Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5569664d-f843-42f8-9555-95adfaec486a.roa
File:                     5569664d-f843-42f8-9555-95adfaec486a.roa (raw, json)
Hash identifier:          K+iO37SD7Sb5HoKYGmccwV+rUGd1hVas/roWY7V6GJU=
Subject key identifier:   01:A5:5C:AC:2C:37:E1:69:27:21:CE:78:A2:E6:B6:17:2E:B1:2C:24
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       42BC3E26188B3491A8778DD565DC1FC8AC450A26
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5569664d-f843-42f8-9555-95adfaec486a.roa
Signing time:             Tue 22 Apr 2025 03:13:21 +0000
ROA not before:           Tue 22 Apr 2025 03:13:21 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 22 Apr 2025 03:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:bc:3e:26:18:8b:34:91:a8:77:8d:d5:65:dc:1f:c8:ac:45:0a:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 22 03:13:21 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=122247af86d1d2962282d4aedf4562ea8cd7dcf58a9cdc4c2f0582e9a0b7c95d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:55:6e:3b:1c:9b:3c:6c:87:92:19:28:64:1b:
                    10:8c:6d:a9:6d:b2:b7:e8:46:3c:a8:f2:d4:08:d8:
                    c2:82:22:c7:b6:7e:e7:73:77:13:f0:ef:25:85:ff:
                    77:10:af:9e:9a:db:ec:da:07:b8:5a:d1:fa:5b:8e:
                    0a:83:d3:cc:c6:fc:8b:6b:d4:e6:26:e4:2b:ed:18:
                    cd:ce:da:be:a1:5b:7b:81:01:65:e0:70:45:38:e1:
                    5f:81:b9:73:f1:28:28:d4:29:7e:38:e6:c2:67:25:
                    2c:d3:d8:15:49:ee:46:7d:bd:55:97:3c:d9:8e:86:
                    ec:3a:66:c5:e6:0e:79:94:39:20:73:8f:63:91:7f:
                    73:ec:d5:3e:28:df:fe:ab:2e:58:35:a4:14:5e:fa:
                    33:e7:2d:1c:d6:f3:29:e9:38:34:40:fc:76:3e:0b:
                    8c:6d:f8:de:55:bb:a6:6f:af:b1:43:01:0b:2f:e9:
                    17:57:19:9a:42:85:99:eb:a4:91:29:54:f9:66:18:
                    a8:5a:95:7b:ff:9d:2f:2f:3f:6b:4f:7e:cf:ca:0d:
                    84:d7:50:cd:a4:87:cf:a5:74:bc:ff:8c:19:16:00:
                    91:49:95:92:f3:02:a4:c5:ac:5f:c9:2b:2e:89:34:
                    3f:90:c9:ab:d2:db:49:0f:c4:07:e9:fb:9b:0c:01:
                    08:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A5:5C:AC:2C:37:E1:69:27:21:CE:78:A2:E6:B6:17:2E:B1:2C:24
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5569664d-f843-42f8-9555-95adfaec486a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:b7:f3:a8:4c:07:c3:79:25:af:b7:64:0d:b2:78:f1:39:59:
         58:8b:d8:9f:cb:59:77:87:dd:47:6f:d6:ae:a3:06:df:a4:3e:
         54:5e:6d:b9:91:b0:61:fc:55:2e:62:87:f8:07:57:ac:15:06:
         ab:27:ee:c1:15:25:26:5b:3a:88:6c:9f:db:55:06:7a:14:2b:
         3e:98:25:40:14:0f:a6:2e:36:e2:14:d2:99:3f:23:aa:5f:56:
         72:10:6c:bc:b1:0c:02:e2:8c:cd:bb:7c:98:6d:2e:af:a3:c9:
         98:8b:8d:67:b7:dd:0f:34:2d:74:28:aa:73:95:1a:95:9b:3b:
         dc:75:35:d8:10:1b:5e:da:e7:50:b1:4f:70:3a:c3:ba:0a:d1:
         82:04:0d:e0:b3:b7:13:c6:1b:ad:f8:e4:4d:61:c8:8f:1d:a2:
         3c:35:95:62:61:85:c5:7b:eb:4a:cd:c8:e1:da:82:71:2d:f7:
         28:27:0f:5a:52:67:fe:ec:ce:bd:76:5b:d7:01:3f:e5:8f:d6:
         c2:23:c6:db:03:e8:27:f9:e5:08:ad:72:13:d7:06:5e:de:7b:
         c8:76:06:d9:ed:0d:56:72:79:28:0b:4b:4b:95:a2:76:e9:3c:
         82:f6:e5:c6:e9:a6:72:e1:52:dd:d6:05:7b:7b:29:49:53:c4:
         a5:57:0a:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQrw+JhiLNJGod43VZdwfyKxFCiYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDIyMDMxMzIxWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMjIyNDdhZjg2ZDFkMjk2MjI4MmQ0YWVkZjQ1NjJlYThj
ZDdkY2Y1OGE5Y2RjNGMyZjA1ODJlOWEwYjdjOTVkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgVW47HJs8bIeSGShkGxCMbaltsrfoRjyo8tQI2MKCIse2
fudzdxPw7yWF/3cQr56a2+zaB7ha0fpbjgqD08zG/Itr1OYm5CvtGM3O2r6hW3uB
AWXgcEU44V+BuXPxKCjUKX445sJnJSzT2BVJ7kZ9vVWXPNmOhuw6ZsXmDnmUOSBz
j2ORf3Ps1T4o3/6rLlg1pBRe+jPnLRzW8ynpODRA/HY+C4xt+N5Vu6Zvr7FDAQsv
6RdXGZpChZnrpJEpVPlmGKhalXv/nS8vP2tPfs/KDYTXUM2kh8+ldLz/jBkWAJFJ
lZLzAqTFrF/JKy6JND+QyavS20kPxAfp+5sMAQiRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUAaVcrCw34WknIc54oua2Fy6xLCQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU1Njk2NjRkLWY4NDMtNDJmOC05NTU1LTk1YWRmYWVjNDg2YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKO386hMB8N5Ja+3ZA2yePE5WViL
2J/LWXeH3Udv1q6jBt+kPlRebbmRsGH8VS5ih/gHV6wVBqsn7sEVJSZbOohsn9tV
BnoUKz6YJUAUD6YuNuIU0pk/I6pfVnIQbLyxDALijM27fJhtLq+jyZiLjWe33Q80
LXQoqnOVGpWbO9x1NdgQG17a51CxT3A6w7oK0YIEDeCztxPGG6345E1hyI8dojw1
lWJhhcV760rNyOHagnEt9ygnD1pSZ/7szr12W9cBP+WP1sIjxtsD6Cf55QitchPX
Bl7ee8h2BtntDVZyeSgLS0uVonbpPIL25cbppnLhUt3WBXt7KUlTxKVXClg=
-----END CERTIFICATE-----