Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8689c988-aaa8-4c7e-9a06-159f90b4470f.roa
File:                     8689c988-aaa8-4c7e-9a06-159f90b4470f.roa (raw, json)
Hash identifier:          HtVmSEdn0XX9AqhV/DplqzM+nzX+g4OgFrXzGdi+ekE=
Subject key identifier:   32:9B:40:34:FF:D9:16:68:AC:2C:E8:38:94:2B:75:BB:20:A7:66:FC
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6601E011CA7662DA788F696FF369948F322696EA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8689c988-aaa8-4c7e-9a06-159f90b4470f.roa
Signing time:             Mon 02 Jun 2025 11:48:19 +0000
ROA not before:           Mon 02 Jun 2025 11:48:19 +0000
ROA not after:            Mon 07 Jul 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 02 Jun 2025 12:08:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:01:e0:11:ca:76:62:da:78:8f:69:6f:f3:69:94:8f:32:26:96:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun  2 11:48:19 2025 GMT
            Not After : Jul  7 23:59:59 2025 GMT
        Subject: serialNumber=ceb67403f29a52ff96243ad879b7bfff4f29adbf96d9dfe1bc5add158c472180, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:38:66:66:1e:32:02:1f:be:5f:61:df:75:ed:
                    d4:fd:54:5f:74:ab:f6:4c:76:35:91:66:82:d1:ab:
                    3c:69:91:e0:fd:19:fd:1c:88:2c:2d:1b:6c:f1:50:
                    5d:af:d4:17:cb:5e:84:80:6b:5c:52:c2:f7:50:1d:
                    bc:2a:39:a5:5f:2b:40:c5:05:50:51:8e:5f:34:f6:
                    98:9a:6a:48:ec:0b:84:3c:0e:52:f9:5d:73:93:ac:
                    1a:8c:33:c5:41:f1:01:96:cd:2c:42:8e:7a:54:b1:
                    32:34:6b:79:c7:67:a5:9f:36:d5:39:30:6d:cd:b8:
                    c1:e1:d5:07:1a:1b:77:ec:ae:19:5c:82:1f:40:4f:
                    59:bd:1a:75:d3:b5:17:19:4f:c6:6f:26:a6:09:a9:
                    a4:46:29:a2:5a:b2:dd:fb:1d:11:22:3d:6d:fd:88:
                    fb:9b:ce:aa:3a:1f:99:df:45:7b:28:37:b6:b0:26:
                    d4:af:ba:2e:3c:76:1e:61:7b:14:05:e2:3e:32:7a:
                    77:54:08:34:c1:f1:45:bc:b1:46:88:98:9b:c0:7e:
                    d3:a5:98:7a:af:c6:e9:b2:85:3c:18:5c:da:ac:c6:
                    5b:8c:2e:09:d3:2a:c8:34:dd:0d:8a:dc:53:d4:69:
                    e9:35:a0:e4:47:4c:14:2b:f2:d3:0b:f7:f3:f3:19:
                    9b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:9B:40:34:FF:D9:16:68:AC:2C:E8:38:94:2B:75:BB:20:A7:66:FC
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8689c988-aaa8-4c7e-9a06-159f90b4470f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:46:16:96:6e:63:7f:7a:92:a0:bd:9b:54:8b:83:d7:fa:4c:
         91:d5:8a:b4:e0:c3:21:4f:3b:e9:38:2c:05:d2:19:af:09:27:
         72:8a:44:43:b5:d8:50:51:5d:51:e1:7c:db:5a:dd:dd:f9:e1:
         27:9b:22:2b:96:6d:50:ea:96:1f:8d:66:34:f0:90:10:43:1d:
         12:85:41:2c:ef:68:01:34:0a:b6:c1:47:af:d4:0a:a4:67:48:
         28:e0:ed:94:c1:8d:3c:2d:a3:af:dd:46:db:ec:2d:c5:f3:35:
         1e:e7:3c:e7:9c:41:a7:24:06:d3:0e:29:c7:36:cd:d3:45:00:
         1c:fd:6d:44:e4:b0:93:e5:67:d5:e2:ee:37:a9:b8:c0:93:fa:
         93:11:9c:98:04:1e:48:0c:8e:a3:8a:47:94:ab:a9:3b:da:76:
         97:ed:ee:6d:1e:70:93:71:cf:87:87:9c:f9:63:01:df:3b:fb:
         80:2a:40:fe:d8:a7:23:22:1f:3f:37:da:1d:d3:25:0e:ab:fc:
         82:fc:57:8e:aa:75:ac:4f:64:e8:e9:12:0b:43:c0:a8:0e:d8:
         4a:df:13:74:a5:4c:33:f5:71:2d:af:2d:9f:a0:3d:d3:a6:94:
         84:2e:5d:76:44:16:d8:3a:fe:7c:71:67:ec:20:54:75:0a:cc:
         76:54:5c:ce
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZgHgEcp2Ytp4j2lv82mUjzImluowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNjAyMTE0ODE5WhcNMjUwNzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZWI2NzQwM2YyOWE1MmZmOTYyNDNhZDg3OWI3YmZmZjRm
MjlhZGJmOTZkOWRmZTFiYzVhZGQxNThjNDcyMTgwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuOGZmHjICH75fYd917dT9VF90q/ZMdjWRZoLRqzxpkeD9
Gf0ciCwtG2zxUF2v1BfLXoSAa1xSwvdQHbwqOaVfK0DFBVBRjl809piaakjsC4Q8
DlL5XXOTrBqMM8VB8QGWzSxCjnpUsTI0a3nHZ6WfNtU5MG3NuMHh1QcaG3fsrhlc
gh9AT1m9GnXTtRcZT8ZvJqYJqaRGKaJast37HREiPW39iPubzqo6H5nfRXsoN7aw
JtSvui48dh5hexQF4j4yendUCDTB8UW8sUaImJvAftOlmHqvxumyhTwYXNqsxluM
LgnTKsg03Q2K3FPUaek1oORHTBQr8tML9/PzGZszAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMptANP/ZFmisLOg4lCt1uyCnZvwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzg2ODljOTg4LWFhYTgtNGM3ZS05YTA2LTE1OWY5MGI0NDcwZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAG5GFpZuY396kqC9m1SLg9f6TJHV
irTgwyFPO+k4LAXSGa8JJ3KKREO12FBRXVHhfNta3d354SebIiuWbVDqlh+NZjTw
kBBDHRKFQSzvaAE0CrbBR6/UCqRnSCjg7ZTBjTwto6/dRtvsLcXzNR7nPOecQack
BtMOKcc2zdNFABz9bUTksJPlZ9Xi7jepuMCT+pMRnJgEHkgMjqOKR5SrqTvadpft
7m0ecJNxz4eHnPljAd87+4AqQP7YpyMiHz832h3TJQ6r/IL8V46qdaxPZOjpEgtD
wKgO2ErfE3SlTDP1cS2vLZ+gPdOmlIQuXXZEFtg6/nxxZ+wgVHUKzHZUXM4=
-----END CERTIFICATE-----