Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/9fd8fa0f-a5be-4b8d-96fb-3f3c3b868ef0/77ceabcb5d67f9c091a444428f1c8cd1c7056f7f.roa
File:                     77ceabcb5d67f9c091a444428f1c8cd1c7056f7f.roa (raw, json)
Hash identifier:          IWy9pFF3aS/VqUH+XF5sOW4OJs+5hvptJd/ZCfQ+toI=
Subject key identifier:   C2:CA:48:03:CB:66:00:A9:5C:C9:B2:90:98:7B:09:08:68:09:92:C1
Certificate issuer:       /CN=4d4536f8ba78ea8a7a00d99f6ef994274b4a1092
Certificate serial:       0D201C
Authority key identifier: 57:D6:85:3C:0C:0C:72:10:45:50:2B:B6:43:77:52:6B:C7:D0:50:09
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/4d4536f8ba78ea8a7a00d99f6ef994274b4a1092.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/9fd8fa0f-a5be-4b8d-96fb-3f3c3b868ef0/77ceabcb5d67f9c091a444428f1c8cd1c7056f7f.roa
Signing time:             Wed 24 Mar 2021 14:37:09 +0000
ROA not before:           Wed 24 Mar 2021 14:37:09 +0000
ROA not after:            Tue 24 Mar 2026 14:37:09 +0000
asID:                     266717
IP address blocks:        45.231.52.0/24 maxlen: 24
                          45.231.53.0/24 maxlen: 24
                          45.231.54.0/24 maxlen: 24
                          2801:1d:a000::/48 maxlen: 48
                          2801:1d:a002::/48 maxlen: 48
                          2801:1d:a003::/48 maxlen: 48
                          2801:1d:a004::/48 maxlen: 48
                          2801:1d:a006::/48 maxlen: 48
                          2801:1d:a007::/48 maxlen: 48
                          2801:1d:a008::/48 maxlen: 48
                          2801:1d:a009::/48 maxlen: 48
                          2801:1d:a00a::/48 maxlen: 48
                          2801:1d:a00b::/48 maxlen: 48
                          2801:1d:a00c::/48 maxlen: 48
                          2801:1d:a00d::/48 maxlen: 48
                          2801:1d:a00e::/48 maxlen: 48
                          2801:1d:a00f::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 860188 (0xd201c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d4536f8ba78ea8a7a00d99f6ef994274b4a1092
        Validity
            Not Before: Mar 24 14:37:09 2021 GMT
            Not After : Mar 24 14:37:09 2026 GMT
        Subject: CN=77ceabcb5d67f9c091a444428f1c8cd1c7056f7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:92:e7:cd:19:5f:41:52:99:d1:da:01:58:4d:
                    63:cc:d4:85:05:24:0f:48:6b:2d:7c:10:b2:27:82:
                    41:78:ce:bb:de:db:0a:6b:a9:ba:ea:f9:f0:8e:ab:
                    c2:32:f9:a0:e2:21:8b:c5:b2:61:09:c5:bd:ad:d1:
                    78:d3:a0:f9:bd:ee:96:6f:f7:c7:8e:b6:ac:10:00:
                    02:5a:30:8a:7c:e7:61:05:83:43:1f:4e:b2:f9:a0:
                    a7:b1:11:e0:52:51:4a:46:a4:c4:6a:6c:e1:a8:53:
                    1b:31:18:e5:73:d5:e8:4c:36:58:d4:ff:f2:43:2f:
                    a9:3d:a2:34:06:40:c9:a8:08:f5:e2:ef:f1:bc:01:
                    d0:0e:30:76:04:43:ac:a6:9e:84:fe:31:4d:31:cc:
                    cb:48:1f:62:56:99:09:39:ff:cc:a9:f3:38:9e:ef:
                    a3:04:7c:52:56:bd:96:5e:ab:35:62:dd:04:e4:0d:
                    75:f9:78:f5:81:38:d3:13:c2:e7:7f:04:ed:d3:f9:
                    b1:0b:8e:0e:6a:99:47:6c:10:22:2d:f6:8e:8e:df:
                    f7:2f:8d:73:db:81:77:1a:3a:33:77:3f:fc:83:fe:
                    62:6b:5f:0f:cd:f8:97:fb:db:04:90:0d:b2:b0:fe:
                    40:e9:31:1f:10:64:82:d5:b2:25:98:8b:95:5d:96:
                    08:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:CA:48:03:CB:66:00:A9:5C:C9:B2:90:98:7B:09:08:68:09:92:C1
