Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/D222A7BE955B4CE14ECF39F6F8E1D0DD29B7FEB4710A69A9C3DE6837CA9D0DF0/0/3139302e39392e39322e302f32342d3234203d3e2036353638.roa
File:                     3139302e39392e39322e302f32342d3234203d3e2036353638.roa (raw, json)
Hash identifier:          WI5I9lUc0TxbI3uYmYqinqJPwJcOsU+Okg8wW02LSFc=
Subject key identifier:   48:C7:21:AD:DF:4D:7D:22:06:7D:43:6B:0D:0E:7B:F1:A7:D3:06:E6
Certificate issuer:       /CN=5EDCD4E71F91168B554144B2CD5427585AB16A8A
Certificate serial:       3A5CB39E6DDB8A90829A192E9E92C008B32ACEC0
Authority key identifier: 5E:DC:D4:E7:1F:91:16:8B:55:41:44:B2:CD:54:27:58:5A:B1:6A:8A
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/5EDCD4E71F91168B554144B2CD5427585AB16A8A.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/D222A7BE955B4CE14ECF39F6F8E1D0DD29B7FEB4710A69A9C3DE6837CA9D0DF0/0/3139302e39392e39322e302f32342d3234203d3e2036353638.roa
Signing time:             Tue 22 Jul 2025 18:55:00 +0000
ROA not before:           Tue 22 Jul 2025 18:50:00 +0000
ROA not after:            Tue 21 Jul 2026 18:55:00 +0000
asID:                     6568
IP address blocks:        190.99.92.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 23 Jul 2025 16:40:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:5c:b3:9e:6d:db:8a:90:82:9a:19:2e:9e:92:c0:08:b3:2a:ce:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5EDCD4E71F91168B554144B2CD5427585AB16A8A
        Validity
            Not Before: Jul 22 18:50:00 2025 GMT
            Not After : Jul 21 18:55:00 2026 GMT
        Subject: CN=48C721ADDF4D7D22067D436B0D0E7BF1A7D306E6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:87:12:33:60:1b:79:da:1c:62:26:5b:2f:af:
                    c1:be:37:0c:ad:88:79:b1:7f:7f:8f:68:c6:af:3a:
                    24:c3:67:2c:cb:89:37:c3:02:4e:a7:c5:d3:1e:db:
                    25:48:de:15:06:db:3a:7f:2a:17:0a:68:8d:06:c9:
                    d0:49:fc:a9:26:8d:d5:d4:06:9f:54:20:31:a3:37:
                    f4:d2:2d:4f:24:fd:e2:22:32:f6:87:7d:84:6b:60:
                    7b:84:92:62:9f:82:15:8f:9d:18:3e:3e:f0:c4:51:
                    27:91:99:20:47:50:1d:42:68:7d:1c:02:1c:07:fb:
                    9f:66:44:49:88:12:a0:ed:b8:75:d5:3d:a3:db:b8:
                    63:65:d6:81:30:4f:95:f6:e5:aa:37:3f:e0:2b:78:
                    fb:b5:b2:ee:6c:51:41:14:c5:fb:31:76:89:69:ba:
                    dd:8d:9c:ad:90:27:bc:d9:17:ef:72:8e:d5:5d:d4:
                    44:65:23:13:bd:b8:8d:48:6a:0d:3d:5a:59:d1:7f:
                    03:7c:bb:56:d7:2c:be:8e:60:a1:73:6d:7f:0a:9d:
                    ee:78:f3:c5:86:c3:bb:4a:dc:fc:de:4e:44:47:7a:
                    0f:21:e3:c7:f0:a5:6b:04:fc:81:1f:9a:c1:fd:d2:
                    b1:12:ec:69:e8:4d:da:2a:5c:5d:6e:63:2f:52:01:
                    ae:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:C7:21:AD:DF:4D:7D:22:06:7D:43:6B:0D:0E:7B:F1:A7:D3:06:E6
            X509v3 Authority Key Identifier:
                keyid:5E:DC:D4:E7:1F:91:16:8B:55:41:44:B2:CD:54:27:58:5A:B1:6A:8A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/D222A7BE955B4CE14ECF39F6F8E1D0DD29B7FEB4710A69A9C3DE6837CA9D0DF0/0/5EDCD4E71F91168B554144B2CD5427585AB16A8A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/FDC3594DD4E54BADE709AC0D255CF279C47716D2E8B3F4D45DC46355899B36D4/0/5EDCD4E71F91168B554144B2CD5427585AB16A8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/D222A7BE955B4CE14ECF39F6F8E1D0DD29B7FEB4710A69A9C3DE6837CA9D0DF0/0/3139302e39392e39322e302f32342d3234203d3e2036353638.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.99.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:f2:ec:0f:e7:8d:3d:1f:b1:21:e2:e1:25:ff:c2:4a:70:63:
         a9:a8:47:c3:f8:2d:24:c2:ed:e3:a0:0b:82:7e:86:ab:95:d3:
         a3:58:74:68:4a:e6:bb:61:8e:db:6e:70:e1:e7:0f:f0:6d:5a:
         69:6a:99:96:6a:d3:48:c0:8f:20:e1:45:40:d3:84:19:91:b1:
         00:d5:e0:0e:8f:1f:69:14:c1:5f:56:ed:e7:21:b5:cb:b5:0f:
         15:5b:fe:78:af:d5:d1:01:82:a5:f7:5c:c0:d6:f2:fe:01:68:
         27:4a:1d:d0:ee:89:c6:ee:1b:27:31:14:4d:f6:df:9e:e3:00:
         07:69:6d:9b:18:18:4f:9d:0a:82:ff:b9:98:46:02:0a:ab:70:
         1b:c6:f7:69:51:c4:e2:97:4a:e4:be:80:61:57:a9:b4:6e:98:
         49:cc:b3:ac:14:a2:32:fb:03:d7:cd:29:fa:4a:90:f8:f3:15:
         4d:dc:d5:58:67:05:80:b6:93:24:e5:c0:2a:23:78:78:13:53:
         99:16:2f:27:74:83:fb:21:04:bc:24:af:8d:3a:d6:c3:bb:c8:
         f1:17:3d:98:8e:fa:02:16:7f:6e:fa:f4:86:c1:aa:4a:39:d9:
         08:a3:96:e6:ce:88:4f:6b:6a:43:76:0e:22:13:c9:c2:ac:a3:
         da:79:15:03
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgIUOlyznm3bipCCmhkunpLACLMqzsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNUVEQ0Q0RTcxRjkxMTY4QjU1NDE0NEIyQ0Q1NDI3NTg1
QUIxNkE4QTAeFw0yNTA3MjIxODUwMDBaFw0yNjA3MjExODU1MDBaMDMxMTAvBgNV
BAMTKDQ4QzcyMUFEREY0RDdEMjIwNjdENDM2QjBEMEU3QkYxQTdEMzA2RTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCihxIzYBt52hxiJlsvr8G+Nwyt
iHmxf3+PaMavOiTDZyzLiTfDAk6nxdMe2yVI3hUG2zp/KhcKaI0GydBJ/KkmjdXU
Bp9UIDGjN/TSLU8k/eIiMvaHfYRrYHuEkmKfghWPnRg+PvDEUSeRmSBHUB1CaH0c
AhwH+59mREmIEqDtuHXVPaPbuGNl1oEwT5X25ao3P+ArePu1su5sUUEUxfsxdolp
ut2NnK2QJ7zZF+9yjtVd1ERlIxO9uI1Iag09WlnRfwN8u1bXLL6OYKFzbX8Kne54
88WGw7tK3PzeTkRHeg8h48fwpWsE/IEfmsH90rES7GnoTdoqXF1uYy9SAa75AgMB
AAGjggLEMIICwDAdBgNVHQ4EFgQUSMchrd9NfSIGfUNrDQ578afTBuYwHwYDVR0j
BBgwFoAUXtzU5x+RFotVQUSyzVQnWFqxaoowDgYDVR0PAQH/BAQDAgeAMIGwBgNV
HR8EgagwgaUwgaKggZ+ggZyGgZlyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5l
dC9ycGtpL2xhY25pYy9EMjIyQTdCRTk1NUI0Q0UxNEVDRjM5RjZGOEUxRDBERDI5
QjdGRUI0NzEwQTY5QTlDM0RFNjgzN0NBOUQwREYwLzAvNUVEQ0Q0RTcxRjkxMTY4
QjU1NDE0NEIyQ0Q1NDI3NTg1QUIxNkE4QS5jcmwwgbkGCCsGAQUFBwEBBIGsMIGp
MIGmBggrBgEFBQcwAoaBmXJzeW5jOi8vcmVwb3NpdG9yeS5sYWNuaWMubmV0L3Jw
a2kvbGFjbmljL0ZEQzM1OTRERDRFNTRCQURFNzA5QUMwRDI1NUNGMjc5QzQ3NzE2
RDJFOEIzRjRENDVEQzQ2MzU1ODk5QjM2RDQvMC81RURDRDRFNzFGOTExNjhCNTU0
MTQ0QjJDRDU0Mjc1ODVBQjE2QThBLmNlcjCBwwYIKwYBBQUHAQsEgbYwgbMwgbAG
CCsGAQUFBzALhoGjcnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25pYy5uZXQvcnBraS9s
YWNuaWMvRDIyMkE3QkU5NTVCNENFMTRFQ0YzOUY2RjhFMUQwREQyOUI3RkVCNDcx
MEE2OUE5QzNERTY4MzdDQTlEMERGMC8wLzMxMzkzMDJlMzkzOTJlMzkzMjJlMzAy
ZjMyMzQyZDMyMzQyMDNkM2UyMDM2MzUzNjM4LnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvmNcMA0GCSqG
SIb3DQEBCwUAA4IBAQCA8uwP5409H7Eh4uEl/8JKcGOpqEfD+C0kwu3joAuCfoar
ldOjWHRoSua7YY7bbnDh5w/wbVppapmWatNIwI8g4UVA04QZkbEA1eAOjx9pFMFf
Vu3nIbXLtQ8VW/54r9XRAYKl91zA1vL+AWgnSh3Q7onG7hsnMRRN9t+e4wAHaW2b
GBhPnQqC/7mYRgIKq3AbxvdpUcTil0rkvoBhV6m0bphJzLOsFKIy+wPXzSn6SpD4
8xVN3NVYZwWAtpMk5cAqI3h4E1OZFi8ndIP7IQS8JK+NOtbDu8jxFz2YjvoCFn9u
+vSGwapKOdkIo5bmzohPa2pDdg4iE8nCrKPaeRUD
-----END CERTIFICATE-----