Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/95eb81a3-4d44-4983-98bd-7b8ff976e5c3.roa
File:                     95eb81a3-4d44-4983-98bd-7b8ff976e5c3.roa (raw, json)
Hash identifier:          9tjn8xYMDOwB6yUjb4aLQju0NC++a1GrCR9S9hU1WEc=
Subject key identifier:   52:53:B0:F8:03:07:ED:EE:7F:45:4A:44:44:5E:26:F8:71:03:C6:0C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       45E636CCDDC10BD11AFE5CE0290B3413B8BC34A8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/95eb81a3-4d44-4983-98bd-7b8ff976e5c3.roa
Signing time:             Tue 08 Apr 2025 20:48:19 +0000
ROA not before:           Tue 08 Apr 2025 20:48:19 +0000
ROA not after:            Tue 13 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 08 Apr 2025 21:08:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:e6:36:cc:dd:c1:0b:d1:1a:fe:5c:e0:29:0b:34:13:b8:bc:34:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr  8 20:48:19 2025 GMT
            Not After : May 13 23:59:59 2025 GMT
        Subject: serialNumber=ada8690935d60566159266ab3157fc5624eb71fe98b005fa4cb803ec0e9b899e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:51:d6:41:e3:9b:dc:59:f8:d3:e0:dd:a5:20:
                    db:83:46:9c:70:49:f6:0e:be:d4:0e:7c:9d:c4:a8:
                    5c:e7:bd:a9:d4:38:da:de:75:90:5a:15:05:be:da:
                    69:9c:52:5b:9c:95:28:61:60:90:2e:e9:57:4b:92:
                    0d:f2:a9:90:7a:e6:af:ce:c5:bb:c5:e9:41:68:69:
                    1e:96:d6:9e:d4:0d:d2:fd:f0:04:45:3f:ea:5c:a2:
                    b1:e9:09:67:17:99:ad:04:e4:bd:fd:8c:5c:ed:87:
                    56:f5:48:83:bf:d7:2b:c7:0b:54:1b:31:df:99:a2:
                    e0:fd:bd:5a:c3:2f:25:aa:64:a2:f1:03:58:98:ea:
                    25:48:40:2a:7e:a5:47:d0:a6:37:ca:d6:3e:c9:86:
                    24:6a:33:74:c1:27:ce:c4:b3:2e:71:db:ca:83:8d:
                    ed:4a:79:0b:25:c6:09:04:01:1a:94:7b:e7:bc:17:
                    d9:82:bf:c5:ae:87:45:3a:4a:59:af:0f:74:5b:66:
                    1f:00:df:f1:8c:b0:6a:79:ec:53:f9:87:8b:cc:27:
                    f7:0a:cb:ee:8c:69:b4:67:4b:e0:99:ad:88:e9:d3:
                    a1:62:95:be:70:3a:9d:21:a1:70:2f:3a:be:f0:95:
                    32:4c:c3:92:ba:b1:b7:fa:9a:0d:22:cd:a0:f0:4f:
                    d9:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:53:B0:F8:03:07:ED:EE:7F:45:4A:44:44:5E:26:F8:71:03:C6:0C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/95eb81a3-4d44-4983-98bd-7b8ff976e5c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:b1:22:45:82:02:4e:78:8f:56:6b:7c:71:9a:1c:72:5c:b5:
         6a:e8:20:14:43:ce:c8:59:88:6f:1b:c9:18:7a:26:ff:2a:87:
         db:11:99:3e:79:bc:57:3c:85:92:f7:61:f5:ff:e6:d4:bd:f1:
         99:2d:3c:05:02:c6:61:3d:4f:a9:22:0b:1d:54:37:ce:69:1e:
         75:82:d7:53:19:ec:b0:4b:ce:53:fc:8b:ad:8f:62:1f:94:45:
         e0:f3:00:04:5c:ef:e7:79:9e:01:95:95:d6:86:e2:f0:3b:9b:
         28:0a:1b:af:78:3c:70:c4:00:6d:85:c0:1f:6e:16:8a:67:43:
         af:fd:f9:79:dc:86:fa:e1:10:89:78:5b:08:fb:3a:5c:cf:ec:
         9d:30:7a:8d:6e:74:03:3c:54:52:aa:d0:c5:31:7e:9c:f8:95:
         fe:d5:88:9d:73:6a:26:16:0c:f9:f4:10:05:43:5b:e3:d2:39:
         f9:d5:c2:d6:98:a2:7f:7a:6c:44:02:77:a7:5a:e5:53:d6:81:
         00:bd:8b:60:74:bf:93:c8:c9:f0:1f:49:16:53:79:e2:83:14:
         0b:27:51:e5:24:71:e2:b0:df:45:b2:3e:b6:74:79:86:d3:35:
         6e:5a:1b:65:ec:0e:95:91:f8:30:9e:fc:94:89:97:c9:ef:ca:
         73:24:72:93
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUReY2zN3BC9Ea/lzgKQs0E7i8NKgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDA4MjA0ODE5WhcNMjUwNTEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZGE4NjkwOTM1ZDYwNTY2MTU5MjY2YWIzMTU3ZmM1NjI0
ZWI3MWZlOThiMDA1ZmE0Y2I4MDNlYzBlOWI4OTllMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIUdZB45vcWfjT4N2lINuDRpxwSfYOvtQOfJ3EqFznvanU
ONredZBaFQW+2mmcUluclShhYJAu6VdLkg3yqZB65q/OxbvF6UFoaR6W1p7UDdL9
8ARFP+pcorHpCWcXma0E5L39jFzth1b1SIO/1yvHC1QbMd+ZouD9vVrDLyWqZKLx
A1iY6iVIQCp+pUfQpjfK1j7JhiRqM3TBJ87Esy5x28qDje1KeQslxgkEARqUe+e8
F9mCv8Wuh0U6SlmvD3RbZh8A3/GMsGp57FP5h4vMJ/cKy+6MabRnS+CZrYjp06Fi
lb5wOp0hoXAvOr7wlTJMw5K6sbf6mg0izaDwT9m1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUUlOw+AMH7e5/RUpERF4m+HEDxgwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk1ZWI4MWEzLTRkNDQtNDk4My05OGJkLTdiOGZmOTc2ZTVjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGixIkWCAk54j1ZrfHGaHHJctWro
IBRDzshZiG8byRh6Jv8qh9sRmT55vFc8hZL3YfX/5tS98ZktPAUCxmE9T6kiCx1U
N85pHnWC11MZ7LBLzlP8i62PYh+UReDzAARc7+d5ngGVldaG4vA7mygKG694PHDE
AG2FwB9uFopnQ6/9+XnchvrhEIl4Wwj7OlzP7J0weo1udAM8VFKq0MUxfpz4lf7V
iJ1zaiYWDPn0EAVDW+PSOfnVwtaYon96bEQCd6da5VPWgQC9i2B0v5PIyfAfSRZT
eeKDFAsnUeUkceKw30WyPrZ0eYbTNW5aG2XsDpWR+DCe/JSJl8nvynMkcpM=
-----END CERTIFICATE-----