Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/32172A23BE77A860A2249F55413A16450A59671EF9A2F812A942EC07D9D05C0F/0/3133312e3130382e38322e302f32342d3234203d3e203631343536.roa
File:                     3133312e3130382e38322e302f32342d3234203d3e203631343536.roa (raw, json)
Hash identifier:          vFMGJQbJKuNH+vItq9JgK4jmd0f3XYLiCSGEvdnGlMo=
Subject key identifier:   43:E0:26:32:19:3E:78:04:E1:AF:BE:B8:4B:9E:84:C1:E7:AC:31:6D
Certificate issuer:       /CN=89C823AD60CBA4B07B9092FB3D0BF1A0B8C15ABE
Certificate serial:       2EB7C32AD4F9F2FEC982CE989FB2B9158C5CC501
Authority key identifier: 89:C8:23:AD:60:CB:A4:B0:7B:90:92:FB:3D:0B:F1:A0:B8:C1:5A:BE
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/89C823AD60CBA4B07B9092FB3D0BF1A0B8C15ABE.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/32172A23BE77A860A2249F55413A16450A59671EF9A2F812A942EC07D9D05C0F/0/3133312e3130382e38322e302f32342d3234203d3e203631343536.roa
Signing time:             Tue 05 Mar 2024 17:59:10 +0000
ROA not before:           Tue 05 Mar 2024 17:54:10 +0000
ROA not after:            Tue 04 Mar 2025 17:59:10 +0000
asID:                     61456
IP address blocks:        131.108.82.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 21 Aug 2024 20:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:b7:c3:2a:d4:f9:f2:fe:c9:82:ce:98:9f:b2:b9:15:8c:5c:c5:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89C823AD60CBA4B07B9092FB3D0BF1A0B8C15ABE
        Validity
            Not Before: Mar  5 17:54:10 2024 GMT
            Not After : Mar  4 17:59:10 2025 GMT
        Subject: CN=43E02632193E7804E1AFBEB84B9E84C1E7AC316D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:2b:c3:4a:7b:ed:39:71:de:31:7d:c0:69:94:
                    77:c8:3d:3e:ec:fa:5e:42:b1:fe:98:92:f8:19:5d:
                    fa:b9:21:7f:4a:49:9f:de:b3:2f:e5:c0:62:bc:90:
                    dd:ab:66:55:19:45:79:4f:77:b2:4b:a2:74:b3:55:
                    c8:53:e8:71:e3:4b:40:6a:89:25:0a:b6:e0:6a:40:
                    25:41:63:2d:20:e7:88:29:af:56:31:4f:26:48:ca:
                    05:61:aa:45:c4:4b:66:57:a4:cc:05:1e:73:02:06:
                    c0:b6:e1:b4:5c:24:28:ef:17:17:41:45:7b:b9:04:
                    31:9f:0a:03:c4:7d:ab:90:18:32:80:fd:da:51:6d:
                    a0:e2:82:a4:7f:45:77:54:70:b9:a8:41:e2:83:b3:
                    4b:6c:e2:ff:86:1c:1f:e3:d3:3b:79:6e:74:09:49:
                    23:ec:17:02:4f:1a:f5:c3:93:44:73:e3:36:c3:b5:
                    1b:8b:7f:65:67:e8:37:9d:7d:ab:2a:12:1b:9a:b9:
                    ce:e7:da:1b:00:d6:7c:05:5e:98:34:d3:7e:69:d8:
                    ac:f2:ef:0c:21:20:5e:60:da:fc:b8:0a:59:89:0c:
                    3e:bd:08:39:ea:1f:0a:8d:ac:1a:67:1d:a3:14:a6:
                    93:1b:97:06:9e:11:5b:d1:98:01:7c:2c:cb:72:88:
                    fd:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:E0:26:32:19:3E:78:04:E1:AF:BE:B8:4B:9E:84:C1:E7:AC:31:6D
            X509v3 Authority Key Identifier:
