Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230302e32392e34382e302f32302d3234203d3e203136363239.roa
File:                     3230302e32392e34382e302f32302d3234203d3e203136363239.roa (raw, json)
Hash identifier:          /jbH8R42bblDsYnnk07YAkoIc1wmiWsEolf1lUK6w+s=
Subject key identifier:   6B:51:1F:60:A8:E1:15:75:9D:C2:7E:0D:71:7E:44:BF:65:D6:38:97
Certificate issuer:       /CN=25CD6A4FBC8BEE34A2DC371793A09E274E0E3661
Certificate serial:       420D8DF740E21F52CFC5D9102CD041C73A063F44
Authority key identifier: 25:CD:6A:4F:BC:8B:EE:34:A2:DC:37:17:93:A0:9E:27:4E:0E:36:61
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230302e32392e34382e302f32302d3234203d3e203136363239.roa
Signing time:             Tue 04 Feb 2025 18:29:43 +0000
ROA not before:           Tue 04 Feb 2025 18:24:43 +0000
ROA not after:            Tue 03 Feb 2026 18:29:43 +0000
asID:                     16629
IP address blocks:        200.29.48.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:0d:8d:f7:40:e2:1f:52:cf:c5:d9:10:2c:d0:41:c7:3a:06:3f:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25CD6A4FBC8BEE34A2DC371793A09E274E0E3661
        Validity
            Not Before: Feb  4 18:24:43 2025 GMT
            Not After : Feb  3 18:29:43 2026 GMT
        Subject: CN=6B511F60A8E115759DC27E0D717E44BF65D63897
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f6:73:47:ae:77:15:30:cf:ba:c3:8c:af:d8:
                    11:8e:d0:8f:8d:6f:47:f2:e2:b3:44:62:cb:09:e7:
                    a0:f2:9f:e2:63:7b:08:71:ca:2f:67:b4:07:93:44:
                    72:5d:d8:fd:34:6a:ad:27:70:7d:4a:39:8d:74:ed:
                    78:d9:5d:3e:e7:7f:60:2a:1f:82:63:a9:8f:1b:c8:
                    ab:c0:25:89:4e:0d:f2:b6:6a:e2:46:fc:5f:ad:a3:
                    38:4e:e2:c5:a7:46:b6:1f:9b:23:97:6a:ea:fe:e5:
                    ff:b1:41:7a:75:6b:8b:3d:92:43:56:aa:fb:fb:3b:
                    00:eb:02:f4:5d:e6:15:22:5a:ab:aa:a8:79:25:cd:
                    55:76:15:ce:f2:9c:e4:e2:de:cb:c8:ee:c0:a9:c4:
                    3b:a6:da:d9:3c:88:db:34:c0:bd:ca:e0:14:09:7d:
                    99:d6:5c:f0:4d:d0:a2:5b:ee:70:8c:7c:42:f1:1f:
                    ce:1c:08:65:f7:a9:d9:51:e6:cd:06:56:1a:1d:b1:
                    06:a3:eb:8c:d1:b3:61:2d:3b:b1:a2:75:ba:bf:d8:
                    2f:a4:47:14:43:1a:09:a1:80:d5:04:16:1d:a3:77:
                    a9:50:8a:bb:97:e9:c5:f8:7c:ac:70:93:8c:af:4b:
                    16:e7:35:82:3e:8d:9a:54:5e:c5:61:f1:88:88:71:
                    9c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:51:1F:60:A8:E1:15:75:9D:C2:7E:0D:71:7E:44:BF:65:D6:38:97
            X509v3 Authority Key Identifier:
                keyid:25:CD:6A:4F:BC:8B:EE:34:A2:DC:37:17:93:A0:9E:27:4E:0E:36:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230302e32392e34382e302f32302d3234203d3e203136363239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.29.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         51:9d:1a:0a:c4:8d:6e:e9:27:94:cc:6d:d7:db:af:20:61:d3:
