Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/a0134565-9f3c-49b1-aaf6-dff2ea3146fe/4f22eabb346ad23d1b168850f8a5ab6f63fcf190.roa
File:                     4f22eabb346ad23d1b168850f8a5ab6f63fcf190.roa (raw, json)
Hash identifier:          kNOceFdbbOCKR67gF5fL+CnbbyyYd5II7DnU9rlcFxo=
Subject key identifier:   50:D2:1F:D5:19:54:C2:43:E5:64:D4:01:CB:B6:2D:34:B9:11:DA:59
Certificate issuer:       /CN=40bb0835e54e95f61d1b3f21a5df4b4b8f23450a
Certificate serial:       2928D5
Authority key identifier: DC:DA:82:3A:0B:BC:C7:66:50:2B:14:89:E0:A3:8C:CD:4F:BE:51:C4
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/40bb0835e54e95f61d1b3f21a5df4b4b8f23450a.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/a0134565-9f3c-49b1-aaf6-dff2ea3146fe/4f22eabb346ad23d1b168850f8a5ab6f63fcf190.roa
Signing time:             Sun 31 Mar 2024 12:36:02 +0000
ROA not before:           Sun 31 Mar 2024 12:36:01 +0000
ROA not after:            Tue 31 Mar 2026 12:36:01 +0000
asID:                     269918
IP address blocks:        131.72.168.0/22 maxlen: 24
                          131.72.168.0/24 maxlen: 24
                          131.72.169.0/24 maxlen: 24
                          131.72.170.0/24 maxlen: 24
                          131.72.170.0/23 maxlen: 23
                          131.72.171.0/24 maxlen: 24
                          2803:dd80::/32 maxlen: 48
                          2803:dd80:6000::/36 maxlen: 36
                          2803:dd80:7000::/36 maxlen: 36
                          2803:dd80:8000::/36 maxlen: 36
                          2803:dd80:9000::/36 maxlen: 36
                          2803:dd80:a000::/36 maxlen: 36
                          2803:dd80:b000::/36 maxlen: 36
                          2803:dd80:c000::/36 maxlen: 36
                          2803:dd80:d000::/36 maxlen: 36
                          2803:dd80:e000::/36 maxlen: 36
                          2803:dd80:f000::/36 maxlen: 36

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2697429 (0x2928d5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40bb0835e54e95f61d1b3f21a5df4b4b8f23450a
        Validity
            Not Before: Mar 31 12:36:01 2024 GMT
            Not After : Mar 31 12:36:01 2026 GMT
        Subject: CN=4f22eabb346ad23d1b168850f8a5ab6f63fcf190
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:30:c5:b8:c8:89:84:82:ed:d4:b1:8f:74:e0:
                    d8:83:25:1d:e7:ca:d7:0f:c7:ce:52:ac:ef:4e:f6:
                    a6:52:3c:03:a1:59:81:ac:38:69:90:07:5d:e0:08:
                    61:98:45:3c:d5:cd:df:63:ab:e5:01:21:9d:a0:aa:
                    71:00:98:82:36:c8:9e:4b:2e:5d:f1:a2:5c:b8:a9:
                    ab:87:1d:0c:0c:71:b0:e9:47:2c:d5:82:a6:6f:fb:
                    55:46:2e:fd:7f:1c:82:e4:be:93:b6:d3:fe:fc:7c:
                    b7:07:99:68:29:ad:a4:d9:b3:7d:37:7e:ee:69:af:
                    d7:71:cd:0c:78:64:9d:1e:f0:e0:52:7b:f8:ed:e0:
                    62:da:8f:87:85:c9:3b:15:01:f6:7a:b0:a6:44:19:
                    a8:5c:24:38:8d:fd:f3:1d:b8:4a:ac:99:4f:aa:95:
                    1a:a3:af:8f:91:c5:b5:92:59:a6:c2:36:f2:2f:f9:
                    ef:55:a4:af:62:9c:96:06:84:0e:0e:7f:c8:da:45:
                    49:7c:89:0b:1e:ad:05:7f:b4:05:a5:b7:e6:7a:32:
                    27:b6:7a:ce:aa:f6:c9:dd:ce:4b:7f:ed:6a:91:04:
                    a4:23:9f:ca:65:da:f3:9a:d6:8d:af:3c:39:8f:78:
                    84:1e:3c:58:a9:28:c1:71:bf:31:7a:01:a4:25:f6:
