Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/aca713f5-6cac-486e-a016-a3e8b31bf029/09085d10944fc5ae953047e17ff0f9ab523d4372.roa
File:                     09085d10944fc5ae953047e17ff0f9ab523d4372.roa (raw, json)
Hash identifier:          yyppiVTVmJvGWq6nU2+GHRVwzs++N99UZkmFo2td2EA=
Subject key identifier:   FD:9A:1F:E1:A7:46:B4:0A:9E:B3:EB:D7:DA:70:AE:20:23:AA:26:D3
Certificate issuer:       /CN=1059e1e3317704575f2c0b750ee73b166a39cd37
Certificate serial:       1DA955
Authority key identifier: 80:F0:C7:27:4F:82:24:D1:E9:76:F3:80:E6:EF:32:CF:10:F8:9D:D3
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/1059e1e3317704575f2c0b750ee73b166a39cd37.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/aca713f5-6cac-486e-a016-a3e8b31bf029/09085d10944fc5ae953047e17ff0f9ab523d4372.roa
Signing time:             Wed 26 Oct 2022 16:22:44 +0000
ROA not before:           Tue 23 Mar 2021 14:38:31 +0000
ROA not after:            Tue 24 Mar 2026 14:38:31 +0000
asID:                     26613
IP address blocks:        190.152.95.0/24 maxlen: 24
                          2800:370:4::/48 maxlen: 64
                          2800:370:18::/48 maxlen: 64
                          2800:370:3e::/48 maxlen: 64
                          2800:370:4007::/48 maxlen: 64

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1943893 (0x1da955)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1059e1e3317704575f2c0b750ee73b166a39cd37
        Validity
            Not Before: Mar 23 14:38:31 2021 GMT
            Not After : Mar 24 14:38:31 2026 GMT
        Subject: CN=09085d10944fc5ae953047e17ff0f9ab523d4372
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:1f:2b:3f:5d:99:ac:04:f6:eb:38:55:ee:d1:
                    ef:cb:dd:46:8d:0c:45:fe:cd:d1:65:d0:56:4d:cd:
                    8a:6a:89:cd:8f:c3:4a:a5:b0:8c:ca:ac:cf:2f:ee:
                    a4:40:92:64:57:40:3f:1d:8e:8a:48:90:ba:e7:e5:
                    ff:4f:92:4c:4a:6a:58:33:83:d0:90:59:77:15:43:
                    51:7a:1f:eb:e5:2a:2b:1a:06:74:18:02:c4:41:8a:
                    71:ca:17:94:e0:f0:4b:b9:db:ce:a0:a9:cf:9a:53:
                    c4:6d:2e:3f:aa:97:6c:fa:b4:8a:1d:2c:b2:c7:93:
                    ce:d7:d9:ed:e1:d6:42:8f:33:c7:a4:a6:9c:ef:78:
                    91:6c:dc:5e:fb:92:8f:0b:0d:48:73:6e:d8:11:97:
                    f3:93:47:70:b4:8b:79:7d:78:19:d5:96:31:05:2a:
                    1d:b7:1c:56:80:9c:63:b5:d3:78:f9:c2:69:46:35:
                    85:b6:18:0e:84:a7:dd:8a:bb:4d:50:26:3d:bc:f1:
                    8d:7d:c8:59:0c:59:43:98:da:0b:f8:fc:f7:05:8d:
                    b8:cd:5d:b9:98:3a:48:80:13:76:4f:cf:5d:17:5b:
                    25:0f:d8:e9:fe:7f:da:b3:09:7c:04:53:94:ac:df:
                    f2:c5:b6:63:fe:50:c7:6a:bc:e5:d9:fc:20:6e:1e:
                    82:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9A:1F:E1:A7:46:B4:0A:9E:B3:EB:D7:DA:70:AE:20:23:AA:26:D3
            X509v3 Authority Key Identifier:
