Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/de5dd9af-eb96-4459-bc15-4d5a3d4bf21a/4f32b9180b9370c9b2312e56e142422b7277cc25.roa
File:                     4f32b9180b9370c9b2312e56e142422b7277cc25.roa (raw, json)
Hash identifier:          PTPYkOFWp0XKUHVw3P1XrJMK9oIHiIdSr+vOXlsGc2U=
Subject key identifier:   2B:39:B7:CF:5D:EE:09:9E:D0:2A:47:CC:C6:C3:3C:4C:69:79:0C:26
Certificate issuer:       /CN=962886d2caf49497dff544bb6ba251bf1ffa6220
Certificate serial:       1A768A
Authority key identifier: EA:C5:A1:9C:82:7E:D5:4A:C3:AB:89:73:AF:0B:1F:89:D3:FF:0D:C7
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/962886d2caf49497dff544bb6ba251bf1ffa6220.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/de5dd9af-eb96-4459-bc15-4d5a3d4bf21a/4f32b9180b9370c9b2312e56e142422b7277cc25.roa
Signing time:             Fri 24 Mar 2023 14:11:34 +0000
ROA not before:           Tue 23 Mar 2021 03:00:00 +0000
ROA not after:            Tue 24 Mar 2026 03:00:00 +0000
asID:                     264628
IP address blocks:        190.103.28.0/22 maxlen: 22
                          190.103.28.0/23 maxlen: 23
                          190.103.30.0/23 maxlen: 23
                          190.103.28.0/24 maxlen: 24
                          190.103.29.0/24 maxlen: 24
                          190.103.30.0/24 maxlen: 24
                          190.103.31.0/24 maxlen: 24
                          190.89.29.0/24 maxlen: 24
                          190.89.30.0/23 maxlen: 23
                          190.89.30.0/24 maxlen: 24
                          190.89.31.0/24 maxlen: 24
                          190.120.248.0/21 maxlen: 21
                          190.120.248.0/22 maxlen: 22
                          190.120.252.0/22 maxlen: 22
                          190.120.248.0/24 maxlen: 24
                          190.120.249.0/24 maxlen: 24
                          190.120.250.0/24 maxlen: 24
                          190.120.251.0/24 maxlen: 24
                          190.120.252.0/24 maxlen: 24
                          190.120.253.0/24 maxlen: 24
                          190.120.254.0/24 maxlen: 24
                          190.120.255.0/24 maxlen: 24
                          2803:c000::/32 maxlen: 48

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1734282 (0x1a768a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=962886d2caf49497dff544bb6ba251bf1ffa6220
        Validity
            Not Before: Mar 23 03:00:00 2021 GMT
            Not After : Mar 24 03:00:00 2026 GMT
        Subject: CN=4f32b9180b9370c9b2312e56e142422b7277cc25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c3:29:83:7f:07:7a:aa:17:87:54:2d:ad:dd:
                    84:e9:a4:de:8f:73:65:2e:a5:4c:99:d1:4e:22:f5:
                    82:2a:d1:81:b0:db:3f:82:70:ab:22:55:9b:2d:51:
                    12:93:23:1d:82:e0:47:46:5c:52:b1:34:30:a3:a8:
                    71:47:2a:b7:f0:05:83:9f:df:34:66:4b:80:ff:65:
                    de:30:45:0d:a1:ea:73:3d:6a:20:5d:c4:dc:09:7a:
                    db:c8:4e:d8:95:2e:3d:7f:9d:3a:8e:17:78:1e:9e:
                    1d:8f:8d:ba:a4:74:d3:c3:97:a4:39:79:b7:b1:96:
                    46:36:00:f7:79:3f:03:2c:4f:02:11:b9:b5:60:0f:
                    d9:39:5a:c6:0b:59:43:7f:ff:9c:d8:72:35:ae:be:
                    5b:c2:b1:ae:42:3b:48:da:29:bb:d6:40:22:65:50:
                    54:45:6b:1a:c7:46:b6:91:19:90:34:5e:ed:97:50:
                    01:6d:99:48:9c:cb:1a:48:da:26:14:fb:11:38:38:
                    2b:65:6a:e3:b3:fb:e4:30:62:e4:9a:b5:5f:45:a1:
                    35:0c:83:7b:05:07:70:b4:05:59:4c:48:9f:51:6b:
                    2a:83:4b:26:02:02:8f:c9:b2:42:d9:ae:c5:ff:60:
