Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53fef991-c69c-4745-840d-2aea368816de.roa
File:                     53fef991-c69c-4745-840d-2aea368816de.roa (raw, json)
Hash identifier:          e5lIuNdsSlEPdsPpgydpTHIhwQvzpUub9VkMQ0q0Ci0=
Subject key identifier:   67:43:50:A9:58:5D:01:9E:B2:D3:58:BB:5A:79:9D:E1:AB:91:0B:BB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2AF64EE65CC6FC9B262E71756893CBF29DA5A4B0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53fef991-c69c-4745-840d-2aea368816de.roa
Signing time:             Wed 09 Apr 2025 12:18:19 +0000
ROA not before:           Wed 09 Apr 2025 12:18:19 +0000
ROA not after:            Wed 14 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 09 Apr 2025 12:38:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:f6:4e:e6:5c:c6:fc:9b:26:2e:71:75:68:93:cb:f2:9d:a5:a4:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  9 12:18:19 2025 GMT
            Not After : May 14 23:59:59 2025 GMT
        Subject: serialNumber=20e424e2bfcd60c44fe2ab545c6de045499c5a455149d24f9f2d2f8894b6cc05, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:dc:59:2b:5f:da:71:34:68:a8:7f:7c:d3:7b:
                    71:02:54:c1:87:09:e6:b1:65:97:e7:36:36:28:f2:
                    c6:51:dd:2d:c5:c7:be:69:67:f3:6c:04:83:19:ad:
                    9f:ad:7e:24:ad:2e:5c:39:93:5e:62:75:1e:70:ff:
                    1e:23:fd:d3:73:d7:52:1f:44:cf:ec:3f:b1:a1:c5:
                    ed:7a:22:41:28:da:a6:9e:67:81:4a:7f:6f:1e:70:
                    e7:50:68:4b:40:32:16:73:3a:b4:11:1b:ec:09:14:
                    2e:d3:5c:7a:52:fb:72:88:8a:17:01:5d:4f:e5:f6:
                    47:09:e8:ba:53:6b:00:74:4a:64:f9:10:49:c0:71:
                    35:ea:30:95:2a:28:b3:e3:7d:ff:74:5b:ee:a1:c7:
                    b4:99:5e:aa:66:cb:63:d4:22:29:02:4c:1e:71:2b:
                    ea:f1:6a:bf:9d:b4:89:aa:a5:c8:bd:eb:98:4c:05:
                    1c:0c:69:4a:f5:5b:dc:9e:09:9f:a3:84:a3:25:0a:
                    cc:9a:85:f4:c5:7a:39:26:81:ce:e1:ec:e5:4a:78:
                    df:aa:8c:d7:a0:27:e8:ad:f7:5b:a5:08:46:d7:cb:
                    9a:ac:c4:56:c8:8a:ae:7b:03:4e:27:cc:82:40:d8:
                    72:9c:e7:50:c8:3a:ad:77:ba:ad:d7:1e:99:36:32:
                    e8:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:43:50:A9:58:5D:01:9E:B2:D3:58:BB:5A:79:9D:E1:AB:91:0B:BB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/53fef991-c69c-4745-840d-2aea368816de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:0b:97:0e:51:4a:cc:80:34:6e:25:5e:93:69:a1:0f:80:03:
         9b:58:98:00:bb:9c:06:04:58:b7:9d:23:82:bb:54:b1:0f:c5:
         ca:be:48:44:96:61:2a:16:05:30:21:38:c7:a7:cf:e4:d7:e8:
         6f:1b:76:7b:55:33:76:25:2d:70:14:70:d2:b3:37:29:86:d0:
         3d:f8:b9:87:92:d9:30:d8:d1:45:d9:e0:55:30:3a:8d:d8:6a:
         79:6e:35:a1:cc:65:85:5b:e8:40:fd:6b:94:13:01:61:fc:ab:
         da:ee:d9:aa:89:90:fb:a3:38:0e:e8:21:86:10:30:3c:88:a4:
         3e:b1:b0:f0:07:0a:6e:b1:b7:00:b8:8c:3e:ea:76:25:bd:e0:
         8b:30:c7:13:13:08:50:9d:a9:ee:61:a8:2e:8e:de:34:a7:b0:
         1d:15:ba:fd:33:23:58:1f:7c:1e:aa:d3:c9:e3:62:1f:2e:d3:
         c0:ad:4b:0b:4f:3e:b2:9b:a3:11:cf:2c:97:d9:af:00:19:b8:
         54:d8:06:dc:e2:44:9c:46:b1:15:9f:ad:15:c6:b5:5c:84:96:
         4b:91:88:07:2a:5c:74:14:9c:34:0b:64:2a:d5:19:37:07:05:
         92:8f:2b:39:0d:13:08:d9:4a:fa:7a:c0:9d:48:4c:03:c1:14:
         dc:46:ba:27
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKvZO5lzG/JsmLnF1aJPL8p2lpLAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDA5MTIxODE5WhcNMjUwNTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMGU0MjRlMmJmY2Q2MGM0NGZlMmFiNTQ1YzZkZTA0NTQ5
OWM1YTQ1NTE0OWQyNGY5ZjJkMmY4ODk0YjZjYzA1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCy3FkrX9pxNGiof3zTe3ECVMGHCeaxZZfnNjYo8sZR3S3F
x75pZ/NsBIMZrZ+tfiStLlw5k15idR5w/x4j/dNz11IfRM/sP7Ghxe16IkEo2qae
Z4FKf28ecOdQaEtAMhZzOrQRG+wJFC7TXHpS+3KIihcBXU/l9kcJ6LpTawB0SmT5
EEnAcTXqMJUqKLPjff90W+6hx7SZXqpmy2PUIikCTB5xK+rxar+dtImqpci965hM
BRwMaUr1W9yeCZ+jhKMlCsyahfTFejkmgc7h7OVKeN+qjNegJ+it91ulCEbXy5qs
xFbIiq57A04nzIJA2HKc51DIOq13uq3XHpk2MujtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZ0NQqVhdAZ6y01i7Wnmd4auRC7swHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzUzZmVmOTkxLWM2OWMtNDc0NS04NDBkLTJhZWEzNjg4MTZkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHYLlw5RSsyANG4lXpNpoQ+AA5tY
mAC7nAYEWLedI4K7VLEPxcq+SESWYSoWBTAhOMenz+TX6G8bdntVM3YlLXAUcNKz
NymG0D34uYeS2TDY0UXZ4FUwOo3YanluNaHMZYVb6ED9a5QTAWH8q9ru2aqJkPuj
OA7oIYYQMDyIpD6xsPAHCm6xtwC4jD7qdiW94IswxxMTCFCdqe5hqC6O3jSnsB0V
uv0zI1gffB6q08njYh8u08CtSwtPPrKboxHPLJfZrwAZuFTYBtziRJxGsRWfrRXG
tVyElkuRiAcqXHQUnDQLZCrVGTcHBZKPKzkNEwjZSvp6wJ1ITAPBFNxGuic=
-----END CERTIFICATE-----