                keyid:80:F0:C7:27:4F:82:24:D1:E9:76:F3:80:E6:EF:32:CF:10:F8:9D:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/1059e1e3317704575f2c0b750ee73b166a39cd37.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/aca713f5-6cac-486e-a016-a3e8b31bf029/09085d10944fc5ae953047e17ff0f9ab523d4372.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/aca713f5-6cac-486e-a016-a3e8b31bf029/1059e1e3317704575f2c0b750ee73b166a39cd37.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.152.95.0/24
                IPv6:
                  2800:370:4::/48
                  2800:370:18::/48
                  2800:370:3e::/48
                  2800:370:4007::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:da:52:f9:5b:5b:da:dd:a7:38:ac:ed:91:e2:d4:8c:e9:a5:
         f5:f1:0a:fa:ac:23:43:85:f4:55:31:5a:79:8d:7d:74:08:0f:
         15:8c:eb:cb:d7:56:2b:8e:8d:ff:14:82:49:bc:3e:5a:58:bd:
         ef:ac:c1:ae:2f:db:b6:fd:c5:85:b4:e8:00:d9:dd:c6:c8:5d:
         2d:71:08:27:77:b2:2e:f5:f8:29:32:7d:e6:2e:95:66:f2:25:
         5e:ec:90:c8:e1:df:c8:1a:22:12:ca:3d:03:35:67:53:32:89:
         8f:bd:92:1c:e5:1c:1b:79:e1:d0:8c:fe:fa:93:dc:47:02:9f:
         b2:cb:32:81:fe:cb:2d:53:1f:35:61:99:67:55:01:70:dc:46:
         b3:f3:1e:94:28:d4:04:5a:76:c8:27:ad:11:db:90:76:3a:17:
         15:80:2f:95:41:91:98:7c:2f:1f:74:62:d6:f2:f1:5d:e9:e9:
         10:f9:1b:d6:5e:5d:ff:ee:70:39:83:15:0d:bb:52:b0:f6:77:
         ea:55:90:09:e6:6c:07:40:6c:d1:ed:f7:b4:bf:16:da:ed:98:
         cf:5c:87:b9:32:70:14:f7:25:ac:63:12:82:dd:20:af:a2:3b:
         2e:c4:05:f5:41:72:29:1a:a0:c7:b7:e2:80:c7:61:bb:fa:f2:
         8a:f5:89:3a
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgIDHalVMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDEw
NTllMWUzMzE3NzA0NTc1ZjJjMGI3NTBlZTczYjE2NmEzOWNkMzcwHhcNMjEwMzIz
MTQzODMxWhcNMjYwMzI0MTQzODMxWjAzMTEwLwYDVQQDEygwOTA4NWQxMDk0NGZj
NWFlOTUzMDQ3ZTE3ZmYwZjlhYjUyM2Q0MzcyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAjR8rP12ZrAT26zhV7tHvy91GjQxF/s3RZdBWTc2KaonNj8NK
pbCMyqzPL+6kQJJkV0A/HY6KSJC65+X/T5JMSmpYM4PQkFl3FUNReh/r5SorGgZ0
GALEQYpxyheU4PBLudvOoKnPmlPEbS4/qpds+rSKHSyyx5PO19nt4dZCjzPHpKac
73iRbNxe+5KPCw1Ic27YEZfzk0dwtIt5fXgZ1ZYxBSodtxxWgJxjtdN4+cJpRjWF
thgOhKfdirtNUCY9vPGNfchZDFlDmNoL+Pz3BY24zV25mDpIgBN2T89dF1slD9jp
/n/aswl8BFOUrN/yxbZj/lDHarzl2fwgbh6CVQIDAQABo4IChzCCAoMwHQYDVR0O
BBYEFP2aH+GnRrQKnrPr19pwriAjqibTMB8GA1UdIwQYMBaAFIDwxydPgiTR6Xbz
gObvMs8Q+J3TMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMTA1OWUx
ZTMzMTc3MDQ1NzVmMmMwYjc1MGVlNzNiMTY2YTM5Y2QzNy5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvYWNhNzEzZjUtNmNhYy00ODZlLWEwMTYtYTNlOGIz
MWJmMDI5LzA5MDg1ZDEwOTQ0ZmM1YWU5NTMwNDdlMTdmZjBmOWFiNTIzZDQzNzIu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9hY2E3MTNmNS02Y2FjLTQ4NmUtYTAxNi1hM2U4
YjMxYmYwMjkvMTA1OWUxZTMzMTc3MDQ1NzVmMmMwYjc1MGVlNzNiMTY2YTM5Y2Qz
Ny5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBLBggrBgEFBQcBBwEB/wQ8
MDowDAQCAAEwBgMEAL6YXzAqBAIAAjAkAwcAKAADcAAEAwcAKAADcAAYAwcAKAAD
cAA+AwcAKAADcEAHMA0GCSqGSIb3DQEBCwUAA4IBAQBC2lL5W1va3ac4rO2R4tSM
6aX18Qr6rCNDhfRVMVp5jX10CA8VjOvL11Yrjo3/FIJJvD5aWL3vrMGuL9u2/cWF
tOgA2d3GyF0tcQgnd7Iu9fgpMn3mLpVm8iVe7JDI4d/IGiISyj0DNWdTMomPvZIc
5RwbeeHQjP76k9xHAp+yyzKB/sstUx81YZlnVQFw3Eaz8x6UKNQEWnbIJ60R25B2
OhcVgC+VQZGYfC8fdGLW8vFd6ekQ+RvWXl3/7nA5gxUNu1Kw9nfqVZAJ5mwHQGzR
7fe0vxba7ZjPXIe5MnAU9yWsYxKC3SCvojsuxAX1QXIpGqDHt+KAx2G7+vKK9Yk6
-----END CERTIFICATE-----