Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/e73e277c-4373-4608-aa3b-adccc70ec4bc/25e2237e71edce674fbd9fe26011a5c078e6fe47.roa
File:                     25e2237e71edce674fbd9fe26011a5c078e6fe47.roa (raw, json)
Hash identifier:          Xj6dL3OO8aRpBB+GdNicx6zlwH9OyCh7ClhgAWPKO10=
Subject key identifier:   DB:9B:D6:F5:4E:25:8C:69:EE:3A:1F:83:54:F0:D7:81:B5:12:44:29
Certificate issuer:       /CN=74b184780ab11522108afea08bba6483c8a4038c
Certificate serial:       0143
Authority key identifier: 55:25:D9:C8:3C:B5:EC:05:1E:0B:45:87:46:F1:59:28:93:13:ED:16
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/74b184780ab11522108afea08bba6483c8a4038c.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/e73e277c-4373-4608-aa3b-adccc70ec4bc/25e2237e71edce674fbd9fe26011a5c078e6fe47.roa
Signing time:             Thu 24 Feb 2022 17:41:03 +0000
ROA not before:           Thu 24 Feb 2022 03:00:00 +0000
ROA not after:            Sat 24 Feb 2024 03:00:00 +0000
asID:                     28024
IP address blocks:        161.22.128.0/17 maxlen: 17
                          161.56.0.0/16 maxlen: 16
                          161.138.0.0/16 maxlen: 16
                          179.58.0.0/16 maxlen: 16
                          179.59.0.0/16 maxlen: 16
                          181.227.0.0/16 maxlen: 16
                          186.2.0.0/18 maxlen: 18
                          186.2.64.0/18 maxlen: 18
                          186.27.0.0/18 maxlen: 18
                          186.27.64.0/18 maxlen: 18
                          200.85.144.0/21 maxlen: 21
                          2803:5700::/32 maxlen: 32

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 323 (0x143)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74b184780ab11522108afea08bba6483c8a4038c
        Validity
            Not Before: Feb 24 03:00:00 2022 GMT
            Not After : Feb 24 03:00:00 2024 GMT
        Subject: CN=25e2237e71edce674fbd9fe26011a5c078e6fe47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:8c:e0:24:71:14:ae:a5:9d:67:25:a5:b2:46:
                    68:d1:8d:8b:06:68:d2:4b:11:32:0c:30:3d:a5:1b:
                    71:42:d6:bf:8c:71:d8:78:31:4d:5d:3c:ca:8c:15:
                    00:c2:b3:3d:5d:bd:39:c9:fd:66:58:2f:ca:2b:6a:
                    79:7d:82:db:b9:e2:81:33:e3:29:aa:c8:ba:1c:12:
                    b2:6f:dd:f2:88:27:51:9f:08:8b:80:e6:45:06:64:
                    84:ae:6a:de:5d:6e:ea:ef:eb:93:4f:f0:f5:44:05:
                    3b:cf:aa:47:df:85:5b:e7:9e:70:c1:81:23:a6:78:
                    6c:da:81:98:e4:8d:26:a7:ad:88:47:08:8d:39:1f:
                    e7:6e:f6:3f:ae:96:00:a2:9b:b8:2f:7a:ea:14:36:
                    24:5b:10:1e:8a:65:34:2c:bb:fd:62:69:9f:02:30:
                    55:2f:bb:f8:e0:00:df:d8:39:1c:d8:86:6b:c6:34:
                    36:62:ae:44:94:c1:ca:59:88:62:e7:7a:1b:c5:3c:
                    e4:f9:bb:6b:a0:a0:f7:86:7d:31:92:26:9b:bc:14:
                    a7:c0:8f:e8:2e:7c:c5:0b:4d:6a:f4:49:89:8f:6a:
                    49:89:de:dd:3c:7c:17:2d:d8:d7:ab:2c:75:f1:ae:
                    37:36:e4:6f:61:c7:19:23:71:62:c0:2b:88:d9:b7:
                    94:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9B:D6:F5:4E:25:8C:69:EE:3A:1F:83:54:F0:D7:81:B5:12:44:29
            X509v3 Authority Key Identifier:
