Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/d6f21a8c-3a71-47a7-9f6e-c9b441427fcd/968c19bbb7e04dce2e9115de293f94a5333448d5.roa
File:                     968c19bbb7e04dce2e9115de293f94a5333448d5.roa (raw, json)
Hash identifier:          gKKKUhc2ewhEWfWh/vLI1pFgcTynkXDSB1InuOsuTwc=
Subject key identifier:   F3:90:A7:45:37:BA:8B:7A:1C:FF:B2:36:E2:59:94:35:CB:9F:EB:08
Certificate issuer:       /CN=cf2853cc85c1e55c65e763299ba08894f8ce8d51
Certificate serial:       196213
Authority key identifier: 8D:73:C4:77:A1:31:AD:6D:51:67:66:DE:F4:72:CC:2E:60:48:7F:AD
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/cf2853cc85c1e55c65e763299ba08894f8ce8d51.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/d6f21a8c-3a71-47a7-9f6e-c9b441427fcd/968c19bbb7e04dce2e9115de293f94a5333448d5.roa
Signing time:             Tue 31 May 2022 14:46:19 +0000
ROA not before:           Wed 24 Mar 2021 03:00:00 +0000
ROA not after:            Wed 31 Dec 2025 03:00:00 +0000
asID:                     28036
IP address blocks:        190.98.136.0/22 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1663507 (0x196213)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf2853cc85c1e55c65e763299ba08894f8ce8d51
        Validity
            Not Before: Mar 24 03:00:00 2021 GMT
            Not After : Dec 31 03:00:00 2025 GMT
        Subject: CN=968c19bbb7e04dce2e9115de293f94a5333448d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a1:67:6c:4a:67:5f:4f:c4:f1:0e:05:21:e5:
                    99:2a:af:c6:87:71:10:8a:32:7c:b0:30:cb:33:27:
                    a0:b4:00:02:b9:51:f9:4c:90:2b:85:32:8d:4b:82:
                    33:76:c8:57:67:22:bd:40:1f:b1:b9:b2:09:0e:e8:
                    35:6d:19:b4:6e:8c:0b:d2:2c:ad:58:3c:c1:b6:75:
                    9f:39:b0:f6:9b:7b:bb:0f:69:4f:7a:7d:b5:c7:1a:
                    58:3e:37:cf:d8:f2:eb:3a:4c:f1:4f:d7:8d:d4:9d:
                    d6:04:69:d0:0b:a7:3b:d2:0b:40:86:71:0f:22:d9:
                    e3:7a:14:8d:00:34:c8:1a:46:e0:7a:29:d2:7a:a3:
                    8f:2c:79:ad:35:47:94:8e:91:bb:df:62:26:7d:e6:
                    47:6f:c7:08:62:c4:35:3b:31:fd:df:c7:61:88:48:
                    2b:84:cd:e1:6e:3d:d7:18:a0:48:35:86:76:f5:c0:
                    0e:d9:4e:59:46:28:f2:f6:a5:e2:e1:78:ba:d0:28:
                    2c:6f:71:2d:cb:c5:26:db:5e:82:f5:ae:f6:81:a6:
                    a8:5d:b9:da:31:d6:e0:81:6e:95:81:6e:0e:39:59:
                    eb:21:4c:e0:61:a3:2b:fd:85:fc:91:f1:fe:62:03:
                    d0:3a:87:b6:ed:52:00:0b:83:84:33:18:76:ec:b2:
                    ad:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:90:A7:45:37:BA:8B:7A:1C:FF:B2:36:E2:59:94:35:CB:9F:EB:08
            X509v3 Authority Key Identifier:
                keyid:8D:73:C4:77:A1:31:AD:6D:51:67:66:DE:F4:72:CC:2E:60:48:7F:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/cf2853cc85c1e55c65e763299ba08894f8ce8d51.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/d6f21a8c-3a71-47a7-9f6e-c9b441427fcd/968c19bbb7e04dce2e9115de293f94a5333448d5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/d6f21a8c-3a71-47a7-9f6e-c9b441427fcd/cf2853cc85c1e55c65e763299ba08894f8ce8d51.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.98.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:70:22:26:f1:69:69:40:c4:5e:0f:08:07:e7:95:65:70:5f:
         ae:6e:86:97:62:de:06:38:ed:6b:10:2b:0f:4d:eb:1d:3f:a6:
         7c:dc:95:93:4d:9d:20:d7:1e:5a:81:dd:5a:19:5f:2e:c3:74:
         ea:b1:2d:56:a2:d4:00:fb:e4:0d:b2:eb:ec:d0:07:a8:f4:7e:
         83:a8:0d:ab:25:25:87:24:b9:0f:21:e4:4c:f9:a7:c8:e0:1d:
         72:42:4a:c4:e7:c6:30:c4:4f:43:70:87:79:99:a0:f1:00:1d:
         b3:f0:bd:58:86:b6:bd:1b:44:3e:b2:cb:f6:28:66:cc:29:3d:
         17:f9:23:51:06:e4:29:8d:7f:4e:3c:14:ca:a6:a0:95:a6:89:
         cb:38:92:83:10:c7:69:c9:7f:23:c8:5e:51:09:ac:56:88:e7:
         df:cd:c7:fc:4c:ea:fe:81:a6:dd:44:ba:92:47:19:77:ce:50:
         41:7a:71:bf:62:e7:5a:83:9a:e2:0d:03:71:4c:e0:3d:d4:ab:
         d1:70:6c:df:51:22:f5:61:1a:18:88:65:d9:a0:eb:68:7a:d0:
         b7:80:38:38:df:b5:9b:87:d3:88:2c:90:56:dd:0d:3f:e8:ab:
         31:c6:49:b3:bc:37:4f:cc:61:79:b7:2a:8b:b8:ad:d1:95:42:
         2f:fb:29:95
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgIDGWITMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGNm
Mjg1M2NjODVjMWU1NWM2NWU3NjMyOTliYTA4ODk0ZjhjZThkNTEwHhcNMjEwMzI0
MDMwMDAwWhcNMjUxMjMxMDMwMDAwWjAzMTEwLwYDVQQDEyg5NjhjMTliYmI3ZTA0
ZGNlMmU5MTE1ZGUyOTNmOTRhNTMzMzQ0OGQ1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAlaFnbEpnX0/E8Q4FIeWZKq/Gh3EQijJ8sDDLMyegtAACuVH5
TJArhTKNS4IzdshXZyK9QB+xubIJDug1bRm0bowL0iytWDzBtnWfObD2m3u7D2lP
en21xxpYPjfP2PLrOkzxT9eN1J3WBGnQC6c70gtAhnEPItnjehSNADTIGkbgeinS
eqOPLHmtNUeUjpG732ImfeZHb8cIYsQ1OzH938dhiEgrhM3hbj3XGKBINYZ29cAO
2U5ZRijy9qXi4Xi60Cgsb3Ety8Um216C9a72gaaoXbnaMdbggW6VgW4OOVnrIUzg
YaMr/YX8kfH+YgPQOoe27VIAC4OEMxh27LKtywIDAQABo4ICWzCCAlcwHQYDVR0O
BBYEFPOQp0U3uot6HP+yNuJZlDXLn+sIMB8GA1UdIwQYMBaAFI1zxHehMa1tUWdm
3vRyzC5gSH+tMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvY2YyODUz
Y2M4NWMxZTU1YzY1ZTc2MzI5OWJhMDg4OTRmOGNlOGQ1MS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvZDZmMjFhOGMtM2E3MS00N2E3LTlmNmUtYzliNDQx
NDI3ZmNkLzk2OGMxOWJiYjdlMDRkY2UyZTkxMTVkZTI5M2Y5NGE1MzMzNDQ4ZDUu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9kNmYyMWE4Yy0zYTcxLTQ3YTctOWY2ZS1jOWI0
NDE0MjdmY2QvY2YyODUzY2M4NWMxZTU1YzY1ZTc2MzI5OWJhMDg4OTRmOGNlOGQ1
MS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAr5iiDANBgkqhkiG9w0BAQsFAAOCAQEAinAiJvFpaUDEXg8I
B+eVZXBfrm6Gl2LeBjjtaxArD03rHT+mfNyVk02dINceWoHdWhlfLsN06rEtVqLU
APvkDbLr7NAHqPR+g6gNqyUlhyS5DyHkTPmnyOAdckJKxOfGMMRPQ3CHeZmg8QAd
s/C9WIa2vRtEPrLL9ihmzCk9F/kjUQbkKY1/TjwUyqaglaaJyziSgxDHacl/I8he
UQmsVojn383H/Ezq/oGm3US6kkcZd85QQXpxv2LnWoOa4g0DcUzgPdSr0XBs31Ei
9WEaGIhl2aDraHrQt4A4ON+1m4fTiCyQVt0NP+irMcZJs7w3T8xhebcqi7it0ZVC
L/splQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:38:08 2024 by rpki-client on console-fra.rpki-client.org