Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5bb1f6b0-0835-4d89-8337-46ff1372c387.roa
File:                     5bb1f6b0-0835-4d89-8337-46ff1372c387.roa (raw, json)
Hash identifier:          PaCsfY8X+HZ24R69x4hQSB3MpKWqOMkmxZ/NQiObLxo=
Subject key identifier:   57:11:85:87:78:FE:B1:6C:41:E2:66:C9:26:83:CB:34:63:7F:14:0E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       58E160AC7AFF0DAAFC3CD1200983EAE53EB0CED5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5bb1f6b0-0835-4d89-8337-46ff1372c387.roa
Signing time:             Mon 21 Apr 2025 06:53:26 +0000
ROA not before:           Mon 21 Apr 2025 06:53:26 +0000
ROA not after:            Mon 26 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 21 Apr 2025 07:13:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:e1:60:ac:7a:ff:0d:aa:fc:3c:d1:20:09:83:ea:e5:3e:b0:ce:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 21 06:53:26 2025 GMT
            Not After : May 26 23:59:59 2025 GMT
        Subject: serialNumber=bd8ac04cbbf3470dfe11719c527ba7c527c880fbdb3a7dcaf9c85e555c5e5135, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a3:ad:ab:12:09:5d:1f:2a:e2:4c:d0:11:de:
                    be:b4:dc:3f:66:e4:9e:e5:7c:39:85:85:6e:0c:8a:
                    19:81:75:7c:63:71:13:4e:dd:cc:f1:f1:b2:d3:e7:
                    07:7a:60:53:ca:85:8e:72:5c:26:dd:41:0a:ab:69:
                    4d:fa:72:36:af:93:7f:4f:8e:93:7b:49:62:a5:25:
                    6a:65:64:8d:d7:31:4d:70:d5:97:ff:66:8a:f8:99:
                    16:b8:38:c4:65:ce:1e:7d:a1:45:a8:80:5e:73:4d:
                    74:b9:f8:5b:74:41:30:bd:ce:91:38:fb:b9:aa:24:
                    a2:e4:d1:84:50:ad:99:4b:c7:67:84:b8:04:eb:b0:
                    63:a9:d5:72:7a:07:63:2e:91:d8:80:61:48:13:48:
                    4c:c4:dc:5e:62:f1:b9:2a:17:dc:ef:e7:42:57:f4:
                    db:5c:d7:b2:e1:98:e2:4f:6a:e9:cf:7a:39:ac:54:
                    3e:6d:39:b9:c8:ff:fa:5b:c8:e2:f6:ae:bd:fa:f4:
                    2b:40:33:17:c2:00:d0:c2:a5:c8:e2:06:dd:98:7d:
                    b6:4f:63:03:52:c4:02:cb:34:f7:66:1a:54:3c:f9:
                    c9:6b:23:eb:04:97:4a:02:75:87:a3:1d:66:16:2c:
                    01:4d:41:51:ea:f7:e9:85:68:cf:ac:fd:b4:4f:44:
                    12:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:11:85:87:78:FE:B1:6C:41:E2:66:C9:26:83:CB:34:63:7F:14:0E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5bb1f6b0-0835-4d89-8337-46ff1372c387.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:a6:e0:d1:c4:9e:19:f5:7f:54:82:5c:bf:6e:63:62:ee:0d:
         52:03:b3:26:5f:04:26:a5:84:69:43:23:3a:25:f3:a0:d7:d7:
         ea:8d:d9:53:82:91:10:7d:56:23:66:ec:25:2f:17:4a:c8:55:
         f9:10:ad:6b:23:4e:93:38:bf:b0:e5:64:3f:10:a7:2d:59:f8:
         72:3a:6b:ec:f4:f3:91:9f:2d:36:b9:98:7f:bc:2e:7f:5d:48:
         d7:dc:81:8d:c7:20:4a:36:1f:ac:b3:b9:19:4b:09:a7:1f:18:
         c5:d3:50:13:0e:d8:75:2b:2d:4d:ce:b8:3a:d6:db:d4:73:bc:
         fd:af:85:e2:38:61:01:ce:1e:e8:15:a9:34:0f:e5:b8:3b:97:
         64:fe:55:53:02:7f:94:92:d8:c4:d0:ec:f3:ce:13:7c:a7:1f:
         32:7c:fd:a9:0e:ce:d0:25:c6:49:21:d2:ea:4f:e2:a1:ad:30:
         41:a3:cf:74:f6:15:37:67:2a:be:8c:11:86:a4:e4:3e:10:91:
         dc:f0:78:62:80:3f:88:d0:ab:a5:a9:34:38:6a:3b:19:e8:17:
         e0:e0:af:c4:31:be:37:79:93:13:ed:ce:72:5f:d4:c4:6b:ad:
         bc:ff:6b:bc:de:c6:4c:bb:be:44:bf:33:e9:3b:d6:18:1e:2e:
         57:33:9a:da
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWOFgrHr/Dar8PNEgCYPq5T6wztUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDIxMDY1MzI2WhcNMjUwNTI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZDhhYzA0Y2JiZjM0NzBkZmUxMTcxOWM1MjdiYTdjNTI3
Yzg4MGZiZGIzYTdkY2FmOWM4NWU1NTVjNWU1MTM1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHo62rEgldHyriTNAR3r603D9m5J7lfDmFhW4MihmBdXxj
cRNO3czx8bLT5wd6YFPKhY5yXCbdQQqraU36cjavk39PjpN7SWKlJWplZI3XMU1w
1Zf/Zor4mRa4OMRlzh59oUWogF5zTXS5+Ft0QTC9zpE4+7mqJKLk0YRQrZlLx2eE
uATrsGOp1XJ6B2MukdiAYUgTSEzE3F5i8bkqF9zv50JX9Ntc17LhmOJPaunPejms
VD5tObnI//pbyOL2rr369CtAMxfCANDCpcjiBt2YfbZPYwNSxALLNPdmGlQ8+clr
I+sEl0oCdYejHWYWLAFNQVHq9+mFaM+s/bRPRBJ/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVxGFh3j+sWxB4mbJJoPLNGN/FA4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzViYjFmNmIwLTA4MzUtNGQ4OS04MzM3LTQ2ZmYxMzcyYzM4Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC+m4NHEnhn1f1SCXL9uY2LuDVID
syZfBCalhGlDIzol86DX1+qN2VOCkRB9ViNm7CUvF0rIVfkQrWsjTpM4v7DlZD8Q
py1Z+HI6a+z085GfLTa5mH+8Ln9dSNfcgY3HIEo2H6yzuRlLCacfGMXTUBMO2HUr
LU3OuDrW29RzvP2vheI4YQHOHugVqTQP5bg7l2T+VVMCf5SS2MTQ7PPOE3ynHzJ8
/akOztAlxkkh0upP4qGtMEGjz3T2FTdnKr6MEYak5D4QkdzweGKAP4jQq6WpNDhq
OxnoF+Dgr8Qxvjd5kxPtznJf1MRrrbz/a7zexky7vkS/M+k71hgeLlczmto=
-----END CERTIFICATE-----