Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/DD35F68E9227CCEAAEA800CE80E70C92F4CEC522E4CD6BA43623E4D22907423E/0/3139302e3132332e34302e302f32322d3234203d3e20323635353430.roa
File:                     3139302e3132332e34302e302f32322d3234203d3e20323635353430.roa (raw, json)
Hash identifier:          4H6iougksNbHRKydrvZpQCJL8DqOcQRoG0k6wbKvJRE=
Subject key identifier:   4D:7D:4F:8B:3A:54:99:40:33:1E:CB:9B:24:71:8E:90:9D:CE:D1:B2
Certificate issuer:       /CN=FAD90A03B0BB49A34C7BF9A5C88CCC4C61A7B3EC
Certificate serial:       2E3D91391850C3E557D9B544396406F1290CC443
Authority key identifier: FA:D9:0A:03:B0:BB:49:A3:4C:7B:F9:A5:C8:8C:CC:4C:61:A7:B3:EC
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/FAD90A03B0BB49A34C7BF9A5C88CCC4C61A7B3EC.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/DD35F68E9227CCEAAEA800CE80E70C92F4CEC522E4CD6BA43623E4D22907423E/0/3139302e3132332e34302e302f32322d3234203d3e20323635353430.roa
Signing time:             Tue 04 Feb 2025 18:50:15 +0000
ROA not before:           Tue 04 Feb 2025 18:45:15 +0000
ROA not after:            Tue 03 Feb 2026 18:50:15 +0000
asID:                     265540
IP address blocks:        190.123.40.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:3d:91:39:18:50:c3:e5:57:d9:b5:44:39:64:06:f1:29:0c:c4:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=FAD90A03B0BB49A34C7BF9A5C88CCC4C61A7B3EC
        Validity
            Not Before: Feb  4 18:45:15 2025 GMT
            Not After : Feb  3 18:50:15 2026 GMT
        Subject: CN=4D7D4F8B3A549940331ECB9B24718E909DCED1B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a1:e2:61:93:07:e8:31:71:49:ed:e7:3e:fb:
                    35:b6:7d:ac:10:81:2d:5f:e3:64:f3:2e:eb:69:32:
                    a1:13:40:94:ee:de:56:ca:06:e3:f3:af:05:f9:73:
                    dd:1b:21:5b:0c:77:49:c4:14:09:3b:d1:ad:9d:5d:
                    2f:6e:61:8f:19:db:79:c1:53:77:28:bb:bd:f4:d5:
                    63:29:0e:89:78:21:56:38:76:0a:04:08:36:c8:8e:
                    20:52:6a:0f:87:f9:22:ba:7d:d3:9b:cd:3a:4b:fd:
                    3b:64:54:56:01:a9:eb:46:ac:70:3a:e2:3c:42:d0:
                    85:ba:e6:42:25:1e:4f:27:8c:5d:f2:a5:da:ea:83:
                    28:04:3b:3e:98:2a:7a:6e:72:8c:a1:90:2f:d3:bc:
                    a5:82:57:75:47:b1:31:63:d5:d5:df:9d:9e:a4:e0:
                    84:95:20:ed:c5:2f:1c:e1:a8:41:40:b7:e3:b3:87:
                    1f:32:d8:36:29:88:eb:e7:0e:39:f4:f7:69:5b:08:
                    e9:c7:24:56:a0:57:96:bb:7f:a2:cc:95:8b:ad:7b:
                    01:26:fa:89:f3:16:84:11:43:07:ed:38:6a:fe:b2:
                    5e:50:ec:78:4f:9c:dd:53:e2:d0:cd:e5:91:60:58:
                    7b:a5:fe:be:93:0a:cf:bd:8d:f6:7c:ba:1a:63:48:
                    06:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:7D:4F:8B:3A:54:99:40:33:1E:CB:9B:24:71:8E:90:9D:CE:D1:B2
            X509v3 Authority Key Identifier:
