Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bf34b18a-2ed2-4835-8ff2-df6fc491bf31.roa
File:                     bf34b18a-2ed2-4835-8ff2-df6fc491bf31.roa (raw, json)
Hash identifier:          90VeQYJ2yJrZY9A7tODAkh6dZ1y0H+giMqy32Q9DvPU=
Subject key identifier:   3C:BE:13:9A:A1:E2:66:02:98:67:3D:99:9B:72:D9:5E:60:68:C3:3F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       36E6F82C5199931015F52CCEFC01B493F5CEB675
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bf34b18a-2ed2-4835-8ff2-df6fc491bf31.roa
Signing time:             Sun 15 Jun 2025 18:13:16 +0000
ROA not before:           Sun 15 Jun 2025 18:13:16 +0000
ROA not after:            Sun 20 Jul 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 15 Jun 2025 18:28:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:e6:f8:2c:51:99:93:10:15:f5:2c:ce:fc:01:b4:93:f5:ce:b6:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 15 18:13:16 2025 GMT
            Not After : Jul 20 23:59:59 2025 GMT
        Subject: serialNumber=1111ec9f4e621049e0681ef491b93a5bc534819573af35a8316e13a56fe64bbe, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:cc:55:30:c6:c0:76:93:24:17:cd:68:49:66:
                    98:fe:8d:ec:61:c6:da:13:21:ec:6b:e3:74:83:38:
                    21:0b:7a:0a:17:21:e4:73:f0:4e:6a:94:ee:50:38:
                    91:1b:ab:3f:00:e9:f5:ef:a6:b7:0d:fb:be:c9:4b:
                    b9:f2:42:75:8d:8c:4a:2e:b7:1b:ea:ac:dd:91:f5:
                    d3:49:9b:f7:f7:7a:34:97:03:f5:5e:6f:39:d9:25:
                    42:dc:f7:3b:cd:0c:70:b1:67:2d:8d:41:0d:1f:45:
                    42:0e:9e:20:39:ef:12:e6:7f:b6:9b:5c:d1:8c:5d:
                    65:5f:4b:04:48:bb:2d:c1:64:84:24:81:3c:dd:c2:
                    21:b1:8f:0d:53:6b:65:9c:08:f3:56:05:8a:00:11:
                    ee:ae:d5:ed:18:5b:03:58:e3:96:84:bf:1e:68:f1:
                    8e:9b:2b:46:95:d8:58:72:ea:27:df:df:02:b9:c0:
                    0a:df:c7:db:d3:b1:bb:f8:a6:f7:89:89:4e:15:ca:
                    a6:39:ae:c8:93:1c:e7:c6:cb:45:05:d6:40:91:23:
                    a2:9a:eb:ff:98:bf:5f:c7:17:12:90:7d:d9:8f:a1:
                    66:d0:e1:ba:23:d4:42:1d:57:6d:80:28:ca:ac:d5:
                    78:12:32:1a:ea:5e:e6:47:34:94:08:63:0c:4a:d2:
                    4b:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:BE:13:9A:A1:E2:66:02:98:67:3D:99:9B:72:D9:5E:60:68:C3:3F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/bf34b18a-2ed2-4835-8ff2-df6fc491bf31.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:19:4f:a6:45:48:4d:f5:21:f8:85:df:1d:65:fa:b3:4a:2a:
         70:48:ca:f1:1f:87:3e:c6:8b:2a:16:80:83:ad:e2:8f:66:a9:
         98:5d:25:1e:c0:c5:14:5e:b4:54:fb:88:4c:fa:ff:5f:71:44:
         e8:7c:9e:85:2e:b0:c3:21:75:18:af:b1:74:a0:eb:b5:1c:43:
         bd:15:40:d2:9f:c8:30:ec:f7:f9:c2:b1:21:71:6e:5b:7e:f9:
         bc:39:7e:c1:24:e4:49:99:c4:28:1a:47:70:52:fc:33:a6:e6:
         d3:c6:d4:c0:5c:2c:c9:63:80:c9:1b:12:b6:7a:93:67:1f:40:
         93:57:e0:d2:2e:69:a7:68:1e:db:f6:b8:0a:f8:35:b3:fd:b1:
         86:7f:72:aa:c6:0a:82:a9:d5:ab:bf:89:ce:c6:3c:17:b6:71:
         dd:d0:76:c5:f0:c8:8e:11:68:e0:a9:ce:3a:07:3e:2b:78:45:
         e3:a1:27:9f:9e:de:6d:fc:1b:d3:45:4f:4c:09:48:c9:c1:e5:
         56:3f:c9:e1:f0:65:ca:96:9f:11:fa:9a:db:e5:a4:a2:f4:0e:
         31:b9:c2:68:46:93:72:45:cd:96:81:80:75:f5:6b:c1:01:4b:
         58:98:ee:aa:8e:40:6f:f3:5e:40:fd:d2:8b:5d:f5:20:1b:08:
         a7:13:91:52
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNub4LFGZkxAV9SzO/AG0k/XOtnUwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNjE1MTgxMzE2WhcNMjUwNzIwMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMTExZWM5ZjRlNjIxMDQ5ZTA2ODFlZjQ5MWI5M2E1YmM1
MzQ4MTk1NzNhZjM1YTgzMTZlMTNhNTZmZTY0YmJlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDVzFUwxsB2kyQXzWhJZpj+jexhxtoTIexr43SDOCELegoX
IeRz8E5qlO5QOJEbqz8A6fXvprcN+77JS7nyQnWNjEoutxvqrN2R9dNJm/f3ejSX
A/VebznZJULc9zvNDHCxZy2NQQ0fRUIOniA57xLmf7abXNGMXWVfSwRIuy3BZIQk
gTzdwiGxjw1Ta2WcCPNWBYoAEe6u1e0YWwNY45aEvx5o8Y6bK0aV2Fhy6iff3wK5
wArfx9vTsbv4pveJiU4VyqY5rsiTHOfGy0UF1kCRI6Ka6/+Yv1/HFxKQfdmPoWbQ
4boj1EIdV22AKMqs1XgSMhrqXuZHNJQIYwxK0ksPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPL4TmqHiZgKYZz2Zm3LZXmBowz8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2JmMzRiMThhLTJlZDItNDgzNS04ZmYyLWRmNmZjNDkxYmYzMS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAkZT6ZFSE31IfiF3x1l+rNKKnBI
yvEfhz7GiyoWgIOt4o9mqZhdJR7AxRRetFT7iEz6/19xROh8noUusMMhdRivsXSg
67UcQ70VQNKfyDDs9/nCsSFxblt++bw5fsEk5EmZxCgaR3BS/DOm5tPG1MBcLMlj
gMkbErZ6k2cfQJNX4NIuaadoHtv2uAr4NbP9sYZ/cqrGCoKp1au/ic7GPBe2cd3Q
dsXwyI4RaOCpzjoHPit4ReOhJ5+e3m38G9NFT0wJSMnB5VY/yeHwZcqWnxH6mtvl
pKL0DjG5wmhGk3JFzZaBgHX1a8EBS1iY7qqOQG/zXkD90otd9SAbCKcTkVI=
-----END CERTIFICATE-----