Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/dd3e3fed-93ed-4e6b-98b0-cd4dcf6317d1/20c976267a939b2307d81a95dcad88d1dcbdfabc.roa
File:                     20c976267a939b2307d81a95dcad88d1dcbdfabc.roa (raw, json)
Hash identifier:          1Nedxx3uBYakIQRqVjLb1U87X4psOjeOj1/RSQXhu2k=
Subject key identifier:   27:C4:06:EA:9B:B0:49:4F:AC:A1:49:A1:19:DA:C0:79:3A:91:86:80
Certificate issuer:       /CN=51cc36a73e0bbe2b338c61fa1df595670735aa98
Certificate serial:       0CCE69
Authority key identifier: 9D:83:6B:D4:65:8F:74:C8:F7:10:6A:FE:03:A6:FD:62:01:88:BF:46
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/51cc36a73e0bbe2b338c61fa1df595670735aa98.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/dd3e3fed-93ed-4e6b-98b0-cd4dcf6317d1/20c976267a939b2307d81a95dcad88d1dcbdfabc.roa
Signing time:             Wed 20 Mar 2024 10:44:36 +0000
ROA not before:           Wed 20 Mar 2024 10:44:35 +0000
ROA not after:            Fri 20 Mar 2026 10:44:35 +0000
asID:                     19422
IP address blocks:        152.156.0.0/18 maxlen: 19
                          152.156.0.0/16 maxlen: 24
                          152.156.136.0/22 maxlen: 22
                          200.58.128.0/19 maxlen: 21
                          186.8.0.0/18 maxlen: 20
                          186.8.0.0/19 maxlen: 20
                          186.8.0.0/16 maxlen: 20
                          152.156.168.0/23 maxlen: 24
                          152.156.212.0/22 maxlen: 24
                          152.156.216.0/21 maxlen: 24
                          152.156.208.0/20 maxlen: 24
                          152.156.210.0/23 maxlen: 24
                          152.156.212.0/22 maxlen: 24
                          152.156.216.0/21 maxlen: 24
                          2800:840::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 839273 (0xcce69)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51cc36a73e0bbe2b338c61fa1df595670735aa98
        Validity
            Not Before: Mar 20 10:44:35 2024 GMT
            Not After : Mar 20 10:44:35 2026 GMT
        Subject: CN=20c976267a939b2307d81a95dcad88d1dcbdfabc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:63:1a:57:7e:10:d1:ce:5c:ac:1d:00:19:ff:
                    1a:22:a0:d4:64:1f:bc:35:9e:fb:bb:21:09:fa:53:
                    89:b9:5e:d5:3c:3c:e3:5b:d6:5e:80:85:9c:c9:38:
                    8f:cd:c2:52:2d:38:10:e1:1c:90:8e:a7:72:53:4f:
                    09:04:47:2d:2f:ea:40:d8:29:9d:3a:ab:90:da:c6:
                    0a:bf:b8:1d:30:50:9a:65:82:a2:84:1a:aa:11:6e:
                    20:2c:39:f2:80:56:93:09:4c:39:7b:24:12:2a:12:
                    8f:6f:40:1b:32:78:e9:63:eb:2e:7e:73:49:26:5d:
                    55:18:23:8e:af:3b:f8:c2:eb:53:d5:25:59:c9:bc:
                    42:76:8f:ad:79:18:5b:da:a2:5e:95:fc:ca:0b:10:
                    7c:0c:b8:c9:29:c4:c0:eb:88:9a:da:b6:9e:0c:99:
                    a3:1a:f0:94:05:31:8c:0f:2d:e6:6a:c4:6d:28:45:
                    3d:ee:05:96:f7:3a:6b:3d:4f:0e:16:f2:dd:01:3c:
                    c4:ae:e8:10:25:47:0f:38:dc:15:d3:fa:8b:f9:8b:
                    44:e0:b5:31:9c:3d:6d:cb:64:45:66:fc:11:21:25:
                    35:69:e9:60:6e:ec:8d:c8:66:f3:1a:87:2f:4a:50:
                    87:2b:af:af:84:0e:56:9d:01:45:f2:9d:d9:39:af:
                    12:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:C4:06:EA:9B:B0:49:4F:AC:A1:49:A1:19:DA:C0:79:3A:91:86:80
