Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/bc2010c3-415c-4280-bb31-76acc02ed97d/f43bc8315a4c486cb6f89975cf297e7d55f24d56.roa
File:                     f43bc8315a4c486cb6f89975cf297e7d55f24d56.roa (raw, json)
Hash identifier:          ciYOKHZuIXNYLslTrEgxtOOCw/xfJu94B0YWTo4ytMY=
Subject key identifier:   70:5A:A4:45:77:30:D3:BA:2D:33:AE:80:E7:CE:F5:0E:7C:9B:F0:58
Certificate issuer:       /CN=33cc3bdd4edfc498d2c924783a40c9ff255120b8
Certificate serial:       0D4273
Authority key identifier: D1:AA:7C:35:0C:32:75:1C:5D:77:2D:FB:C4:CD:8D:B3:57:CC:70:93
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/33cc3bdd4edfc498d2c924783a40c9ff255120b8.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/bc2010c3-415c-4280-bb31-76acc02ed97d/f43bc8315a4c486cb6f89975cf297e7d55f24d56.roa
Signing time:             Wed 24 Mar 2021 14:39:23 +0000
ROA not before:           Wed 24 Mar 2021 14:39:22 +0000
ROA not after:            Tue 24 Mar 2026 14:39:22 +0000
asID:                     27738
IP address blocks:        190.130.128.0/17 maxlen: 24
                          190.131.0.0/18 maxlen: 24
                          190.131.64.0/18 maxlen: 24
                          190.131.128.0/18 maxlen: 24
                          191.99.0.0/16 maxlen: 24
                          200.124.224.0/20 maxlen: 28
                          200.124.240.0/20 maxlen: 24
                          201.183.0.0/16 maxlen: 24
                          2800:440::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 09 Jan 2024 15:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 868979 (0xd4273)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33cc3bdd4edfc498d2c924783a40c9ff255120b8
        Validity
            Not Before: Mar 24 14:39:22 2021 GMT
            Not After : Mar 24 14:39:22 2026 GMT
        Subject: CN=f43bc8315a4c486cb6f89975cf297e7d55f24d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1b:a2:1e:e4:69:be:8c:e8:d4:ce:10:2a:a8:
                    42:34:81:1b:ab:76:3e:d3:a4:4b:2c:ce:5e:f7:6a:
                    e2:f2:92:d6:53:28:e7:07:0d:96:35:82:72:3b:8a:
                    88:da:7b:e6:03:c7:b3:cb:85:47:2b:37:9c:8d:ad:
                    10:d1:5e:c1:c9:93:ed:97:33:e0:f7:4a:33:f8:01:
                    bc:f1:dd:cb:b6:4d:6c:3e:35:97:74:c8:a6:7f:e0:
                    00:75:bd:5a:64:9f:fa:42:41:31:05:12:82:20:05:
                    31:a6:c2:fc:9e:46:76:77:d9:ab:c8:d0:5b:50:9c:
                    3b:65:c6:2b:f7:6f:db:9c:f0:08:61:c9:35:13:05:
                    66:07:3c:3e:3c:92:be:21:d1:67:f9:df:66:86:38:
                    01:49:66:32:5b:5c:d4:98:3c:04:34:a7:8a:42:cd:
                    df:f4:b2:d7:b5:62:88:c2:ee:bb:d8:3a:bc:3f:2c:
                    e1:cf:27:58:3c:a2:2f:ab:fb:74:5d:82:bf:20:c9:
                    0b:2c:f4:f8:89:c1:df:6a:60:24:66:38:4f:f9:c7:
                    b3:80:e7:3b:3b:8e:23:8d:72:26:7c:8e:4c:55:35:
                    bd:eb:ab:d1:6b:f8:67:ba:db:85:a6:cc:99:d4:82:
                    b2:32:b6:f7:f0:4c:54:2b:eb:05:d6:2a:58:51:ac:
                    4d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:5A:A4:45:77:30:D3:BA:2D:33:AE:80:E7:CE:F5:0E:7C:9B:F0:58
            X509v3 Authority Key Identifier:
