Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/F68E217F69DE99D52AB3B6385D134B93C3D4D8260F1E24C0231493E89C2FF10F/0/3137302e3233332e37322e302f32342d3234203d3e203333333932.roa
File:                     3137302e3233332e37322e302f32342d3234203d3e203333333932.roa (raw, json)
Hash identifier:          0HtXZcA1PRi11GEBl9+pmbugiQDzU4sSincOQ+bOFng=
Subject key identifier:   AB:C9:D1:A0:AB:AE:E7:62:34:01:3C:D1:1A:0B:61:DA:56:4A:E9:EC
Certificate issuer:       /CN=9651F1E4B6480D19626E784CA1A8F0ABC94C1487
Certificate serial:       4A85296B5586CDF6EEDAE84AF6F1E2E394C6862E
Authority key identifier: 96:51:F1:E4:B6:48:0D:19:62:6E:78:4C:A1:A8:F0:AB:C9:4C:14:87
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9651F1E4B6480D19626E784CA1A8F0ABC94C1487.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/F68E217F69DE99D52AB3B6385D134B93C3D4D8260F1E24C0231493E89C2FF10F/0/3137302e3233332e37322e302f32342d3234203d3e203333333932.roa
Signing time:             Tue 17 Dec 2024 15:10:00 +0000
ROA not before:           Tue 17 Dec 2024 15:05:00 +0000
ROA not after:            Tue 16 Dec 2025 15:10:00 +0000
asID:                     33392
IP address blocks:        170.233.72.0/24 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:85:29:6b:55:86:cd:f6:ee:da:e8:4a:f6:f1:e2:e3:94:c6:86:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9651F1E4B6480D19626E784CA1A8F0ABC94C1487
        Validity
            Not Before: Dec 17 15:05:00 2024 GMT
            Not After : Dec 16 15:10:00 2025 GMT
        Subject: CN=ABC9D1A0ABAEE76234013CD11A0B61DA564AE9EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:ba:50:cc:cb:0d:b9:c1:c9:9c:5c:e5:dc:27:
                    64:c6:bf:db:6c:fd:7a:5d:ec:a0:7a:2d:14:ec:cd:
                    63:11:53:3f:d8:be:4d:de:8b:29:09:21:11:30:40:
                    b3:da:95:0d:5e:78:19:2f:23:0f:b9:14:6d:db:80:
                    50:0f:ff:b6:f1:ba:eb:32:17:12:e9:72:4e:8e:0c:
                    eb:89:b1:38:d3:7b:46:ff:7c:45:9d:22:ed:a2:0a:
                    9a:28:af:1a:1c:00:3f:b0:f3:f2:a3:e4:e8:ba:52:
                    d5:a7:ee:8e:80:91:bb:4b:5b:e5:07:98:46:e8:72:
                    68:bb:23:d4:c0:ee:ac:bc:41:eb:1d:3a:d1:fc:c1:
                    5d:8b:21:34:86:69:72:10:c8:a9:fd:26:c3:11:94:
                    66:53:91:6a:5d:c1:29:8f:f1:b7:38:b0:16:5e:7c:
                    46:4a:1b:f9:89:f8:04:86:43:73:b8:b6:80:54:26:
                    c1:15:e2:4c:3b:8d:60:37:db:f7:ce:d9:9f:a6:56:
                    f6:cd:a0:a3:e9:0f:58:ed:c3:f0:f6:1b:24:18:a3:
                    1e:fc:f6:08:75:06:29:76:35:cc:86:b2:fb:0c:da:
                    a8:71:f0:58:5b:57:e7:0f:32:dd:72:ce:76:ee:f1:
                    3c:46:26:a8:11:98:9a:46:15:01:52:29:36:77:ac:
                    74:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:C9:D1:A0:AB:AE:E7:62:34:01:3C:D1:1A:0B:61:DA:56:4A:E9:EC
            X509v3 Authority Key Identifier:
                keyid:96:51:F1:E4:B6:48:0D:19:62:6E:78:4C:A1:A8:F0:AB:C9:4C:14:87

