Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/FBE99DF8D33AC2CA065D640BE69BE5F6EB0F4321A6FF41ECE29C275E0D8163B3/0/3137302e3233382e3234302e302f32322d3234203d3e203532343238.roa
File:                     3137302e3233382e3234302e302f32322d3234203d3e203532343238.roa (raw, json)
Hash identifier:          NRSWwXZMy++UvHjGK575M+zUFS53qYwHDxpG7wTGsUY=
Subject key identifier:   C4:B4:90:D9:5E:F6:35:60:6D:F2:79:9D:DA:4E:7B:59:49:D0:25:EB
Certificate issuer:       /CN=26AEC4B404192D277BCF3F50A0DD5E7AB8EB3E1E
Certificate serial:       2F684C306C5A21BA719382469BA925E2F4D6B543
Authority key identifier: 26:AE:C4:B4:04:19:2D:27:7B:CF:3F:50:A0:DD:5E:7A:B8:EB:3E:1E
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/26AEC4B404192D277BCF3F50A0DD5E7AB8EB3E1E.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/FBE99DF8D33AC2CA065D640BE69BE5F6EB0F4321A6FF41ECE29C275E0D8163B3/0/3137302e3233382e3234302e302f32322d3234203d3e203532343238.roa
Signing time:             Tue 04 Feb 2025 18:15:06 +0000
ROA not before:           Tue 04 Feb 2025 18:10:06 +0000
ROA not after:            Tue 03 Feb 2026 18:15:06 +0000
asID:                     52428
IP address blocks:        170.238.240.0/22 maxlen: 24
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:68:4c:30:6c:5a:21:ba:71:93:82:46:9b:a9:25:e2:f4:d6:b5:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26AEC4B404192D277BCF3F50A0DD5E7AB8EB3E1E
        Validity
            Not Before: Feb  4 18:10:06 2025 GMT
            Not After : Feb  3 18:15:06 2026 GMT
        Subject: CN=C4B490D95EF635606DF2799DDA4E7B5949D025EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:15:d9:04:a6:85:53:6e:3b:34:ce:a6:89:8d:
                    55:38:db:76:70:be:3d:08:08:5b:db:3e:fe:0a:ec:
                    75:f5:f3:eb:59:53:b8:42:d3:bf:cc:58:c4:30:47:
                    d6:e6:5a:be:ce:f7:d3:f3:85:64:34:6b:e5:48:75:
                    40:db:1f:20:da:f6:fc:de:31:f9:1c:b9:88:3c:86:
                    c9:f3:5d:95:9d:db:40:f6:68:12:b5:ad:55:1d:c1:
                    70:67:f1:a0:7e:47:7e:0f:67:bc:7c:2c:51:b7:98:
                    81:af:31:9e:7f:75:63:1a:fb:a9:f9:fa:87:05:87:
                    62:f2:ee:52:b2:b4:5b:60:4d:ab:55:cb:e2:b1:24:
                    94:46:e8:2f:10:f6:a9:f6:0d:0c:af:26:d7:80:e0:
                    c1:48:a9:9d:8c:fb:df:46:e2:1e:da:34:a5:ac:e8:
                    31:99:c5:66:56:a6:9f:45:3b:35:bc:0c:d0:05:cc:
                    2a:12:78:b7:88:b1:a6:f9:50:aa:59:f1:4e:21:8c:
                    b9:94:c1:32:c0:3c:16:f7:fc:8e:56:3e:e4:79:6e:
                    94:c6:0f:39:f3:52:d1:f2:66:84:53:ca:2c:9e:21:
                    33:bd:e7:97:32:db:6a:7a:21:0b:bc:39:9c:e6:a2:
                    f5:52:bc:63:0a:a7:e9:55:98:7e:fd:33:3b:52:22:
                    f9:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:B4:90:D9:5E:F6:35:60:6D:F2:79:9D:DA:4E:7B:59:49:D0:25:EB
            X509v3 Authority Key Identifier:
                keyid:26:AE:C4:B4:04:19:2D:27:7B:CF:3F:50:A0:DD:5E:7A:B8:EB:3E:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/FBE99DF8D33AC2CA065D640BE69BE5F6EB0F4321A6FF41ECE29C275E0D8163B3/0/26AEC4B404192D277BCF3F50A0DD5E7AB8EB3E1E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/26AEC4B404192D277BCF3F50A0DD5E7AB8EB3E1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/FBE99DF8D33AC2CA065D640BE69BE5F6EB0F4321A6FF41ECE29C275E0D8163B3/0/3137302e3233382e3234302e302f32322d3234203d3e203532343238.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.238.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:79:70:15:d9:53:c5:fa:3e:24:a4:9f:90:4f:e3:27:25:e4:
         35:0f:6f:d6:e9:85:72:98:30:2f:e4:1e:b5:8d:88:c2:d7:c0:
         07:b6:ea:39:d0:50:cc:19:38:0f:2f:8f:0c:f5:da:9f:88:65:
         e1:11:c9:98:35:e4:23:0b:87:80:b2:1c:77:eb:fb:43:be:20:
         fb:ee:0b:0f:46:58:ba:81:6a:16:9d:4e:43:89:0b:ba:97:e8:
         0a:d5:a9:dd:98:81:e5:4a:6d:1b:6d:79:7f:be:7e:e0:0c:ed:
         0c:9e:bc:13:98:75:0a:5b:04:83:f3:fb:c3:47:b1:2e:05:31:
         6d:bd:8d:65:b9:46:56:89:7c:18:c8:f0:45:8c:4f:56:bc:08:
         fd:33:66:75:68:e7:ff:f3:d3:07:68:2e:d7:3e:f2:08:91:6b:
         6f:dc:b4:a1:a0:4b:31:b7:5e:2f:26:f6:26:f0:20:06:c1:4e:
         37:63:ee:e3:b7:61:02:65:e5:fc:f5:fc:5b:17:27:96:78:29:
         95:83:73:9b:d4:93:2d:8c:26:bd:b9:9e:a4:e4:43:9e:99:63:
         0f:4a:27:6f:b6:d5:ca:17:7a:01:eb:02:92:8a:7b:51:78:1d:
         a6:5f:4f:1f:f7:e5:98:61:3a:cd:95:e4:66:34:9e:1c:43:05:
         6e:49:14:c5
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgIUL2hMMGxaIbpxk4JGm6kl4vTWtUMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjZBRUM0QjQwNDE5MkQyNzdCQ0YzRjUwQTBERDVFN0FC
OEVCM0UxRTAeFw0yNTAyMDQxODEwMDZaFw0yNjAyMDMxODE1MDZaMDMxMTAvBgNV
BAMTKEM0QjQ5MEQ5NUVGNjM1NjA2REYyNzk5RERBNEU3QjU5NDlEMDI1RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAFdkEpoVTbjs0zqaJjVU423Zw
vj0ICFvbPv4K7HX18+tZU7hC07/MWMQwR9bmWr7O99PzhWQ0a+VIdUDbHyDa9vze
MfkcuYg8hsnzXZWd20D2aBK1rVUdwXBn8aB+R34PZ7x8LFG3mIGvMZ5/dWMa+6n5
+ocFh2Ly7lKytFtgTatVy+KxJJRG6C8Q9qn2DQyvJteA4MFIqZ2M+99G4h7aNKWs
6DGZxWZWpp9FOzW8DNAFzCoSeLeIsab5UKpZ8U4hjLmUwTLAPBb3/I5WPuR5bpTG
DznzUtHyZoRTyiyeITO955cy22p6IQu8OZzmovVSvGMKp+lVmH79MztSIvmZAgMB
AAGjggLKMIICxjAdBgNVHQ4EFgQUxLSQ2V72NWBt8nmd2k57WUnQJeswHwYDVR0j
BBgwFoAUJq7EtAQZLSd7zz9QoN1eerjrPh4wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9GQkU5OURGOEQzM0FDMkNBMDY1RDY0MEJFNjlCRTVGNkVC
MEY0MzIxQTZGRjQxRUNFMjlDMjc1RTBEODE2M0IzLzAvMjZBRUM0QjQwNDE5MkQy
NzdCQ0YzRjUwQTBERDVFN0FCOEVCM0UxRS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC8yNkFFQzRCNDA0MTkyRDI3N0JD
RjNGNTBBMERENUU3QUI4RUIzRTFFLmNlcjCByQYIKwYBBQUHAQsEgbwwgbkwgbYG
CCsGAQUFBzALhoGpcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRkJFOTlERjhEMzNBQzJDQTA2NUQ2NDBCRTY5QkU1RjZFQjBGNDMyMUE2
RkY0MUVDRTI5QzI3NUUwRDgxNjNCMy8wLzMxMzczMDJlMzIzMzM4MmUzMjM0MzAy
ZTMwMmYzMjMyMmQzMjM0MjAzZDNlMjAzNTMyMzQzMjM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqu7w
MA0GCSqGSIb3DQEBCwUAA4IBAQByeXAV2VPF+j4kpJ+QT+MnJeQ1D2/W6YVymDAv
5B61jYjC18AHtuo50FDMGTgPL48M9dqfiGXhEcmYNeQjC4eAshx36/tDviD77gsP
Rli6gWoWnU5DiQu6l+gK1andmIHlSm0bbXl/vn7gDO0MnrwTmHUKWwSD8/vDR7Eu
BTFtvY1luUZWiXwYyPBFjE9WvAj9M2Z1aOf/89MHaC7XPvIIkWtv3LShoEsxt14v
JvYm8CAGwU43Y+7jt2ECZeX89fxbFyeWeCmVg3Ob1JMtjCa9uZ6k5EOemWMPSidv
ttXKF3oB6wKSintReB2mX08f9+WYYTrNleRmNJ4cQwVuSRTF
-----END CERTIFICATE-----