                keyid:89:C8:23:AD:60:CB:A4:B0:7B:90:92:FB:3D:0B:F1:A0:B8:C1:5A:BE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/32172A23BE77A860A2249F55413A16450A59671EF9A2F812A942EC07D9D05C0F/0/89C823AD60CBA4B07B9092FB3D0BF1A0B8C15ABE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/89C823AD60CBA4B07B9092FB3D0BF1A0B8C15ABE.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/32172A23BE77A860A2249F55413A16450A59671EF9A2F812A942EC07D9D05C0F/0/3133312e3130382e38322e302f32342d3234203d3e203631343536.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.108.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:ce:7c:73:18:12:52:02:32:94:7b:78:1c:84:a8:a2:3d:97:
         fb:d0:71:51:53:20:66:bb:bd:32:cc:94:9b:03:64:2f:c1:7d:
         8f:37:f1:16:5b:51:e5:08:91:14:3f:51:f3:8e:0a:0e:7d:cd:
         9f:6e:02:b1:55:54:ec:00:a6:af:bd:bf:b9:7f:ab:2e:64:46:
         62:df:3a:5a:92:d7:bc:7e:42:4b:45:43:2a:d1:59:40:88:0f:
         8f:76:e5:04:a3:e2:90:b7:88:d1:42:df:52:b8:48:dc:fa:be:
         35:ba:10:18:c6:fd:61:38:02:c3:ae:d9:10:22:71:de:37:e7:
         0f:a0:73:fe:58:61:cd:39:89:80:80:57:a0:40:6f:ff:38:e8:
         12:f1:b7:e9:e8:de:c1:53:eb:0f:bb:24:fc:a4:f1:ac:9c:6e:
         ad:05:f5:28:fd:04:a3:04:4a:79:73:5f:e0:f9:d0:0b:d1:7e:
         e9:18:ba:60:48:83:f5:61:54:a8:e2:ad:0c:61:b8:c3:79:e7:
         8b:4b:5f:8b:b3:a9:b7:54:7f:97:eb:9e:c1:35:d5:b5:df:f2:
         ba:7d:60:ca:e0:72:c7:0c:f1:0e:04:79:0d:d9:41:f4:7f:d0:
         46:da:4b:9e:3f:40:27:01:d6:33:c7:94:5c:ef:ec:ce:25:e8:
         bf:56:59:a5
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgIULrfDKtT58v7Jgs6Yn7K5FYxcxQEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODlDODIzQUQ2MENCQTRCMDdCOTA5MkZCM0QwQkYxQTBC
OEMxNUFCRTAeFw0yNDAzMDUxNzU0MTBaFw0yNTAzMDQxNzU5MTBaMDMxMTAvBgNV
BAMTKDQzRTAyNjMyMTkzRTc4MDRFMUFGQkVCODRCOUU4NEMxRTdBQzMxNkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgK8NKe+05cd4xfcBplHfIPT7s
+l5Csf6YkvgZXfq5IX9KSZ/esy/lwGK8kN2rZlUZRXlPd7JLonSzVchT6HHjS0Bq
iSUKtuBqQCVBYy0g54gpr1YxTyZIygVhqkXES2ZXpMwFHnMCBsC24bRcJCjvFxdB
RXu5BDGfCgPEfauQGDKA/dpRbaDigqR/RXdUcLmoQeKDs0ts4v+GHB/j0zt5bnQJ
SSPsFwJPGvXDk0Rz4zbDtRuLf2Vn6DedfasqEhuauc7n2hsA1nwFXpg0035p2Kzy
7wwhIF5g2vy4ClmJDD69CDnqHwqNrBpnHaMUppMblwaeEVvRmAF8LMtyiP0zAgMB
AAGjggLIMIICxDAdBgNVHQ4EFgQUQ+AmMhk+eAThr764S56EweesMW0wHwYDVR0j
BBgwFoAUicgjrWDLpLB7kJL7PQvxoLjBWr4wDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy8zMjE3MkEyM0JFNzdBODYwQTIyNDlGNTU0MTNBMTY0NTBB
NTk2NzFFRjlBMkY4MTJBOTQyRUMwN0Q5RDA1QzBGLzAvODlDODIzQUQ2MENCQTRC
MDdCOTA5MkZCM0QwQkYxQTBCOEMxNUFCRS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC84OUM4MjNBRDYwQ0JBNEIwN0I5
MDkyRkIzRDBCRjFBMEI4QzE1QUJFLmNlcjCBxwYIKwYBBQUHAQsEgbowgbcwgbQG
CCsGAQUFBzALhoGncnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvMzIxNzJBMjNCRTc3QTg2MEEyMjQ5RjU1NDEzQTE2NDUwQTU5NjcxRUY5
QTJGODEyQTk0MkVDMDdEOUQwNUMwRi8wLzMxMzMzMTJlMzEzMDM4MmUzODMyMmUz
MDJmMzIzNDJkMzIzNDIwM2QzZTIwMzYzMTM0MzUzNi5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAINsUjAN
BgkqhkiG9w0BAQsFAAOCAQEAss58cxgSUgIylHt4HISooj2X+9BxUVMgZru9MsyU
mwNkL8F9jzfxFltR5QiRFD9R844KDn3Nn24CsVVU7ACmr72/uX+rLmRGYt86WpLX
vH5CS0VDKtFZQIgPj3blBKPikLeI0ULfUrhI3Pq+NboQGMb9YTgCw67ZECJx3jfn
D6Bz/lhhzTmJgIBXoEBv/zjoEvG36ejewVPrD7sk/KTxrJxurQX1KP0EowRKeXNf
4PnQC9F+6Ri6YEiD9WFUqOKtDGG4w3nni0tfi7Opt1R/l+uewTXVtd/yun1gyuBy
xwzxDgR5DdlB9H/QRtpLnj9AJwHWM8eUXO/sziXov1ZZpQ==
-----END CERTIFICATE-----