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/F68E217F69DE99D52AB3B6385D134B93C3D4D8260F1E24C0231493E89C2FF10F/0/9651F1E4B6480D19626E784CA1A8F0ABC94C1487.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/9651F1E4B6480D19626E784CA1A8F0ABC94C1487.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/F68E217F69DE99D52AB3B6385D134B93C3D4D8260F1E24C0231493E89C2FF10F/0/3137302e3233332e37322e302f32342d3234203d3e203333333932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.233.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:6e:5b:0c:14:76:be:50:f9:56:a8:a3:e9:85:01:f1:bd:68:
         c8:1a:ae:5b:2d:6f:1d:57:c2:f8:3c:8f:75:59:03:8e:d1:b4:
         dc:f6:68:aa:63:1f:f9:f4:90:42:50:4d:51:e7:3a:48:20:5d:
         0d:b4:b6:ee:a1:b6:fb:19:3d:b0:3a:1e:d0:ee:90:5d:03:25:
         3b:0b:aa:60:45:68:7c:2a:dc:06:26:99:ea:78:8b:9a:0d:ed:
         2b:d3:8f:2b:9b:b5:07:0a:51:da:f1:7b:ed:36:02:26:ca:24:
         84:17:b4:75:a8:2a:e0:15:18:bf:ad:6e:ba:e2:a7:5f:6c:b4:
         a1:cf:83:0b:8a:57:38:56:e9:e0:02:55:ab:29:ec:f3:91:db:
         df:51:75:ff:65:94:44:d9:e3:e8:e0:0f:e2:f3:ae:8e:fc:30:
         6a:b0:dc:6c:79:25:a4:6c:26:2a:75:ba:98:4a:46:06:46:03:
         bb:e4:92:5c:b9:c2:6f:86:91:8c:7b:0b:16:94:55:83:65:44:
         c4:b5:92:0d:29:80:bc:3b:7a:64:4d:d0:1a:01:a4:3c:4d:60:
         28:69:df:49:ee:55:29:74:54:7e:ce:fb:ae:4e:da:db:74:b3:
         ec:14:7e:d4:c7:f9:e7:90:dc:47:00:d9:87:fc:7d:eb:7f:37:
         4f:e3:d5:ab
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIUSoUpa1WGzfbu2uhK9vHi45TGhi4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOTY1MUYxRTRCNjQ4MEQxOTYyNkU3ODRDQTFBOEYwQUJD
OTRDMTQ4NzAeFw0yNDEyMTcxNTA1MDBaFw0yNTEyMTYxNTEwMDBaMDMxMTAvBgNV
BAMTKEFCQzlEMUEwQUJBRUU3NjIzNDAxM0NEMTFBMEI2MURBNTY0QUU5RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhulDMyw25wcmcXOXcJ2TGv9ts
/Xpd7KB6LRTszWMRUz/Yvk3eiykJIREwQLPalQ1eeBkvIw+5FG3bgFAP/7bxuusy
FxLpck6ODOuJsTjTe0b/fEWdIu2iCpoorxocAD+w8/Kj5Oi6UtWn7o6AkbtLW+UH
mEbocmi7I9TA7qy8QesdOtH8wV2LITSGaXIQyKn9JsMRlGZTkWpdwSmP8bc4sBZe
fEZKG/mJ+ASGQ3O4toBUJsEV4kw7jWA32/fO2Z+mVvbNoKPpD1jtw/D2GyQYox78
9gh1Bil2NcyGsvsM2qhx8FhbV+cPMt1yznbu8TxGJqgRmJpGFQFSKTZ3rHQbAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQUq8nRoKuu52I0ATzRGgth2lZK6ewwHwYDVR0j
BBgwFoAUllHx5LZIDRlibnhMoajwq8lMFIcwDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9GNjhFMjE3RjY5REU5OUQ1MkFCM0I2Mzg1RDEzNEI5M0Mz
RDREODI2MEYxRTI0QzAyMzE0OTNFODlDMkZGMTBGLzAvOTY1MUYxRTRCNjQ4MEQx
OTYyNkU3ODRDQTFBOEYwQUJDOTRDMTQ4Ny5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC85NjUxRjFFNEI2NDgwRDE5NjI2
RTc4NENBMUE4RjBBQkM5NEMxNDg3LmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRjY4RTIxN0Y2OURFOTlENTJBQjNCNjM4NUQxMzRCOTNDM0Q0RDgyNjBG
MUUyNEMwMjMxNDkzRTg5QzJGRjEwRi8wLzMxMzczMDJlMzIzMzMzMmUzNzMyMmUz
MDJmMzIzNDJkMzIzNDIwM2QzZTIwMzMzMzMzMzkzMi5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAKrpSDAN
BgkqhkiG9w0BAQsFAAOCAQEAem5bDBR2vlD5Vqij6YUB8b1oyBquWy1vHVfC+DyP
dVkDjtG03PZoqmMf+fSQQlBNUec6SCBdDbS27qG2+xk9sDoe0O6QXQMlOwuqYEVo
fCrcBiaZ6niLmg3tK9OPK5u1BwpR2vF77TYCJsokhBe0dagq4BUYv61uuuKnX2y0
oc+DC4pXOFbp4AJVqyns85Hb31F1/2WURNnj6OAP4vOujvwwarDcbHklpGwmKnW6
mEpGBkYDu+SSXLnCb4aRjHsLFpRVg2VExLWSDSmAvDt6ZE3QGgGkPE1gKGnfSe5V
KXRUfs77rk7a23Sz7BR+1Mf555DcRwDZh/x96383T+PVqw==
-----END CERTIFICATE-----