Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230312e3232322e3139322e302f31382d3234203d3e203136363239.roa
File:                     3230312e3232322e3139322e302f31382d3234203d3e203136363239.roa (raw, json)
Hash identifier:          vL01QbphPN1UGTtYu2DfYVD2PY5ak9ViOQzW1tWsplQ=
Subject key identifier:   37:6F:5D:0B:97:70:DF:D9:15:A7:D9:90:AA:25:D1:22:53:4A:E7:A6
Certificate issuer:       /CN=25CD6A4FBC8BEE34A2DC371793A09E274E0E3661
Certificate serial:       2520476756B0DAB4D537ABF5D195D4D5A332F2D8
Authority key identifier: 25:CD:6A:4F:BC:8B:EE:34:A2:DC:37:17:93:A0:9E:27:4E:0E:36:61
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230312e3232322e3139322e302f31382d3234203d3e203136363239.roa
Signing time:             Tue 04 Feb 2025 18:29:58 +0000
ROA not before:           Tue 04 Feb 2025 18:24:58 +0000
ROA not after:            Tue 03 Feb 2026 18:29:58 +0000
asID:                     16629
IP address blocks:        201.222.192.0/18 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:20:47:67:56:b0:da:b4:d5:37:ab:f5:d1:95:d4:d5:a3:32:f2:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25CD6A4FBC8BEE34A2DC371793A09E274E0E3661
        Validity
            Not Before: Feb  4 18:24:58 2025 GMT
            Not After : Feb  3 18:29:58 2026 GMT
        Subject: CN=376F5D0B9770DFD915A7D990AA25D122534AE7A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:37:23:c2:2e:e0:a5:d4:4b:6f:21:1c:c9:e8:
                    20:58:85:d3:20:1f:39:b3:96:2b:c7:dc:0c:4d:a8:
                    50:bf:2f:59:86:ab:62:82:c9:e9:4a:75:88:f6:07:
                    33:ea:80:7b:f9:c5:3b:b6:94:73:f2:44:7c:60:83:
                    5c:15:68:18:74:f5:c1:67:83:ce:f4:87:73:0c:96:
                    e3:26:68:27:45:3c:6f:ac:4e:3f:e0:e8:b6:aa:2a:
                    30:58:bf:bd:43:f7:96:c5:eb:50:79:43:a0:9f:16:
                    3d:8a:7f:e0:22:c3:d4:5f:96:a6:3c:fc:93:50:00:
                    fa:20:16:b3:2f:19:c0:03:73:4d:33:fb:ea:d3:c1:
                    f8:da:9d:5e:9d:c1:0c:9a:a1:12:78:9a:2d:ad:f8:
                    17:00:fe:4a:06:51:bd:50:e4:3d:9a:a3:e1:1c:c6:
                    0c:e9:05:8c:8a:e4:28:e9:de:3e:26:12:59:22:03:
                    d0:39:09:c8:45:30:b5:fa:ab:e3:4f:a5:70:66:9b:
                    4b:ce:37:58:51:98:ca:8e:43:d4:91:31:27:0d:c3:
                    73:4d:d3:80:21:7a:a2:32:bf:f8:cf:16:c2:ea:ad:
                    f3:df:c0:62:11:a9:cf:02:93:5a:06:01:d5:ac:f9:
                    c1:eb:56:97:56:43:7d:24:24:a0:92:ba:6d:bb:37:
                    48:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6F:5D:0B:97:70:DF:D9:15:A7:D9:90:AA:25:D1:22:53:4A:E7:A6
            X509v3 Authority Key Identifier:
                keyid:25:CD:6A:4F:BC:8B:EE:34:A2:DC:37:17:93:A0:9E:27:4E:0E:36:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/25CD6A4FBC8BEE34A2DC371793A09E274E0E3661.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/D952BACB6D27E48267036F7CBD6CC4ADEE60BA1D1CFF5EF59481A90BA2071DD7/0/3230312e3232322e3139322e302f31382d3234203d3e203136363239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.222.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         70:1a:0b:ce:d2:32:7a:fb:98:eb:b9:5c:26:97:e5:53:ea:89:
         42:5d:a1:8e:35:a9:7e:39:d5:69:ba:80:a3:81:3f:b5:03:ec:
         de:55:bf:2f:98:0d:eb:d6:24:11:64:c6:99:a7:37:80:9c:90:
         5f:4a:f4:3b:84:37:04:4b:a7:18:30:4c:02:96:41:2d:5d:e9:
         2a:0c:2a:eb:f8:75:64:c4:ee:86:ff:5b:f0:e8:64:ef:c6:65:
         b6:95:d0:80:5f:28:8c:89:10:a1:49:69:04:8e:d7:8a:57:4e:
         9d:38:1c:3a:f1:31:62:c0:58:17:51:f1:c6:30:f3:42:28:e2:
         d1:73:82:95:72:f4:f7:fe:1d:fd:54:76:2e:f5:65:45:16:8b:
         03:fb:c4:a9:f7:7c:c0:08:70:eb:03:6c:8b:fb:9c:d3:7b:1e:
         b8:a8:2a:9f:56:d1:f2:cd:29:e6:81:79:f7:cb:7c:55:3f:d9:
         27:47:f8:9c:39:86:38:2d:2b:50:51:e4:6b:48:9b:73:23:3b:
         b1:f7:4f:86:68:dc:f5:d8:06:5b:e9:37:85:ab:d4:c8:48:53:
         33:46:4e:90:4d:87:dc:67:b5:65:8e:3f:f8:aa:43:96:e0:63:
         a8:7f:0e:60:00:99:7e:7e:f5:c6:fc:31:9f:ab:a4:22:65:66:
         aa:46:a6:3d
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUJSBHZ1aw2rTVN6v10ZXU1aMy8tgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjVDRDZBNEZCQzhCRUUzNEEyREMzNzE3OTNBMDlFMjc0
RTBFMzY2MTAeFw0yNTAyMDQxODI0NThaFw0yNjAyMDMxODI5NThaMDMxMTAvBgNV
BAMTKDM3NkY1RDBCOTc3MERGRDkxNUE3RDk5MEFBMjVEMTIyNTM0QUU3QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCINyPCLuCl1EtvIRzJ6CBYhdMg
HzmzlivH3AxNqFC/L1mGq2KCyelKdYj2BzPqgHv5xTu2lHPyRHxgg1wVaBh09cFn
g870h3MMluMmaCdFPG+sTj/g6LaqKjBYv71D95bF61B5Q6CfFj2Kf+Aiw9RflqY8
/JNQAPogFrMvGcADc00z++rTwfjanV6dwQyaoRJ4mi2t+BcA/koGUb1Q5D2ao+Ec
xgzpBYyK5Cjp3j4mElkiA9A5CchFMLX6q+NPpXBmm0vON1hRmMqOQ9SRMScNw3NN
04AheqIyv/jPFsLqrfPfwGIRqc8Ck1oGAdWs+cHrVpdWQ30kJKCSum27N0j3AgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUN29dC5dw39kVp9mQqiXRIlNK56YwHwYDVR0j
BBgwFoAUJc1qT7yL7jSi3DcXk6CeJ04ONmEwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9EOTUyQkFDQjZEMjdFNDgyNjcwMzZGN0NCRDZDQzRBREVF
NjBCQTFEMUNGRjVFRjU5NDgxQTkwQkEyMDcxREQ3LzAvMjVDRDZBNEZCQzhCRUUz
NEEyREMzNzE3OTNBMDlFMjc0RTBFMzY2MS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yNUNENkE0RkJDOEJFRTM0QTJE
QzM3MTc5M0EwOUUyNzRFMEUzNjYxLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRDk1MkJBQ0I2RDI3RTQ4MjY3MDM2RjdDQkQ2Q0M0QURFRTYwQkExRDFD
RkY1RUY1OTQ4MUE5MEJBMjA3MURENy8wLzMyMzAzMTJlMzIzMjMyMmUzMTM5MzIy
ZTMwMmYzMTM4MmQzMjM0MjAzZDNlMjAzMTM2MzYzMjM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQGyd7A
MA0GCSqGSIb3DQEBCwUAA4IBAQBwGgvO0jJ6+5jruVwml+VT6olCXaGONal+OdVp
uoCjgT+1A+zeVb8vmA3r1iQRZMaZpzeAnJBfSvQ7hDcES6cYMEwClkEtXekqDCrr
+HVkxO6G/1vw6GTvxmW2ldCAXyiMiRChSWkEjteKV06dOBw68TFiwFgXUfHGMPNC
KOLRc4KVcvT3/h39VHYu9WVFFosD+8Sp93zACHDrA2yL+5zTex64qCqfVtHyzSnm
gXn3y3xVP9knR/icOYY4LStQUeRrSJtzIzux90+GaNz12AZb6TeFq9TISFMzRk6Q
TYfcZ7Vljj/4qkOW4GOofw5gAJl+fvXG/DGfq6QiZWaqRqY9
-----END CERTIFICATE-----