Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/30c3c2a4-2932-46fd-bfd4-9b4ff6a2f759.roa
File:                     30c3c2a4-2932-46fd-bfd4-9b4ff6a2f759.roa (raw, json)
Hash identifier:          SStN/Xvo29BK63ZlOhNSDIe1n8++ORtXZ1yH9MNq0Rw=
Subject key identifier:   57:BC:ED:02:FB:78:41:28:44:5A:34:35:DC:55:0A:EA:59:8F:0D:78
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4997CA1875618FA53BA4EC77D464CF4F4A83FD5A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/30c3c2a4-2932-46fd-bfd4-9b4ff6a2f759.roa
Signing time:             Wed 23 Apr 2025 13:23:19 +0000
ROA not before:           Wed 23 Apr 2025 13:23:19 +0000
ROA not after:            Wed 28 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 23 Apr 2025 13:43:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:97:ca:18:75:61:8f:a5:3b:a4:ec:77:d4:64:cf:4f:4a:83:fd:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 23 13:23:19 2025 GMT
            Not After : May 28 23:59:59 2025 GMT
        Subject: serialNumber=503c71ad475ba47013505d40b9f4ddec9317f813797275a2afa3d256d1ddd8d7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8e:d1:db:44:94:98:92:a3:d8:02:95:c9:87:
                    da:b2:26:7b:92:18:1b:a0:d2:c5:79:0b:ba:91:16:
                    44:ce:fc:23:49:b3:53:34:7d:4e:57:61:72:00:48:
                    d1:b2:6e:51:4e:e9:58:63:39:fd:01:10:76:87:99:
                    19:e1:24:b3:39:3a:77:28:72:b5:07:e2:70:41:8e:
                    70:d4:86:c7:7b:3a:a0:55:d0:d6:3d:a7:44:89:64:
                    26:f3:e6:ea:1c:05:fb:a1:cd:21:a8:2f:ec:3a:8e:
                    8a:66:d8:46:96:e6:82:5a:33:a1:6f:38:14:0e:a3:
                    83:df:d1:9e:2d:b4:1d:66:40:e4:05:7a:b6:49:41:
                    c9:5c:06:12:e1:60:96:ac:9e:6d:0a:81:9b:14:4d:
                    05:2e:71:b7:95:18:1c:6b:a6:8c:a7:75:4f:cb:8e:
                    57:61:b5:1b:27:ef:e3:e6:30:2e:91:6e:cc:f6:a2:
                    68:ca:54:89:39:a2:7e:79:70:13:c8:7e:fb:a4:df:
                    33:66:54:c6:af:aa:e2:f2:1c:35:01:bf:6a:2e:e9:
                    b1:ec:11:c0:76:0d:ee:b6:f3:bf:3b:0a:b0:79:44:
                    57:8b:c0:7b:4e:a9:e0:0b:9c:6b:e9:73:ab:fc:dd:
                    c4:83:ce:d6:50:3f:0f:db:ce:fd:e1:f6:4d:bf:b3:
                    a0:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:BC:ED:02:FB:78:41:28:44:5A:34:35:DC:55:0A:EA:59:8F:0D:78
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/30c3c2a4-2932-46fd-bfd4-9b4ff6a2f759.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:7a:a6:c5:68:fe:84:87:43:f7:34:1e:92:64:fa:ba:da:65:
         b0:eb:11:46:29:f3:67:1c:fc:33:bb:dd:c2:6e:34:42:c1:43:
         a4:96:90:83:94:b3:b1:78:98:33:74:d4:ea:1a:ca:38:16:0b:
         6d:77:e3:6b:37:d2:f3:68:31:99:7c:1f:03:bb:79:b7:76:9d:
         2e:ee:40:f2:49:7a:9f:fc:80:6c:77:a9:29:20:2c:59:1e:41:
         07:eb:e5:7a:c5:87:2e:7d:bb:63:ce:e7:b5:0a:e7:50:4c:c6:
         b1:65:87:75:94:cf:d8:3b:cb:49:9d:e8:94:a9:5b:b6:13:3e:
         48:e6:03:ab:53:cf:0a:f3:7d:42:0a:02:21:20:0d:57:12:39:
         a3:9e:ff:2a:ef:d8:b4:68:5e:ad:dd:f1:84:dd:47:1a:88:d2:
         82:c9:b5:06:c3:1f:09:f3:28:77:7f:bc:d7:f4:5c:e9:3e:1f:
         95:72:77:81:a9:c8:fa:35:57:35:6a:ed:a0:76:f5:c8:26:6c:
         ed:1b:c3:d6:ca:fd:4a:4e:c4:a6:44:c0:5a:59:78:17:c6:0b:
         43:a1:c6:87:02:b5:98:b3:62:78:da:ad:23:d7:e1:53:6b:58:
         1e:84:54:f2:02:06:7d:5d:93:90:8d:76:b5:0f:05:be:e9:2a:
         cc:5f:87:ee
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSZfKGHVhj6U7pOx31GTPT0qD/VowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDIzMTMyMzE5WhcNMjUwNTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A1MDNjNzFhZDQ3NWJhNDcwMTM1MDVkNDBiOWY0ZGRlYzkz
MTdmODEzNzk3Mjc1YTJhZmEzZDI1NmQxZGRkOGQ3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtjtHbRJSYkqPYApXJh9qyJnuSGBug0sV5C7qRFkTO/CNJ
s1M0fU5XYXIASNGyblFO6VhjOf0BEHaHmRnhJLM5OncocrUH4nBBjnDUhsd7OqBV
0NY9p0SJZCbz5uocBfuhzSGoL+w6jopm2EaW5oJaM6FvOBQOo4Pf0Z4ttB1mQOQF
erZJQclcBhLhYJasnm0KgZsUTQUucbeVGBxrpoyndU/LjldhtRsn7+PmMC6Rbsz2
omjKVIk5on55cBPIfvuk3zNmVMavquLyHDUBv2ou6bHsEcB2De628787CrB5RFeL
wHtOqeALnGvpc6v83cSDztZQPw/bzv3h9k2/s6DlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUV7ztAvt4QShEWjQ13FUK6lmPDXgwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMwYzNjMmE0LTI5MzItNDZmZC1iZmQ0LTliNGZmNmEyZjc1OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGV6psVo/oSHQ/c0HpJk+rraZbDr
EUYp82cc/DO73cJuNELBQ6SWkIOUs7F4mDN01OoayjgWC21342s30vNoMZl8HwO7
ebd2nS7uQPJJep/8gGx3qSkgLFkeQQfr5XrFhy59u2PO57UK51BMxrFlh3WUz9g7
y0md6JSpW7YTPkjmA6tTzwrzfUIKAiEgDVcSOaOe/yrv2LRoXq3d8YTdRxqI0oLJ
tQbDHwnzKHd/vNf0XOk+H5Vyd4GpyPo1VzVq7aB29cgmbO0bw9bK/UpOxKZEwFpZ
eBfGC0OhxocCtZizYnjarSPX4VNrWB6EVPICBn1dk5CNdrUPBb7pKsxfh+4=
-----END CERTIFICATE-----