Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/38283047-8834-43d5-82f7-4d938e60571e/e4cf33923c1d15fc631c73d39119dec43f4269c3.roa
File:                     e4cf33923c1d15fc631c73d39119dec43f4269c3.roa (raw, json)
Hash identifier:          0KBmgqI/PMNKkI74AzQS0FCG+RGdmNR5dQN0ZlYw0Y0=
Subject key identifier:   2B:45:34:BA:DD:D4:3B:DE:E9:BC:4A:5A:2A:38:00:F4:75:0F:60:61
Certificate issuer:       /CN=33b7a43fc33bfc7ff5ea592decadde645288705e
Certificate serial:       144022
Authority key identifier: C1:A4:F9:06:D7:C5:6B:7D:5E:32:B4:3C:AE:33:6A:BD:11:7D:39:56
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/33b7a43fc33bfc7ff5ea592decadde645288705e.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/38283047-8834-43d5-82f7-4d938e60571e/e4cf33923c1d15fc631c73d39119dec43f4269c3.roa
Signing time:             Tue 16 Nov 2021 20:34:45 +0000
ROA not before:           Wed 24 Mar 2021 03:00:00 +0000
ROA not after:            Tue 24 Mar 2026 03:00:00 +0000
asID:                     265689
IP address blocks:        200.50.162.0/23 maxlen: 23
                          200.50.162.0/24 maxlen: 24
                          200.50.163.0/24 maxlen: 24
                          200.50.165.0/24 maxlen: 24
                          200.123.59.0/24 maxlen: 24
                          200.123.60.0/23 maxlen: 24
                          200.123.60.0/24 maxlen: 24
                          200.123.61.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1327138 (0x144022)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33b7a43fc33bfc7ff5ea592decadde645288705e
        Validity
            Not Before: Mar 24 03:00:00 2021 GMT
            Not After : Mar 24 03:00:00 2026 GMT
        Subject: CN=e4cf33923c1d15fc631c73d39119dec43f4269c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:64:b7:54:e3:7b:7e:69:74:8b:0b:4e:c4:f8:
                    1f:15:7a:09:54:a5:11:fd:9c:5d:db:e9:0d:ef:ba:
                    c9:fc:38:5a:89:5a:3e:31:ca:cb:b1:60:f2:45:9b:
                    76:50:e9:48:b7:4d:27:bd:c1:59:68:76:9c:28:72:
                    e7:87:35:79:23:19:4f:39:2c:00:e2:2b:dc:79:10:
                    83:98:a7:34:16:5f:4c:60:67:9b:99:d0:8b:f6:7d:
                    c8:2a:38:8c:1e:e4:3b:a0:8e:1c:df:bb:c1:2e:d1:
                    b0:1b:f7:13:6f:4f:85:c3:1c:f5:61:6c:6f:4c:84:
                    b6:48:0b:6b:d7:1c:e6:75:1f:f9:11:90:0a:0e:53:
                    57:1c:f7:c7:ce:5a:0c:d4:2f:c2:09:11:fb:82:3c:
                    b4:fd:77:23:d1:32:76:36:3f:a9:7d:a0:30:7c:45:
                    b0:a6:4e:30:fe:64:8c:18:d2:35:c5:2e:11:53:76:
                    e2:35:41:30:76:0b:60:2a:2f:11:df:76:d3:e5:ef:
                    f0:92:d1:82:93:c0:6a:d1:6a:e2:c5:33:15:ba:84:
                    21:a6:4e:6b:05:02:cb:d7:e6:2d:65:1b:ce:52:df:
                    f3:cc:64:4f:fa:6f:67:30:e5:49:69:ff:ff:fb:c5:
                    b1:ac:74:10:82:1a:d9:20:70:f3:08:53:70:c2:cb:
                    55:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:45:34:BA:DD:D4:3B:DE:E9:BC:4A:5A:2A:38:00:F4:75:0F:60:61
            X509v3 Authority Key Identifier:
                keyid:C1:A4:F9:06:D7:C5:6B:7D:5E:32:B4:3C:AE:33:6A:BD:11:7D:39:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/33b7a43fc33bfc7ff5ea592decadde645288705e.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/38283047-8834-43d5-82f7-4d938e60571e/e4cf33923c1d15fc631c73d39119dec43f4269c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/38283047-8834-43d5-82f7-4d938e60571e/33b7a43fc33bfc7ff5ea592decadde645288705e.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  200.50.162.0/23
                  200.50.165.0/24
                  200.123.59.0-200.123.61.255

    Signature Algorithm: sha256WithRSAEncryption
         28:36:99:10:23:b2:ff:6a:0d:0b:66:f3:2c:60:cc:81:8e:48:
         10:76:db:55:10:cd:2b:07:2f:7c:34:70:5a:2c:57:00:04:aa:
         01:59:ca:31:1c:40:60:e2:bc:85:39:c3:9b:c1:77:84:22:0f:
         d1:f9:4c:f0:a4:6e:1e:37:d1:87:c8:38:82:55:d4:cb:a7:1f:
         69:42:ed:9c:4e:fb:2e:1f:8b:f1:fe:e4:d3:0e:65:69:dc:41:
         5c:f1:06:3c:af:8e:5f:70:09:83:9c:76:aa:2f:05:fa:24:bb:
         64:18:11:f8:86:4a:bc:c2:24:6d:ec:0f:e9:df:47:ae:c6:96:
         5f:31:36:9d:7b:86:e9:50:1b:d9:5b:1f:b7:f1:be:cb:c5:c2:
         5f:8e:c3:e3:fe:8c:b4:ec:83:95:0e:b5:76:45:e3:34:6b:85:
         cf:01:10:e2:c7:39:12:50:4f:43:ed:1b:95:67:59:a3:ac:c9:
         ca:48:b6:fd:75:f0:6a:61:0b:0e:3c:41:28:45:fd:26:48:ad:
         da:af:3c:dc:77:20:5b:ae:b6:20:4b:04:39:8a:68:5a:2b:89:
         b7:4b:ec:25:7c:ca:10:86:cb:42:dc:4e:64:57:dc:63:e9:49:
         94:78:06:1a:51:81:97:da:cd:39:33:60:2b:f4:38:e9:34:75:
         32:29:9c:dd
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgIDFEAiMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDMz
YjdhNDNmYzMzYmZjN2ZmNWVhNTkyZGVjYWRkZTY0NTI4ODcwNWUwHhcNMjEwMzI0
MDMwMDAwWhcNMjYwMzI0MDMwMDAwWjAzMTEwLwYDVQQDEyhlNGNmMzM5MjNjMWQx
NWZjNjMxYzczZDM5MTE5ZGVjNDNmNDI2OWMzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAtmS3VON7fml0iwtOxPgfFXoJVKUR/Zxd2+kN77rJ/DhaiVo+
McrLsWDyRZt2UOlIt00nvcFZaHacKHLnhzV5IxlPOSwA4ivceRCDmKc0Fl9MYGeb
mdCL9n3IKjiMHuQ7oI4c37vBLtGwG/cTb0+Fwxz1YWxvTIS2SAtr1xzmdR/5EZAK
DlNXHPfHzloM1C/CCRH7gjy0/Xcj0TJ2Nj+pfaAwfEWwpk4w/mSMGNI1xS4RU3bi
NUEwdgtgKi8R33bT5e/wktGCk8Bq0WrixTMVuoQhpk5rBQLL1+YtZRvOUt/zzGRP
+m9nMOVJaf//+8WxrHQQghrZIHDzCFNwwstVRwIDAQABo4ICbzCCAmswHQYDVR0O
BBYEFCtFNLrd1Dve6bxKWio4APR1D2BhMB8GA1UdIwQYMBaAFMGk+QbXxWt9XjK0
PK4zar0RfTlWMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMzNiN2E0
M2ZjMzNiZmM3ZmY1ZWE1OTJkZWNhZGRlNjQ1Mjg4NzA1ZS5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvMzgyODMwNDctODgzNC00M2Q1LTgyZjctNGQ5Mzhl
NjA1NzFlL2U0Y2YzMzkyM2MxZDE1ZmM2MzFjNzNkMzkxMTlkZWM0M2Y0MjY5YzMu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy8zODI4MzA0Ny04ODM0LTQzZDUtODJmNy00ZDkz
OGU2MDU3MWUvMzNiN2E0M2ZjMzNiZmM3ZmY1ZWE1OTJkZWNhZGRlNjQ1Mjg4NzA1
ZS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAzBggrBgEFBQcBBwEB/wQk
MCIwIAQCAAEwGgMEAcgyogMEAMgypTAMAwQAyHs7AwQByHs8MA0GCSqGSIb3DQEB
CwUAA4IBAQAoNpkQI7L/ag0LZvMsYMyBjkgQdttVEM0rBy98NHBaLFcABKoBWcox
HEBg4ryFOcObwXeEIg/R+UzwpG4eN9GHyDiCVdTLpx9pQu2cTvsuH4vx/uTTDmVp
3EFc8QY8r45fcAmDnHaqLwX6JLtkGBH4hkq8wiRt7A/p30euxpZfMTade4bpUBvZ
Wx+38b7LxcJfjsPj/oy07IOVDrV2ReM0a4XPARDixzkSUE9D7RuVZ1mjrMnKSLb9
dfBqYQsOPEEoRf0mSK3arzzcdyBbrrYgSwQ5imhaK4m3S+wlfMoQhstC3E5kV9xj
6UmUeAYaUYGX2s05M2Ar9DjpNHUyKZzd
-----END CERTIFICATE-----