                    3c:9d:90:d7:db:e9:11:b2:c4:d1:68:ed:51:f0:43:
                    f7:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:39:B7:CF:5D:EE:09:9E:D0:2A:47:CC:C6:C3:3C:4C:69:79:0C:26
            X509v3 Authority Key Identifier:
                keyid:EA:C5:A1:9C:82:7E:D5:4A:C3:AB:89:73:AF:0B:1F:89:D3:FF:0D:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/962886d2caf49497dff544bb6ba251bf1ffa6220.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/de5dd9af-eb96-4459-bc15-4d5a3d4bf21a/4f32b9180b9370c9b2312e56e142422b7277cc25.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/de5dd9af-eb96-4459-bc15-4d5a3d4bf21a/962886d2caf49497dff544bb6ba251bf1ffa6220.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.89.29.0-190.89.31.255
                  190.103.28.0/22
                  190.120.248.0/21
                IPv6:
                  2803:c000::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:27:e0:55:f9:b6:03:18:63:eb:77:26:5d:d1:44:7c:53:39:
         3e:43:27:01:dd:e9:11:dc:3f:16:ae:ba:6a:cb:60:12:e9:8e:
         d9:4a:9f:e2:db:a8:3b:49:fc:2d:5e:26:67:f8:1e:53:7b:d8:
         e1:d9:20:6b:64:6c:7d:32:d1:16:64:a7:6f:5c:40:db:17:24:
         bc:37:94:c4:de:a7:e1:e0:99:9c:87:aa:1e:78:3e:cd:d8:ea:
         90:c5:c0:d7:ea:53:57:6c:ec:49:0c:e2:d6:c3:7f:9b:31:fe:
         67:22:5c:67:9d:6f:9d:1c:b5:a7:17:cd:5f:db:8e:1f:18:59:
         8c:ae:f3:be:06:01:d1:ee:c3:df:2e:82:e9:25:6d:b4:6c:92:
         cb:72:0b:2a:81:f8:da:6b:53:ee:c8:5b:be:3e:63:10:48:07:
         23:ee:98:92:d2:8b:1a:4e:87:6e:8f:44:8d:88:7f:e1:00:07:
         41:e1:59:4b:08:e1:6f:8a:37:e1:6b:be:67:60:7b:cb:97:bb:
         2f:f4:de:54:0c:2c:e8:92:ec:a9:33:ed:fe:6c:2c:85:c2:79:
         2e:89:f9:57:69:82:17:9d:29:91:b5:ae:11:54:af:74:34:25:
         09:cf:fe:3a:f8:ec:7a:b5:22:f0:61:7c:7c:09:9a:2b:80:39:
         98:53:ae:6b
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgIDGnaKMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDk2
Mjg4NmQyY2FmNDk0OTdkZmY1NDRiYjZiYTI1MWJmMWZmYTYyMjAwHhcNMjEwMzIz
MDMwMDAwWhcNMjYwMzI0MDMwMDAwWjAzMTEwLwYDVQQDEyg0ZjMyYjkxODBiOTM3
MGM5YjIzMTJlNTZlMTQyNDIyYjcyNzdjYzI1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAi8Mpg38HeqoXh1Qtrd2E6aTej3NlLqVMmdFOIvWCKtGBsNs/
gnCrIlWbLVESkyMdguBHRlxSsTQwo6hxRyq38AWDn980ZkuA/2XeMEUNoepzPWog
XcTcCXrbyE7YlS49f506jhd4Hp4dj426pHTTw5ekOXm3sZZGNgD3eT8DLE8CEbm1
YA/ZOVrGC1lDf/+c2HI1rr5bwrGuQjtI2im71kAiZVBURWsax0a2kRmQNF7tl1AB
bZlInMsaSNomFPsRODgrZWrjs/vkMGLkmrVfRaE1DIN7BQdwtAVZTEifUWsqg0sm
AgKPybJC2a7F/2A8nZDX2+kRssTRaO1R8EP3IwIDAQABo4ICfjCCAnowHQYDVR0O
BBYEFCs5t89d7gme0CpHzMbDPExpeQwmMB8GA1UdIwQYMBaAFOrFoZyCftVKw6uJ
c68LH4nT/w3HMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvOTYyODg2
ZDJjYWY0OTQ5N2RmZjU0NGJiNmJhMjUxYmYxZmZhNjIyMC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvZGU1ZGQ5YWYtZWI5Ni00NDU5LWJjMTUtNGQ1YTNk
NGJmMjFhLzRmMzJiOTE4MGI5MzcwYzliMjMxMmU1NmUxNDI0MjJiNzI3N2NjMjUu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9kZTVkZDlhZi1lYjk2LTQ0NTktYmMxNS00ZDVh
M2Q0YmYyMWEvOTYyODg2ZDJjYWY0OTQ5N2RmZjU0NGJiNmJhMjUxYmYxZmZhNjIy
MC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBCBggrBgEFBQcBBwEB/wQz
MDEwIAQCAAEwGjAMAwQAvlkdAwQFvlkAAwQCvmccAwQDvnj4MA0EAgACMAcDBQAo
A8AAMA0GCSqGSIb3DQEBCwUAA4IBAQBqJ+BV+bYDGGPrdyZd0UR8Uzk+QycB3ekR
3D8Wrrpqy2AS6Y7ZSp/i26g7SfwtXiZn+B5Te9jh2SBrZGx9MtEWZKdvXEDbFyS8
N5TE3qfh4Jmch6oeeD7N2OqQxcDX6lNXbOxJDOLWw3+bMf5nIlxnnW+dHLWnF81f
244fGFmMrvO+BgHR7sPfLoLpJW20bJLLcgsqgfjaa1PuyFu+PmMQSAcj7piS0osa
Toduj0SNiH/hAAdB4VlLCOFvijfha75nYHvLl7sv9N5UDCzokuypM+3+bCyFwnku
iflXaYIXnSmRta4RVK90NCUJz/46+Ox6tSLwYXx8CZorgDmYU65r
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:37 2024 by rpki-client on console-ams.rpki-client.org