Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/D5FAD6E6CD7CE551643D04D5DFB81669E35B3ACDD1B9376B37C3245319A0E364/0/3230302e37312e3138382e302f32322d3232203d3e2036333036.roa
File:                     3230302e37312e3138382e302f32322d3232203d3e2036333036.roa (raw, json)
Hash identifier:          dLE/+ArdyFu1jsUW3bpX0DXhpnkjeq7QXHBFWL6UTfs=
Subject key identifier:   C7:BB:42:BC:C7:CC:5A:E5:FF:51:EC:7C:E1:D6:43:5B:06:32:D2:EC
Certificate issuer:       /CN=35705A9ED706FD45725A72D9D83EF1D9B9A12E9C
Certificate serial:       53992A82492DE3AD6D7AD57AA7329FDDA613A1FD
Authority key identifier: 35:70:5A:9E:D7:06:FD:45:72:5A:72:D9:D8:3E:F1:D9:B9:A1:2E:9C
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/35705A9ED706FD45725A72D9D83EF1D9B9A12E9C.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/D5FAD6E6CD7CE551643D04D5DFB81669E35B3ACDD1B9376B37C3245319A0E364/0/3230302e37312e3138382e302f32322d3232203d3e2036333036.roa
Signing time:             Tue 04 Feb 2025 18:32:57 +0000
ROA not before:           Tue 04 Feb 2025 18:27:57 +0000
ROA not after:            Tue 03 Feb 2026 18:32:57 +0000
asID:                     6306
IP address blocks:        200.71.188.0/22 maxlen: 22
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:99:2a:82:49:2d:e3:ad:6d:7a:d5:7a:a7:32:9f:dd:a6:13:a1:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35705A9ED706FD45725A72D9D83EF1D9B9A12E9C
        Validity
            Not Before: Feb  4 18:27:57 2025 GMT
            Not After : Feb  3 18:32:57 2026 GMT
        Subject: CN=C7BB42BCC7CC5AE5FF51EC7CE1D6435B0632D2EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:db:4a:69:9f:76:e4:92:38:59:6c:15:05:8f:
                    31:ce:7f:68:1c:b2:82:9e:f5:40:6f:6f:97:14:77:
                    1d:2b:7d:fb:c4:fa:c2:a4:38:62:23:7f:db:3c:63:
                    78:14:8b:e8:21:e7:b3:ee:78:c3:fd:c4:f6:2b:2d:
                    49:76:e5:2e:b9:90:ef:bc:f8:f0:69:09:a4:6f:2f:
                    10:c1:e5:69:c5:97:d7:5c:7c:fb:aa:9d:ec:9c:33:
                    53:aa:f3:eb:e4:cd:fe:b7:f2:9d:26:69:d4:3b:8d:
                    44:6a:66:94:ef:56:99:e6:73:db:d1:ed:a6:5e:cf:
                    a0:bd:6f:84:ad:63:b5:a1:4f:6a:67:68:45:f6:14:
                    49:76:a7:ea:3a:5c:3a:af:82:09:c5:9f:85:6e:4f:
                    94:a2:93:d8:61:8e:e4:1f:c4:8e:4f:56:6a:84:ff:
                    2d:8f:91:fb:cc:2d:87:4a:6f:fc:07:c2:03:29:cd:
                    8c:2b:92:51:d2:e8:ea:39:c5:e6:47:c7:02:fd:1d:
                    3b:6e:40:b3:c6:b7:7c:c9:d5:69:86:95:78:ac:47:
                    4e:7c:29:57:53:ea:07:d8:20:41:23:16:02:7c:4b:
                    1a:c7:b3:d2:f6:fc:d4:bd:53:5f:90:68:8c:3b:d9:
                    74:9f:87:e9:37:ba:d1:27:3e:69:ad:84:30:91:37:
                    0c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:BB:42:BC:C7:CC:5A:E5:FF:51:EC:7C:E1:D6:43:5B:06:32:D2:EC
            X509v3 Authority Key Identifier:
                keyid:35:70:5A:9E:D7:06:FD:45:72:5A:72:D9:D8:3E:F1:D9:B9:A1:2E:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/D5FAD6E6CD7CE551643D04D5DFB81669E35B3ACDD1B9376B37C3245319A0E364/0/35705A9ED706FD45725A72D9D83EF1D9B9A12E9C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/35705A9ED706FD45725A72D9D83EF1D9B9A12E9C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/D5FAD6E6CD7CE551643D04D5DFB81669E35B3ACDD1B9376B37C3245319A0E364/0/3230302e37312e3138382e302f32322d3232203d3e2036333036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.71.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b8:3a:33:c3:ba:54:80:83:b4:56:41:a2:31:69:52:d0:bf:57:
         bd:88:3f:b4:32:bc:49:ef:68:99:30:de:29:c8:93:80:37:59:
         93:cb:c9:67:69:b3:3d:9c:70:12:97:39:0b:8c:f4:78:29:5b:
         a6:66:88:1b:e5:95:93:6b:e5:d8:cc:b4:ca:d6:7e:d1:b6:5c:
         b7:14:02:99:24:5f:06:99:de:39:8b:58:ae:af:eb:6b:30:19:
         04:b6:a1:02:2d:a3:1f:00:38:ea:ec:01:aa:7e:77:5b:5f:63:
         28:39:d7:1e:77:e1:57:54:15:06:a8:67:9b:bf:e5:33:2b:05:
         98:79:80:c5:73:31:c9:4f:bb:44:0a:da:b5:55:be:d6:cb:e4:
         44:e0:03:5e:ea:6f:a1:30:1d:a1:7a:3e:c0:72:e8:0a:42:56:
         e3:f4:9c:d0:6d:b8:06:f1:7d:68:be:b6:71:d1:4d:d3:68:8c:
         5b:b0:2e:6b:0a:7e:17:05:0f:f3:8f:f7:99:0f:c0:8d:c7:49:
         22:6d:0a:ff:03:99:d2:af:a5:f8:fc:19:66:fa:48:cc:e0:66:
         ad:33:ae:39:b1:4a:8e:79:b9:f4:d7:20:c5:fc:45:56:14:cf:
         13:5d:82:7e:f9:95:ab:17:d6:2f:5e:13:ec:26:5d:e7:99:ec:
         1a:06:42:67
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUU5kqgkkt461tetV6pzKf3aYTof0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMzU3MDVBOUVENzA2RkQ0NTcyNUE3MkQ5RDgzRUYxRDlC
OUExMkU5QzAeFw0yNTAyMDQxODI3NTdaFw0yNjAyMDMxODMyNTdaMDMxMTAvBgNV
BAMTKEM3QkI0MkJDQzdDQzVBRTVGRjUxRUM3Q0UxRDY0MzVCMDYzMkQyRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA20ppn3bkkjhZbBUFjzHOf2gc
soKe9UBvb5cUdx0rffvE+sKkOGIjf9s8Y3gUi+gh57PueMP9xPYrLUl25S65kO+8
+PBpCaRvLxDB5WnFl9dcfPuqneycM1Oq8+vkzf638p0madQ7jURqZpTvVpnmc9vR
7aZez6C9b4StY7WhT2pnaEX2FEl2p+o6XDqvggnFn4VuT5Sik9hhjuQfxI5PVmqE
/y2PkfvMLYdKb/wHwgMpzYwrklHS6Oo5xeZHxwL9HTtuQLPGt3zJ1WmGlXisR058
KVdT6gfYIEEjFgJ8SxrHs9L2/NS9U1+QaIw72XSfh+k3utEnPmmthDCRNwxZAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUx7tCvMfMWuX/Uex84dZDWwYy0uwwHwYDVR0j
BBgwFoAUNXBantcG/UVyWnLZ2D7x2bmhLpwwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9ENUZBRDZFNkNEN0NFNTUxNjQzRDA0RDVERkI4MTY2OUUz
NUIzQUNERDFCOTM3NkIzN0MzMjQ1MzE5QTBFMzY0LzAvMzU3MDVBOUVENzA2RkQ0
NTcyNUE3MkQ5RDgzRUYxRDlCOUExMkU5Qy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8zNTcwNUE5RUQ3MDZGRDQ1NzI1
QTcyRDlEODNFRjFEOUI5QTEyRTlDLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRDVGQUQ2RTZDRDdDRTU1MTY0M0QwNEQ1REZCODE2NjlFMzVCM0FDREQx
QjkzNzZCMzdDMzI0NTMxOUEwRTM2NC8wLzMyMzAzMDJlMzczMTJlMzEzODM4MmUz
MDJmMzIzMjJkMzIzMjIwM2QzZTIwMzYzMzMwMzYucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBALIR7wwDQYJ
KoZIhvcNAQELBQADggEBALg6M8O6VICDtFZBojFpUtC/V72IP7QyvEnvaJkw3inI
k4A3WZPLyWdpsz2ccBKXOQuM9HgpW6ZmiBvllZNr5djMtMrWftG2XLcUApkkXwaZ
3jmLWK6v62swGQS2oQItox8AOOrsAap+d1tfYyg51x534VdUFQaoZ5u/5TMrBZh5
gMVzMclPu0QK2rVVvtbL5ETgA17qb6EwHaF6PsBy6ApCVuP0nNBtuAbxfWi+tnHR
TdNojFuwLmsKfhcFD/OP95kPwI3HSSJtCv8DmdKvpfj8GWb6SMzgZq0zrjmxSo55
ufTXIMX8RVYUzxNdgn75lasX1i9eE+wmXeeZ7BoGQmc=
-----END CERTIFICATE-----