Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/be6eedf2-ddb8-49c2-ab71-3f81c5273d6c.roa
File:                     be6eedf2-ddb8-49c2-ab71-3f81c5273d6c.roa (raw, json)
Hash identifier:          JYmclSKJXI7C/WML6XWzieUSeXCdB67wEx1goQvPaqw=
Subject key identifier:   20:40:54:03:40:DE:17:8E:43:77:5B:7D:61:62:00:A0:F1:49:D3:8D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5848FD171940B0CB8ED5475130F977CA51CF7C13
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/be6eedf2-ddb8-49c2-ab71-3f81c5273d6c.roa
Signing time:             Mon 26 May 2025 06:18:20 +0000
ROA not before:           Mon 26 May 2025 06:18:20 +0000
ROA not after:            Mon 30 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 26 May 2025 06:33:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:48:fd:17:19:40:b0:cb:8e:d5:47:51:30:f9:77:ca:51:cf:7c:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 26 06:18:20 2025 GMT
            Not After : Jun 30 23:59:59 2025 GMT
        Subject: serialNumber=0c6613cf6fb31968eab8d251d8ad3712be6ea6c70768010cda6cef27fd46e290, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:54:36:75:c2:d9:9e:5d:85:99:14:eb:83:5b:
                    67:cb:14:93:be:4f:3d:2f:f0:be:f0:58:31:b0:e0:
                    65:e4:e3:14:e5:b6:be:07:34:96:18:c3:0c:29:87:
                    bc:20:d5:b7:0e:d6:65:f8:41:4e:7f:ae:87:9b:6b:
                    f1:94:d2:f8:f4:38:51:59:cf:c4:d4:29:22:f1:ae:
                    c3:d7:44:47:d8:2c:bb:8e:b1:35:c6:71:6e:31:64:
                    80:be:1c:26:93:13:a2:e6:7b:db:c2:ea:1b:db:d8:
                    82:7d:ba:90:fd:01:67:ef:59:d2:eb:65:d7:f5:43:
                    47:02:43:c2:b7:06:fc:74:ba:be:f7:e0:9b:66:5e:
                    ff:ff:9c:3a:d8:19:42:e7:77:f4:f8:0c:c5:d7:0e:
                    68:10:87:62:3a:6b:62:32:a9:a8:4a:82:43:10:c7:
                    25:ef:af:a3:63:f8:85:2b:dc:4e:6a:18:ee:e0:b0:
                    9e:0b:d4:e1:81:6e:7a:05:3b:b2:f6:cc:2c:bf:73:
                    e0:1c:c5:d2:04:57:3b:a5:67:ad:2e:b1:db:46:93:
                    5e:35:99:01:f0:8b:eb:01:12:f5:ce:13:ae:e0:35:
                    b5:30:a7:22:b9:fc:b0:78:2a:86:38:28:22:be:6b:
                    de:77:fc:30:03:65:14:d7:0d:3a:55:48:e0:69:9a:
                    a6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:40:54:03:40:DE:17:8E:43:77:5B:7D:61:62:00:A0:F1:49:D3:8D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/be6eedf2-ddb8-49c2-ab71-3f81c5273d6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:45:ef:67:db:e0:1b:7c:4d:e1:e9:ef:c7:1d:13:89:e6:06:
         33:b3:10:4a:92:a6:e7:22:a1:a7:ca:35:d4:4e:f7:65:59:10:
         e3:54:41:c5:33:28:70:2c:bd:ce:fa:9b:71:a7:9d:d4:ec:53:
         32:c2:aa:c5:9d:a9:5e:b6:77:92:a5:aa:bb:6f:52:f8:ce:8d:
         a5:33:a4:4f:26:d6:95:b8:26:d3:f6:d4:5e:b8:ca:fa:ea:a8:
         37:70:87:d4:ac:9f:07:41:f8:60:17:1f:f9:4f:53:0e:d3:85:
         92:35:5f:7c:d7:3c:d1:b1:af:70:35:3b:b1:14:9a:3d:d7:75:
         c4:65:13:5c:9f:6f:8f:21:a1:6e:cd:3d:20:fb:1d:01:18:81:
         89:b5:a1:08:0b:7c:cb:83:97:78:41:7c:31:4d:94:3e:8c:f8:
         aa:c3:07:1a:0a:f7:8c:d9:a7:93:a0:aa:b8:4d:2b:96:0d:02:
         27:b0:a7:cf:10:ae:6f:71:c8:b7:b3:50:f5:5b:01:d8:ae:37:
         53:63:74:89:92:0f:8b:c7:07:f5:b3:8c:c2:07:fb:f5:65:24:
         e7:2e:7f:e9:9d:4d:05:d3:e1:4b:58:cb:ab:48:61:e1:be:56:
         1e:4e:03:b3:91:9b:5c:63:75:2d:36:61:ef:fb:87:51:b0:dd:
         06:85:5b:96
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWEj9FxlAsMuO1UdRMPl3ylHPfBMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTI2MDYxODIwWhcNMjUwNjMwMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYzY2MTNjZjZmYjMxOTY4ZWFiOGQyNTFkOGFkMzcxMmJl
NmVhNmM3MDc2ODAxMGNkYTZjZWYyN2ZkNDZlMjkwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+VDZ1wtmeXYWZFOuDW2fLFJO+Tz0v8L7wWDGw4GXk4xTl
tr4HNJYYwwwph7wg1bcO1mX4QU5/roeba/GU0vj0OFFZz8TUKSLxrsPXREfYLLuO
sTXGcW4xZIC+HCaTE6Lme9vC6hvb2IJ9upD9AWfvWdLrZdf1Q0cCQ8K3Bvx0ur73
4JtmXv//nDrYGULnd/T4DMXXDmgQh2I6a2IyqahKgkMQxyXvr6Nj+IUr3E5qGO7g
sJ4L1OGBbnoFO7L2zCy/c+AcxdIEVzulZ60usdtGk141mQHwi+sBEvXOE67gNbUw
pyK5/LB4KoY4KCK+a953/DADZRTXDTpVSOBpmqaVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIEBUA0DeF45Dd1t9YWIAoPFJ040wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JlNmVlZGYyLWRkYjgtNDljMi1hYjcxLTNmODFjNTI3M2Q2Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABFF72fb4Bt8TeHp78cdE4nmBjOz
EEqSpucioafKNdRO92VZEONUQcUzKHAsvc76m3GnndTsUzLCqsWdqV62d5Klqrtv
UvjOjaUzpE8m1pW4JtP21F64yvrqqDdwh9SsnwdB+GAXH/lPUw7ThZI1X3zXPNGx
r3A1O7EUmj3XdcRlE1yfb48hoW7NPSD7HQEYgYm1oQgLfMuDl3hBfDFNlD6M+KrD
BxoK94zZp5OgqrhNK5YNAiewp88Qrm9xyLezUPVbAdiuN1NjdImSD4vHB/WzjMIH
+/VlJOcuf+mdTQXT4UtYy6tIYeG+Vh5OA7ORm1xjdS02Ye/7h1Gw3QaFW5Y=
-----END CERTIFICATE-----