Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/51d689f1-0e9a-45cc-9858-a5e26bf871f0.roa
File:                     51d689f1-0e9a-45cc-9858-a5e26bf871f0.roa (raw, json)
Hash identifier:          /qKZLX5fzNW9WdGaQ8yWvRU4DBKak84vV1cbzKeCrag=
Subject key identifier:   DC:CD:F0:F6:73:92:0D:E8:80:B4:BE:99:DC:8B:FC:67:FE:75:B6:26
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5D3E61757C84C9565055B05C6A0BBD483240CA2C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/51d689f1-0e9a-45cc-9858-a5e26bf871f0.roa
Signing time:             Wed 26 Mar 2025 05:03:20 +0000
ROA not before:           Wed 26 Mar 2025 05:03:20 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 26 Mar 2025 05:23:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:3e:61:75:7c:84:c9:56:50:55:b0:5c:6a:0b:bd:48:32:40:ca:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 26 05:03:20 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: serialNumber=c1b417da36a3fc348cb06bca0c9cf570c460d2451024c51e4476e4b107c9ae5a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ae:02:f6:da:5a:2d:88:00:64:ae:5e:58:b2:
                    b8:b8:aa:e6:6c:6d:c1:58:75:2a:3a:48:30:f1:3b:
                    d4:c9:f4:5e:7b:9f:af:31:d9:27:33:9f:f3:ec:bc:
                    31:7f:13:89:cc:c9:bb:61:8c:a8:f7:b3:7d:77:de:
                    97:dd:91:1c:8b:87:d3:ea:3b:2e:66:53:39:78:2d:
                    8f:39:7f:44:19:bb:5c:68:94:95:17:dc:04:40:4d:
                    56:1f:84:f7:7a:39:23:da:45:a7:4f:69:4a:2f:ed:
                    5a:5e:57:d8:eb:47:66:aa:50:cb:3a:58:35:a0:c5:
                    6e:ac:52:b7:38:98:30:4b:0f:49:f7:0e:bf:c4:5e:
                    63:6a:cc:fe:f7:2e:76:d4:54:cd:46:c4:58:06:8d:
                    f4:60:c9:0d:60:4b:34:1f:00:7f:ab:6d:63:db:92:
                    10:ef:f7:03:9e:dc:dd:df:58:52:88:b6:88:27:f6:
                    c6:ae:89:42:21:2c:0c:1f:c5:5c:c3:8f:79:e0:24:
                    87:24:49:15:d9:3c:a6:aa:d6:41:6b:9e:a1:f4:ef:
                    b2:2c:af:2b:41:23:50:f1:aa:e3:77:93:27:c2:42:
                    a9:31:66:5b:af:9c:56:d8:bd:a2:1a:fc:68:9c:34:
                    67:ef:32:40:0a:6f:cb:a4:de:db:79:f2:38:fb:fe:
                    f4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:CD:F0:F6:73:92:0D:E8:80:B4:BE:99:DC:8B:FC:67:FE:75:B6:26
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/51d689f1-0e9a-45cc-9858-a5e26bf871f0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:6b:d6:f8:e5:e0:59:9a:b7:cb:63:a7:95:88:8f:46:ab:a4:
         f4:b5:90:59:46:ab:8a:09:52:43:d7:b2:d2:61:5f:31:4d:cf:
         b0:1a:06:38:e4:a7:a4:65:ea:0e:ce:bc:77:b7:0d:e1:2a:10:
         dd:ed:d0:e7:41:e7:5e:fe:dd:e3:c0:79:01:b4:83:40:63:9d:
         3a:38:6f:27:55:05:1a:65:9e:fc:e2:c1:a7:71:d6:c2:a6:f5:
         e4:b9:19:08:67:df:74:5b:0a:6e:7c:3b:21:8c:55:91:4f:8f:
         a4:66:0e:b8:30:fd:a5:e9:91:c8:1c:c3:b7:e6:16:3a:b2:ba:
         a9:39:ca:e3:b2:b8:27:42:0e:db:ab:6a:a5:60:f5:d0:c9:cc:
         64:50:70:7c:42:ef:4b:88:60:de:57:f5:76:96:b6:9a:f3:88:
         3b:10:d1:75:ca:37:44:51:76:ab:68:63:2e:c4:c8:4a:45:f6:
         70:f4:25:6a:c7:9e:c1:02:5e:e0:44:09:cc:f8:78:ba:0d:bb:
         b4:da:bc:e7:76:c5:68:85:d9:32:ae:49:f0:f8:09:2c:1f:6b:
         9e:5a:ae:00:4d:7d:22:1b:bd:e0:a2:01:3f:5e:aa:ff:c2:a6:
         a9:ef:75:15:97:7d:9d:45:8f:8e:7c:8a:14:5b:41:75:58:2e:
         ab:67:f2:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXT5hdXyEyVZQVbBcagu9SDJAyiwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI2MDUwMzIwWhcNMjUwNDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMWI0MTdkYTM2YTNmYzM0OGNiMDZiY2EwYzljZjU3MGM0
NjBkMjQ1MTAyNGM1MWU0NDc2ZTRiMTA3YzlhZTVhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYrgL22lotiABkrl5Ysri4quZsbcFYdSo6SDDxO9TJ9F57
n68x2Sczn/PsvDF/E4nMybthjKj3s3133pfdkRyLh9PqOy5mUzl4LY85f0QZu1xo
lJUX3ARATVYfhPd6OSPaRadPaUov7VpeV9jrR2aqUMs6WDWgxW6sUrc4mDBLD0n3
Dr/EXmNqzP73LnbUVM1GxFgGjfRgyQ1gSzQfAH+rbWPbkhDv9wOe3N3fWFKItogn
9sauiUIhLAwfxVzDj3ngJIckSRXZPKaq1kFrnqH077IsrytBI1DxquN3kyfCQqkx
ZluvnFbYvaIa/GicNGfvMkAKb8uk3tt58jj7/vRdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3M3w9nOSDeiAtL6Z3Iv8Z/51tiYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUxZDY4OWYxLTBlOWEtNDVjYy05ODU4LWE1ZTI2YmY4NzFmMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAApr1vjl4Fmat8tjp5WIj0arpPS1
kFlGq4oJUkPXstJhXzFNz7AaBjjkp6Rl6g7OvHe3DeEqEN3t0OdB517+3ePAeQG0
g0BjnTo4bydVBRplnvziwadx1sKm9eS5GQhn33RbCm58OyGMVZFPj6RmDrgw/aXp
kcgcw7fmFjqyuqk5yuOyuCdCDturaqVg9dDJzGRQcHxC70uIYN5X9XaWtprziDsQ
0XXKN0RRdqtoYy7EyEpF9nD0JWrHnsECXuBECcz4eLoNu7TavOd2xWiF2TKuSfD4
CSwfa55argBNfSIbveCiAT9eqv/CpqnvdRWXfZ1Fj458ihRbQXVYLqtn8vw=
-----END CERTIFICATE-----