                keyid:FA:D9:0A:03:B0:BB:49:A3:4C:7B:F9:A5:C8:8C:CC:4C:61:A7:B3:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/DD35F68E9227CCEAAEA800CE80E70C92F4CEC522E4CD6BA43623E4D22907423E/0/FAD90A03B0BB49A34C7BF9A5C88CCC4C61A7B3EC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/FAD90A03B0BB49A34C7BF9A5C88CCC4C61A7B3EC.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/DD35F68E9227CCEAAEA800CE80E70C92F4CEC522E4CD6BA43623E4D22907423E/0/3139302e3132332e34302e302f32322d3234203d3e20323635353430.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.123.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:70:79:57:0b:8d:69:e3:76:a9:6e:a3:2e:18:a7:d6:3f:07:
         23:16:81:09:27:63:0f:87:6b:1c:aa:9d:86:f1:94:07:56:e5:
         e4:53:fa:01:c4:5e:d6:fb:94:16:e3:6d:1b:0e:64:4f:f2:1d:
         36:e9:39:47:32:87:9d:51:d4:b7:f3:d4:b2:94:70:c0:54:69:
         49:88:66:dc:20:ea:25:3a:74:46:d8:ca:e8:76:4f:fa:e9:48:
         c0:1a:17:b5:df:be:19:fe:03:7e:78:8d:b7:fd:9a:ae:06:d7:
         e1:54:ef:ae:d6:7a:44:7a:08:02:46:15:20:8c:d5:30:e9:2b:
         2b:cb:97:25:6a:6e:de:f2:d9:84:fb:6a:5c:27:92:48:55:da:
         b9:62:62:45:62:3c:50:4c:62:3b:79:7e:d2:6b:b9:8f:4f:b6:
         28:d8:9f:df:7b:94:51:9a:25:7f:79:a2:82:7b:13:40:ca:7e:
         60:bc:10:d0:0b:3e:5d:0e:33:e9:6c:f4:be:a6:99:16:1f:9e:
         11:0e:59:54:9e:c4:fa:72:2b:bf:5d:17:89:fb:5b:7b:78:6d:
         e9:f4:da:cc:50:59:33:47:4d:fc:79:68:69:ae:ba:78:05:1a:
         a9:dd:f8:af:53:8f:98:c1:9d:bc:e5:62:e2:4c:62:eb:c6:a5:
         02:4b:8e:d3
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIULj2RORhQw+VX2bVEOWQG8SkMxEMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRkFEOTBBMDNCMEJCNDlBMzRDN0JGOUE1Qzg4Q0NDNEM2
MUE3QjNFQzAeFw0yNTAyMDQxODQ1MTVaFw0yNjAyMDMxODUwMTVaMDMxMTAvBgNV
BAMTKDREN0Q0RjhCM0E1NDk5NDAzMzFFQ0I5QjI0NzE4RTkwOURDRUQxQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtoeJhkwfoMXFJ7ec++zW2fawQ
gS1f42TzLutpMqETQJTu3lbKBuPzrwX5c90bIVsMd0nEFAk70a2dXS9uYY8Z23nB
U3cou7301WMpDol4IVY4dgoECDbIjiBSag+H+SK6fdObzTpL/TtkVFYBqetGrHA6
4jxC0IW65kIlHk8njF3ypdrqgygEOz6YKnpucoyhkC/TvKWCV3VHsTFj1dXfnZ6k
4ISVIO3FLxzhqEFAt+Ozhx8y2DYpiOvnDjn092lbCOnHJFagV5a7f6LMlYutewEm
+onzFoQRQwftOGr+sl5Q7HhPnN1T4tDN5ZFgWHul/r6TCs+9jfZ8uhpjSAa5AgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUTX1PizpUmUAzHsubJHGOkJ3O0bIwHwYDVR0j
BBgwFoAU+tkKA7C7SaNMe/mlyIzMTGGns+wwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9ERDM1RjY4RTkyMjdDQ0VBQUVBODAwQ0U4MEU3MEM5MkY0
Q0VDNTIyRTRDRDZCQTQzNjIzRTREMjI5MDc0MjNFLzAvRkFEOTBBMDNCMEJCNDlB
MzRDN0JGOUE1Qzg4Q0NDNEM2MUE3QjNFQy5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9GQUQ5MEEwM0IwQkI0OUEzNEM3
QkY5QTVDODhDQ0M0QzYxQTdCM0VDLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvREQzNUY2OEU5MjI3Q0NFQUFFQTgwMENFODBFNzBDOTJGNENFQzUyMkU0
Q0Q2QkE0MzYyM0U0RDIyOTA3NDIzRS8wLzMxMzkzMDJlMzEzMjMzMmUzNDMwMmUz
MDJmMzIzMjJkMzIzNDIwM2QzZTIwMzIzNjM1MzUzNDMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvnso
MA0GCSqGSIb3DQEBCwUAA4IBAQBJcHlXC41p43apbqMuGKfWPwcjFoEJJ2MPh2sc
qp2G8ZQHVuXkU/oBxF7W+5QW420bDmRP8h026TlHMoedUdS389SylHDAVGlJiGbc
IOolOnRG2Mrodk/66UjAGhe1374Z/gN+eI23/ZquBtfhVO+u1npEeggCRhUgjNUw
6Ssry5clam7e8tmE+2pcJ5JIVdq5YmJFYjxQTGI7eX7Sa7mPT7Yo2J/fe5RRmiV/
eaKCexNAyn5gvBDQCz5dDjPpbPS+ppkWH54RDllUnsT6ciu/XReJ+1t7eG3p9NrM
UFkzR038eWhprrp4BRqp3fivU4+YwZ285WLiTGLrxqUCS47T
-----END CERTIFICATE-----