Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/301130cd-d45f-4ee8-8877-3965d60e3301.roa
File:                     301130cd-d45f-4ee8-8877-3965d60e3301.roa (raw, json)
Hash identifier:          fBtVw3Xo56ya99vmWDFCaXzg9/7vtqVkTghuj7vLFos=
Subject key identifier:   85:37:66:D0:DC:5D:22:8B:0B:17:53:64:D9:6C:82:94:15:D6:A1:48
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       72F63B6F41C430EAE19B37954A76BD976710AA7E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/301130cd-d45f-4ee8-8877-3965d60e3301.roa
Signing time:             Mon 07 Apr 2025 10:43:15 +0000
ROA not before:           Mon 07 Apr 2025 10:43:15 +0000
ROA not after:            Mon 12 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 07 Apr 2025 11:03:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:f6:3b:6f:41:c4:30:ea:e1:9b:37:95:4a:76:bd:97:67:10:aa:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  7 10:43:15 2025 GMT
            Not After : May 12 23:59:59 2025 GMT
        Subject: serialNumber=93ec1162699b079d93279d98cb53821229a0911703b2941abe37b20e6a109af6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7f:fa:0c:40:53:21:8d:ab:01:e2:15:b6:0f:
                    26:cd:57:09:a9:db:c5:1a:bc:25:ea:46:cf:74:e3:
                    27:11:be:29:38:c9:32:70:b0:0e:0c:5e:e1:05:46:
                    fd:1a:06:4b:e6:5b:a0:a3:63:77:18:91:f4:1c:e7:
                    27:0f:a8:b3:f8:82:3c:cb:7b:ec:75:25:ca:24:b7:
                    2b:ce:89:b1:5c:02:ff:d9:61:66:c7:3c:56:22:40:
                    3b:7c:1a:fc:97:8d:66:e1:76:82:75:37:5b:ae:17:
                    bd:0c:33:07:56:13:65:10:52:4b:8e:bc:be:40:41:
                    b9:39:f3:0b:23:ed:72:af:68:d6:ca:74:21:bd:45:
                    88:b9:75:1f:bd:d4:22:a6:52:38:55:e8:80:26:ec:
                    79:c6:d0:80:0d:69:7e:33:ae:86:26:af:73:1a:33:
                    76:76:49:89:c8:a4:b0:f8:0c:86:b3:ed:89:c3:3d:
                    c5:7e:a1:d2:81:b8:ab:52:74:33:46:a3:2b:5c:e0:
                    17:8f:2f:15:fc:ef:a4:c6:d2:76:55:bc:b1:39:8f:
                    35:e1:50:75:72:b5:73:bc:f2:c1:1d:b6:be:f9:83:
                    a6:39:b8:95:9d:0d:8e:96:f1:e0:a4:c0:61:df:f3:
                    94:f4:9b:fd:a0:a0:3b:f9:ad:13:55:d0:14:9d:7f:
                    05:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:37:66:D0:DC:5D:22:8B:0B:17:53:64:D9:6C:82:94:15:D6:A1:48
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/301130cd-d45f-4ee8-8877-3965d60e3301.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:60:fc:3b:ba:2f:f2:3d:02:13:46:4e:fd:27:46:63:24:64:
         10:af:23:fd:a7:49:a2:81:04:fa:c9:6f:e2:c6:fc:ca:71:4b:
         a0:15:dc:ad:fc:e5:31:22:b9:14:f1:36:fa:64:41:73:46:7e:
         1c:7f:25:18:52:01:30:8a:5d:10:25:b7:02:cb:50:35:39:55:
         ef:4b:3c:3c:07:0a:0a:ec:83:4c:5a:92:fa:e5:aa:a9:ee:0f:
         f0:c3:22:9c:18:b1:68:0d:f4:d3:c7:7a:03:0b:31:a1:d3:8c:
         30:10:15:65:39:21:e8:83:7c:ff:de:c7:3c:05:6e:a4:84:f3:
         d1:bc:45:bc:e5:b5:90:e7:9d:28:62:0d:06:e2:57:06:d0:4b:
         5d:db:5a:a5:4f:fd:2e:d4:f8:87:83:2b:73:b6:ba:0d:f8:40:
         21:bc:d5:a0:73:31:b8:16:5a:c3:18:db:b3:30:2f:f9:f5:f1:
         b4:19:8a:1e:6f:02:9e:b8:c7:33:77:bc:6c:5e:3a:5b:0a:b2:
         ad:56:5a:e6:2d:88:a0:ac:9d:71:f0:8c:ac:0a:da:2c:f8:fc:
         c0:f5:68:e2:37:8f:29:6d:e2:a8:c5:b9:0c:8b:1f:7c:73:5b:
         7b:76:48:4c:28:db:bd:0f:4c:ad:9e:87:e6:06:1c:b9:86:c0:
         52:09:78:01
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcvY7b0HEMOrhmzeVSna9l2cQqn4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDA3MTA0MzE1WhcNMjUwNTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A5M2VjMTE2MjY5OWIwNzlkOTMyNzlkOThjYjUzODIxMjI5
YTA5MTE3MDNiMjk0MWFiZTM3YjIwZTZhMTA5YWY2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrf/oMQFMhjasB4hW2DybNVwmp28UavCXqRs904ycRvik4
yTJwsA4MXuEFRv0aBkvmW6CjY3cYkfQc5ycPqLP4gjzLe+x1JcoktyvOibFcAv/Z
YWbHPFYiQDt8GvyXjWbhdoJ1N1uuF70MMwdWE2UQUkuOvL5AQbk58wsj7XKvaNbK
dCG9RYi5dR+91CKmUjhV6IAm7HnG0IANaX4zroYmr3MaM3Z2SYnIpLD4DIaz7YnD
PcV+odKBuKtSdDNGoytc4BePLxX876TG0nZVvLE5jzXhUHVytXO88sEdtr75g6Y5
uJWdDY6W8eCkwGHf85T0m/2goDv5rRNV0BSdfwXlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhTdm0NxdIosLF1Nk2WyClBXWoUgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMwMTEzMGNkLWQ0NWYtNGVlOC04ODc3LTM5NjVkNjBlMzMwMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEdg/Du6L/I9AhNGTv0nRmMkZBCv
I/2nSaKBBPrJb+LG/MpxS6AV3K385TEiuRTxNvpkQXNGfhx/JRhSATCKXRAltwLL
UDU5Ve9LPDwHCgrsg0xakvrlqqnuD/DDIpwYsWgN9NPHegMLMaHTjDAQFWU5IeiD
fP/exzwFbqSE89G8RbzltZDnnShiDQbiVwbQS13bWqVP/S7U+IeDK3O2ug34QCG8
1aBzMbgWWsMY27MwL/n18bQZih5vAp64xzN3vGxeOlsKsq1WWuYtiKCsnXHwjKwK
2iz4/MD1aOI3jylt4qjFuQyLH3xzW3t2SEwo270PTK2eh+YGHLmGwFIJeAE=
-----END CERTIFICATE-----