Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230302e32392e34382e302f32302d3234203d3e2037343138.roa
File:                     3230302e32392e34382e302f32302d3234203d3e2037343138.roa (raw, json)
Hash identifier:          I6DpYw3D7fhS4KdMiiRHVw3noRVEQVxBQZSa2NowwOY=
Subject key identifier:   A0:C1:66:20:A4:DE:30:B3:58:CF:C2:1C:7E:E6:C1:69:F2:E7:28:01
Certificate issuer:       /CN=25CD6A4FBC8BEE34A2DC371793A09E274E0E3661
Certificate serial:       1A14D829C54C2C9A0EB30BB460B12AB8638FEA22
Authority key identifier: 25:CD:6A:4F:BC:8B:EE:34:A2:DC:37:17:93:A0:9E:27:4E:0E:36:61
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230302e32392e34382e302f32302d3234203d3e2037343138.roa
Signing time:             Tue 04 Feb 2025 18:29:51 +0000
ROA not before:           Tue 04 Feb 2025 18:24:51 +0000
ROA not after:            Tue 03 Feb 2026 18:29:51 +0000
asID:                     7418
IP address blocks:        200.29.48.0/20 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:14:d8:29:c5:4c:2c:9a:0e:b3:0b:b4:60:b1:2a:b8:63:8f:ea:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25CD6A4FBC8BEE34A2DC371793A09E274E0E3661
        Validity
            Not Before: Feb  4 18:24:51 2025 GMT
            Not After : Feb  3 18:29:51 2026 GMT
        Subject: CN=A0C16620A4DE30B358CFC21C7EE6C169F2E72801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:90:8c:5c:56:00:8a:82:74:1f:47:f5:d2:43:
                    c8:56:55:71:a1:f5:a5:b1:ed:6b:ea:e8:05:13:8a:
                    8c:88:d8:3a:d2:6e:23:1f:9e:57:db:7e:ef:1e:2d:
                    85:16:53:18:e6:f3:eb:d3:1b:55:00:47:51:b3:d5:
                    f1:ed:70:09:7a:e0:c6:ab:00:94:48:4c:93:a6:e6:
                    a4:94:bc:7f:ed:54:38:20:5f:22:2b:96:98:05:22:
                    4f:6b:74:42:ba:cc:56:6b:5c:35:2c:6c:43:da:02:
                    bc:54:d5:b6:22:7e:e5:53:bc:cf:9e:77:46:1a:62:
                    74:4e:78:9d:cf:dd:bd:da:62:6e:c1:b1:60:e6:18:
                    cf:32:22:b8:67:48:48:e7:35:3d:b4:5b:e1:bc:00:
                    a3:0e:cd:61:fa:48:ff:59:38:c0:fd:22:9e:f4:2e:
                    9b:90:d5:94:c1:6f:a7:16:62:ad:16:23:d9:95:24:
                    40:ed:41:31:ad:50:3d:8c:db:34:57:39:87:71:23:
                    54:2e:d3:64:5d:42:fc:57:34:53:67:7f:5c:62:b8:
                    09:d3:a0:7e:1a:0b:57:ab:1c:6a:b9:ab:95:63:7a:
                    1d:bf:3c:0a:52:53:b6:7a:9f:7a:4b:92:14:13:5e:
                    4a:ec:34:a9:62:a8:36:f4:24:af:9b:89:5a:2e:3b:
                    e0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:C1:66:20:A4:DE:30:B3:58:CF:C2:1C:7E:E6:C1:69:F2:E7:28:01
            X509v3 Authority Key Identifier:
                keyid:25:CD:6A:4F:BC:8B:EE:34:A2:DC:37:17:93:A0:9E:27:4E:0E:36:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230302e32392e34382e302f32302d3234203d3e2037343138.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.29.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         44:f9:e3:f1:ff:9f:6d:23:12:3b:6b:64:93:81:28:13:9e:19:
