Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4d4601c7-d72c-42e7-a2fb-fa06fababb5e.roa
File:                     4d4601c7-d72c-42e7-a2fb-fa06fababb5e.roa (raw, json)
Hash identifier:          xntttV6Xdp2Q8jnwjZmHFhMKJzSa/qvqpR8C1+urBCw=
Subject key identifier:   2A:3A:E2:C3:CE:50:45:C7:53:86:2A:20:CD:7C:D4:C5:F6:01:D3:B6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2F687D8DCBBAF4F0BACEE6162AC6BA243B9CF318
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4d4601c7-d72c-42e7-a2fb-fa06fababb5e.roa
Signing time:             Sat 17 May 2025 09:53:22 +0000
ROA not before:           Sat 17 May 2025 09:53:22 +0000
ROA not after:            Sat 21 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 17 May 2025 10:08:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:68:7d:8d:cb:ba:f4:f0:ba:ce:e6:16:2a:c6:ba:24:3b:9c:f3:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 17 09:53:22 2025 GMT
            Not After : Jun 21 23:59:59 2025 GMT
        Subject: serialNumber=5d5bc503743ef83b1f640a4ddd987232bc83bebf8c313c2bda15c89eb2ba48a0, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0f:af:33:36:6b:ca:b6:be:97:f5:9c:23:0e:
                    7b:29:21:1f:07:09:1e:be:33:75:bc:82:26:dd:46:
                    19:7a:d8:c9:91:4d:3b:52:95:f2:85:b1:25:cd:2f:
                    60:4a:91:b6:05:72:08:92:d0:66:67:ba:9e:e1:76:
                    90:b0:a5:d9:ed:33:78:6e:5d:20:87:88:3b:e3:a2:
                    5a:1d:c2:ba:bc:b2:57:62:55:80:f4:a9:08:91:9a:
                    f1:9b:e7:ea:f3:55:88:4a:50:c8:d7:0f:11:10:a1:
                    1b:31:fb:68:52:02:f7:ae:1e:c6:c3:bf:41:23:b6:
                    71:f9:ea:58:98:36:70:32:be:40:cf:4d:e6:17:c9:
                    b4:75:4a:b4:77:0b:4f:03:1c:1d:55:68:d2:c1:da:
                    1e:8e:43:47:ef:93:00:58:f1:fa:89:d1:82:d3:d4:
                    89:2b:2a:5b:d8:30:3b:3d:07:fd:03:7c:6e:2e:75:
                    6b:af:34:8c:f4:07:94:07:2e:77:ff:3b:bd:2b:b7:
                    db:46:f0:3c:da:ce:35:74:82:62:b5:3a:7f:35:99:
                    26:de:2a:cf:45:92:3d:bd:45:55:1b:d2:89:46:7c:
                    47:c4:b9:d5:b9:18:24:20:72:01:84:54:e2:db:b8:
                    12:f8:09:b8:78:0e:0f:e1:a3:46:12:62:63:37:a0:
                    5d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:3A:E2:C3:CE:50:45:C7:53:86:2A:20:CD:7C:D4:C5:F6:01:D3:B6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4d4601c7-d72c-42e7-a2fb-fa06fababb5e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:4b:41:9e:18:5b:65:a2:9c:68:81:0a:40:4b:b2:55:29:a8:
         b6:b0:d3:3f:a8:0c:51:ce:ec:19:a2:40:34:71:f0:25:c8:11:
         81:73:ee:62:90:21:51:ed:fb:01:92:4b:9b:99:a5:ce:e8:e0:
         37:f3:be:b5:b9:c6:68:b8:d3:ee:0f:e0:7c:9c:73:c5:58:39:
         5d:57:71:d0:fd:a2:3c:f9:53:6a:5d:ba:f8:11:22:49:4f:61:
         2a:3a:dd:b2:ef:95:7d:d1:31:70:90:aa:f0:92:8c:93:11:ad:
         e3:c2:df:52:5b:ee:95:b9:f7:b1:52:51:eb:c6:3d:0e:ad:d1:
         61:11:da:87:01:33:7d:e1:38:32:a3:c1:07:85:57:4d:41:c0:
         4b:7e:3c:82:36:85:0b:5c:74:75:1c:cf:d3:c9:03:b2:89:08:
         04:ab:5e:a2:4e:78:13:30:db:5c:5f:0c:a9:9e:c5:a3:db:4c:
         c9:68:60:6a:dc:31:19:21:3b:fb:13:67:f7:13:4b:19:1a:62:
         77:c9:58:8a:3d:81:8b:3c:d5:4e:10:e1:e3:95:50:9c:3c:88:
         24:15:68:24:df:59:84:c6:39:d7:bb:0b:6f:2a:ea:c7:93:0c:
         dc:61:10:a2:ef:31:b5:97:9b:de:2f:43:c4:96:00:15:58:25:
         46:b1:30:74
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL2h9jcu69PC6zuYWKsa6JDuc8xgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTE3MDk1MzIyWhcNMjUwNjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A1ZDViYzUwMzc0M2VmODNiMWY2NDBhNGRkZDk4NzIzMmJj
ODNiZWJmOGMzMTNjMmJkYTE1Yzg5ZWIyYmE0OGEwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7D68zNmvKtr6X9ZwjDnspIR8HCR6+M3W8gibdRhl62MmR
TTtSlfKFsSXNL2BKkbYFcgiS0GZnup7hdpCwpdntM3huXSCHiDvjolodwrq8sldi
VYD0qQiRmvGb5+rzVYhKUMjXDxEQoRsx+2hSAveuHsbDv0EjtnH56liYNnAyvkDP
TeYXybR1SrR3C08DHB1VaNLB2h6OQ0fvkwBY8fqJ0YLT1IkrKlvYMDs9B/0DfG4u
dWuvNIz0B5QHLnf/O70rt9tG8DzazjV0gmK1On81mSbeKs9Fkj29RVUb0olGfEfE
udW5GCQgcgGEVOLbuBL4Cbh4Dg/ho0YSYmM3oF07AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKjriw85QRcdThiogzXzUxfYB07YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRkNDYwMWM3LWQ3MmMtNDJlNy1hMmZiLWZhMDZmYWJhYmI1ZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADhLQZ4YW2WinGiBCkBLslUpqLaw
0z+oDFHO7BmiQDRx8CXIEYFz7mKQIVHt+wGSS5uZpc7o4DfzvrW5xmi40+4P4Hyc
c8VYOV1XcdD9ojz5U2pduvgRIklPYSo63bLvlX3RMXCQqvCSjJMRrePC31Jb7pW5
97FSUevGPQ6t0WER2ocBM33hODKjwQeFV01BwEt+PII2hQtcdHUcz9PJA7KJCASr
XqJOeBMw21xfDKmexaPbTMloYGrcMRkhO/sTZ/cTSxkaYnfJWIo9gYs81U4Q4eOV
UJw8iCQVaCTfWYTGOde7C28q6seTDNxhEKLvMbWXm94vQ8SWABVYJUaxMHQ=
-----END CERTIFICATE-----