Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/a73917d3-7581-4880-a4fe-1222139e4167/f091b6e930b2614defdc09f1b8be90eaf21abfcb.roa
File:                     f091b6e930b2614defdc09f1b8be90eaf21abfcb.roa (raw, json)
Hash identifier:          PjtO1f0abgvq9xGLYvTLqVkLLuutZ8m3D1NDuQrVjt4=
Subject key identifier:   30:27:69:FC:2C:B1:DC:34:3F:21:06:ED:86:48:9D:AB:77:0D:B3:29
Certificate issuer:       /CN=c1d902de4502f1d62715799d87d20d2fe6b20d52
Certificate serial:       1DCF38
Authority key identifier: 5D:8A:17:7E:7B:71:01:03:1C:D2:0D:A5:C1:65:44:88:A4:D2:C1:78
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/c1d902de4502f1d62715799d87d20d2fe6b20d52.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/a73917d3-7581-4880-a4fe-1222139e4167/f091b6e930b2614defdc09f1b8be90eaf21abfcb.roa
Signing time:             Wed 01 Feb 2023 14:28:03 +0000
ROA not before:           Thu 08 Apr 2021 03:00:00 +0000
ROA not after:            Tue 11 Apr 2023 03:00:00 +0000
asID:                     28458
IP address blocks:        138.122.96.0/22 maxlen: 22
                          138.122.96.0/24 maxlen: 24
                          138.122.97.0/24 maxlen: 24
                          138.122.98.0/24 maxlen: 24
                          138.122.99.0/24 maxlen: 24
                          170.239.148.0/22 maxlen: 22
                          170.239.148.0/24 maxlen: 24
                          170.239.149.0/24 maxlen: 24
                          170.239.150.0/24 maxlen: 24
                          170.239.151.0/24 maxlen: 24
                          2806:202::/32 maxlen: 32
                          2806:202:800::/37 maxlen: 37
                          2806:202:1::/48 maxlen: 48
                          2806:202:2::/48 maxlen: 48
                          2806:202:3::/48 maxlen: 48
                          2806:202:4::/48 maxlen: 48
                          2806:202:5::/48 maxlen: 48
                          2806:202:6::/48 maxlen: 48
                          2806:202:7::/48 maxlen: 48
                          2806:202:8::/48 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1953592 (0x1dcf38)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1d902de4502f1d62715799d87d20d2fe6b20d52
        Validity
            Not Before: Apr  8 03:00:00 2021 GMT
            Not After : Apr 11 03:00:00 2023 GMT
        Subject: CN=f091b6e930b2614defdc09f1b8be90eaf21abfcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:7f:10:45:06:0e:f6:4b:a2:bc:86:2b:55:6d:
                    d2:12:e6:92:d4:e8:48:18:b0:d3:f6:b1:20:93:68:
                    09:bb:a5:53:27:20:6c:10:61:09:0e:45:75:18:8d:
                    90:7c:cc:6a:61:84:af:12:15:3d:a8:8b:33:64:8a:
                    74:29:61:33:96:b4:35:91:02:7c:50:dd:bd:f1:57:
                    a1:d7:45:77:63:f3:13:48:32:2e:42:b4:c9:6e:04:
                    15:c3:43:af:00:87:13:23:f1:2a:44:0d:4a:01:eb:
                    44:02:5b:5a:33:fe:eb:cd:26:25:64:23:33:27:26:
                    f1:71:c1:35:c3:1b:df:0f:71:2a:94:de:49:40:7e:
                    b3:5c:dc:21:0e:c1:d2:12:27:8b:a2:de:e7:db:66:
                    a8:df:fc:0e:4f:62:59:82:a1:98:14:82:28:c8:28:
                    87:17:d3:0e:56:86:ad:84:fc:f6:d0:81:21:bb:6f:
                    d3:12:78:e9:e6:2f:16:4b:50:f2:76:9b:92:91:7d:
                    a2:fd:ba:3d:d7:2a:a8:b5:7a:bd:87:47:3c:fe:58:
                    de:e6:82:79:c3:7f:00:9a:f7:a7:4e:28:6e:43:af:
                    0d:c2:c3:c3:17:86:bb:61:6e:28:bf:e7:51:e0:f6:
                    57:8c:b0:89:01:ee:5b:ce:b9:b9:f1:f4:e9:50:51:
                    03:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:27:69:FC:2C:B1:DC:34:3F:21:06:ED:86:48:9D:AB:77:0D:B3:29
            X509v3 Authority Key Identifier:
                keyid:5D:8A:17:7E:7B:71:01:03:1C:D2:0D:A5:C1:65:44:88:A4:D2:C1:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/c1d902de4502f1d62715799d87d20d2fe6b20d52.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/a73917d3-7581-4880-a4fe-1222139e4167/f091b6e930b2614defdc09f1b8be90eaf21abfcb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/a73917d3-7581-4880-a4fe-1222139e4167/c1d902de4502f1d62715799d87d20d2fe6b20d52.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.122.96.0/22
                  170.239.148.0/22
                IPv6:
                  2806:202::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:92:a3:ae:3e:8a:ee:cd:bd:b4:c0:84:b0:94:ba:de:6f:02:
         a1:fd:bd:b4:9c:d0:78:e7:26:09:f6:77:0c:9d:1f:86:ad:c6:
         b3:ed:7e:a9:5c:6d:b4:8b:7e:4e:08:ad:67:9d:9a:c1:5a:30:
         33:78:1f:c0:d3:6f:2a:c9:05:4c:27:1e:b0:13:52:b9:3d:3b:
         44:3f:8d:33:1a:ec:9a:65:d4:81:c8:67:f8:c2:93:62:da:88:
         88:15:69:3b:ec:52:a4:95:e7:88:87:6f:d0:e2:96:d2:73:ad:
         e7:89:19:81:f5:6c:b5:b6:2d:a4:21:88:ea:d0:c2:70:3f:51:
         d5:fd:dc:32:71:0e:ed:cc:dc:34:8e:91:53:8a:58:c6:aa:3d:
         bd:19:ea:0c:f8:78:b8:10:5c:d8:ce:d0:bd:45:80:f9:9e:cd:
         15:cc:7b:a5:92:07:5f:6c:8d:e1:0a:01:8b:8f:09:e6:54:c7:
         b9:47:bd:14:89:bb:bd:9a:8f:77:8b:21:88:e1:53:a8:aa:52:
         08:52:75:75:93:1a:00:ac:c7:e1:78:c9:f2:0f:12:3e:59:24:
         92:d4:51:88:c9:f2:76:0a:72:d7:41:eb:4c:de:68:52:83:9f:
         41:1b:4c:8a:81:24:d0:3b:84:5e:8a:70:63:45:9a:36:ea:bb:
         c9:a5:8b:78
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgIDHc84MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGMx
ZDkwMmRlNDUwMmYxZDYyNzE1Nzk5ZDg3ZDIwZDJmZTZiMjBkNTIwHhcNMjEwNDA4
MDMwMDAwWhcNMjMwNDExMDMwMDAwWjAzMTEwLwYDVQQDEyhmMDkxYjZlOTMwYjI2
MTRkZWZkYzA5ZjFiOGJlOTBlYWYyMWFiZmNiMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAgH8QRQYO9kuivIYrVW3SEuaS1OhIGLDT9rEgk2gJu6VTJyBs
EGEJDkV1GI2QfMxqYYSvEhU9qIszZIp0KWEzlrQ1kQJ8UN298Veh10V3Y/MTSDIu
QrTJbgQVw0OvAIcTI/EqRA1KAetEAltaM/7rzSYlZCMzJybxccE1wxvfD3EqlN5J
QH6zXNwhDsHSEieLot7n22ao3/wOT2JZgqGYFIIoyCiHF9MOVoathPz20IEhu2/T
Enjp5i8WS1DydpuSkX2i/bo91yqotXq9h0c8/lje5oJ5w38AmvenTihuQ68NwsPD
F4a7YW4ov+dR4PZXjLCJAe5bzrm58fTpUFEDGwIDAQABo4ICcDCCAmwwHQYDVR0O
BBYEFDAnafwssdw0PyEG7YZInat3DbMpMB8GA1UdIwQYMBaAFF2KF357cQEDHNIN
pcFlRIik0sF4MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYzFkOTAy
ZGU0NTAyZjFkNjI3MTU3OTlkODdkMjBkMmZlNmIyMGQ1Mi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvYTczOTE3ZDMtNzU4MS00ODgwLWE0ZmUtMTIyMjEz
OWU0MTY3L2YwOTFiNmU5MzBiMjYxNGRlZmRjMDlmMWI4YmU5MGVhZjIxYWJmY2Iu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9hNzM5MTdkMy03NTgxLTQ4ODAtYTRmZS0xMjIy
MTM5ZTQxNjcvYzFkOTAyZGU0NTAyZjFkNjI3MTU3OTlkODdkMjBkMmZlNmIyMGQ1
Mi5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEAop6YAMEAqrvlDANBAIAAjAHAwUAKAYCAjANBgkqhkiG9w0B
AQsFAAOCAQEANZKjrj6K7s29tMCEsJS63m8Cof29tJzQeOcmCfZ3DJ0fhq3Gs+1+
qVxttIt+TgitZ52awVowM3gfwNNvKskFTCcesBNSuT07RD+NMxrsmmXUgchn+MKT
YtqIiBVpO+xSpJXniIdv0OKW0nOt54kZgfVstbYtpCGI6tDCcD9R1f3cMnEO7czc
NI6RU4pYxqo9vRnqDPh4uBBc2M7QvUWA+Z7NFcx7pZIHX2yN4QoBi48J5lTHuUe9
FIm7vZqPd4shiOFTqKpSCFJ1dZMaAKzH4XjJ8g8SPlkkktRRiMnydgpy10HrTN5o
UoOfQRtMioEk0DuEXopwY0WaNuq7yaWLeA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:38:00 2024 by rpki-client on console-fra.rpki-client.org