Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/13c2411b-e197-48c9-a503-72ba1c924ee9.roa
File:                     13c2411b-e197-48c9-a503-72ba1c924ee9.roa (raw, json)
Hash identifier:          Qv409RpFQL0v2+BT4r5PCrBRgXMeIIFJnfUEfDv1dxU=
Subject key identifier:   9A:44:BB:9F:83:B4:B6:F1:87:84:8D:16:94:3C:1F:72:5C:79:43:1B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7F9D4DA492E13A1C1CE09DD046E430B99FB4FC90
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/13c2411b-e197-48c9-a503-72ba1c924ee9.roa
Signing time:             Fri 13 Jun 2025 10:13:20 +0000
ROA not before:           Fri 13 Jun 2025 10:13:20 +0000
ROA not after:            Fri 18 Jul 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 13 Jun 2025 10:33:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:9d:4d:a4:92:e1:3a:1c:1c:e0:9d:d0:46:e4:30:b9:9f:b4:fc:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 13 10:13:20 2025 GMT
            Not After : Jul 18 23:59:59 2025 GMT
        Subject: serialNumber=b298dac7b0f270ff17e5f6b3b94a8042c1ebfab930a4dbab23ab442aa8ecb11f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f8:43:45:1d:7b:14:86:b0:1d:7e:d4:38:ee:
                    c3:60:ac:c7:ef:7a:d1:ba:db:73:a8:3f:fc:bd:13:
                    4f:54:e2:09:55:f3:14:e3:f4:f0:26:b5:10:17:8c:
                    38:42:ed:87:4a:f4:4b:af:6f:2b:5a:ba:bb:c2:e5:
                    7c:ab:eb:88:25:05:cc:c3:48:4f:cf:a6:a1:f9:89:
                    6e:03:c3:24:33:73:6b:3a:9d:7d:a3:be:e6:94:d1:
                    d1:fc:f9:bb:fb:1d:6e:a2:24:3f:85:5a:ff:78:ad:
                    28:28:7c:6c:64:e3:2b:21:91:a7:44:ae:cf:52:e0:
                    cd:38:18:f8:39:76:2f:ea:48:b8:6c:71:50:d4:e5:
                    07:20:f8:26:da:b6:a7:fa:8d:7f:cd:a6:9b:df:22:
                    7f:dc:07:c6:ba:7f:55:3a:e0:52:4f:2b:b5:cd:2d:
                    78:4d:b1:82:cb:9c:f7:53:e1:5a:06:0e:77:4e:40:
                    94:bc:3a:fd:f4:88:7d:75:c9:87:d4:bb:18:47:1d:
                    04:eb:c8:6b:2b:37:d6:08:86:23:4f:6b:29:72:79:
                    df:9d:a0:be:88:f3:04:8b:88:f3:dd:19:e5:d8:bd:
                    b8:28:7a:22:5b:ff:45:73:b4:03:da:fa:bf:8a:8e:
                    16:a4:42:2b:e8:36:c2:b2:c5:28:ec:94:14:99:90:
                    2f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:44:BB:9F:83:B4:B6:F1:87:84:8D:16:94:3C:1F:72:5C:79:43:1B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/13c2411b-e197-48c9-a503-72ba1c924ee9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:85:78:f8:4e:9f:a9:23:ec:ba:49:a9:1b:0f:b3:bb:ac:82:
         f8:21:43:ab:e6:0d:2a:22:8c:51:89:f1:ec:c3:01:80:52:34:
         ef:c1:5a:a8:8e:95:64:52:bf:ea:5b:82:e7:a8:26:49:78:37:
         45:42:93:35:2c:c0:80:91:a2:23:29:ba:09:05:2a:55:88:d1:
         40:c6:2d:01:7e:a1:99:bd:52:ad:a6:31:30:db:6c:3d:11:0a:
         1c:d5:44:9f:7a:2a:fc:b1:b3:cd:36:48:d7:38:12:3b:e2:20:
         d4:7f:0e:0c:35:af:29:5e:29:2d:4e:d0:a7:74:7c:dd:41:6c:
         f3:ad:0c:e4:f5:59:af:d8:5a:c7:27:f0:a9:98:cc:da:e3:74:
         b2:bb:8b:8a:d6:33:3b:c4:14:bd:e3:2d:05:56:14:30:c3:8c:
         38:5b:4e:8c:8f:af:b6:1d:f5:cc:8a:05:94:ca:f4:ed:1b:c9:
         72:2e:bd:92:80:da:e2:eb:2b:e7:ba:28:d2:a6:4c:14:db:b1:
         49:3d:92:e5:94:ce:e2:ab:df:62:34:ec:53:68:73:5c:64:85:
         95:a2:c0:88:50:ae:85:8b:2a:ed:4d:12:3f:3a:63:27:6f:a8:
         db:b1:16:3b:1f:77:48:00:a3:b9:a7:89:fe:7b:64:ab:76:96:
         4d:38:ac:38
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUf51NpJLhOhwc4J3QRuQwuZ+0/JAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNjEzMTAxMzIwWhcNMjUwNzE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BiMjk4ZGFjN2IwZjI3MGZmMTdlNWY2YjNiOTRhODA0MmMx
ZWJmYWI5MzBhNGRiYWIyM2FiNDQyYWE4ZWNiMTFmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD+ENFHXsUhrAdftQ47sNgrMfvetG623OoP/y9E09U4glV
8xTj9PAmtRAXjDhC7YdK9EuvbytaurvC5Xyr64glBczDSE/PpqH5iW4DwyQzc2s6
nX2jvuaU0dH8+bv7HW6iJD+FWv94rSgofGxk4yshkadErs9S4M04GPg5di/qSLhs
cVDU5Qcg+Cbatqf6jX/NppvfIn/cB8a6f1U64FJPK7XNLXhNsYLLnPdT4VoGDndO
QJS8Ov30iH11yYfUuxhHHQTryGsrN9YIhiNPaylyed+doL6I8wSLiPPdGeXYvbgo
eiJb/0VztAPa+r+KjhakQivoNsKyxSjslBSZkC9RAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmkS7n4O0tvGHhI0WlDwfclx5QxswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEzYzI0MTFiLWUxOTctNDhjOS1hNTAzLTcyYmExYzkyNGVlOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFGFePhOn6kj7LpJqRsPs7usgvgh
Q6vmDSoijFGJ8ezDAYBSNO/BWqiOlWRSv+pbgueoJkl4N0VCkzUswICRoiMpugkF
KlWI0UDGLQF+oZm9Uq2mMTDbbD0RChzVRJ96Kvyxs802SNc4EjviINR/Dgw1ryle
KS1O0Kd0fN1BbPOtDOT1Wa/YWscn8KmYzNrjdLK7i4rWMzvEFL3jLQVWFDDDjDhb
ToyPr7Yd9cyKBZTK9O0byXIuvZKA2uLrK+e6KNKmTBTbsUk9kuWUzuKr32I07FNo
c1xkhZWiwIhQroWLKu1NEj86YydvqNuxFjsfd0gAo7mnif57ZKt2lk04rDg=
-----END CERTIFICATE-----