Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9836c7e4-d0b8-4a15-80ee-ae543824875d.roa
File:                     9836c7e4-d0b8-4a15-80ee-ae543824875d.roa (raw, json)
Hash identifier:          Hbx0nXKKSiyvrZG0hIjXPURdaGQaBMeQgyPl1R0uXeE=
Subject key identifier:   C2:E5:E7:42:D1:8E:41:0F:D3:28:BF:B4:75:9D:D4:F8:4B:99:05:63
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2E0BF8A0B0A26C00EE314A457BA1CF2F8AF54D1F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9836c7e4-d0b8-4a15-80ee-ae543824875d.roa
Signing time:             Sun 13 Apr 2025 07:58:16 +0000
ROA not before:           Sun 13 Apr 2025 07:58:16 +0000
ROA not after:            Sun 18 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 13 Apr 2025 08:18:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:0b:f8:a0:b0:a2:6c:00:ee:31:4a:45:7b:a1:cf:2f:8a:f5:4d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 13 07:58:16 2025 GMT
            Not After : May 18 23:59:59 2025 GMT
        Subject: serialNumber=d252ce8e172588ed325ae4ef6e9096c2a85e8b816285ffa5f87e9c159f86e173, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:a2:b9:2f:c1:a5:23:60:f6:f6:05:d8:82:06:
                    3b:a3:ba:1a:64:3a:11:3d:5c:df:8d:4d:94:bf:45:
                    22:4e:3f:6d:70:17:07:c4:c9:87:9e:f8:11:f9:b9:
                    31:55:16:63:4f:dc:de:5e:c3:b5:e1:c0:6b:5a:cb:
                    09:b9:20:97:fb:32:ba:72:9a:e7:6b:ff:06:a7:57:
                    f1:2c:4e:12:04:4b:43:2c:f8:85:13:b0:82:f8:d6:
                    09:7f:b1:cf:05:c6:f4:44:27:5a:21:f8:89:1c:9a:
                    55:ee:4e:6c:50:f5:66:13:2e:16:f6:66:df:fe:99:
                    75:71:a0:f2:31:39:61:f2:bf:dc:73:e0:86:7d:10:
                    3d:7c:8f:fd:42:29:67:0a:ef:95:c2:ab:01:eb:23:
                    a6:7e:0d:0b:83:83:af:80:a4:89:ff:36:00:aa:b8:
                    ca:78:cb:7c:b4:71:8c:02:ab:36:67:ac:59:a0:ef:
                    f9:7c:6a:57:eb:8f:88:0c:49:6b:4b:a4:12:f0:ad:
                    80:a7:5b:55:67:6b:e6:a7:b0:96:73:98:98:68:d6:
                    62:28:cd:60:82:68:a3:06:df:5d:b6:aa:03:4b:37:
                    fa:bd:59:e0:65:78:9d:7a:14:a4:a9:7d:ee:ed:93:
                    22:83:e3:70:cb:bd:6d:cb:a9:3d:78:ef:11:47:e9:
                    88:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:E5:E7:42:D1:8E:41:0F:D3:28:BF:B4:75:9D:D4:F8:4B:99:05:63
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9836c7e4-d0b8-4a15-80ee-ae543824875d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:55:35:58:0a:6b:93:ef:42:8c:19:b3:16:6f:c0:99:0a:04:
         c1:53:8f:8d:ca:d4:96:17:c8:2a:c7:5c:0b:16:c8:07:ee:f8:
         47:85:2b:f4:10:5b:0e:42:c7:6e:24:24:f4:d2:f1:5d:a7:a2:
         92:54:81:3f:a8:34:58:2a:0b:c7:a0:dc:11:b1:8b:52:57:aa:
         5e:a8:6d:62:53:a1:e7:ec:a9:d0:40:21:a8:27:bd:cb:0f:3f:
         0d:83:d6:48:72:15:5a:29:30:8d:59:c3:4b:9f:66:1a:c1:d0:
         ba:e8:5c:05:72:0d:e6:94:09:92:e9:d8:ae:7a:0a:1d:33:a9:
         72:e5:1b:73:27:92:39:ed:fe:ac:83:d2:73:6d:28:40:6d:fa:
         d7:17:c7:58:94:56:18:7c:e9:92:99:60:69:71:1a:e9:ee:61:
         a5:d1:3e:76:2e:23:b9:42:aa:f3:f3:96:38:fe:22:c5:73:39:
         63:e3:eb:6c:75:1f:10:a4:09:83:67:e1:14:08:89:7f:4f:5b:
         c1:f3:4e:1c:13:5e:7a:65:50:bb:8b:cc:75:22:d8:f6:46:69:
         6b:7d:c4:0b:6c:52:ac:6e:79:45:41:24:e5:5b:a0:bf:a5:58:
         2e:af:37:44:a4:65:9e:8d:45:ed:17:91:85:1a:07:d3:75:a2:
         d5:0f:e8:3e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULgv4oLCibADuMUpFe6HPL4r1TR8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDEzMDc1ODE2WhcNMjUwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BkMjUyY2U4ZTE3MjU4OGVkMzI1YWU0ZWY2ZTkwOTZjMmE4
NWU4YjgxNjI4NWZmYTVmODdlOWMxNTlmODZlMTczMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQD1orkvwaUjYPb2BdiCBjujuhpkOhE9XN+NTZS/RSJOP21w
FwfEyYee+BH5uTFVFmNP3N5ew7XhwGtaywm5IJf7Mrpymudr/wanV/EsThIES0Ms
+IUTsIL41gl/sc8FxvREJ1oh+IkcmlXuTmxQ9WYTLhb2Zt/+mXVxoPIxOWHyv9xz
4IZ9ED18j/1CKWcK75XCqwHrI6Z+DQuDg6+ApIn/NgCquMp4y3y0cYwCqzZnrFmg
7/l8alfrj4gMSWtLpBLwrYCnW1Vna+ansJZzmJho1mIozWCCaKMG3122qgNLN/q9
WeBleJ16FKSpfe7tkyKD43DLvW3LqT147xFH6Yh1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwuXnQtGOQQ/TKL+0dZ3U+EuZBWMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzk4MzZjN2U0LWQwYjgtNGExNS04MGVlLWFlNTQzODI0ODc1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAItVNVgKa5PvQowZsxZvwJkKBMFT
j43K1JYXyCrHXAsWyAfu+EeFK/QQWw5Cx24kJPTS8V2nopJUgT+oNFgqC8eg3BGx
i1JXql6obWJToefsqdBAIagnvcsPPw2D1khyFVopMI1Zw0ufZhrB0LroXAVyDeaU
CZLp2K56Ch0zqXLlG3Mnkjnt/qyD0nNtKEBt+tcXx1iUVhh86ZKZYGlxGunuYaXR
PnYuI7lCqvPzljj+IsVzOWPj62x1HxCkCYNn4RQIiX9PW8HzThwTXnplULuLzHUi
2PZGaWt9xAtsUqxueUVBJOVboL+lWC6vN0SkZZ6NRe0XkYUaB9N1otUP6D4=
-----END CERTIFICATE-----