         be:b1:fd:4a:29:ab:e8:e8:7d:83:ed:cd:a3:6a:69:d4:d1:7d:
         8f:a1:ca:2c:0e:5b:64:d1:f4:13:ad:a4:c6:91:30:c3:06:8a:
         13:62:b4:c1:8b:70:00:31:c7:9e:1e:30:82:da:6f:61:a7:71:
         df:20:82:f0:cf:bb:e9:4b:42:7f:52:82:45:bc:6e:35:9f:aa:
         b5:65:89:da:f0:b5:e9:7c:b8:c9:ba:a6:19:3d:9a:85:94:8e:
         34:b2:81:6b:ac:5c:20:62:fb:df:fa:c6:a8:85:ec:6c:2b:dc:
         5c:17:1f:6a:01:d3:38:0a:1e:29:88:db:ab:ce:59:2b:f4:6c:
         d2:61:97:67:e0:f2:bb:93:99:62:ed:c1:f5:92:7b:35:4f:06:
         ef:b7:3d:51:f2:d5:a7:dc:10:0c:5d:b9:bd:46:3f:16:5b:4d:
         1c:ca:86:4c:c4:51:af:8a:a8:b9:27:1e:6c:30:f3:31:66:f6:
         d5:5b:90:d8:2b:7d:ca:cf:5c:e2:ff:c6:26:6e:f2:6e:83:86:
         cb:18:d1:e7:52:82:c9:99:2f:b2:cc:74:59:f3:15:db:fd:46:
         d0:9f:b8:e9:7b:15:ea:0c:aa:e3:8e:8d:08:ca:84:3a:5b:f9:
         78:a4:05:01
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgIUQg2N90DiH1LPxdkQLNBBxzoGP0QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjVDRDZBNEZCQzhCRUUzNEEyREMzNzE3OTNBMDlFMjc0
RTBFMzY2MTAeFw0yNTAyMDQxODI0NDNaFw0yNjAyMDMxODI5NDNaMDMxMTAvBgNV
BAMTKDZCNTExRjYwQThFMTE1NzU5REMyN0UwRDcxN0U0NEJGNjVENjM4OTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN9nNHrncVMM+6w4yv2BGO0I+N
b0fy4rNEYssJ56Dyn+Jjewhxyi9ntAeTRHJd2P00aq0ncH1KOY107XjZXT7nf2Aq
H4JjqY8byKvAJYlODfK2auJG/F+tozhO4sWnRrYfmyOXaur+5f+xQXp1a4s9kkNW
qvv7OwDrAvRd5hUiWquqqHklzVV2Fc7ynOTi3svI7sCpxDum2tk8iNs0wL3K4BQJ
fZnWXPBN0KJb7nCMfELxH84cCGX3qdlR5s0GVhodsQaj64zRs2EtO7Gidbq/2C+k
RxRDGgmhgNUEFh2jd6lQiruX6cX4fKxwk4yvSxbnNYI+jZpUXsVh8YiIcZxRAgMB
AAGjggLGMIICwjAdBgNVHQ4EFgQUa1EfYKjhFXWdwn4NcX5Ev2XWOJcwHwYDVR0j
BBgwFoAUJc1qT7yL7jSi3DcXk6CeJ04ONmEwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9EOTUyQkFDQjZEMjdFNDgyNjcwMzZGN0NCRDZDQzRBREVF
NjBCQTFEMUNGRjVFRjU5NDgxQTkwQkEyMDcxREQ3LzAvMjVDRDZBNEZCQzhCRUUz
NEEyREMzNzE3OTNBMDlFMjc0RTBFMzY2MS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yNUNENkE0RkJDOEJFRTM0QTJE
QzM3MTc5M0EwOUUyNzRFMEUzNjYxLmNlcjCBxQYIKwYBBQUHAQsEgbgwgbUwgbIG
CCsGAQUFBzALhoGlcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRDk1MkJBQ0I2RDI3RTQ4MjY3MDM2RjdDQkQ2Q0M0QURFRTYwQkExRDFD
RkY1RUY1OTQ4MUE5MEJBMjA3MURENy8wLzMyMzAzMDJlMzIzOTJlMzQzODJlMzAy
ZjMyMzAyZDMyMzQyMDNkM2UyMDMxMzYzNjMyMzkucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBATIHTAwDQYJ
KoZIhvcNAQELBQADggEBAFGdGgrEjW7pJ5TMbdfbryBh076x/Uopq+jofYPtzaNq
adTRfY+hyiwOW2TR9BOtpMaRMMMGihNitMGLcAAxx54eMILab2Gncd8ggvDPu+lL
Qn9SgkW8bjWfqrVlidrwtel8uMm6phk9moWUjjSygWusXCBi+9/6xqiF7Gwr3FwX
H2oB0zgKHimI26vOWSv0bNJhl2fg8ruTmWLtwfWSezVPBu+3PVHy1afcEAxdub1G
PxZbTRzKhkzEUa+KqLknHmww8zFm9tVbkNgrfcrPXOL/xiZu8m6DhssY0edSgsmZ
L7LMdFnzFdv9RtCfuOl7FeoMquOOjQjKhDpb+XikBQE=
-----END CERTIFICATE-----