Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6bd7e1e7-d790-4b16-839a-5a3d215fb184.roa
File:                     6bd7e1e7-d790-4b16-839a-5a3d215fb184.roa (raw, json)
Hash identifier:          IXj0fH02KSVDI2FsOjLwZDNyX0tCkHq3EyXKL59EKfs=
Subject key identifier:   52:10:BF:93:7D:6C:4A:86:F9:F4:C3:E4:E0:79:B1:3C:E2:E1:27:14
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6DA54F0742465E5A39CCC286344BB398D46F32A1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6bd7e1e7-d790-4b16-839a-5a3d215fb184.roa
Signing time:             Thu 12 Jun 2025 16:03:16 +0000
ROA not before:           Thu 12 Jun 2025 16:03:16 +0000
ROA not after:            Thu 17 Jul 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 12 Jun 2025 16:23:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:a5:4f:07:42:46:5e:5a:39:cc:c2:86:34:4b:b3:98:d4:6f:32:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 12 16:03:16 2025 GMT
            Not After : Jul 17 23:59:59 2025 GMT
        Subject: serialNumber=2c519dc8cd59fedbdddd8c970c6b9e5bc9620385081ceea3eb656d0cd09d5d5e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:13:26:a8:14:a9:08:7e:6d:69:f3:73:cc:84:
                    30:49:f8:b5:64:0b:e6:21:a1:2b:cc:3f:f7:b9:e8:
                    09:18:83:e6:5e:32:e1:06:cf:0d:04:41:eb:c6:0b:
                    a4:76:b9:64:4a:b5:1c:8c:99:dc:bf:3f:90:51:46:
                    6c:3d:d2:d1:6a:03:33:50:bd:f1:58:c1:29:36:fa:
                    7f:36:67:f1:44:0d:80:09:5e:91:29:e2:c3:a3:23:
                    75:53:23:a3:7d:d9:8f:69:bb:52:92:30:21:70:b2:
                    29:16:70:0f:46:96:cd:84:e8:3c:8d:e9:b5:7f:ab:
                    f4:7f:13:e1:94:87:b3:89:08:a5:9e:08:09:37:ed:
                    3b:f7:6a:b2:b6:0b:85:74:bd:5e:26:2b:d2:01:41:
                    a9:c2:22:1d:4f:48:e2:77:8f:72:cb:7a:ed:52:fa:
                    c9:32:f2:f7:4a:04:19:04:a4:4d:e1:3c:48:db:f8:
                    9e:2b:60:a7:ed:6a:88:38:ea:a8:1f:3e:b3:cb:10:
                    8a:64:7d:07:57:62:7a:86:35:7a:28:73:47:a3:4a:
                    e0:03:fd:7d:56:dc:76:c2:a0:2f:80:07:ce:05:01:
                    74:84:99:8a:a6:d1:ee:d3:28:2d:f5:c8:ed:2e:0b:
                    85:64:df:28:92:26:14:9c:58:ae:6c:c8:ec:f0:30:
                    9d:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:10:BF:93:7D:6C:4A:86:F9:F4:C3:E4:E0:79:B1:3C:E2:E1:27:14
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6bd7e1e7-d790-4b16-839a-5a3d215fb184.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:d7:7f:63:bd:a7:bf:7f:45:ec:26:da:11:84:d9:84:55:a6:
         0a:1c:b1:fb:0e:0d:aa:71:d8:ca:61:1b:2d:0e:2a:4b:5c:a0:
         24:e9:2d:eb:07:d4:76:d8:95:c8:0b:18:ab:12:0f:78:e4:1f:
         eb:d6:ac:07:64:fe:20:73:2f:39:3f:32:ff:91:5c:f2:e4:30:
         98:48:a7:91:9e:0e:33:74:0e:62:83:7e:fe:cc:ea:7c:26:13:
         c8:35:1f:3a:9d:c8:6f:72:c1:f8:fb:bd:e2:d9:30:bf:00:9b:
         85:27:3e:61:01:57:f6:0f:9b:9a:06:04:3f:55:39:91:7f:60:
         f0:b5:88:70:09:b2:8d:71:45:5b:c6:9b:71:e1:a5:b1:40:41:
         81:88:0d:b7:4b:20:ed:de:f0:9c:a3:89:9f:d6:d9:75:e1:af:
         94:5d:84:46:a7:30:f0:0f:67:5c:e7:33:f4:b9:ae:8f:67:07:
         e6:b2:45:23:bd:3c:f9:94:26:da:8c:48:73:e7:1b:75:d5:1f:
         e9:c3:a1:f0:f0:ce:af:87:08:39:c4:7e:4b:fc:b2:f8:03:ed:
         28:59:5e:aa:e8:df:fb:66:54:da:bf:35:18:d2:1a:a2:91:0e:
         87:49:b6:f4:38:ce:95:5c:7a:b4:82:b6:ed:4b:04:1f:15:f2:
         da:5a:d7:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbaVPB0JGXlo5zMKGNEuzmNRvMqEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNjEyMTYwMzE2WhcNMjUwNzE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyYzUxOWRjOGNkNTlmZWRiZGRkZDhjOTcwYzZiOWU1YmM5
NjIwMzg1MDgxY2VlYTNlYjY1NmQwY2QwOWQ1ZDVlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrEyaoFKkIfm1p83PMhDBJ+LVkC+YhoSvMP/e56AkYg+Ze
MuEGzw0EQevGC6R2uWRKtRyMmdy/P5BRRmw90tFqAzNQvfFYwSk2+n82Z/FEDYAJ
XpEp4sOjI3VTI6N92Y9pu1KSMCFwsikWcA9Gls2E6DyN6bV/q/R/E+GUh7OJCKWe
CAk37Tv3arK2C4V0vV4mK9IBQanCIh1PSOJ3j3LLeu1S+sky8vdKBBkEpE3hPEjb
+J4rYKftaog46qgfPrPLEIpkfQdXYnqGNXooc0ejSuAD/X1W3HbCoC+AB84FAXSE
mYqm0e7TKC31yO0uC4Vk3yiSJhScWK5syOzwMJ27AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUhC/k31sSob59MPk4HmxPOLhJxQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzZiZDdlMWU3LWQ3OTAtNGIxNi04MzlhLTVhM2QyMTVmYjE4NC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABjXf2O9p79/Rewm2hGE2YRVpgoc
sfsODapx2MphGy0OKktcoCTpLesH1HbYlcgLGKsSD3jkH+vWrAdk/iBzLzk/Mv+R
XPLkMJhIp5GeDjN0DmKDfv7M6nwmE8g1HzqdyG9ywfj7veLZML8Am4UnPmEBV/YP
m5oGBD9VOZF/YPC1iHAJso1xRVvGm3HhpbFAQYGIDbdLIO3e8JyjiZ/W2XXhr5Rd
hEanMPAPZ1znM/S5ro9nB+ayRSO9PPmUJtqMSHPnG3XVH+nDofDwzq+HCDnEfkv8
svgD7ShZXqro3/tmVNq/NRjSGqKRDodJtvQ4zpVcerSCtu1LBB8V8tpa160=
-----END CERTIFICATE-----