Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/DF6495DFE557A9656AFD934637E96634D3D2739D5072D17F108058F0A9CA9938/0/3230312e3136332e3132312e302f32342d3234203d3e20323635353034.roa
File:                     3230312e3136332e3132312e302f32342d3234203d3e20323635353034.roa (raw, json)
Hash identifier:          tgH5K0+KwrDzqX9i/ezgsI0FNoHCFZ0eZ1SAjknH2x4=
Subject key identifier:   20:61:72:B9:81:5A:BF:AD:59:2D:29:A5:6C:E4:44:89:29:80:68:29
Certificate issuer:       /CN=E35DD293E1C3BC5F4DE15318FAC5967E7D55BF15
Certificate serial:       2CD2840B5E6189A52254050F6B7EDC4E7F2D954E
Authority key identifier: E3:5D:D2:93:E1:C3:BC:5F:4D:E1:53:18:FA:C5:96:7E:7D:55:BF:15
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/E35DD293E1C3BC5F4DE15318FAC5967E7D55BF15.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/DF6495DFE557A9656AFD934637E96634D3D2739D5072D17F108058F0A9CA9938/0/3230312e3136332e3132312e302f32342d3234203d3e20323635353034.roa
Signing time:             Tue 04 Feb 2025 18:52:44 +0000
ROA not before:           Tue 04 Feb 2025 18:47:44 +0000
ROA not after:            Tue 03 Feb 2026 18:52:44 +0000
asID:                     265504
IP address blocks:        201.163.121.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:d2:84:0b:5e:61:89:a5:22:54:05:0f:6b:7e:dc:4e:7f:2d:95:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=E35DD293E1C3BC5F4DE15318FAC5967E7D55BF15
        Validity
            Not Before: Feb  4 18:47:44 2025 GMT
            Not After : Feb  3 18:52:44 2026 GMT
        Subject: CN=206172B9815ABFAD592D29A56CE4448929806829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0b:ac:78:5d:b9:45:d7:b8:f3:4c:a7:a0:b4:
                    45:78:4c:5e:f2:c4:d8:3f:4e:ff:22:94:66:a5:1b:
                    52:dd:3c:5b:c8:a3:39:d0:da:65:f5:86:2f:64:0a:
                    b8:f7:a0:54:52:57:e1:e6:0d:a6:48:68:81:53:be:
                    54:73:22:30:21:91:5c:87:61:9b:2f:9a:93:7b:76:
                    b4:68:91:9f:79:ae:74:cc:30:63:9e:ea:87:e4:70:
                    e5:71:56:b8:24:07:17:34:f2:c8:26:e1:eb:a3:64:
                    c6:9c:b2:94:3a:d0:1a:69:62:d5:83:5c:6d:7d:49:
                    84:b5:6f:af:a5:5f:ba:95:a3:4d:5e:5e:8c:05:2e:
                    71:21:b2:87:89:b4:42:79:30:12:55:95:65:63:51:
                    26:94:c8:97:aa:9c:61:29:93:be:87:da:03:0c:0a:
                    49:cd:72:1a:1c:c8:1c:47:4a:e7:95:98:6d:c3:b9:
                    ff:99:5b:ac:99:c5:90:d3:d0:62:fc:eb:43:61:10:
                    44:d1:8c:cd:c3:a1:20:fc:63:d1:0c:ec:2e:17:a0:
                    06:a6:56:b2:62:34:af:10:35:1e:e3:0e:de:90:dd:
                    dd:41:a2:9a:ce:72:22:cb:1f:fc:be:0b:03:6e:b3:
                    17:a4:03:f0:2c:53:68:89:c7:02:a3:e6:4e:6c:95:
                    cd:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:61:72:B9:81:5A:BF:AD:59:2D:29:A5:6C:E4:44:89:29:80:68:29
            X509v3 Authority Key Identifier:
                keyid:E3:5D:D2:93:E1:C3:BC:5F:4D:E1:53:18:FA:C5:96:7E:7D:55:BF:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/DF6495DFE557A9656AFD934637E96634D3D2739D5072D17F108058F0A9CA9938/0/E35DD293E1C3BC5F4DE15318FAC5967E7D55BF15.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/E35DD293E1C3BC5F4DE15318FAC5967E7D55BF15.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/DF6495DFE557A9656AFD934637E96634D3D2739D5072D17F108058F0A9CA9938/0/3230312e3136332e3132312e302f32342d3234203d3e20323635353034.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.163.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:bf:96:bf:26:93:ec:4d:74:ef:8e:5d:2d:5a:38:e2:24:b1:
         bc:bf:0b:8c:0b:b5:76:55:fc:7c:70:52:7c:e4:2b:c4:1b:4c:
         fd:f6:76:bd:b2:13:bd:08:fb:c2:86:c8:42:ae:a6:16:2d:d1:
         7c:fc:17:e8:f0:aa:04:9a:78:15:7c:d2:3f:02:83:16:41:21:
         90:28:ad:7a:17:4a:4e:42:dd:ea:43:30:12:b5:8f:56:b3:e5:
         6e:5d:0f:0c:53:21:90:3b:fe:59:34:f8:0b:cd:49:44:2c:f0:
         e2:62:46:2c:38:22:06:3d:eb:1f:37:15:6c:e5:84:31:7c:25:
         8e:fa:32:0d:7a:b9:bd:7a:ec:21:08:e7:1f:54:90:0d:a2:15:
         5e:88:69:c8:64:ec:18:1c:54:26:85:18:22:6e:fb:f5:3c:b5:
         51:25:bc:07:cb:33:09:e4:69:ff:9d:73:42:4e:f6:2f:98:06:
         71:56:d1:6f:af:f8:2a:64:5c:10:96:b0:94:df:5e:91:b7:2a:
         e0:63:7d:6d:43:9a:4f:f9:9b:67:7d:9e:b4:e8:96:40:63:2a:
         22:88:b4:5e:81:cb:b0:d2:64:cd:78:ef:22:be:65:69:cf:55:
         ac:32:5a:c7:02:d4:66:24:88:d5:90:6b:aa:db:7e:c7:70:b4:
         18:87:38:13
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgIULNKEC15hiaUiVAUPa37cTn8tlU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRTM1REQyOTNFMUMzQkM1RjRERTE1MzE4RkFDNTk2N0U3
RDU1QkYxNTAeFw0yNTAyMDQxODQ3NDRaFw0yNjAyMDMxODUyNDRaMDMxMTAvBgNV
BAMTKDIwNjE3MkI5ODE1QUJGQUQ1OTJEMjlBNTZDRTQ0NDg5Mjk4MDY4MjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3C6x4XblF17jzTKegtEV4TF7y
xNg/Tv8ilGalG1LdPFvIoznQ2mX1hi9kCrj3oFRSV+HmDaZIaIFTvlRzIjAhkVyH
YZsvmpN7drRokZ95rnTMMGOe6ofkcOVxVrgkBxc08sgm4eujZMacspQ60BppYtWD
XG19SYS1b6+lX7qVo01eXowFLnEhsoeJtEJ5MBJVlWVjUSaUyJeqnGEpk76H2gMM
CknNchocyBxHSueVmG3Duf+ZW6yZxZDT0GL860NhEETRjM3DoSD8Y9EM7C4XoAam
VrJiNK8QNR7jDt6Q3d1BoprOciLLH/y+CwNusxekA/AsU2iJxwKj5k5slc1PAgMB
AAGjggLMMIICyDAdBgNVHQ4EFgQUIGFyuYFav61ZLSmlbOREiSmAaCkwHwYDVR0j
BBgwFoAU413Sk+HDvF9N4VMY+sWWfn1VvxUwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9ERjY0OTVERkU1NTdBOTY1NkFGRDkzNDYzN0U5NjYzNEQz
RDI3MzlENTA3MkQxN0YxMDgwNThGMEE5Q0E5OTM4LzAvRTM1REQyOTNFMUMzQkM1
RjRERTE1MzE4RkFDNTk2N0U3RDU1QkYxNS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC9FMzVERDI5M0UxQzNCQzVGNERF
MTUzMThGQUM1OTY3RTdENTVCRjE1LmNlcjCBywYIKwYBBQUHAQsEgb4wgbswgbgG
CCsGAQUFBzALhoGrcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvREY2NDk1REZFNTU3QTk2NTZBRkQ5MzQ2MzdFOTY2MzREM0QyNzM5RDUw
NzJEMTdGMTA4MDU4RjBBOUNBOTkzOC8wLzMyMzAzMTJlMzEzNjMzMmUzMTMyMzEy
ZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzMjM2MzUzNTMwMzQucm9hMBgGA1UdIAEB
/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADJ
o3kwDQYJKoZIhvcNAQELBQADggEBAGi/lr8mk+xNdO+OXS1aOOIksby/C4wLtXZV
/HxwUnzkK8QbTP32dr2yE70I+8KGyEKuphYt0Xz8F+jwqgSaeBV80j8CgxZBIZAo
rXoXSk5C3epDMBK1j1az5W5dDwxTIZA7/lk0+AvNSUQs8OJiRiw4IgY96x83FWzl
hDF8JY76Mg16ub167CEI5x9UkA2iFV6Iachk7BgcVCaFGCJu+/U8tVElvAfLMwnk
af+dc0JO9i+YBnFW0W+v+CpkXBCWsJTfXpG3KuBjfW1Dmk/5m2d9nrTolkBjKiKI
tF6By7DSZM147yK+ZWnPVawyWscC1GYkiNWQa6rbfsdwtBiHOBM=
-----END CERTIFICATE-----