Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/db7ec1ad9e0080a61f4a3a1eb753026324cf9e00.roa
File:                     db7ec1ad9e0080a61f4a3a1eb753026324cf9e00.roa (raw, json)
Hash identifier:          z/ctIdRvxYUmdPFg0kvd7fBbyI+v/w3YTYxsWEzA0xU=
Subject key identifier:   44:1C:CE:C6:B1:04:11:8D:33:25:E3:BC:32:40:6E:05:CE:14:FB:A0
Certificate issuer:       /CN=bfbb4d3a6dd5e649a6554c4817ce0ed277429136
Certificate serial:       10B074
Authority key identifier: 76:7F:42:4D:48:34:06:C4:20:E5:DF:19:BE:BE:99:3F:72:5A:F7:B6
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/db7ec1ad9e0080a61f4a3a1eb753026324cf9e00.roa
Signing time:             Tue 24 Oct 2023 16:01:15 +0000
ROA not before:           Tue 24 Oct 2023 16:00:56 +0000
ROA not after:            Tue 24 Oct 2028 16:00:56 +0000
asID:                     22927
IP address blocks:        186.60.0.0/14 maxlen: 24
                          190.172.0.0/15 maxlen: 24
                          190.174.0.0/15 maxlen: 24
                          190.176.0.0/15 maxlen: 24
                          190.178.0.0/15 maxlen: 24
                          191.80.0.0/14 maxlen: 24
                          191.84.0.0/15 maxlen: 24
                          201.176.0.0/14 maxlen: 24
                          201.180.0.0/15 maxlen: 24
                          201.250.0.0/17 maxlen: 24
                          201.250.128.0/17 maxlen: 24
                          201.255.0.0/17 maxlen: 24
                          201.255.128.0/17 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1093748 (0x10b074)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfbb4d3a6dd5e649a6554c4817ce0ed277429136
        Validity
            Not Before: Oct 24 16:00:56 2023 GMT
            Not After : Oct 24 16:00:56 2028 GMT
        Subject: CN=db7ec1ad9e0080a61f4a3a1eb753026324cf9e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7a:85:25:da:fb:bb:a8:62:55:81:d9:a5:5a:
                    7c:3e:e5:71:a4:0d:ec:c9:8f:2d:08:0f:17:db:03:
                    74:20:6c:60:0a:de:26:c1:8f:94:0c:fa:72:05:fc:
                    cc:95:c0:dc:dd:ad:7f:8f:01:5e:3e:f2:75:3c:00:
                    68:6a:0d:58:71:bd:cb:b8:e3:91:5a:e1:06:d2:67:
                    b0:9f:ae:1d:51:ce:97:07:25:41:eb:68:4a:45:aa:
                    5c:91:76:50:fd:79:df:a5:f0:99:44:8a:00:00:78:
                    80:12:c2:d7:4c:78:ba:cd:f5:b3:4b:19:fb:78:df:
                    ab:91:aa:38:67:50:2a:31:7f:5b:38:29:0d:69:8d:
                    4d:cd:5f:49:db:6d:7e:1d:f7:ee:30:ac:0d:20:15:
                    62:c8:f4:37:bd:fc:7b:c0:b4:53:c5:fb:0b:5d:64:
                    64:6a:ba:44:99:1e:de:96:27:3b:a5:39:e3:b5:0c:
                    e4:c4:c5:6f:79:59:34:98:6d:cd:ce:70:0c:a0:76:
                    ed:12:a2:18:00:f9:a5:9b:1e:fd:73:7a:73:f8:94:
                    c6:c3:fd:f4:14:c1:0b:95:bf:0c:94:0d:52:0b:cc:
                    04:a4:8b:44:7b:5a:9e:61:bb:a1:2f:89:33:a3:da:
                    85:69:31:c5:6f:e4:22:35:7d:b2:7f:8d:ea:2c:e9:
                    58:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:1C:CE:C6:B1:04:11:8D:33:25:E3:BC:32:40:6E:05:CE:14:FB:A0
            X509v3 Authority Key Identifier:
                keyid:76:7F:42:4D:48:34:06:C4:20:E5:DF:19:BE:BE:99:3F:72:5A:F7:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/db7ec1ad9e0080a61f4a3a1eb753026324cf9e00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/5375bcfc-8b86-452e-850d-83cfe3b50f06/bfbb4d3a6dd5e649a6554c4817ce0ed277429136.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  186.60.0.0/14
                  190.172.0.0-190.179.255.255
                  191.80.0.0-191.85.255.255
                  201.176.0.0-201.181.255.255
                  201.250.0.0/16
                  201.255.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         75:a2:6e:1d:e8:0e:9f:81:85:78:9e:e3:e4:2b:1a:1d:57:df:
         a6:4b:cf:fa:61:c4:1e:fd:ba:db:e3:f1:fb:fc:58:d5:9d:01:
         e7:12:90:0e:76:71:56:1f:2e:db:c9:13:b7:db:51:c0:02:a6:
         1e:be:d7:44:56:32:64:34:56:d3:86:00:33:28:f0:3d:f5:e7:
         a4:93:8c:f6:fe:92:5c:19:4b:0f:75:f6:4d:4c:45:07:93:9d:
         7e:81:39:8e:e7:d7:dd:3f:49:de:a3:af:a0:9a:f2:e4:34:fa:
         55:5e:22:ca:e3:86:fb:d4:2c:64:d8:8b:26:8e:13:e4:36:b5:
         ad:e4:c4:e5:97:5b:fb:45:51:ab:c0:a2:21:ee:c7:27:8e:fb:
         2b:9c:ac:8c:5a:9b:a5:c9:8c:2e:38:84:d1:1d:59:03:43:97:
         fd:0e:b0:c8:d0:ce:e5:a9:07:b4:89:dc:61:91:43:82:5e:b6:
         54:b6:17:0d:ba:90:1e:ac:0b:47:14:a1:b5:5a:2f:f9:a8:d3:
         2b:3e:41:8a:48:fb:3f:a3:34:42:3d:e9:ee:b3:c4:78:c0:2a:
         13:43:24:90:b9:2d:47:f8:39:77:d1:6d:bb:7e:17:f5:15:8e:
         1d:5c:e5:85:c5:2f:55:02:77:d9:8d:d7:11:b0:f1:1f:f5:6e:
         98:ac:cc:54
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgIDELB0MA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGJm
YmI0ZDNhNmRkNWU2NDlhNjU1NGM0ODE3Y2UwZWQyNzc0MjkxMzYwHhcNMjMxMDI0
MTYwMDU2WhcNMjgxMDI0MTYwMDU2WjAzMTEwLwYDVQQDEyhkYjdlYzFhZDllMDA4
MGE2MWY0YTNhMWViNzUzMDI2MzI0Y2Y5ZTAwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnHqFJdr7u6hiVYHZpVp8PuVxpA3syY8tCA8X2wN0IGxgCt4m
wY+UDPpyBfzMlcDc3a1/jwFePvJ1PABoag1Ycb3LuOORWuEG0mewn64dUc6XByVB
62hKRapckXZQ/XnfpfCZRIoAAHiAEsLXTHi6zfWzSxn7eN+rkao4Z1AqMX9bOCkN
aY1NzV9J221+HffuMKwNIBViyPQ3vfx7wLRTxfsLXWRkarpEmR7elic7pTnjtQzk
xMVveVk0mG3NznAMoHbtEqIYAPmlmx79c3pz+JTGw/30FMELlb8MlA1SC8wEpItE
e1qeYbuhL4kzo9qFaTHFb+QiNX2yf43qLOlYrQIDAQABo4ICiDCCAoQwHQYDVR0O
BBYEFEQczsaxBBGNMyXjvDJAbgXOFPugMB8GA1UdIwQYMBaAFHZ/Qk1INAbEIOXf
Gb6+mT9yWve2MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvYmZiYjRk
M2E2ZGQ1ZTY0OWE2NTU0YzQ4MTdjZTBlZDI3NzQyOTEzNi5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvNTM3NWJjZmMtOGI4Ni00NTJlLTg1MGQtODNjZmUz
YjUwZjA2L2RiN2VjMWFkOWUwMDgwYTYxZjRhM2ExZWI3NTMwMjYzMjRjZjllMDAu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy81Mzc1YmNmYy04Yjg2LTQ1MmUtODUwZC04M2Nm
ZTNiNTBmMDYvYmZiYjRkM2E2ZGQ1ZTY0OWE2NTU0YzQ4MTdjZTBlZDI3NzQyOTEz
Ni5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBMBggrBgEFBQcBBwEB/wQ9
MDswOQQCAAEwMwMDAro8MAoDAwK+rAMDAr6wMAoDAwS/UAMDAb9UMAoDAwTJsAMD
Acm0AwMAyfoDAwDJ/zANBgkqhkiG9w0BAQsFAAOCAQEAdaJuHegOn4GFeJ7j5Csa
HVffpkvP+mHEHv262+Px+/xY1Z0B5xKQDnZxVh8u28kTt9tRwAKmHr7XRFYyZDRW
04YAMyjwPfXnpJOM9v6SXBlLD3X2TUxFB5OdfoE5jufX3T9J3qOvoJry5DT6VV4i
yuOG+9QsZNiLJo4T5Da1reTE5Zdb+0VRq8CiIe7HJ477K5ysjFqbpcmMLjiE0R1Z
A0OX/Q6wyNDO5akHtIncYZFDgl62VLYXDbqQHqwLRxShtVov+ajTKz5Bikj7P6M0
Qj3p7rPEeMAqE0MkkLktR/g5d9Ftu34X9RWOHVzlhcUvVQJ32Y3XEbDxH/VumKzM
VA==
-----END CERTIFICATE-----