Route Origin Authorization

$ rpki-client -vvf repository.lacnic.net/rpki/lacnic/f015c46b-1540-49eb-b969-0f3c40e00140/23db245f03e8dba09e8d9b82bdaabfbd19364910.roa
File:                     23db245f03e8dba09e8d9b82bdaabfbd19364910.roa (raw, json)
Hash identifier:          LsfODXctIDa1EgPHcWlk7OIAsvnP7CqQZTKnnZjEPKA=
Subject key identifier:   A5:68:86:1E:E9:F8:3E:B8:1E:87:07:9C:82:A3:2E:97:40:D3:56:6C
Certificate issuer:       /CN=88d3b38fb9bfced57c6ad5eb160c130acf32641c
Certificate serial:       0DF218
Authority key identifier: FB:1B:2A:C1:49:DD:65:34:44:95:86:34:F9:B3:B7:A7:B7:69:E9:F8
Authority info access:    rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/88d3b38fb9bfced57c6ad5eb160c130acf32641c.cer
Subject info access:      rsync://repository.lacnic.net/rpki/lacnic/f015c46b-1540-49eb-b969-0f3c40e00140/23db245f03e8dba09e8d9b82bdaabfbd19364910.roa
Signing time:             Wed 24 Mar 2021 14:28:59 +0000
ROA not before:           Wed 24 Mar 2021 14:28:59 +0000
ROA not after:            Tue 24 Mar 2026 14:28:59 +0000
asID:                     28075
IP address blocks:        181.118.68.0/24 maxlen: 24
                          181.118.92.0/23 maxlen: 24
                          181.118.101.0/24 maxlen: 24
                          181.118.122.0/23 maxlen: 24
                          186.189.64.0/24 maxlen: 24
                          186.189.67.0/24 maxlen: 24
                          190.113.152.0/23 maxlen: 23
                          190.113.165.0/24 maxlen: 24
                          190.113.176.0/22 maxlen: 23
                          201.190.174.0/24 maxlen: 24
                          201.190.176.0/22 maxlen: 23
                          201.190.184.0/23 maxlen: 23
                          201.190.236.0/22 maxlen: 24
                          201.190.245.0/24 maxlen: 24
                          201.190.251.0/24 maxlen: 24
                          2803:6600::/30 maxlen: 32
                          2803:6604::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 913944 (0xdf218)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88d3b38fb9bfced57c6ad5eb160c130acf32641c
        Validity
            Not Before: Mar 24 14:28:59 2021 GMT
            Not After : Mar 24 14:28:59 2026 GMT
        Subject: CN=23db245f03e8dba09e8d9b82bdaabfbd19364910
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ec:7f:56:28:02:ed:fd:4a:4b:68:3b:4f:cc:
                    ec:af:64:b7:cf:f7:66:61:17:6c:a8:7d:f6:e1:7a:
                    45:3f:16:0a:77:ea:f2:1d:ed:be:41:34:ac:7d:83:
                    0b:a2:6f:6d:94:68:0d:63:12:3b:5b:d3:c7:cf:77:
                    5b:06:a9:2c:27:73:f9:58:1a:0d:e6:fd:34:8d:1a:
                    89:a6:6d:db:aa:97:6f:9a:31:f4:f1:44:a2:53:ed:
                    ef:02:fd:2c:98:30:5c:a1:cc:45:43:e0:d6:90:2f:
                    bc:ee:90:3c:68:28:ba:c0:72:25:7b:57:e4:1f:b0:
                    35:81:75:6c:be:bf:5f:a9:c8:9d:ad:f1:f2:8b:f6:
                    09:24:1a:b4:f8:39:e7:2f:3c:bf:41:da:ed:27:e0:
                    bd:88:02:35:48:c8:86:85:de:31:62:30:d1:93:d6:
                    99:e5:53:18:d7:bd:4c:9c:e8:75:78:81:c7:b7:69:
                    31:59:65:30:b1:96:c7:ee:47:ae:b6:f5:97:69:26:
                    50:39:5f:15:b9:70:5e:37:f1:54:18:a9:d2:f4:45:
                    3b:27:81:1d:14:4a:fc:7e:35:cd:07:06:1f:44:d9:
                    45:0f:09:07:9c:58:65:bb:08:8a:fc:3b:0e:1a:ef:
                    d4:13:b8:4b:05:aa:d8:58:71:c6:40:82:6d:14:28:
                    2e:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:68:86:1E:E9:F8:3E:B8:1E:87:07:9C:82:A3:2E:97:40:D3:56:6C
            X509v3 Authority Key Identifier:
                keyid:FB:1B:2A:C1:49:DD:65:34:44:95:86:34:F9:B3:B7:A7:B7:69:E9:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://repository.lacnic.net/rpki/lacnic/48f083bb-f603-4893-9990-0284c04ceb85/88d3b38fb9bfced57c6ad5eb160c130acf32641c.cer

            Subject Information Access:
                Signed Object - URI:rsync://repository.lacnic.net/rpki/lacnic/f015c46b-1540-49eb-b969-0f3c40e00140/23db245f03e8dba09e8d9b82bdaabfbd19364910.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repository.lacnic.net/rpki/lacnic/f015c46b-1540-49eb-b969-0f3c40e00140/88d3b38fb9bfced57c6ad5eb160c130acf32641c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.118.68.0/24
                  181.118.92.0/23
                  181.118.101.0/24
                  181.118.122.0/23
                  186.189.64.0/24
                  186.189.67.0/24
                  190.113.152.0/23
                  190.113.165.0/24
                  190.113.176.0/22
                  201.190.174.0/24
                  201.190.176.0/22
                  201.190.184.0/23
                  201.190.236.0/22
                  201.190.245.0/24
                  201.190.251.0/24
                IPv6:
                  2803:6600::-2803:6604:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         94:58:94:cb:24:e5:96:cc:4c:75:75:e7:bc:5b:87:c8:8d:9c:
         80:9f:57:db:03:7e:3d:4a:0f:63:16:77:07:57:57:87:a2:f7:
         62:5e:4c:7e:2c:e6:88:5b:ea:ca:2b:5c:f6:c2:f2:42:6b:5f:
         89:f6:75:b9:f8:3b:d1:39:22:fb:f8:b7:d7:6f:03:24:12:07:
         31:4a:bc:9c:cf:a7:2e:be:4a:af:fc:2b:80:71:06:13:66:ae:
         54:3e:f4:a0:db:fb:23:6e:bf:9b:81:f3:9c:45:0d:db:3b:f5:
         3e:1f:94:fc:56:e2:48:16:5e:15:24:ec:8d:7a:91:04:9b:5c:
         9a:c1:95:5e:0e:23:1b:45:e8:8a:fd:ef:5b:74:68:d7:fc:bd:
         36:27:a7:a3:11:b8:c8:75:bb:38:6b:26:c0:80:93:47:7d:a9:
         86:82:89:a5:5a:74:48:cb:e8:f4:34:7b:70:3f:ff:bc:ca:68:
         db:b0:ad:d9:51:f9:a3:e0:e3:59:03:ea:a7:41:43:48:6b:cd:
         d6:df:88:23:ff:98:d0:f4:1e:c9:d1:16:26:87:85:c7:03:70:
         69:7d:41:b9:a9:04:13:6d:ea:20:bb:0f:99:4a:e1:f4:bc:fe:
         85:90:b2:f0:49:24:07:f3:82:03:5a:34:62:5a:13:2f:ea:65:
         8d:80:68:83
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgIDDfIYMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDg4
ZDNiMzhmYjliZmNlZDU3YzZhZDVlYjE2MGMxMzBhY2YzMjY0MWMwHhcNMjEwMzI0
MTQyODU5WhcNMjYwMzI0MTQyODU5WjAzMTEwLwYDVQQDEygyM2RiMjQ1ZjAzZThk
YmEwOWU4ZDliODJiZGFhYmZiZDE5MzY0OTEwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAg+x/VigC7f1KS2g7T8zsr2S3z/dmYRdsqH324XpFPxYKd+ry
He2+QTSsfYMLom9tlGgNYxI7W9PHz3dbBqksJ3P5WBoN5v00jRqJpm3bqpdvmjH0
8USiU+3vAv0smDBcocxFQ+DWkC+87pA8aCi6wHIle1fkH7A1gXVsvr9fqcidrfHy
i/YJJBq0+DnnLzy/QdrtJ+C9iAI1SMiGhd4xYjDRk9aZ5VMY171MnOh1eIHHt2kx
WWUwsZbH7keutvWXaSZQOV8VuXBeN/FUGKnS9EU7J4EdFEr8fjXNBwYfRNlFDwkH
nFhluwiK/DsOGu/UE7hLBarYWHHGQIJtFCguNQIDAQABo4ICxzCCAsMwHQYDVR0O
BBYEFKVohh7p+D64HocHnIKjLpdA01ZsMB8GA1UdIwQYMBaAFPsbKsFJ3WU0RJWG
NPmzt6e3aen4MA4GA1UdDwEB/wQEAwIHgDCBmgYIKwYBBQUHAQEEgY0wgYowgYcG
CCsGAQUFBzAChntyc3luYzovL3JlcG9zaXRvcnkubGFjbmljLm5ldC9ycGtpL2xh
Y25pYy80OGYwODNiYi1mNjAzLTQ4OTMtOTk5MC0wMjg0YzA0Y2ViODUvODhkM2Iz
OGZiOWJmY2VkNTdjNmFkNWViMTYwYzEzMGFjZjMyNjQxYy5jZXIwgZoGCCsGAQUF
BwELBIGNMIGKMIGHBggrBgEFBQcwC4Z7cnN5bmM6Ly9yZXBvc2l0b3J5LmxhY25p
Yy5uZXQvcnBraS9sYWNuaWMvZjAxNWM0NmItMTU0MC00OWViLWI5NjktMGYzYzQw
ZTAwMTQwLzIzZGIyNDVmMDNlOGRiYTA5ZThkOWI4MmJkYWFiZmJkMTkzNjQ5MTAu
cm9hMIGPBgNVHR8EgYcwgYQwgYGgf6B9hntyc3luYzovL3JlcG9zaXRvcnkubGFj
bmljLm5ldC9ycGtpL2xhY25pYy9mMDE1YzQ2Yi0xNTQwLTQ5ZWItYjk2OS0wZjNj
NDBlMDAxNDAvODhkM2IzOGZiOWJmY2VkNTdjNmFkNWViMTYwYzEzMGFjZjMyNjQx
Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCBigYIKwYBBQUHAQcBAf8E
ezB5MGAEAgABMFoDBAC1dkQDBAG1dlwDBAC1dmUDBAG1dnoDBAC6vUADBAC6vUMD
BAG+cZgDBAC+caUDBAK+cbADBADJvq4DBALJvrADBAHJvrgDBALJvuwDBADJvvUD
BADJvvswFQQCAAIwDzANAwQBKANmAwUAKANmBDANBgkqhkiG9w0BAQsFAAOCAQEA
lFiUyyTllsxMdXXnvFuHyI2cgJ9X2wN+PUoPYxZ3B1dXh6L3Yl5MfizmiFvqyitc
9sLyQmtfifZ1ufg70Tki+/i3128DJBIHMUq8nM+nLr5Kr/wrgHEGE2auVD70oNv7
I26/m4HznEUN2zv1Ph+U/FbiSBZeFSTsjXqRBJtcmsGVXg4jG0Xoiv3vW3Ro1/y9
NienoxG4yHW7OGsmwICTR32phoKJpVp0SMvo9DR7cD//vMpo27Ct2VH5o+DjWQPq
p0FDSGvN1t+II/+Y0PQeydEWJoeFxwNwaX1BuakEE23qILsPmUrh9Lz+hZCy8Ekk
B/OCA1o0YloTL+pljYBogw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:14:58 2023 by rpki-client on console-ams.rpki-client.org