                keyid:55:25:D9:C8:3C:B5:EC:05:1E:0B:45:87:46:F1:59:28:93:13:ED:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/74b184780ab11522108afea08bba6483c8a4038c.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/e73e277c-4373-4608-aa3b-adccc70ec4bc/25e2237e71edce674fbd9fe26011a5c078e6fe47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/e73e277c-4373-4608-aa3b-adccc70ec4bc/74b184780ab11522108afea08bba6483c8a4038c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.22.128.0/17
                  161.56.0.0/16
                  161.138.0.0/16
                  179.58.0.0/15
                  181.227.0.0/16
                  186.2.0.0/17
                  186.27.0.0/17
                  200.85.144.0/21
                IPv6:
                  2803:5700::/32

    Signature Algorithm: sha256WithRSAEncryption
         1b:7f:7d:4d:1e:dd:b6:c2:2d:9f:87:20:4a:3f:2e:80:b8:d1:
         1f:92:1b:6f:c9:53:1a:2e:03:ce:5b:cb:f0:3b:61:34:1f:07:
         de:88:59:f2:6d:6a:34:c7:03:91:8f:33:9a:d3:47:ff:a9:cb:
         47:d3:87:3e:57:7f:b5:20:37:f7:19:41:c0:d7:4f:8c:f8:82:
         98:23:eb:7c:f4:01:e2:b8:d8:43:f8:10:cf:fd:5e:e7:35:2f:
         4c:a4:4c:76:4e:87:46:3a:f1:d3:55:d1:75:a0:dd:ad:5d:8b:
         4b:36:96:8b:6a:f4:aa:0f:89:86:db:e5:ef:3d:d7:52:e0:93:
         01:62:85:e1:27:3e:06:bd:f8:ba:7f:57:dc:15:05:09:22:6f:
         4a:7e:cf:9d:0a:99:b9:e3:2f:ca:17:eb:cf:92:05:da:82:0a:
         aa:64:ea:a4:aa:22:4f:00:3f:65:84:cc:4c:98:6a:18:12:df:
         87:11:70:e8:d1:98:fa:73:2c:8c:4d:2a:0e:0c:9b:b0:15:45:
         39:94:54:77:95:57:17:29:dd:dd:58:0b:29:40:ab:14:da:d9:
         5d:60:15:a5:18:c0:e5:fa:72:8a:fd:32:56:5d:07:46:50:08:
         65:f2:ce:cd:55:d9:ce:ab:3d:78:75:cf:40:4c:d0:a9:cc:25:
         45:f2:04:f8
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICAUMwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzRi
MTg0NzgwYWIxMTUyMjEwOGFmZWEwOGJiYTY0ODNjOGE0MDM4YzAeFw0yMjAyMjQw
MzAwMDBaFw0yNDAyMjQwMzAwMDBaMDMxMTAvBgNVBAMTKDI1ZTIyMzdlNzFlZGNl
Njc0ZmJkOWZlMjYwMTFhNWMwNzhlNmZlNDcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCQjOAkcRSupZ1nJaWyRmjRjYsGaNJLETIMMD2lG3FC1r+Mcdh4
MU1dPMqMFQDCsz1dvTnJ/WZYL8oranl9gtu54oEz4ymqyLocErJv3fKIJ1GfCIuA
5kUGZISuat5dburv65NP8PVEBTvPqkffhVvnnnDBgSOmeGzagZjkjSanrYhHCI05
H+du9j+ulgCim7gveuoUNiRbEB6KZTQsu/1iaZ8CMFUvu/jgAN/YORzYhmvGNDZi
rkSUwcpZiGLnehvFPOT5u2ugoPeGfTGSJpu8FKfAj+gufMULTWr0SYmPakmJ3t08
fBct2NerLHXxrjc25G9hxxkjcWLAK4jZt5RdAgMBAAGjggKQMIICjDAdBgNVHQ4E
FgQU25vW9U4ljGnuOh+DVPDXgbUSRCkwHwYDVR0jBBgwFoAUVSXZyDy17AUeC0WH
RvFZKJMT7RYwDgYDVR0PAQH/BAQDAgeAMIGaBggrBgEFBQcBAQSBjTCBijCBhwYI
KwYBBQUHMAKGe3JzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jwa2kvbGFj
bmljLzQ4ZjA4M2JiLWY2MDMtNDg5My05OTkwLTAyODRjMDRjZWI4NS83NGIxODQ3
ODBhYjExNTIyMTA4YWZlYTA4YmJhNjQ4M2M4YTQwMzhjLmNlcjCBmgYIKwYBBQUH
AQsEgY0wgYowgYcGCCsGAQUFBzALhntyc3luYzovL3JlcG9zaXRvcnkubGFjbmlj
Lm5ldC9ycGtpL2xhY25pYy9lNzNlMjc3Yy00MzczLTQ2MDgtYWEzYi1hZGNjYzcw
ZWM0YmMvMjVlMjIzN2U3MWVkY2U2NzRmYmQ5ZmUyNjAxMWE1YzA3OGU2ZmU0Ny5y
b2EwgY8GA1UdHwSBhzCBhDCBgaB/oH2Ge3JzeW5jOi8vcmVwb3NpdG9yeS5sYWNu
aWMubmV0L3Jwa2kvbGFjbmljL2U3M2UyNzdjLTQzNzMtNDYwOC1hYTNiLWFkY2Nj
NzBlYzRiYy83NGIxODQ3ODBhYjExNTIyMTA4YWZlYTA4YmJhNjQ4M2M4YTQwMzhj
LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUw
QzAyBAIAATAsAwQHoRaAAwMAoTgDAwChigMDAbM6AwMAteMDBAe6AgADBAe6GwAD
BAPIVZAwDQQCAAIwBwMFACgDVwAwDQYJKoZIhvcNAQELBQADggEBABt/fU0e3bbC
LZ+HIEo/LoC40R+SG2/JUxouA85by/A7YTQfB96IWfJtajTHA5GPM5rTR/+py0fT
hz5Xf7UgN/cZQcDXT4z4gpgj63z0AeK42EP4EM/9Xuc1L0ykTHZOh0Y68dNV0XWg
3a1di0s2lotq9KoPiYbb5e8911LgkwFiheEnPga9+Lp/V9wVBQkib0p+z50Kmbnj
L8oX68+SBdqCCqpk6qSqIk8AP2WEzEyYahgS34cRcOjRmPpzLIxNKg4Mm7AVRTmU
VHeVVxcp3d1YCylAqxTa2V1gFaUYwOX6cor9MlZdB0ZQCGXyzs1V2c6rPXh1z0BM
0KnMJUXyBPg=
-----END CERTIFICATE-----