Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/bc2010c3-415c-4280-bb31-76acc02ed97d/53755dbc033f8841073d90d3b89dc6dd7e712542.roa
File:                     53755dbc033f8841073d90d3b89dc6dd7e712542.roa (raw, json)
Hash identifier:          T7pRt5OYTFDvR/ldXAdnOa0rXDWLOgBwXUoMW6laEBo=
Subject key identifier:   2D:40:42:3A:C2:6C:79:3C:51:7A:11:D1:60:46:7F:4B:91:8E:24:00
Certificate issuer:       /CN=33cc3bdd4edfc498d2c924783a40c9ff255120b8
Certificate serial:       0D4486
Authority key identifier: D1:AA:7C:35:0C:32:75:1C:5D:77:2D:FB:C4:CD:8D:B3:57:CC:70:93
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/33cc3bdd4edfc498d2c924783a40c9ff255120b8.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/bc2010c3-415c-4280-bb31-76acc02ed97d/53755dbc033f8841073d90d3b89dc6dd7e712542.roa
Signing time:             Wed 24 Mar 2021 14:39:23 +0000
ROA not before:           Wed 24 Mar 2021 14:39:22 +0000
ROA not after:            Tue 24 Mar 2026 14:39:22 +0000
asID:                     27738
IP address blocks:        190.130.128.0/17 maxlen: 24
                          190.131.0.0/18 maxlen: 24
                          190.131.64.0/18 maxlen: 24
                          190.131.128.0/18 maxlen: 24
                          191.99.0.0/16 maxlen: 21
                          200.124.224.0/20 maxlen: 28
                          200.124.240.0/20 maxlen: 24
                          201.183.0.0/16 maxlen: 24
                          2800:440::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 09 Jan 2024 15:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 869510 (0xd4486)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33cc3bdd4edfc498d2c924783a40c9ff255120b8
        Validity
            Not Before: Mar 24 14:39:22 2021 GMT
            Not After : Mar 24 14:39:22 2026 GMT
        Subject: CN=53755dbc033f8841073d90d3b89dc6dd7e712542
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8b:0f:73:9e:99:3c:0b:02:97:fc:f1:cf:c3:
                    e2:41:07:3c:73:1f:eb:35:0c:53:2e:b0:f1:6d:7a:
                    05:6b:72:8a:af:c9:94:f6:aa:77:3e:f5:8f:ac:3e:
                    19:da:4c:86:44:1d:09:3d:db:a5:1f:4c:09:40:d8:
                    79:3a:5f:5a:ee:a2:3d:55:aa:94:36:fb:eb:91:f9:
                    19:ae:44:3a:af:7f:07:f5:92:1f:68:1a:82:80:8f:
                    00:aa:31:77:e8:cf:7f:36:d4:89:22:1e:08:bf:07:
                    93:6d:29:9c:c0:d7:d8:ee:05:85:92:0f:3e:c0:eb:
                    38:b5:13:62:38:f6:88:65:f5:de:78:3d:9c:46:21:
                    21:3b:fb:21:77:ae:d0:e8:31:4c:84:16:45:1f:a7:
                    0c:ba:e2:e1:c7:89:7e:cd:0d:90:d9:65:38:6f:8e:
                    6b:a0:45:23:1b:18:b1:73:03:9f:f4:5a:6b:47:55:
                    4e:a2:66:df:51:ec:cb:4b:b6:17:fa:c4:da:06:75:
                    a1:ef:06:0c:8b:fd:77:4d:1c:00:d1:1c:e2:df:82:
                    9b:c9:11:cf:77:d0:b0:8f:94:aa:55:78:08:7d:c1:
                    4a:d3:25:40:9f:54:cd:46:de:ae:09:b9:2e:dc:3c:
                    38:01:b9:68:91:b9:cc:72:71:a5:0a:93:ad:3c:6a:
                    06:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:40:42:3A:C2:6C:79:3C:51:7A:11:D1:60:46:7F:4B:91:8E:24:00
            X509v3 Authority Key Identifier:
                keyid:D1:AA:7C:35:0C:32:75:1C:5D:77:2D:FB:C4:CD:8D:B3:57:CC:70:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/33cc3bdd4edfc498d2c924783a40c9ff255120b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/bc2010c3-415c-4280-bb31-76acc02ed97d/53755dbc033f8841073d90d3b89dc6dd7e712542.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/bc2010c3-415c-4280-bb31-76acc02ed97d/33cc3bdd4edfc498d2c924783a40c9ff255120b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.130.128.0-190.131.191.255
                  191.99.0.0/16
                  200.124.224.0/19
                  201.183.0.0/16
                IPv6:
                  2800:440::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:ab:a4:8c:e5:d2:a7:c6:23:3f:41:d0:a5:00:11:35:de:07:
         d3:61:f5:1d:59:75:91:ff:db:69:84:1f:74:a2:78:d3:18:33:
         82:9b:ea:fd:fb:75:3f:81:96:a1:65:bc:3d:5a:f0:9f:1a:9e:
         c8:c9:21:92:6e:b7:3e:75:b7:00:0b:1a:b9:11:b5:93:45:15:
         58:27:95:0a:20:f9:93:c4:1f:e9:f4:21:2f:c4:87:63:a1:88:
         b6:ab:da:51:b1:c8:e1:be:9f:91:d2:42:c0:62:a1:53:25:ff:
         bc:9c:a5:99:fe:de:aa:41:73:0f:9d:3b:d5:16:14:c5:3e:2f:
         29:5f:c4:70:f2:ad:18:1a:d4:f6:b1:c6:25:08:57:f0:5f:9a:
         ad:59:d5:38:d8:4d:5f:30:5f:3f:57:b2:e6:16:0f:4b:61:66:
         76:74:05:17:d7:63:73:4b:65:2a:af:4a:e2:8b:f1:a1:31:e4:
         eb:68:10:0f:15:2b:98:b9:dd:45:39:6b:e7:00:30:92:5e:9a:
         4b:fb:0b:a3:b1:6a:b6:ea:3b:e7:72:35:14:13:f1:92:ea:67:
         b6:e1:34:0c:a9:b8:dc:4a:b2:b9:7a:a5:5e:02:9d:38:e1:c0:
         68:72:ca:a6:58:e1:c4:e8:9f:bb:59:78:d9:bb:64:8d:e7:6f:
         1e:65:46:4c
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgIDDUSGMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDMz
Y2MzYmRkNGVkZmM0OThkMmM5MjQ3ODNhNDBjOWZmMjU1MTIwYjgwHhcNMjEwMzI0
MTQzOTIyWhcNMjYwMzI0MTQzOTIyWjAzMTEwLwYDVQQDEyg1Mzc1NWRiYzAzM2Y4
ODQxMDczZDkwZDNiODlkYzZkZDdlNzEyNTQyMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAsosPc56ZPAsCl/zxz8PiQQc8cx/rNQxTLrDxbXoFa3KKr8mU
9qp3PvWPrD4Z2kyGRB0JPdulH0wJQNh5Ol9a7qI9VaqUNvvrkfkZrkQ6r38H9ZIf
aBqCgI8AqjF36M9/NtSJIh4IvweTbSmcwNfY7gWFkg8+wOs4tRNiOPaIZfXeeD2c
RiEhO/shd67Q6DFMhBZFH6cMuuLhx4l+zQ2Q2WU4b45roEUjGxixcwOf9FprR1VO
ombfUezLS7YX+sTaBnWh7wYMi/13TRwA0Rzi34KbyRHPd9Cwj5SqVXgIfcFK0yVA
n1TNRt6uCbku3Dw4AblokbnMcnGlCpOtPGoG3QIDAQABo4ICgjCCAn4wHQYDVR0O
BBYEFC1AQjrCbHk8UXoR0WBGf0uRjiQAMB8GA1UdIwQYMBaAFNGqfDUMMnUcXXct
+8TNjbNXzHCTMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMzNjYzNi
ZGQ0ZWRmYzQ5OGQyYzkyNDc4M2E0MGM5ZmYyNTUxMjBiOC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvYmMyMDEwYzMtNDE1Yy00MjgwLWJiMzEtNzZhY2Mw
MmVkOTdkLzUzNzU1ZGJjMDMzZjg4NDEwNzNkOTBkM2I4OWRjNmRkN2U3MTI1NDIu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9iYzIwMTBjMy00MTVjLTQyODAtYmIzMS03NmFj
YzAyZWQ5N2QvMzNjYzNiZGQ0ZWRmYzQ5OGQyYzkyNDc4M2E0MGM5ZmYyNTUxMjBi
OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBGBggrBgEFBQcBBwEB/wQ3
MDUwJAQCAAEwHjAMAwQHvoKAAwQGvoOAAwMAv2MDBAXIfOADAwDJtzANBAIAAjAH
AwUAKAAEQDANBgkqhkiG9w0BAQsFAAOCAQEAjqukjOXSp8YjP0HQpQARNd4H02H1
HVl1kf/baYQfdKJ40xgzgpvq/ft1P4GWoWW8PVrwnxqeyMkhkm63PnW3AAsauRG1
k0UVWCeVCiD5k8Qf6fQhL8SHY6GItqvaUbHI4b6fkdJCwGKhUyX/vJylmf7eqkFz
D5071RYUxT4vKV/EcPKtGBrU9rHGJQhX8F+arVnVONhNXzBfP1ey5hYPS2FmdnQF
F9djc0tlKq9K4ovxoTHk62gQDxUrmLndRTlr5wAwkl6aS/sLo7Fqtuo753I1FBPx
kupntuE0DKm43EqyuXqlXgKdOOHAaHLKpljhxOifu1l42btkjedvHmVGTA==
-----END CERTIFICATE-----