Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1d3abae-52fd-47f8-b547-a2b6725e0cda.roa
File:                     c1d3abae-52fd-47f8-b547-a2b6725e0cda.roa (raw, json)
Hash identifier:          4/k3a9Kt/TyKKqImMqy8gt9fFSrxc5FT3TAP8rA41Is=
Subject key identifier:   4D:AA:D3:5B:09:D7:AB:87:61:4B:35:A0:DE:38:12:73:1F:23:C8:60
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0510857373837D1F87CF443E8E529230401546CA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1d3abae-52fd-47f8-b547-a2b6725e0cda.roa
Signing time:             Tue 15 Apr 2025 11:43:19 +0000
ROA not before:           Tue 15 Apr 2025 11:43:19 +0000
ROA not after:            Tue 20 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 15 Apr 2025 12:03:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:10:85:73:73:83:7d:1f:87:cf:44:3e:8e:52:92:30:40:15:46:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 15 11:43:19 2025 GMT
            Not After : May 20 23:59:59 2025 GMT
        Subject: serialNumber=55d3eabaaf675df77153b09e99e40cf221301ff7e655fd5ef9f7e986cc6dc7a8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c7:c0:47:3a:d9:fc:7e:f3:bd:59:0f:ee:74:
                    eb:5e:0a:8d:5b:56:3a:cc:b0:4b:c4:34:a7:dd:ed:
                    fa:4c:29:fd:51:33:c4:c9:98:45:f3:47:cf:7e:3e:
                    3a:b3:52:dc:76:ff:44:3a:56:a8:b3:4b:e8:55:10:
                    d9:11:4d:5b:ac:4b:dd:bf:47:fd:20:67:79:10:5a:
                    27:ac:d2:56:69:2e:14:88:5a:cf:2b:da:75:93:4f:
                    00:54:e8:c9:36:27:61:1c:ed:50:2c:9d:58:a9:4b:
                    37:e8:43:1c:00:97:a8:cf:99:51:b5:96:71:70:3e:
                    79:6b:6b:34:dc:a9:5f:1b:e2:af:f2:2e:fc:03:eb:
                    47:3f:4a:e8:e4:37:8a:93:1f:59:65:39:aa:67:a3:
                    d0:8d:38:e9:06:bb:ad:57:e1:e1:06:0c:3d:c4:ae:
                    5a:b2:28:22:45:94:a9:be:83:e0:4a:70:e4:05:01:
                    ca:a9:aa:13:a9:b0:6e:43:9d:01:05:8c:2e:54:5d:
                    89:d6:cc:14:49:46:ed:72:0a:72:ed:7b:47:c3:75:
                    2c:05:42:e8:ac:b6:26:6d:8c:93:00:9f:46:50:0b:
                    9e:04:14:b0:1b:11:3f:e5:cd:e0:04:df:5c:99:fb:
                    1c:4c:e9:96:03:ad:38:34:bd:53:a7:73:77:fa:44:
                    c1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:AA:D3:5B:09:D7:AB:87:61:4B:35:A0:DE:38:12:73:1F:23:C8:60
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c1d3abae-52fd-47f8-b547-a2b6725e0cda.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:bc:f2:e5:22:49:1c:f5:62:6a:15:c3:22:23:97:db:3c:d7:
         b2:e2:d5:a8:7a:e2:4a:d2:c2:b7:ec:38:5f:97:24:29:18:94:
         60:df:8c:bb:c1:83:9a:48:ca:30:cf:ae:17:c6:e7:65:54:04:
         a2:ea:f2:4c:16:7f:fa:49:84:a7:73:b3:f4:14:45:27:d9:01:
         de:8d:87:71:c5:41:c6:be:d0:0a:ef:30:5a:26:9e:16:86:f2:
         f6:a4:bb:a0:83:4f:4e:a8:a1:55:32:17:57:98:eb:8e:07:74:
         e4:38:b3:e6:cf:79:5b:e7:80:36:a4:2a:41:4b:5d:cb:fa:08:
         81:8e:1a:b6:de:df:06:05:2c:62:69:1b:91:1b:f9:64:c7:a4:
         4b:3f:13:f3:ad:5b:e0:6d:dc:0d:5f:94:fe:86:0b:01:85:e1:
         ca:61:e4:b3:fb:38:2d:7d:eb:bb:75:ae:35:5a:78:fa:a1:05:
         40:eb:84:95:ab:af:2d:3a:d2:aa:4f:2d:ef:f4:19:c5:2f:86:
         b9:96:51:e9:2f:4c:83:b5:b2:e1:c1:a8:f6:28:7c:cd:2e:fb:
         e8:1a:04:51:61:79:17:f0:4c:4c:13:95:1e:60:19:66:e9:8e:
         77:82:41:90:59:8d:2a:74:ea:56:89:f8:55:a9:53:e1:08:55:
         1d:78:ea:ad
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBRCFc3ODfR+Hz0Q+jlKSMEAVRsowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDE1MTE0MzE5WhcNMjUwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NWQzZWFiYWFmNjc1ZGY3NzE1M2IwOWU5OWU0MGNmMjIx
MzAxZmY3ZTY1NWZkNWVmOWY3ZTk4NmNjNmRjN2E4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVx8BHOtn8fvO9WQ/udOteCo1bVjrMsEvENKfd7fpMKf1R
M8TJmEXzR89+PjqzUtx2/0Q6VqizS+hVENkRTVusS92/R/0gZ3kQWies0lZpLhSI
Ws8r2nWTTwBU6Mk2J2Ec7VAsnVipSzfoQxwAl6jPmVG1lnFwPnlrazTcqV8b4q/y
LvwD60c/SujkN4qTH1llOapno9CNOOkGu61X4eEGDD3ErlqyKCJFlKm+g+BKcOQF
AcqpqhOpsG5DnQEFjC5UXYnWzBRJRu1yCnLte0fDdSwFQuistiZtjJMAn0ZQC54E
FLAbET/lzeAE31yZ+xxM6ZYDrTg0vVOnc3f6RMEtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTarTWwnXq4dhSzWg3jgScx8jyGAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2MxZDNhYmFlLTUyZmQtNDdmOC1iNTQ3LWEyYjY3MjVlMGNkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIO88uUiSRz1YmoVwyIjl9s817Li
1ah64krSwrfsOF+XJCkYlGDfjLvBg5pIyjDPrhfG52VUBKLq8kwWf/pJhKdzs/QU
RSfZAd6Nh3HFQca+0ArvMFomnhaG8vaku6CDT06ooVUyF1eY644HdOQ4s+bPeVvn
gDakKkFLXcv6CIGOGrbe3wYFLGJpG5Eb+WTHpEs/E/OtW+Bt3A1flP6GCwGF4cph
5LP7OC1967t1rjVaePqhBUDrhJWrry060qpPLe/0GcUvhrmWUekvTIO1suHBqPYo
fM0u++gaBFFheRfwTEwTlR5gGWbpjneCQZBZjSp06laJ+FWpU+EIVR146q0=
-----END CERTIFICATE-----