Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230302e32392e33362e302f32342d3234203d3e2037343138.roa
File:                     3230302e32392e33362e302f32342d3234203d3e2037343138.roa (raw, json)
Hash identifier:          gbjjDDznRJi/aNqpErNFudri5c2B358L0swO4+80Ir4=
Subject key identifier:   9F:18:EE:A2:81:D0:11:2E:8B:33:3C:35:22:EE:A8:4E:EB:62:10:D7
Certificate issuer:       /CN=25CD6A4FBC8BEE34A2DC371793A09E274E0E3661
Certificate serial:       13C5DBF7E11D861D26C59980BCA272AD2B48A6C7
Authority key identifier: 25:CD:6A:4F:BC:8B:EE:34:A2:DC:37:17:93:A0:9E:27:4E:0E:36:61
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230302e32392e33362e302f32342d3234203d3e2037343138.roa
Signing time:             Tue 04 Feb 2025 18:29:52 +0000
ROA not before:           Tue 04 Feb 2025 18:24:52 +0000
ROA not after:            Tue 03 Feb 2026 18:29:52 +0000
asID:                     7418
IP address blocks:        200.29.36.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:c5:db:f7:e1:1d:86:1d:26:c5:99:80:bc:a2:72:ad:2b:48:a6:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25CD6A4FBC8BEE34A2DC371793A09E274E0E3661
        Validity
            Not Before: Feb  4 18:24:52 2025 GMT
            Not After : Feb  3 18:29:52 2026 GMT
        Subject: CN=9F18EEA281D0112E8B333C3522EEA84EEB6210D7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:1e:6a:05:32:87:1b:50:2b:c3:d2:cb:83:77:
                    93:04:97:69:da:d2:06:f2:56:9c:3e:ca:e7:5a:c3:
                    22:8e:b0:bc:26:60:a7:55:ff:ad:7f:90:ad:64:5c:
                    aa:54:45:5f:18:f9:d2:e0:6c:f6:ca:f0:b6:b7:0f:
                    85:e1:fe:8a:2a:c2:b3:9f:3b:d8:37:12:d1:30:ec:
                    d0:0e:45:c9:28:f5:cd:ef:16:f6:ff:c8:60:c8:57:
                    40:7d:71:26:3d:8e:a9:e3:12:8f:74:bd:91:71:57:
                    43:53:54:b3:07:0d:10:cc:17:25:18:2e:77:3e:c9:
                    4c:61:66:f4:05:00:8e:a8:63:cf:e2:e0:c6:6c:b4:
                    33:d4:93:07:85:64:0b:2c:f3:12:83:76:4d:fa:6f:
                    9b:40:48:57:6b:2d:de:7e:5f:dc:8d:37:43:ed:01:
                    27:c6:7b:34:8d:41:1b:4e:75:81:e6:2c:37:83:ea:
                    45:3c:86:6a:67:81:eb:4a:24:45:f0:ea:4a:d4:09:
                    52:43:9a:65:86:f2:9b:f3:44:4e:ad:7d:a7:40:1f:
                    2d:22:c0:75:0b:11:2e:19:34:4e:cf:5d:93:21:98:
                    9d:ba:af:8a:f4:5d:5b:4e:83:3b:45:cc:8e:83:b6:
                    56:08:34:f6:ba:31:d8:60:bd:9e:7c:c8:04:ee:2e:
                    25:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:18:EE:A2:81:D0:11:2E:8B:33:3C:35:22:EE:A8:4E:EB:62:10:D7
            X509v3 Authority Key Identifier:
                keyid:25:CD:6A:4F:BC:8B:EE:34:A2:DC:37:17:93:A0:9E:27:4E:0E:36:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230302e32392e33362e302f32342d3234203d3e2037343138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.29.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:8b:10:ae:d5:6b:96:e5:2e:83:f0:10:21:69:8d:26:90:4c:
         bf:d0:1b:9e:b9:bb:93:c1:aa:61:4d:be:ab:3c:c6:08:16:b9:
         e9:32:c4:48:f7:ed:58:64:51:3e:ed:f4:24:dc:e8:e8:30:02:
         55:5f:39:d3:d4:83:12:40:3a:8e:46:c1:59:57:50:d1:f7:c4:
         4e:6f:20:c7:66:86:ac:88:c4:4a:e8:c7:a7:66:20:c8:df:4e:
         a1:4e:1e:9d:a2:b5:de:46:9a:67:52:33:66:45:c8:11:9a:bd:
         f7:f2:93:1c:20:1f:9b:f2:d1:b2:d9:35:dc:e7:12:73:a4:d5:
         59:ce:83:84:b8:1f:cb:36:8a:c6:6b:5a:87:37:fc:20:7d:b7:
         25:4c:96:7a:15:ec:96:5f:c7:1a:74:db:c9:9b:7a:3e:0a:64:
         5e:84:62:2b:8a:f3:e9:c4:d9:81:ba:cc:83:93:8d:a6:d6:79:
         b8:24:db:9b:1f:80:6d:e3:87:48:f0:18:d3:8b:bd:06:30:e4:
         63:66:3f:39:a4:da:ca:70:17:32:c4:b6:40:cc:ab:33:4c:0d:
         1b:18:29:ba:53:9a:82:1e:82:60:44:2f:b2:c0:ee:1d:de:64:
         52:6b:32:cd:8d:ac:9d:53:8b:0a:82:f7:be:a7:3b:de:b4:99:
         59:10:f7:e5
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIUE8Xb9+Edhh0mxZmAvKJyrStIpscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjVDRDZBNEZCQzhCRUUzNEEyREMzNzE3OTNBMDlFMjc0
RTBFMzY2MTAeFw0yNTAyMDQxODI0NTJaFw0yNjAyMDMxODI5NTJaMDMxMTAvBgNV
BAMTKDlGMThFRUEyODFEMDExMkU4QjMzM0MzNTIyRUVBODRFRUI2MjEwRDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeHmoFMocbUCvD0suDd5MEl2na
0gbyVpw+yudawyKOsLwmYKdV/61/kK1kXKpURV8Y+dLgbPbK8La3D4Xh/ooqwrOf
O9g3EtEw7NAORcko9c3vFvb/yGDIV0B9cSY9jqnjEo90vZFxV0NTVLMHDRDMFyUY
Lnc+yUxhZvQFAI6oY8/i4MZstDPUkweFZAss8xKDdk36b5tASFdrLd5+X9yNN0Pt
ASfGezSNQRtOdYHmLDeD6kU8hmpngetKJEXw6krUCVJDmmWG8pvzRE6tfadAHy0i
wHULES4ZNE7PXZMhmJ26r4r0XVtOgztFzI6DtlYINPa6MdhgvZ58yATuLiWDAgMB
AAGjggLEMIICwDAdBgNVHQ4EFgQUnxjuooHQES6LMzw1Iu6oTutiENcwHwYDVR0j
BBgwFoAUJc1qT7yL7jSi3DcXk6CeJ04ONmEwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9EOTUyQkFDQjZEMjdFNDgyNjcwMzZGN0NCRDZDQzRBREVF
NjBCQTFEMUNGRjVFRjU5NDgxQTkwQkEyMDcxREQ3LzAvMjVDRDZBNEZCQzhCRUUz
NEEyREMzNzE3OTNBMDlFMjc0RTBFMzY2MS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yNUNENkE0RkJDOEJFRTM0QTJE
QzM3MTc5M0EwOUUyNzRFMEUzNjYxLmNlcjCBwwYIKwYBBQUHAQsEgbYwgbMwgbAG
CCsGAQUFBzALhoGjcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRDk1MkJBQ0I2RDI3RTQ4MjY3MDM2RjdDQkQ2Q0M0QURFRTYwQkExRDFD
RkY1RUY1OTQ4MUE5MEJBMjA3MURENy8wLzMyMzAzMDJlMzIzOTJlMzMzNjJlMzAy
ZjMyMzQyZDMyMzQyMDNkM2UyMDM3MzQzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyB0kMA0GCSqG
SIb3DQEBCwUAA4IBAQC5ixCu1WuW5S6D8BAhaY0mkEy/0BueubuTwaphTb6rPMYI
FrnpMsRI9+1YZFE+7fQk3OjoMAJVXznT1IMSQDqORsFZV1DR98RObyDHZoasiMRK
6MenZiDI306hTh6dorXeRppnUjNmRcgRmr338pMcIB+b8tGy2TXc5xJzpNVZzoOE
uB/LNorGa1qHN/wgfbclTJZ6FeyWX8cadNvJm3o+CmRehGIrivPpxNmBusyDk42m
1nm4JNubH4Bt44dI8BjTi70GMORjZj85pNrKcBcyxLZAzKszTA0bGCm6U5qCHoJg
RC+ywO4d3mRSazLNjaydU4sKgve+pzvetJlZEPfl
-----END CERTIFICATE-----