Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/39bb4b6c-6ff3-4c43-abcc-c3598280b670.roa
File:                     39bb4b6c-6ff3-4c43-abcc-c3598280b670.roa (raw, json)
Hash identifier:          1E1K3befUGdXo1UXj0uEm9BpQF2yHmrIxdRgFqxiOs0=
Subject key identifier:   02:57:C1:B7:C6:C2:14:F3:13:7F:9A:01:66:CF:88:CB:F1:FC:99:C5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       427F8F97BE2D5A494539741FBC099442BF22CB95
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/39bb4b6c-6ff3-4c43-abcc-c3598280b670.roa
Signing time:             Sat 22 Mar 2025 23:43:15 +0000
ROA not before:           Sat 22 Mar 2025 23:43:15 +0000
ROA not after:            Sat 26 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 23 Mar 2025 00:03:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:7f:8f:97:be:2d:5a:49:45:39:74:1f:bc:09:94:42:bf:22:cb:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 22 23:43:15 2025 GMT
            Not After : Apr 26 23:59:59 2025 GMT
        Subject: serialNumber=0434c96f41f26cc660b906320acd33659c18c22cf377d6691bf1a4263cc8965a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d4:06:48:74:d1:7f:92:bc:2c:26:50:cd:0b:
                    9b:12:8c:f7:a6:44:fe:64:42:36:da:8e:73:31:4d:
                    fb:3f:05:0d:dd:c7:9f:f0:24:c1:a4:ed:5c:d5:0d:
                    15:9f:e0:8b:a5:8b:cc:6d:c1:35:9d:4c:07:4d:6a:
                    e3:ed:7c:84:58:a7:f7:ab:11:37:7a:9a:6c:6a:2f:
                    09:ab:7a:91:5b:4d:98:09:1f:f6:c5:42:21:7a:fe:
                    36:e9:22:bf:8a:e9:71:74:24:24:39:33:77:8a:5d:
                    40:f2:73:90:95:a9:c5:33:57:68:c2:0b:bb:2c:9c:
                    ab:51:0d:00:1b:77:78:a4:73:23:d7:40:21:8b:0f:
                    a5:70:20:ad:68:d5:48:0b:40:c4:05:54:bd:74:ba:
                    02:a0:a9:66:23:56:2a:d3:a1:e3:bb:a6:5f:3a:2d:
                    ab:c1:9e:d3:8b:aa:1d:7b:f8:e8:56:98:c3:ac:be:
                    a0:35:d2:3e:93:0b:a5:22:fb:51:a9:f5:fb:f1:2b:
                    cf:4c:15:b2:7b:d4:8b:0c:df:94:0b:f5:9b:6c:38:
                    c6:1f:7d:ad:67:88:9f:20:85:cf:65:c0:e6:0f:75:
                    e3:e6:56:c9:80:16:91:91:bc:8c:ef:2c:78:53:83:
                    8b:a5:68:93:03:74:da:7c:f7:39:cb:ad:5e:f8:2e:
                    2d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:57:C1:B7:C6:C2:14:F3:13:7F:9A:01:66:CF:88:CB:F1:FC:99:C5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/39bb4b6c-6ff3-4c43-abcc-c3598280b670.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:6a:4a:32:93:52:f4:75:9c:43:2e:f0:6a:e4:02:e8:b2:bd:
         f3:93:87:f3:65:c3:dd:c4:4a:31:f6:5d:f8:5d:51:44:0e:e2:
         80:f8:f1:cd:a0:ab:8f:55:f1:52:ff:26:88:57:c2:da:8d:7d:
         b6:b4:37:31:b9:fa:24:82:5e:57:7f:b0:8c:52:4c:62:dc:24:
         ca:57:e5:06:23:26:f1:b5:4e:9b:2b:1c:d4:dd:88:36:d5:68:
         0c:90:76:2e:60:1f:3c:9d:e7:62:e3:25:d0:a1:b3:59:68:ca:
         ce:d1:72:82:31:47:df:76:13:7a:8f:03:d7:42:eb:27:85:40:
         e6:dc:33:f8:87:21:45:6b:c3:0a:d0:ce:69:c2:c6:6a:51:c0:
         7a:75:9a:1c:da:bf:c6:8e:08:df:01:13:ea:7c:58:f7:96:19:
         d4:94:f1:c7:8d:86:d7:e6:84:17:4f:7b:ef:12:ab:19:6a:02:
         9b:89:00:82:8e:bd:e5:94:d8:05:1e:ea:78:9f:81:d0:30:c6:
         b0:f9:e5:d7:a4:7c:8c:07:79:f2:6f:b1:c6:e7:30:65:18:ed:
         d5:ab:a7:20:25:22:c5:02:cc:d3:db:4f:3c:a4:e2:b5:a6:f5:
         76:34:c2:87:a4:03:d2:36:68:21:41:bc:d7:d8:bc:7a:89:4a:
         ec:91:a8:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQn+Pl74tWklFOXQfvAmUQr8iy5UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzIyMjM0MzE1WhcNMjUwNDI2MjM1OTU5
WjB6MUkwRwYDVQQFE0AwNDM0Yzk2ZjQxZjI2Y2M2NjBiOTA2MzIwYWNkMzM2NTlj
MThjMjJjZjM3N2Q2NjkxYmYxYTQyNjNjYzg5NjVhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/1AZIdNF/krwsJlDNC5sSjPemRP5kQjbajnMxTfs/BQ3d
x5/wJMGk7VzVDRWf4Iuli8xtwTWdTAdNauPtfIRYp/erETd6mmxqLwmrepFbTZgJ
H/bFQiF6/jbpIr+K6XF0JCQ5M3eKXUDyc5CVqcUzV2jCC7ssnKtRDQAbd3ikcyPX
QCGLD6VwIK1o1UgLQMQFVL10ugKgqWYjVirToeO7pl86LavBntOLqh17+OhWmMOs
vqA10j6TC6Ui+1Gp9fvxK89MFbJ71IsM35QL9ZtsOMYffa1niJ8ghc9lwOYPdePm
VsmAFpGRvIzvLHhTg4ulaJMDdNp89znLrV74Li2PAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAlfBt8bCFPMTf5oBZs+Iy/H8mcUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM5YmI0YjZjLTZmZjMtNGM0My1hYmNjLWMzNTk4MjgwYjY3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJRqSjKTUvR1nEMu8GrkAuiyvfOT
h/Nlw93ESjH2XfhdUUQO4oD48c2gq49V8VL/JohXwtqNfba0NzG5+iSCXld/sIxS
TGLcJMpX5QYjJvG1TpsrHNTdiDbVaAyQdi5gHzyd52LjJdChs1loys7RcoIxR992
E3qPA9dC6yeFQObcM/iHIUVrwwrQzmnCxmpRwHp1mhzav8aOCN8BE+p8WPeWGdSU
8ceNhtfmhBdPe+8SqxlqApuJAIKOveWU2AUe6nifgdAwxrD55dekfIwHefJvscbn
MGUY7dWrpyAlIsUCzNPbTzyk4rWm9XY0woekA9I2aCFBvNfYvHqJSuyRqAw=
-----END CERTIFICATE-----