:
         d8:e7:20:6f:33:24:0e:d0:9d:cb:c4:88:a9:62:5c:71:80:06:
         c2:e3:88:96:1b:0d:0f:2f:2f:29:36:68:bc:b3:01:71:a5:93:
         1d:87:7d:b3:46:80:01:6f:77:d0:76:10:63:8f:93:16:a3:26:
         8d:4b:8f:8b:e0:64:af:b1:f5:65:1c:df:71:31:93:f7:fe:0e:
         dd:4e:05:26:e5:41:0d:12:e2:6a:8a:a1:c8:90:ed:8c:d9:9a:
         6f:0b:b2:04
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIUWSMD+CRturYki2FxupHaSp9LCXQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTIwRUVCOUQxRTg1QkYzMDNFNUZBQjE4NUY1QTM5N0I4
MzQzMzNGMDAeFw0yNTAyMDQxODMzMDFaFw0yNjAyMDMxODM4MDFaMDMxMTAvBgNV
BAMTKDdERTEyMUY5RkY1MDdBRjY4OTdDRUMyMkJEMzcxODc4OTREQzRDRjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClVc+pvDXEcHPylbXNGE3Qdr+Z
LmOPs/TCMn5AvjC2F1zbAQFttwfkM3mh+ZQS2YZe6h5ziNOO9/xK0cJOZwZRjFCR
7VUAdiDzCcppmsiC4UlbJcNAkVYZH55GI1hU7OHM3tVUGmZDm5hncU9QZO5aV2lv
AnwdDdgat0pgb0BoOVwKhqer/RjU3XqsSqqu7DM0LD3I4p6dMT3oB0Gd61fWbYqq
IsZ0MkUelL4WJGFbttlUrlRdpQVKVGUIDRkDyHdRfOlxqOxzYJ0ic0kqT9cihnaH
KVYAC3g9A43EEhP/DRuSmXCd8PFvZb8ZBGiv2dxWNKVroeV6LeqArGtIdMVhAgMB
AAGjggLEMIICwDAdBgNVHQ4EFgQUfeEh+f9QevaJfOwivTcYeJTcTPYwHwYDVR0j
BBgwFoAUEg7rnR6FvzA+X6sYX1o5e4NDM/AwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9EMDAzMUFGOTE0MDMzMEY0OUQ5NkE5OTYyMDNDMjMzMzY2
QUY3NDUwMzIzNjBDNzJBM0U0ODM1Nzg1ODlDNTcwLzAvMTIwRUVCOUQxRTg1QkYz
MDNFNUZBQjE4NUY1QTM5N0I4MzQzMzNGMC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8xMjBFRUI5RDFFODVCRjMwM0U1
RkFCMTg1RjVBMzk3QjgzNDMzM0YwLmNlcjCBwwYIKwYBBQUHAQsEgbYwgbMwgbAG
CCsGAQUFBzALhoGjcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRDAwMzFBRjkxNDAzMzBGNDlEOTZBOTk2MjAzQzIzMzM2NkFGNzQ1MDMy
MzYwQzcyQTNFNDgzNTc4NTg5QzU3MC8wLzM0MzUyZTM2MzUyZTMyMzAzMzJlMzAy
ZjMyMzQyZDMyMzQyMDNkM2UyMDMzMzMzNTM2LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALUHLMA0GCSqG
SIb3DQEBCwUAA4IBAQBm2115vniuXHhuIO0oVoviej9HeBSrnUXsjKYIF6gf2py5
m5jgQEEf5i6xnisamleODy96s3GxPUgZwPfYDvNmxn+5tpKWyGB8HBEjNcT8o1Vi
vsGO8AIJpSQiHCIyfnPzNc6qE3+gbKtANaQMyudgwzZJU4Y5J4J0WfqFL9gZGf9y
fxGpdVKLkv9Exa17n21DtNcyNNhEkCLlaNS7TwNWcQTY5yBvMyQO0J3LxIipYlxx
gAbC44iWGw0PLy8pNmi8swFxpZMdh32zRoABb3fQdhBjj5MWoyaNS4+L4GSvsfVl
HN9xMZP3/g7dTgUm5UENEuJqiqHIkO2M2ZpvC7IE
-----END CERTIFICATE-----