Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/42b7e7b6-6383-4bfc-8ee7-834acd29dbb0.roa
File:                     42b7e7b6-6383-4bfc-8ee7-834acd29dbb0.roa (raw, json)
Hash identifier:          xxSh/IWtHFIrbUtGJi7ufuYlZQgHwVfgT11RR6M/D/E=
Subject key identifier:   AC:91:75:5D:55:D0:00:44:EF:DB:0B:E3:0F:43:8B:8D:3B:0D:19:51
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       746C47615DD2A022E6D0325CCC50BAC0AB3A2A2C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/42b7e7b6-6383-4bfc-8ee7-834acd29dbb0.roa
Signing time:             Mon 24 Mar 2025 07:23:18 +0000
ROA not before:           Mon 24 Mar 2025 07:23:18 +0000
ROA not after:            Mon 28 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 24 Mar 2025 07:38:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:6c:47:61:5d:d2:a0:22:e6:d0:32:5c:cc:50:ba:c0:ab:3a:2a:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 24 07:23:18 2025 GMT
            Not After : Apr 28 23:59:59 2025 GMT
        Subject: serialNumber=ca8c1c9ee91c4b67c3f8477a99487001618e5a4b186c354a6c7be8738c919cd7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a3:f4:4e:b2:b2:83:b3:2b:ca:16:9e:07:fe:
                    1e:50:02:37:41:7c:52:c3:f9:25:53:ea:1c:c2:77:
                    a8:d2:00:c0:72:2d:e3:80:f0:58:7b:2c:b3:bf:4a:
                    0f:44:d2:7d:3e:26:a6:9c:97:c6:6e:57:56:48:e1:
                    8f:b2:a6:e7:c4:84:96:12:cc:77:85:38:fc:42:6f:
                    74:19:57:58:a6:bc:90:93:70:c2:41:e5:06:0a:d4:
                    f9:a0:92:4d:47:90:d1:8e:31:92:c6:2a:c0:3f:08:
                    11:05:19:07:79:56:28:b2:4a:2b:5e:77:65:06:34:
                    70:eb:bf:8f:ca:f5:9c:26:ba:63:41:a3:4b:de:23:
                    9e:ed:e3:29:6f:fc:e9:ba:41:33:a1:12:cc:3c:57:
                    07:a0:66:05:ef:75:fb:ef:4a:56:44:0d:de:7d:c9:
                    04:d8:52:d7:37:20:de:3f:c0:f7:dd:31:2e:93:65:
                    df:b7:55:c0:6c:bb:76:32:2c:6b:41:57:e1:23:3b:
                    2b:bc:e1:70:de:98:2e:bd:8a:9c:6a:e8:0b:84:d7:
                    27:00:17:d7:3a:d1:c4:f0:27:b7:20:e5:4f:eb:73:
                    9a:b2:e8:2f:4e:d3:99:a6:ae:79:e1:b2:88:ac:40:
                    54:88:28:fe:23:7f:02:e0:c8:8c:26:3e:6b:74:bd:
                    25:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:91:75:5D:55:D0:00:44:EF:DB:0B:E3:0F:43:8B:8D:3B:0D:19:51
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/42b7e7b6-6383-4bfc-8ee7-834acd29dbb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:43:2b:38:97:f6:e1:77:f0:11:54:99:39:8e:c1:a3:22:6c:
         c0:89:07:a5:43:c0:3b:9a:33:9d:16:74:e3:e3:3d:8e:d3:28:
         13:2f:a7:62:c0:02:27:33:51:df:ea:4a:7f:89:78:4f:a9:08:
         72:20:8e:be:86:3e:a0:b9:5d:c6:d9:70:c7:65:17:b2:19:f7:
         67:48:2d:ce:cf:21:88:85:5a:e6:bd:1d:bd:ff:f9:75:36:4e:
         7d:c2:b8:01:5e:74:86:db:71:ae:6c:04:d9:fe:a3:b2:54:62:
         6d:93:19:b6:cd:4e:9b:ef:ff:ce:78:5e:13:c9:bf:24:22:fe:
         b5:29:f8:aa:88:2b:e3:d7:3b:0f:95:11:fd:6b:04:ad:b2:e2:
         a1:88:d7:da:bd:eb:88:65:68:84:6a:1d:6f:67:ba:2f:d5:1a:
         1c:30:31:3f:8a:bd:44:ee:70:ed:78:2e:e3:95:ac:06:ee:72:
         7b:2b:ef:0e:71:e1:de:96:99:15:65:e0:78:4c:7c:25:3a:fa:
         cf:3d:73:3f:d1:73:18:2b:cf:23:05:f5:ff:55:85:65:35:b9:
         b4:3d:d5:f4:07:b5:7f:89:a4:e1:24:1e:6e:92:70:f0:53:e3:
         76:83:dd:24:a0:4d:00:27:47:7b:76:6a:a6:bb:45:37:a5:09:
         ef:1c:2f:47
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdGxHYV3SoCLm0DJczFC6wKs6KiwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI0MDcyMzE4WhcNMjUwNDI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjYThjMWM5ZWU5MWM0YjY3YzNmODQ3N2E5OTQ4NzAwMTYx
OGU1YTRiMTg2YzM1NGE2YzdiZTg3MzhjOTE5Y2Q3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTo/ROsrKDsyvKFp4H/h5QAjdBfFLD+SVT6hzCd6jSAMBy
LeOA8Fh7LLO/Sg9E0n0+Jqacl8ZuV1ZI4Y+ypufEhJYSzHeFOPxCb3QZV1imvJCT
cMJB5QYK1Pmgkk1HkNGOMZLGKsA/CBEFGQd5ViiySited2UGNHDrv4/K9ZwmumNB
o0veI57t4ylv/Om6QTOhEsw8VwegZgXvdfvvSlZEDd59yQTYUtc3IN4/wPfdMS6T
Zd+3VcBsu3YyLGtBV+EjOyu84XDemC69ipxq6AuE1ycAF9c60cTwJ7cg5U/rc5qy
6C9O05mmrnnhsoisQFSIKP4jfwLgyIwmPmt0vSVzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUrJF1XVXQAETv2wvjD0OLjTsNGVEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQyYjdlN2I2LTYzODMtNGJmYy04ZWU3LTgzNGFjZDI5ZGJiMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABtDKziX9uF38BFUmTmOwaMibMCJ
B6VDwDuaM50WdOPjPY7TKBMvp2LAAiczUd/qSn+JeE+pCHIgjr6GPqC5XcbZcMdl
F7IZ92dILc7PIYiFWua9Hb3/+XU2Tn3CuAFedIbbca5sBNn+o7JUYm2TGbbNTpvv
/854XhPJvyQi/rUp+KqIK+PXOw+VEf1rBK2y4qGI19q964hlaIRqHW9nui/VGhww
MT+KvUTucO14LuOVrAbucnsr7w5x4d6WmRVl4HhMfCU6+s89cz/RcxgrzyMF9f9V
hWU1ubQ91fQHtX+JpOEkHm6ScPBT43aD3SSgTQAnR3t2aqa7RTelCe8cL0c=
-----END CERTIFICATE-----