                keyid:D1:AA:7C:35:0C:32:75:1C:5D:77:2D:FB:C4:CD:8D:B3:57:CC:70:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/33cc3bdd4edfc498d2c924783a40c9ff255120b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/bc2010c3-415c-4280-bb31-76acc02ed97d/f43bc8315a4c486cb6f89975cf297e7d55f24d56.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/bc2010c3-415c-4280-bb31-76acc02ed97d/33cc3bdd4edfc498d2c924783a40c9ff255120b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  190.130.128.0-190.131.191.255
                  191.99.0.0/16
                  200.124.224.0/19
                  201.183.0.0/16
                IPv6:
                  2800:440::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:a7:90:ee:19:e5:27:97:6e:f6:a9:14:ea:52:35:6b:33:58:
         8c:d0:c5:ac:a1:5b:45:61:2c:2b:06:0e:7f:5d:ab:e0:dc:72:
         85:0d:d8:44:2a:78:b2:d5:4a:33:ba:aa:8e:99:ca:68:f3:81:
         2d:76:8e:78:02:6d:08:58:98:72:6c:94:81:43:d6:2c:e2:5a:
         99:fe:3f:ab:e8:b9:b6:79:59:44:24:43:a9:aa:cd:d7:03:bf:
         46:68:f5:41:da:02:94:38:9c:29:98:77:2b:72:2e:db:5a:b3:
         f8:12:38:28:1f:cc:01:c7:ab:76:ca:4e:b2:21:02:24:ea:31:
         1a:b4:9b:14:93:7b:3f:b0:b2:89:86:0c:1a:40:26:fd:41:f7:
         f2:ba:b3:34:25:a3:c4:40:8a:48:02:08:db:50:9b:fd:2c:64:
         42:06:df:c1:0f:bc:01:9c:76:57:2b:bd:fc:2b:e1:16:66:82:
         c5:6d:a2:61:aa:c7:47:08:5e:fa:5a:b6:f4:eb:97:7d:e3:04:
         ea:b0:12:24:34:6d:02:fe:0e:e2:ba:78:2f:bb:a9:80:b5:51:
         12:8d:15:fa:ae:b0:4a:f7:13:99:64:da:c2:0c:6c:d4:6b:38:
         16:d6:18:d1:59:24:c7:9a:69:9d:98:33:02:27:29:14:62:26:
         58:ee:cc:82
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgIDDUJzMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDMz
Y2MzYmRkNGVkZmM0OThkMmM5MjQ3ODNhNDBjOWZmMjU1MTIwYjgwHhcNMjEwMzI0
MTQzOTIyWhcNMjYwMzI0MTQzOTIyWjAzMTEwLwYDVQQDEyhmNDNiYzgzMTVhNGM0
ODZjYjZmODk5NzVjZjI5N2U3ZDU1ZjI0ZDU2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAtBuiHuRpvozo1M4QKqhCNIEbq3Y+06RLLM5e92ri8pLWUyjn
Bw2WNYJyO4qI2nvmA8ezy4VHKzecja0Q0V7ByZPtlzPg90oz+AG88d3Ltk1sPjWX
dMimf+AAdb1aZJ/6QkExBRKCIAUxpsL8nkZ2d9mryNBbUJw7ZcYr92/bnPAIYck1
EwVmBzw+PJK+IdFn+d9mhjgBSWYyW1zUmDwENKeKQs3f9LLXtWKIwu672Dq8Pyzh
zydYPKIvq/t0XYK/IMkLLPT4icHfamAkZjhP+cezgOc7O44jjXImfI5MVTW966vR
a/hnutuFpsyZ1IKyMrb38ExUK+sF1ipYUaxN8QIDAQABo4ICgjCCAn4wHQYDVR0O
BBYEFHBapEV3MNO6LTOugOfO9Q58m/BYMB8GA1UdIwQYMBaAFNGqfDUMMnUcXXct
+8TNjbNXzHCTMA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvMzNjYzNi
ZGQ0ZWRmYzQ5OGQyYzkyNDc4M2E0MGM5ZmYyNTUxMjBiOC5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvYmMyMDEwYzMtNDE1Yy00MjgwLWJiMzEtNzZhY2Mw
MmVkOTdkL2Y0M2JjODMxNWE0YzQ4NmNiNmY4OTk3NWNmMjk3ZTdkNTVmMjRkNTYu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9iYzIwMTBjMy00MTVjLTQyODAtYmIzMS03NmFj
YzAyZWQ5N2QvMzNjYzNiZGQ0ZWRmYzQ5OGQyYzkyNDc4M2E0MGM5ZmYyNTUxMjBi
OC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBGBggrBgEFBQcBBwEB/wQ3
MDUwJAQCAAEwHjAMAwQHvoKAAwQGvoOAAwMAv2MDBAXIfOADAwDJtzANBAIAAjAH
AwUAKAAEQDANBgkqhkiG9w0BAQsFAAOCAQEAmaeQ7hnlJ5du9qkU6lI1azNYjNDF
rKFbRWEsKwYOf12r4NxyhQ3YRCp4stVKM7qqjpnKaPOBLXaOeAJtCFiYcmyUgUPW
LOJamf4/q+i5tnlZRCRDqarN1wO/Rmj1QdoClDicKZh3K3Iu21qz+BI4KB/MAcer
dspOsiECJOoxGrSbFJN7P7CyiYYMGkAm/UH38rqzNCWjxECKSAII21Cb/SxkQgbf
wQ+8AZx2Vyu9/CvhFmaCxW2iYarHRwhe+lq29OuXfeME6rASJDRtAv4O4rp4L7up
gLVREo0V+q6wSvcTmWTawgxs1Gs4FtYY0Vkkx5ppnZgzAicpFGImWO7Mgg==
-----END CERTIFICATE-----