            X509v3 Authority Key Identifier:
                keyid:9D:83:6B:D4:65:8F:74:C8:F7:10:6A:FE:03:A6:FD:62:01:88:BF:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/51cc36a73e0bbe2b338c61fa1df595670735aa98.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/dd3e3fed-93ed-4e6b-98b0-cd4dcf6317d1/20c976267a939b2307d81a95dcad88d1dcbdfabc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/dd3e3fed-93ed-4e6b-98b0-cd4dcf6317d1/51cc36a73e0bbe2b338c61fa1df595670735aa98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.156.0.0/16
                  186.8.0.0/16
                  200.58.128.0/19
                IPv6:
                  2800:840::/32

    Signature Algorithm: sha256WithRSAEncryption
         0b:b4:6a:91:91:5d:d5:eb:d1:08:5e:d0:d3:52:85:f8:f7:1b:
         11:15:4a:ac:a9:ee:7e:ed:d7:7c:23:b4:fd:8b:fc:8e:6b:68:
         9c:6f:df:dd:36:92:0e:41:78:40:99:a7:51:c3:ca:e8:36:6b:
         13:eb:8e:0a:ab:a4:eb:9f:45:61:76:9a:38:41:1b:25:20:d2:
         14:a8:33:b3:21:e7:97:bc:8e:f2:b7:2a:e1:b5:28:4c:2e:f2:
         bb:94:74:8b:56:4e:7e:ec:fe:fa:cf:1d:2f:f3:72:61:7a:4f:
         84:a8:df:6f:52:92:c6:d5:66:02:f6:4e:50:15:3b:8a:a9:83:
         9d:35:d2:95:be:0c:06:83:eb:ca:a8:39:83:fe:52:72:55:d2:
         71:31:f9:27:c3:24:44:39:99:bf:70:69:ee:e1:fd:35:68:2f:
         6a:57:d8:f1:ac:08:48:0b:e2:67:16:16:ad:5e:a9:fa:c3:d5:
         bf:b4:38:3c:66:97:85:fb:4f:73:f6:9b:d4:e8:01:96:8d:ea:
         59:7a:e1:0f:13:72:9e:37:b2:a3:82:34:80:78:29:f1:96:43:
         a1:e6:73:e5:d8:6e:f8:ef:e4:7e:7c:bb:a0:42:3f:58:80:c7:
         32:15:c1:54:b5:0f:ef:71:c0:10:b7:20:ea:4c:ce:d4:3e:a1:
         20:3e:e4:9a
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgIDDM5pMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDUx
Y2MzNmE3M2UwYmJlMmIzMzhjNjFmYTFkZjU5NTY3MDczNWFhOTgwHhcNMjQwMzIw
MTA0NDM1WhcNMjYwMzIwMTA0NDM1WjAzMTEwLwYDVQQDEygyMGM5NzYyNjdhOTM5
YjIzMDdkODFhOTVkY2FkODhkMWRjYmRmYWJjMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAxWMaV34Q0c5crB0AGf8aIqDUZB+8NZ77uyEJ+lOJuV7VPDzj
W9ZegIWcyTiPzcJSLTgQ4RyQjqdyU08JBEctL+pA2CmdOquQ2sYKv7gdMFCaZYKi
hBqqEW4gLDnygFaTCUw5eyQSKhKPb0AbMnjpY+sufnNJJl1VGCOOrzv4wutT1SVZ
ybxCdo+teRhb2qJelfzKCxB8DLjJKcTA64ia2raeDJmjGvCUBTGMDy3masRtKEU9
7gWW9zprPU8OFvLdATzErugQJUcPONwV0/qL+YtE4LUxnD1ty2RFZvwRISU1aelg
buyNyGbzGocvSlCHK6+vhA5WnQFF8p3ZOa8SvQIDAQABo4ICdDCCAnAwHQYDVR0O
BBYEFCfEBuqbsElPrKFJoRnawHk6kYaAMB8GA1UdIwQYMBaAFJ2Da9Rlj3TI9xBq
/gOm/WIBiL9GMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvNTFjYzM2
YTczZTBiYmUyYjMzOGM2MWZhMWRmNTk1NjcwNzM1YWE5OC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvZGQzZTNmZWQtOTNlZC00ZTZiLTk4YjAtY2Q0ZGNm
NjMxN2QxLzIwYzk3NjI2N2E5MzliMjMwN2Q4MWE5NWRjYWQ4OGQxZGNiZGZhYmMu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9kZDNlM2ZlZC05M2VkLTRlNmItOThiMC1jZDRk
Y2Y2MzE3ZDEvNTFjYzM2YTczZTBiYmUyYjMzOGM2MWZhMWRmNTk1NjcwNzM1YWE5
OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA4BggrBgEFBQcBBwEB/wQp
MCcwFgQCAAEwEAMDAJicAwMAuggDBAXIOoAwDQQCAAIwBwMFACgACEAwDQYJKoZI
hvcNAQELBQADggEBAAu0apGRXdXr0Qhe0NNShfj3GxEVSqyp7n7t13wjtP2L/I5r
aJxv3902kg5BeECZp1HDyug2axPrjgqrpOufRWF2mjhBGyUg0hSoM7Mh55e8jvK3
KuG1KEwu8ruUdItWTn7s/vrPHS/zcmF6T4So329SksbVZgL2TlAVO4qpg5010pW+
DAaD68qoOYP+UnJV0nEx+SfDJEQ5mb9wae7h/TVoL2pX2PGsCEgL4mcWFq1eqfrD
1b+0ODxml4X7T3P2m9ToAZaN6ll64Q8Tcp43sqOCNIB4KfGWQ6Hmc+XYbvjv5H58
u6BCP1iAxzIVwVS1D+9xwBC3IOpMztQ+oSA+5Jo=
-----END CERTIFICATE-----