Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/02a7dfc8-73d0-4d7e-8c43-23b047a3a995.roa
File:                     02a7dfc8-73d0-4d7e-8c43-23b047a3a995.roa (raw, json)
Hash identifier:          qId5/p5VrsG8jBVcUzZ5ZrAGQJZCeNPAOkLFfzfBCtI=
Subject key identifier:   2B:6A:83:8B:FC:BF:72:2D:38:69:6B:7B:EC:DF:0D:78:C5:F3:74:58
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       391AE4FEB2BEF6903121CADBE7A67DA4FA4B1CA8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/02a7dfc8-73d0-4d7e-8c43-23b047a3a995.roa
Signing time:             Fri 18 Apr 2025 00:33:16 +0000
ROA not before:           Fri 18 Apr 2025 00:33:16 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 18 Apr 2025 00:53:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:1a:e4:fe:b2:be:f6:90:31:21:ca:db:e7:a6:7d:a4:fa:4b:1c:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 18 00:33:16 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=f396aeef5ae0dd7a2e3a9fa8e6fb66c0aa520ffa0d4766b432809d6cc00f6a36, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e0:dc:35:9a:85:a5:87:dd:6c:26:19:77:69:
                    cd:4b:7c:ed:20:98:4d:5a:43:c7:f7:de:cd:7c:0e:
                    34:d5:46:cc:5e:ae:ee:98:27:28:5b:fd:f8:f4:34:
                    68:20:ec:04:ae:15:5b:8f:21:8c:9a:fc:0e:8e:81:
                    c6:66:73:a3:df:33:3a:4d:6f:aa:21:50:fa:0f:b5:
                    73:2d:61:cf:7b:2d:58:46:d6:2c:87:77:7e:94:04:
                    40:bb:19:da:f0:34:35:87:75:0b:47:f1:96:8b:47:
                    a1:48:69:c1:4f:00:d1:9a:05:1e:89:66:8a:d7:03:
                    de:e0:20:59:fb:8b:b2:8e:2b:7c:94:11:26:5f:80:
                    ff:c4:8b:ac:4e:53:3a:52:24:92:82:a4:62:30:d9:
                    5b:ce:be:2c:3f:54:af:e6:29:88:6e:bb:72:5b:b6:
                    6c:d7:f2:6d:51:07:64:72:73:95:e5:b6:ae:38:a7:
                    c0:50:09:ef:23:d2:f7:fd:09:6d:85:66:8c:1e:04:
                    e6:3a:e7:e7:2d:4a:87:1f:f4:3a:13:25:c0:09:31:
                    f7:d3:30:18:a6:92:9d:8f:b0:e3:38:06:77:fb:ef:
                    3e:50:27:73:e8:75:6c:2c:3f:60:c6:d0:00:20:db:
                    a2:63:8d:1d:b3:b0:01:e9:a5:75:e1:5a:38:1d:3b:
                    c5:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:6A:83:8B:FC:BF:72:2D:38:69:6B:7B:EC:DF:0D:78:C5:F3:74:58
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/02a7dfc8-73d0-4d7e-8c43-23b047a3a995.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:18:91:0c:b2:4d:e1:05:c7:b4:78:17:bb:06:4c:3f:6a:c6:
         d1:c5:fb:d8:47:65:2a:80:2b:4e:98:14:e0:86:85:4a:e3:a0:
         89:c0:52:34:db:df:e4:55:46:95:40:d4:0c:fa:0e:c5:bb:e1:
         59:89:57:fb:88:f2:05:b2:8a:47:eb:44:6c:6b:c5:49:4e:65:
         1c:81:72:c4:c4:08:df:27:9a:cb:0c:23:b0:72:96:98:46:9c:
         f4:eb:02:68:58:7f:e6:1e:67:88:6f:a7:e3:5c:a4:fb:de:8f:
         82:ec:3a:bd:df:45:05:0f:a4:45:4d:f4:26:c7:ce:39:2a:37:
         87:9f:a8:f7:6f:ac:eb:6d:32:ec:22:3a:b5:1f:86:63:db:ee:
         9e:ab:c2:db:96:56:60:4e:c4:48:92:54:b9:18:c0:f9:0a:90:
         60:b8:51:bb:87:4f:92:23:d6:63:8a:c0:a6:4b:6d:c7:3c:88:
         31:3d:b5:d9:b2:57:86:07:f9:b0:49:d7:8b:47:0e:c5:83:c7:
         b2:ca:fd:db:c4:1e:f0:d8:bd:58:ec:de:93:41:67:fa:83:51:
         4e:56:17:df:d6:bf:e5:e8:d8:d5:88:0d:49:30:b9:63:0a:f7:
         59:5c:ae:68:26:39:19:06:a7:cd:6f:75:eb:c0:0a:ba:85:46:
         55:ed:21:b8
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUORrk/rK+9pAxIcrb56Z9pPpLHKgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDE4MDAzMzE2WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BmMzk2YWVlZjVhZTBkZDdhMmUzYTlmYThlNmZiNjZjMGFh
NTIwZmZhMGQ0NzY2YjQzMjgwOWQ2Y2MwMGY2YTM2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDE4Nw1moWlh91sJhl3ac1LfO0gmE1aQ8f33s18DjTVRsxe
ru6YJyhb/fj0NGgg7ASuFVuPIYya/A6OgcZmc6PfMzpNb6ohUPoPtXMtYc97LVhG
1iyHd36UBEC7GdrwNDWHdQtH8ZaLR6FIacFPANGaBR6JZorXA97gIFn7i7KOK3yU
ESZfgP/Ei6xOUzpSJJKCpGIw2VvOviw/VK/mKYhuu3JbtmzX8m1RB2Ryc5Xltq44
p8BQCe8j0vf9CW2FZoweBOY65+ctSocf9DoTJcAJMffTMBimkp2PsOM4Bnf77z5Q
J3PodWwsP2DG0AAg26JjjR2zsAHppXXhWjgdO8VTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUK2qDi/y/ci04aWt77N8NeMXzdFgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzAyYTdkZmM4LTczZDAtNGQ3ZS04YzQzLTIzYjA0N2EzYTk5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHIYkQyyTeEFx7R4F7sGTD9qxtHF
+9hHZSqAK06YFOCGhUrjoInAUjTb3+RVRpVA1Az6DsW74VmJV/uI8gWyikfrRGxr
xUlOZRyBcsTECN8nmssMI7BylphGnPTrAmhYf+YeZ4hvp+NcpPvej4LsOr3fRQUP
pEVN9CbHzjkqN4efqPdvrOttMuwiOrUfhmPb7p6rwtuWVmBOxEiSVLkYwPkKkGC4
UbuHT5Ij1mOKwKZLbcc8iDE9tdmyV4YH+bBJ14tHDsWDx7LK/dvEHvDYvVjs3pNB
Z/qDUU5WF9/Wv+Xo2NWIDUkwuWMK91lcrmgmORkGp81vdevACrqFRlXtIbg=
-----END CERTIFICATE-----