Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7cbd9e2b-cde9-4df8-a31a-e3ab38a9f806.roa
File:                     7cbd9e2b-cde9-4df8-a31a-e3ab38a9f806.roa (raw, json)
Hash identifier:          iNT3foxy2Hr+q0Jj6XUM11BYwobhXV7QCeig4oYMPoI=
Subject key identifier:   3E:5A:1C:BF:7A:6D:0E:2E:DE:64:71:67:17:E1:D0:B4:9A:47:F2:8F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       28D9CBCF1A890123DDD3C8928F03AF9AFDE6D8BA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7cbd9e2b-cde9-4df8-a31a-e3ab38a9f806.roa
Signing time:             Fri 18 Apr 2025 19:13:19 +0000
ROA not before:           Fri 18 Apr 2025 19:13:19 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 18 Apr 2025 19:33:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:d9:cb:cf:1a:89:01:23:dd:d3:c8:92:8f:03:af:9a:fd:e6:d8:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 18 19:13:19 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=c1f2c90f4b4943b64708c0e6a615886edff7a314a4f50d1cb0fd1d49034f3e44, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ef:80:a9:ff:fb:76:80:17:e2:61:83:63:ba:
                    eb:16:d0:dc:c3:14:19:c0:ad:74:38:13:d4:3e:bd:
                    ee:d5:46:7d:c1:0d:b1:e1:06:25:2c:1d:1e:c0:ac:
                    c9:a9:45:64:89:94:3f:f7:12:e9:74:42:e1:ec:8b:
                    bf:6c:4d:95:ce:71:36:e8:3e:9c:51:47:25:92:bc:
                    6c:d1:e8:3f:1e:e9:c2:e5:d9:6b:91:d7:dc:97:aa:
                    cc:f7:02:9b:b2:f3:27:f5:6a:5e:4d:5f:f7:a7:4b:
                    0b:de:fc:a8:d1:da:f1:60:cc:d5:dc:0b:ff:a3:66:
                    b7:e2:c7:c0:02:1d:64:d4:1c:af:32:72:81:2c:08:
                    16:6c:ea:29:98:ef:fd:73:15:a7:51:86:a5:6b:55:
                    fb:b9:39:b6:94:a6:12:8a:9d:8c:4c:72:20:f6:1a:
                    cf:bd:a4:c6:fa:27:5d:42:c7:18:e1:8f:ac:8d:9b:
                    d2:97:53:59:fa:d2:30:17:ce:7b:97:1e:00:17:f4:
                    f0:0d:bb:8c:d7:c6:4b:f0:04:1f:90:c0:0c:f5:3b:
                    69:7c:8b:fc:82:64:1c:58:2a:d5:10:58:3c:23:df:
                    9c:b2:40:e8:d7:f8:1f:40:b2:f6:ec:bb:51:f8:ff:
                    5b:4c:c6:ea:45:99:f8:ff:3a:4d:83:4d:3a:87:e3:
                    f4:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:5A:1C:BF:7A:6D:0E:2E:DE:64:71:67:17:E1:D0:B4:9A:47:F2:8F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/7cbd9e2b-cde9-4df8-a31a-e3ab38a9f806.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:76:53:72:3d:45:9c:eb:97:a2:52:d5:bd:37:52:32:3e:c3:
         d0:9e:ca:93:c6:2d:3d:77:e8:87:25:29:a4:2b:ef:d7:80:ed:
         7b:6d:b0:55:3b:c0:46:25:63:3c:09:03:b6:95:27:a3:ce:f9:
         73:ef:53:ce:8d:aa:f8:17:a7:69:da:d9:1f:c1:57:93:2c:a2:
         11:ca:ec:c8:f6:3c:e7:e8:3b:f3:c0:ed:ea:c2:6c:91:ab:bb:
         f9:42:f0:e1:2d:91:5a:be:ab:c5:ae:c6:7b:93:5b:ef:48:e8:
         7e:5a:9f:d7:5e:d1:8f:37:42:51:ee:7a:ff:68:1a:69:14:16:
         0d:7c:68:d6:b2:e9:46:33:92:0a:8a:2f:bc:82:72:ae:93:40:
         c4:63:41:a8:84:55:c0:68:14:b4:14:0e:f5:82:ac:a7:02:53:
         d6:39:b9:15:60:25:c4:2d:3d:95:b7:82:1b:55:c3:a3:af:f0:
         3e:12:09:6c:59:a9:7b:af:aa:4c:63:1a:57:47:14:15:7f:37:
         87:f8:93:fe:32:da:09:53:a7:f9:bd:ab:a1:85:f7:ed:20:d2:
         46:fe:3c:c4:bd:c2:eb:c7:8e:e7:09:74:fe:3c:bd:72:af:6c:
         8c:0b:bc:69:44:db:92:d0:49:56:df:21:97:5a:c7:65:00:90:
         95:30:5c:38
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKNnLzxqJASPd08iSjwOvmv3m2LowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDE4MTkxMzE5WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BjMWYyYzkwZjRiNDk0M2I2NDcwOGMwZTZhNjE1ODg2ZWRm
ZjdhMzE0YTRmNTBkMWNiMGZkMWQ0OTAzNGYzZTQ0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCu74Cp//t2gBfiYYNjuusW0NzDFBnArXQ4E9Q+ve7VRn3B
DbHhBiUsHR7ArMmpRWSJlD/3Eul0QuHsi79sTZXOcTboPpxRRyWSvGzR6D8e6cLl
2WuR19yXqsz3Apuy8yf1al5NX/enSwve/KjR2vFgzNXcC/+jZrfix8ACHWTUHK8y
coEsCBZs6imY7/1zFadRhqVrVfu5ObaUphKKnYxMciD2Gs+9pMb6J11Cxxjhj6yN
m9KXU1n60jAXznuXHgAX9PANu4zXxkvwBB+QwAz1O2l8i/yCZBxYKtUQWDwj35yy
QOjX+B9Asvbsu1H4/1tMxupFmfj/Ok2DTTqH4/ThAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPlocv3ptDi7eZHFnF+HQtJpH8o8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzdjYmQ5ZTJiLWNkZTktNGRmOC1hMzFhLWUzYWIzOGE5ZjgwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG92U3I9RZzrl6JS1b03UjI+w9Ce
ypPGLT136IclKaQr79eA7XttsFU7wEYlYzwJA7aVJ6PO+XPvU86NqvgXp2na2R/B
V5MsohHK7Mj2POfoO/PA7erCbJGru/lC8OEtkVq+q8WuxnuTW+9I6H5an9de0Y83
QlHuev9oGmkUFg18aNay6UYzkgqKL7yCcq6TQMRjQaiEVcBoFLQUDvWCrKcCU9Y5
uRVgJcQtPZW3ghtVw6Ov8D4SCWxZqXuvqkxjGldHFBV/N4f4k/4y2glTp/m9q6GF
9+0g0kb+PMS9wuvHjucJdP48vXKvbIwLvGlE25LQSVbfIZdax2UAkJUwXDg=
-----END CERTIFICATE-----