Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/D939D9ABEA691570A5D804C203149B30ADA870DF9D368FE15C53E58B1B4DE3FC/0/34352e3232382e3233322e302f32342d3234203d3e20323636363936.roa
File:                     34352e3232382e3233322e302f32342d3234203d3e20323636363936.roa (raw, json)
Hash identifier:          0u08Cid5xh0s+ifK8ZpB7h+HuLO4xH8CFKw8rUTG+LU=
Subject key identifier:   9B:60:6A:42:3D:11:AA:0B:94:EB:E5:AF:A6:10:F1:6B:00:64:46:A6
Certificate issuer:       /CN=DEFA5C5AFE63F6B02C3C33399D2C192E24DCF7FB
Certificate serial:       79E7CBB57AEC82C1AFC81307E0B22061FF6F261D
Authority key identifier: DE:FA:5C:5A:FE:63:F6:B0:2C:3C:33:39:9D:2C:19:2E:24:DC:F7:FB
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DEFA5C5AFE63F6B02C3C33399D2C192E24DCF7FB.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/D939D9ABEA691570A5D804C203149B30ADA870DF9D368FE15C53E58B1B4DE3FC/0/34352e3232382e3233322e302f32342d3234203d3e20323636363936.roa
Signing time:             Thu 20 Feb 2025 19:10:29 +0000
ROA not before:           Thu 20 Feb 2025 19:05:29 +0000
ROA not after:            Thu 19 Feb 2026 19:10:29 +0000
asID:                     266696
IP address blocks:        45.228.232.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:e7:cb:b5:7a:ec:82:c1:af:c8:13:07:e0:b2:20:61:ff:6f:26:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=DEFA5C5AFE63F6B02C3C33399D2C192E24DCF7FB
        Validity
            Not Before: Feb 20 19:05:29 2025 GMT
            Not After : Feb 19 19:10:29 2026 GMT
        Subject: CN=9B606A423D11AA0B94EBE5AFA610F16B006446A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:6c:a1:d7:cd:bd:cf:7e:66:0e:1a:64:8b:32:
                    8f:92:c9:99:5a:21:57:48:b7:d3:83:59:fb:aa:6b:
                    5d:dc:85:c9:75:4d:4e:11:4a:06:5c:68:cf:e6:70:
                    69:37:1f:5b:45:38:ab:10:5d:04:7a:49:6b:7c:45:
                    04:98:a6:2f:9b:03:53:6b:d9:1e:78:65:d8:d4:b8:
                    94:1c:6c:a9:6f:84:a3:70:f9:3f:71:e8:a2:8c:57:
                    ff:b7:72:11:e8:77:55:77:84:be:9e:74:73:3f:58:
                    17:02:aa:50:23:07:48:72:75:b4:f5:d6:7c:96:bc:
                    3a:69:41:8e:b3:4b:b7:16:4a:43:09:98:b4:c7:30:
                    ce:c4:20:10:a9:1d:a4:6d:20:56:5c:56:99:67:3d:
                    a1:41:50:75:cb:84:1f:49:f2:46:a8:21:5c:5d:1c:
                    3f:5c:0f:e6:d6:14:ad:d7:a2:ec:ab:34:ad:4e:28:
                    dd:a7:bf:af:87:0d:8d:0c:e6:6e:dd:ad:a1:19:d0:
                    a9:07:f8:eb:41:ef:8d:11:ce:72:3c:e8:16:0b:80:
                    f9:90:3f:ec:10:6f:4a:8a:1d:e2:bb:59:07:bf:d2:
                    94:de:b8:f6:84:0e:f8:8a:63:ed:c2:7e:8e:40:34:
                    eb:a4:1a:7d:10:48:03:87:75:70:8e:48:8d:1f:35:
                    25:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:60:6A:42:3D:11:AA:0B:94:EB:E5:AF:A6:10:F1:6B:00:64:46:A6
            X509v3 Authority Key Identifier:
                keyid:DE:FA:5C:5A:FE:63:F6:B0:2C:3C:33:39:9D:2C:19:2E:24:DC:F7:FB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/D939D9ABEA691570A5D804C203149B30ADA870DF9D368FE15C53E58B1B4DE3FC/0/DEFA5C5AFE63F6B02C3C33399D2C192E24DCF7FB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/DEFA5C5AFE63F6B02C3C33399D2C192E24DCF7FB.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/D939D9ABEA691570A5D804C203149B30ADA870DF9D368FE15C53E58B1B4DE3FC/0/34352e3232382e3233322e302f32342d3234203d3e20323636363936.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.228.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:a0:56:4a:d3:c3:4c:52:7b:cc:50:49:82:45:d7:d5:f8:2f:
         9f:ef:bb:d9:b5:a5:2d:a5:a9:f8:f1:65:c3:d1:fc:51:f5:e8:
         e1:1f:e2:bc:fb:37:f3:ab:cf:f2:2f:fc:3c:fd:ad:61:b1:4c:
         55:2b:76:ff:c9:dc:35:85:47:61:12:1b:bd:6c:9b:86:9c:06:
         28:0b:93:5e:dd:17:cb:57:f9:90:4f:15:e8:cf:da:eb:2d:8d:
         af:f4:ea:83:ae:be:24:6f:84:d5:70:87:95:5f:95:d7:14:9f:
         a7:2c:29:25:ec:70:6f:6c:4b:bc:69:a5:ae:8d:f7:d5:a6:b4:
         11:fb:b7:26:f8:77:91:f7:e6:58:37:3f:43:f5:e5:62:ae:31:
         42:7c:f7:fe:1d:ff:ae:94:a9:2a:b7:dd:54:17:a5:a8:23:f3:
         a0:89:43:5f:c4:76:78:71:3f:3c:4b:99:12:5b:3a:5e:8b:92:
         92:5a:f6:da:f5:43:d2:66:06:64:01:7b:d7:67:eb:15:59:ee:
         dc:71:e0:87:e7:32:30:e8:93:de:f4:83:26:25:d6:be:17:b5:
         ed:84:7d:a8:5a:71:45:94:51:e9:f7:81:5a:f5:8b:dd:3a:df:
         2d:16:dc:ca:1d:82:11:46:a7:f9:3a:83:e8:ec:ee:f8:9d:17:
         f3:4d:e2:80
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUeefLtXrsgsGvyBMH4LIgYf9vJh0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoREVGQTVDNUFGRTYzRjZCMDJDM0MzMzM5OUQyQzE5MkUy
NERDRjdGQjAeFw0yNTAyMjAxOTA1MjlaFw0yNjAyMTkxOTEwMjlaMDMxMTAvBgNV
BAMTKDlCNjA2QTQyM0QxMUFBMEI5NEVCRTVBRkE2MTBGMTZCMDA2NDQ2QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgbKHXzb3PfmYOGmSLMo+SyZla
IVdIt9ODWfuqa13chcl1TU4RSgZcaM/mcGk3H1tFOKsQXQR6SWt8RQSYpi+bA1Nr
2R54ZdjUuJQcbKlvhKNw+T9x6KKMV/+3chHod1V3hL6edHM/WBcCqlAjB0hydbT1
1nyWvDppQY6zS7cWSkMJmLTHMM7EIBCpHaRtIFZcVplnPaFBUHXLhB9J8kaoIVxd
HD9cD+bWFK3XouyrNK1OKN2nv6+HDY0M5m7draEZ0KkH+OtB740RznI86BYLgPmQ
P+wQb0qKHeK7WQe/0pTeuPaEDviKY+3Cfo5ANOukGn0QSAOHdXCOSI0fNSXRAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUm2BqQj0RqguU6+WvphDxawBkRqYwHwYDVR0j
BBgwFoAU3vpcWv5j9rAsPDM5nSwZLiTc9/swDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9EOTM5RDlBQkVBNjkxNTcwQTVEODA0QzIwMzE0OUIzMEFE
QTg3MERGOUQzNjhGRTE1QzUzRTU4QjFCNERFM0ZDLzAvREVGQTVDNUFGRTYzRjZC
MDJDM0MzMzM5OUQyQzE5MkUyNERDRjdGQi5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9ERUZBNUM1QUZFNjNGNkIwMkMz
QzMzMzk5RDJDMTkyRTI0RENGN0ZCLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRDkzOUQ5QUJFQTY5MTU3MEE1RDgwNEMyMDMxNDlCMzBBREE4NzBERjlE
MzY4RkUxNUM1M0U1OEIxQjRERTNGQy8wLzM0MzUyZTMyMzIzODJlMzIzMzMyMmUz
MDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIzNjM2MzYzOTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALeTo
MA0GCSqGSIb3DQEBCwUAA4IBAQCSoFZK08NMUnvMUEmCRdfV+C+f77vZtaUtpan4
8WXD0fxR9ejhH+K8+zfzq8/yL/w8/a1hsUxVK3b/ydw1hUdhEhu9bJuGnAYoC5Ne
3RfLV/mQTxXoz9rrLY2v9OqDrr4kb4TVcIeVX5XXFJ+nLCkl7HBvbEu8aaWujffV
prQR+7cm+HeR9+ZYNz9D9eVirjFCfPf+Hf+ulKkqt91UF6WoI/OgiUNfxHZ4cT88
S5kSWzpei5KSWvba9UPSZgZkAXvXZ+sVWe7cceCH5zIw6JPe9IMmJda+F7XthH2o
WnFFlFHp94Fa9YvdOt8tFtzKHYIRRqf5OoPo7O74nRfzTeKA
-----END CERTIFICATE-----