Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/ED9C7E865CB1DB939BAD43A2DE4A32D5FC0FBE71CCEB242DCB48964C937AB5C7/0/3139312e39372e37302e302f32332d3233203d3e20323633323039.roa
File:                     3139312e39372e37302e302f32332d3233203d3e20323633323039.roa (raw, json)
Hash identifier:          NzlSFFgSOjJScuEs76Q/BLYtMSU1AvDuOBr4CNOQ7hs=
Subject key identifier:   49:10:A8:B2:4F:96:3C:93:2C:83:71:09:30:59:EA:58:5A:08:67:E8
Certificate issuer:       /CN=2D96E2BA3FE89933F1CF36BB037764F824FED7F0
Certificate serial:       0B49721176F869B0A80F0D01A238FD416F1D871D
Authority key identifier: 2D:96:E2:BA:3F:E8:99:33:F1:CF:36:BB:03:77:64:F8:24:FE:D7:F0
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/2D96E2BA3FE89933F1CF36BB037764F824FED7F0.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/ED9C7E865CB1DB939BAD43A2DE4A32D5FC0FBE71CCEB242DCB48964C937AB5C7/0/3139312e39372e37302e302f32332d3233203d3e20323633323039.roa
Signing time:             Tue 04 Feb 2025 18:28:28 +0000
ROA not before:           Tue 04 Feb 2025 18:23:28 +0000
ROA not after:            Tue 03 Feb 2026 18:28:28 +0000
asID:                     263209
IP address blocks:        191.97.70.0/23 maxlen: 23
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:49:72:11:76:f8:69:b0:a8:0f:0d:01:a2:38:fd:41:6f:1d:87:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2D96E2BA3FE89933F1CF36BB037764F824FED7F0
        Validity
            Not Before: Feb  4 18:23:28 2025 GMT
            Not After : Feb  3 18:28:28 2026 GMT
        Subject: CN=4910A8B24F963C932C8371093059EA585A0867E8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:76:7d:22:f7:1b:f3:f3:02:6a:32:6a:9f:90:
                    d3:39:84:e5:bd:19:b2:c1:31:02:d7:ce:c8:2d:8b:
                    6a:5b:89:c9:0d:d0:d8:26:b8:27:3d:13:4e:2c:97:
                    70:76:60:4c:10:fe:4e:71:21:f1:0c:60:bb:81:ff:
                    1a:03:af:83:54:a4:65:a8:be:89:a2:1f:36:2d:0d:
                    d2:5f:19:c8:1d:d4:d0:82:4c:05:ad:e6:78:43:36:
                    ac:22:c8:e6:4e:bf:f4:0f:3d:2e:8e:03:fc:8e:ce:
                    d1:80:cc:e2:06:7d:d7:ea:91:c8:7b:bf:06:42:2c:
                    67:ff:bc:30:0b:9e:6d:bb:ae:52:75:71:d6:a5:c7:
                    1d:86:dc:80:e0:d7:58:d2:90:c6:0e:c7:66:ca:e5:
                    c1:16:f9:d5:dd:78:e8:fb:1b:86:26:90:b5:4e:5e:
                    de:40:b9:7e:ec:23:d6:56:2c:3d:d2:8a:21:68:ad:
                    da:eb:ca:01:da:c4:cc:4b:8d:fb:c7:7b:27:31:9a:
                    67:9e:86:05:2e:f6:87:3c:01:30:66:68:29:40:91:
                    82:e2:93:73:58:9f:00:8d:ac:1c:7b:1f:4b:80:0c:
                    82:c2:62:50:26:b7:c2:09:8d:f9:25:dc:b1:c7:d2:
                    66:23:f6:73:2b:30:59:11:1f:0a:98:99:ea:7d:54:
                    78:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:10:A8:B2:4F:96:3C:93:2C:83:71:09:30:59:EA:58:5A:08:67:E8
            X509v3 Authority Key Identifier:
                keyid:2D:96:E2:BA:3F:E8:99:33:F1:CF:36:BB:03:77:64:F8:24:FE:D7:F0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/ED9C7E865CB1DB939BAD43A2DE4A32D5FC0FBE71CCEB242DCB48964C937AB5C7/0/2D96E2BA3FE89933F1CF36BB037764F824FED7F0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/2D96E2BA3FE89933F1CF36BB037764F824FED7F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/ED9C7E865CB1DB939BAD43A2DE4A32D5FC0FBE71CCEB242DCB48964C937AB5C7/0/3139312e39372e37302e302f32332d3233203d3e20323633323039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.97.70.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:e7:a6:6f:a1:71:1c:ed:93:51:fd:c1:29:fe:cb:f9:99:55:
         d7:4b:5b:d2:08:54:ee:ac:7e:56:e7:d7:6c:f3:77:86:73:a2:
         e7:cf:80:e0:1b:d3:fc:94:a4:b9:98:d1:c4:eb:d3:12:6b:cb:
         99:53:e6:be:d7:ee:20:be:c1:0c:02:61:09:4d:05:a6:b2:09:
         2b:53:49:0a:90:18:f9:1e:fa:ae:43:bf:f0:fd:3b:f1:b0:6b:
         d3:2f:f9:c7:4f:a1:74:8b:97:db:4b:52:1c:3c:67:f8:f5:dd:
         16:20:12:81:06:4f:69:22:7c:7e:0f:55:4a:68:90:04:a8:06:
         02:72:29:5d:c0:0e:8e:47:a0:7b:88:d0:2b:b8:b0:84:fc:0f:
         e3:0a:bd:5a:dc:f8:fb:cb:cb:9e:a7:5c:fc:30:4d:70:fe:f1:
         ee:ca:16:b7:b6:35:d4:02:ad:f0:84:3b:52:2e:16:2d:90:64:
         7e:39:c8:b4:f8:e5:63:e1:56:b8:59:ee:c0:54:5e:54:b7:c9:
         5c:fa:b0:cb:a5:ed:ff:4f:da:70:e6:1a:12:f0:6f:36:ea:5d:
         2a:01:39:0d:e3:bf:21:99:13:1a:c7:0b:11:4a:86:8c:7a:19:
         bf:8a:49:93:fe:f1:7b:30:22:9e:3e:78:b6:20:1d:cb:f0:e5:
         ea:28:2b:de
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUC0lyEXb4abCoDw0Bojj9QW8dhx0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMkQ5NkUyQkEzRkU4OTkzM0YxQ0YzNkJCMDM3NzY0Rjgy
NEZFRDdGMDAeFw0yNTAyMDQxODIzMjhaFw0yNjAyMDMxODI4MjhaMDMxMTAvBgNV
BAMTKDQ5MTBBOEIyNEY5NjNDOTMyQzgzNzEwOTMwNTlFQTU4NUEwODY3RTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCldn0i9xvz8wJqMmqfkNM5hOW9
GbLBMQLXzsgti2pbickN0NgmuCc9E04sl3B2YEwQ/k5xIfEMYLuB/xoDr4NUpGWo
vomiHzYtDdJfGcgd1NCCTAWt5nhDNqwiyOZOv/QPPS6OA/yOztGAzOIGfdfqkch7
vwZCLGf/vDALnm27rlJ1cdalxx2G3IDg11jSkMYOx2bK5cEW+dXdeOj7G4YmkLVO
Xt5AuX7sI9ZWLD3SiiFordrrygHaxMxLjfvHeycxmmeehgUu9oc8ATBmaClAkYLi
k3NYnwCNrBx7H0uADILCYlAmt8IJjfkl3LHH0mYj9nMrMFkRHwqYmep9VHhZAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQUSRCosk+WPJMsg3EJMFnqWFoIZ+gwHwYDVR0j
BBgwFoAULZbiuj/omTPxzza7A3dk+CT+1/AwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9FRDlDN0U4NjVDQjFEQjkzOUJBRDQzQTJERTRBMzJENUZD
MEZCRTcxQ0NFQjI0MkRDQjQ4OTY0QzkzN0FCNUM3LzAvMkQ5NkUyQkEzRkU4OTkz
M0YxQ0YzNkJCMDM3NzY0RjgyNEZFRDdGMC5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yRDk2RTJCQTNGRTg5OTMzRjFD
RjM2QkIwMzc3NjRGODI0RkVEN0YwLmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRUQ5QzdFODY1Q0IxREI5MzlCQUQ0M0EyREU0QTMyRDVGQzBGQkU3MUND
RUIyNDJEQ0I0ODk2NEM5MzdBQjVDNy8wLzMxMzkzMTJlMzkzNzJlMzczMDJlMzAy
ZjMyMzMyZDMyMzMyMDNkM2UyMDMyMzYzMzMyMzAzOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAb9hRjAN
BgkqhkiG9w0BAQsFAAOCAQEAQ+emb6FxHO2TUf3BKf7L+ZlV10tb0ghU7qx+VufX
bPN3hnOi58+A4BvT/JSkuZjRxOvTEmvLmVPmvtfuIL7BDAJhCU0FprIJK1NJCpAY
+R76rkO/8P078bBr0y/5x0+hdIuX20tSHDxn+PXdFiASgQZPaSJ8fg9VSmiQBKgG
AnIpXcAOjkege4jQK7iwhPwP4wq9Wtz4+8vLnqdc/DBNcP7x7soWt7Y11AKt8IQ7
Ui4WLZBkfjnItPjlY+FWuFnuwFReVLfJXPqwy6Xt/0/acOYaEvBvNupdKgE5DeO/
IZkTGscLEUqGjHoZv4pJk/7xezAinj54tiAdy/Dl6igr3g==
-----END CERTIFICATE-----