Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0b7a04ff-e98d-48f5-b025-622cc6b7ef34.roa
File:                     0b7a04ff-e98d-48f5-b025-622cc6b7ef34.roa (raw, json)
Hash identifier:          qFt4FRV0uit/pLYFjCW6B2gK3yeYoSrjO4duk0gMkVc=
Subject key identifier:   FD:98:D9:12:FF:7D:36:EA:C5:9E:D7:AE:54:B3:6E:8A:B1:C3:01:28
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2D980BAC7F51CBA970492FF3B97204FB2319A25D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0b7a04ff-e98d-48f5-b025-622cc6b7ef34.roa
Signing time:             Sat 19 Apr 2025 14:48:16 +0000
ROA not before:           Sat 19 Apr 2025 14:48:16 +0000
ROA not after:            Sat 24 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 19 Apr 2025 15:08:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:98:0b:ac:7f:51:cb:a9:70:49:2f:f3:b9:72:04:fb:23:19:a2:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 19 14:48:16 2025 GMT
            Not After : May 24 23:59:59 2025 GMT
        Subject: serialNumber=c82683c10460df92430e216447d9706e0e55ae4fdb80158a30537ebb8c2a2f93, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:14:0e:41:ec:ae:97:85:f5:f9:f7:2d:0a:36:
                    42:44:af:55:f9:cf:ab:fc:1a:32:ef:ff:d0:4c:48:
                    b7:c1:af:a9:65:fa:93:88:72:e4:4e:01:39:44:5e:
                    55:cb:a5:50:99:5c:6e:5f:76:db:6f:11:e4:4e:ad:
                    c7:7b:e2:b5:e0:cb:cd:5c:39:f6:73:e2:56:d7:8e:
                    e1:0e:f9:47:f3:b1:50:62:b4:fd:53:5f:24:11:90:
                    af:46:cd:19:40:7b:3c:34:78:6d:a1:4e:c4:bc:31:
                    a5:b6:4b:07:d5:00:5d:d0:17:ed:f5:6e:f2:78:41:
                    f7:bd:6a:09:4b:64:09:21:40:11:4a:a9:a7:5f:55:
                    03:b3:99:ee:12:3d:1b:66:fa:8c:fd:a1:e1:5f:80:
                    28:35:4a:90:a1:5c:f2:ef:71:71:0c:6b:5a:d6:cc:
                    c4:2d:75:36:80:d1:76:8d:77:6b:62:a6:fd:74:8d:
                    0f:c7:6c:5f:a6:0d:49:f2:0a:cf:c4:70:ce:2d:bb:
                    f8:27:c2:b6:1f:d5:1d:44:6d:4f:ed:55:98:7f:fd:
                    a6:67:47:7e:2f:4d:1d:b4:d1:a7:b9:4f:84:f0:a2:
                    c9:fb:41:87:56:e5:50:b0:1b:d6:aa:e6:ce:13:6b:
                    e2:d9:9b:cb:bb:58:a5:c4:2c:87:90:1d:99:69:e1:
                    d4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:98:D9:12:FF:7D:36:EA:C5:9E:D7:AE:54:B3:6E:8A:B1:C3:01:28
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/0b7a04ff-e98d-48f5-b025-622cc6b7ef34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:8c:d3:0b:8b:e6:34:fd:a3:ca:54:fa:f9:2d:fc:a6:62:d2:
         e0:f4:a6:6b:ec:98:08:ba:23:fe:4c:bf:76:2c:71:45:c3:cc:
         2d:e8:93:d3:b4:8b:d0:49:ad:aa:ec:3b:de:d8:2c:14:2a:cf:
         95:58:cf:03:3c:31:7a:7b:37:03:e5:28:01:0a:e5:9b:5e:c0:
         ed:13:58:3a:a0:a3:83:70:17:43:14:82:80:6d:db:61:e2:a7:
         7f:99:b2:ff:b3:4c:1e:b3:bc:46:b2:98:8e:b8:9d:d2:7f:2a:
         0f:58:96:65:39:02:ec:34:33:55:18:16:25:e7:99:71:9c:80:
         43:0c:d8:87:7e:6f:2e:74:af:e7:80:ce:6a:d3:6c:5a:9f:71:
         bc:6e:9d:26:2c:5c:98:65:f6:1b:05:d1:7f:3f:98:e8:16:1a:
         4b:34:36:0d:b3:a7:50:9a:f9:d8:38:47:9e:a7:80:ea:cf:16:
         c6:df:27:e5:13:70:ff:a2:03:2a:27:90:d1:af:c4:76:7a:cc:
         7b:32:cd:f8:71:ce:24:5a:f6:5e:96:e7:cd:40:a3:80:05:75:
         58:06:35:43:17:76:ea:ed:84:4f:c5:08:2b:50:02:24:4f:ad:
         71:44:c4:3e:19:e8:2a:c9:f5:6b:30:9d:3c:ec:7e:37:2c:87:
         da:5d:a6:25
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULZgLrH9Ry6lwSS/zuXIE+yMZol0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDE5MTQ0ODE2WhcNMjUwNTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BjODI2ODNjMTA0NjBkZjkyNDMwZTIxNjQ0N2Q5NzA2ZTBl
NTVhZTRmZGI4MDE1OGEzMDUzN2ViYjhjMmEyZjkzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFFA5B7K6XhfX59y0KNkJEr1X5z6v8GjLv/9BMSLfBr6ll
+pOIcuROATlEXlXLpVCZXG5fdttvEeROrcd74rXgy81cOfZz4lbXjuEO+UfzsVBi
tP1TXyQRkK9GzRlAezw0eG2hTsS8MaW2SwfVAF3QF+31bvJ4Qfe9aglLZAkhQBFK
qadfVQOzme4SPRtm+oz9oeFfgCg1SpChXPLvcXEMa1rWzMQtdTaA0XaNd2tipv10
jQ/HbF+mDUnyCs/EcM4tu/gnwrYf1R1EbU/tVZh//aZnR34vTR200ae5T4Twosn7
QYdW5VCwG9aq5s4Ta+LZm8u7WKXELIeQHZlp4dStAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/ZjZEv99NurFnteuVLNuirHDASgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzBiN2EwNGZmLWU5OGQtNDhmNS1iMDI1LTYyMmNjNmI3ZWYzNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKmM0wuL5jT9o8pU+vkt/KZi0uD0
pmvsmAi6I/5Mv3YscUXDzC3ok9O0i9BJrarsO97YLBQqz5VYzwM8MXp7NwPlKAEK
5ZtewO0TWDqgo4NwF0MUgoBt22Hip3+Zsv+zTB6zvEaymI64ndJ/Kg9YlmU5Auw0
M1UYFiXnmXGcgEMM2Id+by50r+eAzmrTbFqfcbxunSYsXJhl9hsF0X8/mOgWGks0
Ng2zp1Ca+dg4R56ngOrPFsbfJ+UTcP+iAyonkNGvxHZ6zHsyzfhxziRa9l6W581A
o4AFdVgGNUMXdurthE/FCCtQAiRPrXFExD4Z6CrJ9WswnTzsfjcsh9pdpiU=
-----END CERTIFICATE-----