Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60edeef9-d963-436c-a9c3-6df27bbe09ec.roa
File:                     60edeef9-d963-436c-a9c3-6df27bbe09ec.roa (raw, json)
Hash identifier:          EqwViCGHejnA4b1wGeMEu2hzOysbtoOW9yvPZgvQq9Q=
Subject key identifier:   36:18:11:ED:99:2B:23:4E:23:66:73:8D:1B:CA:1A:BC:2A:ED:75:A8
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       47D96591D188971D8BA95F26F53A3B98DFBFE802
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60edeef9-d963-436c-a9c3-6df27bbe09ec.roa
Signing time:             Wed 16 Apr 2025 21:18:20 +0000
ROA not before:           Wed 16 Apr 2025 21:18:20 +0000
ROA not after:            Wed 21 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 21:38:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:d9:65:91:d1:88:97:1d:8b:a9:5f:26:f5:3a:3b:98:df:bf:e8:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 16 21:18:20 2025 GMT
            Not After : May 21 23:59:59 2025 GMT
        Subject: serialNumber=02dc3523f0c5af18a0db42106d195e8adffa5e7dcb79d307835a65295f700fa7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:56:36:70:ac:35:fe:49:b3:96:97:12:76:04:
                    72:03:73:22:61:8d:aa:5f:b9:c8:b9:86:00:f4:1c:
                    79:2e:9b:c3:36:8f:33:66:5f:e0:8e:d7:65:08:bc:
                    7b:5d:43:37:2a:a2:2a:b4:e4:3a:45:ea:3a:b1:15:
                    52:21:f3:13:d5:e1:c7:86:a0:41:d9:d2:89:50:4d:
                    32:f2:29:54:04:c5:6d:73:4a:bf:70:0e:fd:ff:de:
                    8c:99:c4:14:43:fd:7a:68:ed:96:f7:08:fc:df:f8:
                    a0:ea:23:e6:b6:fe:2d:e0:b0:e6:55:69:24:9f:b4:
                    11:cc:8f:92:8c:b1:82:b5:96:b1:1c:50:d4:59:e9:
                    82:21:9e:c7:e4:66:be:51:b2:99:d5:85:61:8e:0f:
                    0c:b9:f2:17:29:40:c6:f7:f1:86:13:1c:af:b3:b3:
                    1c:df:68:21:53:2c:aa:4c:5c:3a:8b:bb:57:52:32:
                    aa:6a:d7:ce:64:cf:4c:0a:a9:19:ee:38:d6:45:e8:
                    7b:15:b4:1c:10:11:50:17:4a:05:7c:1f:b2:e6:8e:
                    5b:15:79:2a:77:8a:33:1c:85:f7:b3:43:19:84:47:
                    81:84:af:ad:b5:bc:0c:df:c7:2b:27:99:9e:7f:55:
                    92:b3:57:14:fd:a1:85:51:48:46:3f:69:c5:9b:83:
                    db:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:18:11:ED:99:2B:23:4E:23:66:73:8D:1B:CA:1A:BC:2A:ED:75:A8
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/60edeef9-d963-436c-a9c3-6df27bbe09ec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:5d:b5:e0:79:30:38:06:61:9d:2d:4c:ac:87:41:3f:8d:5c:
         8f:55:f5:ef:70:59:57:28:3d:df:1f:37:e6:87:a7:2b:82:ab:
         93:bc:bd:79:9b:e0:ce:56:c9:17:c4:d1:cc:7f:18:37:e3:72:
         73:f9:8c:24:0e:e7:b4:67:62:4b:58:ef:d6:77:81:1e:9d:73:
         d0:e5:61:38:5e:b8:af:42:1e:54:32:4c:6e:16:57:a5:37:ba:
         9c:1f:8f:15:5f:d0:56:50:0a:65:f8:8f:5b:58:b9:c7:4c:8c:
         e3:6a:6f:99:fb:e1:e6:a8:6c:04:af:9d:73:a4:d5:fc:e5:b2:
         7b:fe:1b:6a:d0:ca:42:93:c9:c6:36:c3:02:bf:ae:fd:6a:c0:
         62:f0:4d:c5:15:a1:1b:9f:74:63:ff:ed:82:69:a9:e4:d5:ea:
         0e:ac:a9:37:8e:92:69:4a:f2:14:0a:1d:67:7e:de:45:65:5b:
         63:d6:28:1d:a3:da:ae:52:13:b7:ec:18:3d:b5:2e:dc:83:10:
         46:0a:c9:07:08:67:11:ab:8c:75:34:d7:39:ea:33:ef:83:6e:
         79:da:6e:3a:6b:1d:a5:f9:e8:27:0b:d9:33:71:66:f4:83:ff:
         7f:3d:80:f9:3f:ff:80:65:83:9f:66:91:c9:eb:b9:47:38:13:
         9a:aa:d9:9b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUR9llkdGIlx2LqV8m9To7mN+/6AIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDE2MjExODIwWhcNMjUwNTIxMjM1OTU5
WjB6MUkwRwYDVQQFE0AwMmRjMzUyM2YwYzVhZjE4YTBkYjQyMTA2ZDE5NWU4YWRm
ZmE1ZTdkY2I3OWQzMDc4MzVhNjUyOTVmNzAwZmE3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCpVjZwrDX+SbOWlxJ2BHIDcyJhjapfuci5hgD0HHkum8M2
jzNmX+CO12UIvHtdQzcqoiq05DpF6jqxFVIh8xPV4ceGoEHZ0olQTTLyKVQExW1z
Sr9wDv3/3oyZxBRD/Xpo7Zb3CPzf+KDqI+a2/i3gsOZVaSSftBHMj5KMsYK1lrEc
UNRZ6YIhnsfkZr5RspnVhWGODwy58hcpQMb38YYTHK+zsxzfaCFTLKpMXDqLu1dS
Mqpq185kz0wKqRnuONZF6HsVtBwQEVAXSgV8H7LmjlsVeSp3ijMchfezQxmER4GE
r621vAzfxysnmZ5/VZKzVxT9oYVRSEY/acWbg9spAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUNhgR7ZkrI04jZnONG8oavCrtdagwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzYwZWRlZWY5LWQ5NjMtNDM2Yy1hOWMzLTZkZjI3YmJlMDllYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFpdteB5MDgGYZ0tTKyHQT+NXI9V
9e9wWVcoPd8fN+aHpyuCq5O8vXmb4M5WyRfE0cx/GDfjcnP5jCQO57RnYktY79Z3
gR6dc9DlYTheuK9CHlQyTG4WV6U3upwfjxVf0FZQCmX4j1tYucdMjONqb5n74eao
bASvnXOk1fzlsnv+G2rQykKTycY2wwK/rv1qwGLwTcUVoRufdGP/7YJpqeTV6g6s
qTeOkmlK8hQKHWd+3kVlW2PWKB2j2q5SE7fsGD21LtyDEEYKyQcIZxGrjHU01znq
M++DbnnabjprHaX56CcL2TNxZvSD/389gPk//4Blg59mkcnruUc4E5qq2Zs=
-----END CERTIFICATE-----