            X509v3 Authority Key Identifier:
                keyid:57:D6:85:3C:0C:0C:72:10:45:50:2B:B6:43:77:52:6B:C7:D0:50:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/4d4536f8ba78ea8a7a00d99f6ef994274b4a1092.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/9fd8fa0f-a5be-4b8d-96fb-3f3c3b868ef0/77ceabcb5d67f9c091a444428f1c8cd1c7056f7f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/9fd8fa0f-a5be-4b8d-96fb-3f3c3b868ef0/4d4536f8ba78ea8a7a00d99f6ef994274b4a1092.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.231.52.0-45.231.54.255
                IPv6:
                  2801:1d:a000::/48
                  2801:1d:a002::-2801:1d:a004:ffff:ffff:ffff:ffff:ffff
                  2801:1d:a006::-2801:1d:a00f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         13:2a:94:09:cf:79:ee:9b:31:0b:6b:9b:cd:12:07:49:b0:f5:
         9e:0f:01:9c:98:8b:d4:59:3c:41:ee:8d:8f:87:f9:ea:ad:af:
         6a:06:84:72:a0:46:f3:19:42:ef:a2:ea:22:35:93:97:46:c4:
         a4:71:75:48:8c:70:13:33:89:37:76:73:4c:7a:97:20:ff:be:
         34:a0:43:72:3e:92:dd:6b:a1:da:66:72:03:7c:fa:1e:0e:ec:
         5f:58:3d:2c:9f:f3:e4:26:d1:8f:fd:c6:72:16:a1:26:f4:3f:
         72:f1:36:47:ff:d6:48:db:1f:4c:17:0e:6b:24:3f:e8:19:1f:
         70:63:86:ba:f5:76:5e:56:ca:d9:3d:cb:c0:22:df:a7:56:67:
         03:28:96:3a:36:59:9b:3d:73:d7:9c:0b:1f:69:0f:c8:b0:00:
         cd:02:99:c1:a0:d3:34:dc:ea:47:92:d6:56:e7:c8:08:8e:20:
         a7:29:08:2f:b2:d1:29:ee:bd:4b:d2:66:f6:ee:9a:9a:70:8a:
         5e:32:e4:55:99:5a:93:91:58:ee:c1:37:44:d1:22:f3:6b:a3:
         7b:29:4c:29:79:72:0b:f6:ac:56:8d:ea:9a:6b:3c:20:73:0c:
         23:ee:44:9f:f4:7f:d7:c6:c2:cf:7c:35:30:43:c2:fa:3e:e2:
         31:2c:27:85
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIDDSAcMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDRk
NDUzNmY4YmE3OGVhOGE3YTAwZDk5ZjZlZjk5NDI3NGI0YTEwOTIwHhcNMjEwMzI0
MTQzNzA5WhcNMjYwMzI0MTQzNzA5WjAzMTEwLwYDVQQDEyg3N2NlYWJjYjVkNjdm
OWMwOTFhNDQ0NDI4ZjFjOGNkMWM3MDU2ZjdmMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAjJLnzRlfQVKZ0doBWE1jzNSFBSQPSGstfBCyJ4JBeM673tsK
a6m66vnwjqvCMvmg4iGLxbJhCcW9rdF406D5ve6Wb/fHjrasEAACWjCKfOdhBYND
H06y+aCnsRHgUlFKRqTEamzhqFMbMRjlc9XoTDZY1P/yQy+pPaI0BkDJqAj14u/x
vAHQDjB2BEOspp6E/jFNMczLSB9iVpkJOf/MqfM4nu+jBHxSVr2WXqs1Yt0E5A11
+Xj1gTjTE8LnfwTt0/mxC44OaplHbBAiLfaOjt/3L41z24F3Gjozdz/8g/5ia18P
zfiX+9sEkA2ysP5A6TEfEGSC1bIlmIuVXZYI6wIDAQABo4ICnDCCApgwHQYDVR0O
BBYEFMLKSAPLZgCpXMmykJh7CQhoCZLBMB8GA1UdIwQYMBaAFFfWhTwMDHIQRVAr
tkN3UmvH0FAJMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvNGQ0NTM2
ZjhiYTc4ZWE4YTdhMDBkOTlmNmVmOTk0Mjc0YjRhMTA5Mi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvOWZkOGZhMGYtYTViZS00YjhkLTk2ZmItM2YzYzNi
ODY4ZWYwLzc3Y2VhYmNiNWQ2N2Y5YzA5MWE0NDQ0MjhmMWM4Y2QxYzcwNTZmN2Yu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy85ZmQ4ZmEwZi1hNWJlLTRiOGQtOTZmYi0zZjNj
M2I4NjhlZjAvNGQ0NTM2ZjhiYTc4ZWE4YTdhMDBkOTlmNmVmOTk0Mjc0YjRhMTA5
Mi5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBgBggrBgEFBQcBBwEB/wRR
ME8wFAQCAAEwDjAMAwQCLec0AwQALec2MDcEAgACMDEDBwAoAQAdoAAwEgMHASgB
AB2gAgMHACgBAB2gBDASAwcBKAEAHaAGAwcEKAEAHaAAMA0GCSqGSIb3DQEBCwUA
A4IBAQATKpQJz3numzELa5vNEgdJsPWeDwGcmIvUWTxB7o2Ph/nqra9qBoRyoEbz
GULvouoiNZOXRsSkcXVIjHATM4k3dnNMepcg/740oENyPpLda6HaZnIDfPoeDuxf
WD0sn/PkJtGP/cZyFqEm9D9y8TZH/9ZI2x9MFw5rJD/oGR9wY4a69XZeVsrZPcvA
It+nVmcDKJY6NlmbPXPXnAsfaQ/IsADNApnBoNM03OpHktZW58gIjiCnKQgvstEp
7r1L0mb27pqacIpeMuRVmVqTkVjuwTdE0SLza6N7KUwpeXIL9qxWjeqaazwgcwwj
7kSf9H/XxsLPfDUwQ8L6PuIxLCeF
-----END CERTIFICATE-----