         c7:db:f5:22:31:a2:33:e5:8c:c4:b0:00:ef:be:60:40:90:41:
         ec:87:d9:7f:47:b7:56:57:f6:50:79:d9:97:ac:ab:37:8f:fd:
         67:8b:e8:a3:27:36:90:19:33:e2:63:0f:4a:de:24:20:d6:61:
         0f:6a:7f:d3:b5:ed:69:21:ba:70:eb:83:99:be:78:d4:a8:46:
         76:42:d2:08:36:ab:6c:0b:e4:d4:e7:0c:f1:38:ef:9b:e8:94:
         4d:19:55:b5:57:17:8a:39:5a:17:a5:c8:fb:d4:97:bd:44:4b:
         7b:8a:16:dd:da:e8:9a:94:2b:a6:74:b7:a4:a9:45:d4:07:6a:
         ca:ad:e9:ab:bc:58:5f:0e:ba:37:7a:10:6f:cc:22:93:3c:47:
         fa:e6:c6:ba:f0:f2:0a:f2:0a:91:b1:55:67:ea:4a:6e:84:62:
         f0:76:9f:85:58:3a:c0:70:03:1f:75:0f:4f:30:6a:62:e7:44:
         39:2f:ab:88:1f:32:92:af:66:7b:fa:6a:06:76:50:72:1a:4a:
         90:e4:4b:03:df:de:62:f5:19:99:85:5e:2c:ad:e4:d2:4e:61:
         0f:c9:d9:4a:78:e9:0f:43:bd:b3:8e:cf:84:1a:14:94:11:0d:
         8e:1b:b3:83
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIUGhTYKcVMLJoOswu0YLEquGOP6iIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjVDRDZBNEZCQzhCRUUzNEEyREMzNzE3OTNBMDlFMjc0
RTBFMzY2MTAeFw0yNTAyMDQxODI0NTFaFw0yNjAyMDMxODI5NTFaMDMxMTAvBgNV
BAMTKEEwQzE2NjIwQTRERTMwQjM1OENGQzIxQzdFRTZDMTY5RjJFNzI4MDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVkIxcVgCKgnQfR/XSQ8hWVXGh
9aWx7Wvq6AUTioyI2DrSbiMfnlfbfu8eLYUWUxjm8+vTG1UAR1Gz1fHtcAl64Mar
AJRITJOm5qSUvH/tVDggXyIrlpgFIk9rdEK6zFZrXDUsbEPaArxU1bYifuVTvM+e
d0YaYnROeJ3P3b3aYm7BsWDmGM8yIrhnSEjnNT20W+G8AKMOzWH6SP9ZOMD9Ip70
LpuQ1ZTBb6cWYq0WI9mVJEDtQTGtUD2M2zRXOYdxI1Qu02RdQvxXNFNnf1xiuAnT
oH4aC1erHGq5q5Vjeh2/PApSU7Z6n3pLkhQTXkrsNKliqDb0JK+biVouO+DLAgMB
AAGjggLEMIICwDAdBgNVHQ4EFgQUoMFmIKTeMLNYz8IcfubBafLnKAEwHwYDVR0j
BBgwFoAUJc1qT7yL7jSi3DcXk6CeJ04ONmEwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9EOTUyQkFDQjZEMjdFNDgyNjcwMzZGN0NCRDZDQzRBREVF
NjBCQTFEMUNGRjVFRjU5NDgxQTkwQkEyMDcxREQ3LzAvMjVDRDZBNEZCQzhCRUUz
NEEyREMzNzE3OTNBMDlFMjc0RTBFMzY2MS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yNUNENkE0RkJDOEJFRTM0QTJE
QzM3MTc5M0EwOUUyNzRFMEUzNjYxLmNlcjCBwwYIKwYBBQUHAQsEgbYwgbMwgbAG
CCsGAQUFBzALhoGjcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRDk1MkJBQ0I2RDI3RTQ4MjY3MDM2RjdDQkQ2Q0M0QURFRTYwQkExRDFD
RkY1RUY1OTQ4MUE5MEJBMjA3MURENy8wLzMyMzAzMDJlMzIzOTJlMzQzODJlMzAy
ZjMyMzAyZDMyMzQyMDNkM2UyMDM3MzQzMTM4LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEyB0wMA0GCSqG
SIb3DQEBCwUAA4IBAQBE+ePx/59tIxI7a2STgSgTnhnH2/UiMaIz5YzEsADvvmBA
kEHsh9l/R7dWV/ZQedmXrKs3j/1ni+ijJzaQGTPiYw9K3iQg1mEPan/Tte1pIbpw
64OZvnjUqEZ2QtIINqtsC+TU5wzxOO+b6JRNGVW1VxeKOVoXpcj71Je9REt7ihbd
2uialCumdLekqUXUB2rKremrvFhfDro3ehBvzCKTPEf65sa68PIK8gqRsVVn6kpu
hGLwdp+FWDrAcAMfdQ9PMGpi50Q5L6uIHzKSr2Z7+moGdlByGkqQ5EsD395i9RmZ
hV4sreTSTmEPydlKeOkPQ72zjs+EGhSUEQ2OG7OD
-----END CERTIFICATE-----