                    8d:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:D2:1F:D5:19:54:C2:43:E5:64:D4:01:CB:B6:2D:34:B9:11:DA:59
            X509v3 Authority Key Identifier:
                keyid:DC:DA:82:3A:0B:BC:C7:66:50:2B:14:89:E0:A3:8C:CD:4F:BE:51:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/40bb0835e54e95f61d1b3f21a5df4b4b8f23450a.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/a0134565-9f3c-49b1-aaf6-dff2ea3146fe/4f22eabb346ad23d1b168850f8a5ab6f63fcf190.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/a0134565-9f3c-49b1-aaf6-dff2ea3146fe/40bb0835e54e95f61d1b3f21a5df4b4b8f23450a.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.72.168.0/22
                IPv6:
                  2803:dd80::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:8e:af:15:86:8a:41:70:be:34:0e:a2:39:69:5d:ca:a3:cc:
         2b:94:b5:d1:2a:06:98:4b:73:2a:60:2b:93:7d:be:99:3b:18:
         3a:e2:ac:63:83:d0:60:53:32:80:bc:e5:17:73:d2:e8:d7:96:
         2f:48:dd:ed:a9:5c:85:d3:79:3a:f1:c8:df:9e:dd:90:5b:b8:
         86:ce:c3:5d:e1:48:04:9b:71:8d:b0:82:c0:28:28:2e:a5:94:
         1f:b5:c2:a7:89:dc:f1:54:32:95:e1:a0:69:79:8b:cb:a0:26:
         eb:b2:9a:83:71:ec:87:63:f5:65:37:c8:32:c3:47:e6:44:35:
         34:94:d6:35:fa:e8:21:98:c1:23:56:c3:a7:39:0b:da:f2:54:
         cd:a0:8c:f4:9f:91:d0:51:ed:5c:44:24:8c:cb:8d:25:75:23:
         41:6d:69:33:1a:10:00:07:8f:bc:ad:e6:d1:55:f6:9f:9d:e5:
         51:36:88:2d:9a:3b:47:d1:b5:ca:42:ec:eb:42:27:b3:c2:89:
         83:6d:f8:56:cc:5d:03:68:0e:b0:5b:e0:eb:4b:b8:0f:72:a2:
         95:3a:17:dd:c1:f2:59:80:4f:77:a2:59:eb:f8:e7:06:12:11:
         5c:65:13:26:4b:67:71:40:eb:7e:dd:ff:84:05:51:0a:1a:6f:
         bd:36:6d:45
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgIDKSjVMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDQw
YmIwODM1ZTU0ZTk1ZjYxZDFiM2YyMWE1ZGY0YjRiOGYyMzQ1MGEwHhcNMjQwMzMx
MTIzNjAxWhcNMjYwMzMxMTIzNjAxWjAzMTEwLwYDVQQDEyg0ZjIyZWFiYjM0NmFk
MjNkMWIxNjg4NTBmOGE1YWI2ZjYzZmNmMTkwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAmTDFuMiJhILt1LGPdODYgyUd58rXD8fOUqzvTvamUjwDoVmB
rDhpkAdd4AhhmEU81c3fY6vlASGdoKpxAJiCNsieSy5d8aJcuKmrhx0MDHGw6Ucs
1YKmb/tVRi79fxyC5L6TttP+/Hy3B5loKa2k2bN9N37uaa/Xcc0MeGSdHvDgUnv4
7eBi2o+Hhck7FQH2erCmRBmoXCQ4jf3zHbhKrJlPqpUao6+PkcW1klmmwjbyL/nv
VaSvYpyWBoQODn/I2kVJfIkLHq0Ff7QFpbfmejIntnrOqvbJ3c5Lf+1qkQSkI5/K
ZdrzmtaNrzw5j3iEHjxYqSjBcb8xegGkJfaNTwIDAQABo4ICajCCAmYwHQYDVR0O
BBYEFFDSH9UZVMJD5WTUAcu2LTS5EdpZMB8GA1UdIwQYMBaAFNzagjoLvMdmUCsU
ieCjjM1PvlHEMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvNDBiYjA4
MzVlNTRlOTVmNjFkMWIzZjIxYTVkZjRiNGI4ZjIzNDUwYS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvYTAxMzQ1NjUtOWYzYy00OWIxLWFhZjYtZGZmMmVh
MzE0NmZlLzRmMjJlYWJiMzQ2YWQyM2QxYjE2ODg1MGY4YTVhYjZmNjNmY2YxOTAu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9hMDEzNDU2NS05ZjNjLTQ5YjEtYWFmNi1kZmYy
ZWEzMTQ2ZmUvNDBiYjA4MzVlNTRlOTVmNjFkMWIzZjIxYTVkZjRiNGI4ZjIzNDUw
YS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAoNIqDANBAIAAjAHAwUAKAPdgDANBgkqhkiG9w0BAQsFAAOC
AQEAVI6vFYaKQXC+NA6iOWldyqPMK5S10SoGmEtzKmArk32+mTsYOuKsY4PQYFMy
gLzlF3PS6NeWL0jd7alchdN5OvHI357dkFu4hs7DXeFIBJtxjbCCwCgoLqWUH7XC
p4nc8VQyleGgaXmLy6Am67Kag3Hsh2P1ZTfIMsNH5kQ1NJTWNfroIZjBI1bDpzkL
2vJUzaCM9J+R0FHtXEQkjMuNJXUjQW1pMxoQAAePvK3m0VX2n53lUTaILZo7R9G1
ykLs60Ins8KJg234VsxdA2gOsFvg60u4D3KilToX3cHyWYBPd6JZ6/jnBhIRXGUT
JktncUDrft3/hAVRChpvvTZtRQ==
-----END CERTIFICATE-----