Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/73cdf3f6-79a4-4514-9433-83417e871785.roa
File:                     73cdf3f6-79a4-4514-9433-83417e871785.roa (raw, json)
Hash identifier:          2W+DgT9mGc53jTCus4jrzo0YZnPmKYkE6XgbeBGBtXo=
Subject key identifier:   21:95:FF:03:2A:57:EC:73:26:1F:9E:BA:01:1D:08:32:0C:B6:11:62
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3B93D4A6F9BB6D9DEC09A66BC350FE30B155CF07
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/73cdf3f6-79a4-4514-9433-83417e871785.roa
Signing time:             Fri 28 Mar 2025 12:43:22 +0000
ROA not before:           Fri 28 Mar 2025 12:43:22 +0000
ROA not after:            Fri 02 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 28 Mar 2025 12:58:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:93:d4:a6:f9:bb:6d:9d:ec:09:a6:6b:c3:50:fe:30:b1:55:cf:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 28 12:43:22 2025 GMT
            Not After : May  2 23:59:59 2025 GMT
        Subject: serialNumber=a819ac2a94d8650ffef75b2106c369480b63a02fa186378d0584bbc87ba6a671, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7a:50:e2:20:76:51:f5:bb:28:8a:87:5c:47:
                    91:2f:ae:2e:01:8e:d2:3f:1c:0a:57:ee:dc:c5:90:
                    4e:c0:26:3c:e1:cf:40:48:7d:e0:97:2e:cd:61:ef:
                    92:92:6b:58:88:e0:6c:14:a1:35:b0:22:d9:ad:0a:
                    5f:10:5c:b5:85:43:95:5c:b3:a0:d6:d3:43:11:f8:
                    eb:44:ab:2b:27:e4:53:bb:48:91:51:c5:c9:30:65:
                    86:6f:a2:b4:7a:18:c8:a5:92:e9:1c:57:71:82:ac:
                    51:6f:22:8c:76:b7:4c:4a:8c:7c:c5:99:b2:d8:4b:
                    8e:08:cc:00:5e:ce:0b:c9:30:ee:70:9c:c7:18:9e:
                    cf:8b:ac:95:cb:9e:18:af:56:17:34:53:73:3e:ca:
                    29:0d:e8:78:4d:05:5a:19:53:a0:f8:4f:68:bc:c9:
                    2e:43:e1:85:99:06:67:5d:4e:4a:d4:a3:1f:1f:74:
                    05:d8:50:52:23:bc:81:37:ce:89:57:67:d9:95:2e:
                    0e:fe:49:78:cd:f4:b3:f4:94:61:95:87:b5:72:ef:
                    27:b9:e3:8f:4d:c4:bd:cd:36:80:4c:38:69:31:a6:
                    29:dc:15:cd:13:ee:25:f8:28:8a:57:91:17:ca:2d:
                    7c:82:91:24:2b:0c:4d:a6:5e:f3:d4:7f:f8:43:8a:
                    29:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:95:FF:03:2A:57:EC:73:26:1F:9E:BA:01:1D:08:32:0C:B6:11:62
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/73cdf3f6-79a4-4514-9433-83417e871785.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:93:0f:c2:b7:ef:d1:f4:37:80:92:0d:e2:09:b5:9f:5e:0f:
         e0:20:0b:30:c2:41:df:6b:9e:0c:3d:6b:51:1f:b4:bb:57:3f:
         80:66:4b:35:11:26:c3:11:8c:e2:2c:46:8d:b7:9d:27:a9:85:
         83:dd:85:16:db:1a:69:eb:c1:5f:00:92:1d:c3:b6:77:f7:54:
         0f:3f:85:0c:a9:76:78:3a:86:ee:d8:99:9a:a8:3c:ea:b4:4b:
         24:83:d0:e5:32:7f:22:13:6e:d8:80:81:6e:c5:75:b4:73:d3:
         6f:cd:70:a5:12:b9:2d:aa:56:71:af:e2:44:af:03:5e:06:30:
         ba:d4:4e:ba:f4:10:2b:12:99:a0:94:35:2a:45:d5:4f:6b:77:
         51:da:7f:b3:f0:6b:f6:f7:c7:fd:d2:66:28:d5:77:0c:24:04:
         ce:0e:7c:93:cb:c9:48:30:a5:83:7a:d9:f2:89:67:c4:6b:6c:
         e2:a6:ed:de:c4:bf:30:9c:8f:31:6e:43:7f:2d:db:77:b3:81:
         b1:83:8f:4b:d9:59:f1:40:eb:24:62:4d:54:da:9e:c8:79:fb:
         d3:36:f2:1d:1f:04:ab:9d:df:74:60:31:b2:ea:65:b5:31:e3:
         03:c1:6e:4b:a3:14:63:b9:5a:14:fd:53:5d:8d:08:03:84:3b:
         44:09:c7:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUO5PUpvm7bZ3sCaZrw1D+MLFVzwcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI4MTI0MzIyWhcNMjUwNTAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhODE5YWMyYTk0ZDg2NTBmZmVmNzViMjEwNmMzNjk0ODBi
NjNhMDJmYTE4NjM3OGQwNTg0YmJjODdiYTZhNjcxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCelDiIHZR9bsoiodcR5Evri4BjtI/HApX7tzFkE7AJjzh
z0BIfeCXLs1h75KSa1iI4GwUoTWwItmtCl8QXLWFQ5Vcs6DW00MR+OtEqysn5FO7
SJFRxckwZYZvorR6GMilkukcV3GCrFFvIox2t0xKjHzFmbLYS44IzABezgvJMO5w
nMcYns+LrJXLnhivVhc0U3M+yikN6HhNBVoZU6D4T2i8yS5D4YWZBmddTkrUox8f
dAXYUFIjvIE3zolXZ9mVLg7+SXjN9LP0lGGVh7Vy7ye5449NxL3NNoBMOGkxpinc
Fc0T7iX4KIpXkRfKLXyCkSQrDE2mXvPUf/hDiik1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIZX/AypX7HMmH566AR0IMgy2EWIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzczY2RmM2Y2LTc5YTQtNDUxNC05NDMzLTgzNDE3ZTg3MTc4NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABSTD8K379H0N4CSDeIJtZ9eD+Ag
CzDCQd9rngw9a1EftLtXP4BmSzURJsMRjOIsRo23nSephYPdhRbbGmnrwV8Akh3D
tnf3VA8/hQypdng6hu7YmZqoPOq0SySD0OUyfyITbtiAgW7FdbRz02/NcKUSuS2q
VnGv4kSvA14GMLrUTrr0ECsSmaCUNSpF1U9rd1Haf7Pwa/b3x/3SZijVdwwkBM4O
fJPLyUgwpYN62fKJZ8RrbOKm7d7EvzCcjzFuQ38t23ezgbGDj0vZWfFA6yRiTVTa
nsh5+9M28h0fBKud33RgMbLqZbUx4wPBbkujFGO5WhT9U12NCAOEO0QJx6E=
-----END CERTIFICATE-----