Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cbdedd9e-83b8-4d95-85ce-792f4113970c.roa
File:                     cbdedd9e-83b8-4d95-85ce-792f4113970c.roa (raw, json)
Hash identifier:          3nBS2yqLnn86HGhoO7AXSXtTNNMnp3ep1rg6WML3S50=
Subject key identifier:   C2:70:FE:A9:86:B4:FD:B0:29:AB:13:3A:C9:05:0C:FC:24:CA:DB:2D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       212D57B0C39C32FBD26515521E2ACBF5858B6596
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cbdedd9e-83b8-4d95-85ce-792f4113970c.roa
Signing time:             Thu 12 Jun 2025 14:58:18 +0000
ROA not before:           Thu 12 Jun 2025 14:58:18 +0000
ROA not after:            Thu 17 Jul 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 12 Jun 2025 15:13:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:2d:57:b0:c3:9c:32:fb:d2:65:15:52:1e:2a:cb:f5:85:8b:65:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 12 14:58:18 2025 GMT
            Not After : Jul 17 23:59:59 2025 GMT
        Subject: serialNumber=33ae2169143e1ee5a4edcff9ed60c13be6f1b6049bc1da5cb2ba7ecdad07d608, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f8:c7:7a:8b:b2:3b:95:02:11:e7:35:ca:95:
                    89:fb:34:9c:f2:26:f3:72:41:6c:26:8d:26:4f:d8:
                    b5:3f:1d:25:a1:a7:72:60:7d:2f:e7:9f:64:02:d5:
                    4e:19:a8:65:f4:e3:ac:d7:32:5f:e7:63:19:54:ce:
                    d8:28:e2:f0:6e:58:28:7c:cb:02:92:c0:0a:df:5e:
                    6a:a9:07:8e:46:84:6d:79:af:c1:48:e5:f9:ad:40:
                    ee:a1:4a:23:13:21:f2:1f:68:ff:a8:5a:47:5f:01:
                    53:94:c7:c4:22:08:23:44:76:dd:54:cf:3f:68:e7:
                    ca:de:99:fe:da:52:09:cb:97:57:84:03:45:f8:e1:
                    13:a7:9e:80:45:96:05:c2:40:c4:f5:59:97:54:da:
                    f6:2e:28:c3:ec:5a:d4:6c:91:44:f6:ed:f3:4f:66:
                    92:21:bf:6e:59:91:78:01:e9:58:5c:10:d0:59:ab:
                    67:a1:f7:e6:fd:77:8d:1a:99:3a:e7:fd:86:45:dc:
                    67:8b:97:55:79:bb:a8:0a:f2:37:09:5f:7e:21:03:
                    f2:67:3d:db:69:4d:11:6b:b0:75:c6:09:06:b2:ee:
                    00:a0:d1:71:65:a2:f9:3a:2f:31:12:4f:13:f3:52:
                    14:51:1e:9f:dc:0f:5b:49:cd:12:b0:9e:d0:c5:60:
                    89:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:70:FE:A9:86:B4:FD:B0:29:AB:13:3A:C9:05:0C:FC:24:CA:DB:2D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cbdedd9e-83b8-4d95-85ce-792f4113970c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:f7:ae:80:64:fd:7f:01:f3:8d:15:77:a1:25:cb:58:54:b8:
         f2:63:50:da:9b:96:b3:fb:02:23:7a:3e:23:4a:1f:71:13:7b:
         15:92:9c:2e:12:a7:42:8d:ca:c1:03:8c:86:57:46:c5:bd:b4:
         fa:60:5d:4b:6c:cc:5b:f8:7a:0c:d7:09:3f:74:2c:13:9a:1b:
         99:d0:d3:04:64:fe:8b:dd:39:b1:99:e4:b8:da:03:fa:1a:41:
         ab:1e:2d:e2:97:bc:a7:95:1f:0d:cd:05:7e:31:c3:97:3a:56:
         16:b6:f0:37:8f:c9:1c:d3:80:fb:51:27:b9:7f:cd:1d:bd:6c:
         8c:13:89:8b:9e:d7:10:46:22:13:79:67:55:61:04:99:21:42:
         80:de:f6:36:8c:a7:c4:d2:0c:f6:95:4c:9f:6a:4f:1a:4c:6b:
         a1:1d:d7:86:c0:d9:0b:c7:97:54:f8:6e:f6:f4:5b:9b:5c:66:
         27:86:25:51:a8:23:33:bd:4a:b6:27:3a:6b:25:a8:87:b8:4a:
         95:98:ee:2f:5c:cd:9b:68:d0:3c:6e:d7:fb:22:61:2b:89:db:
         9d:d1:be:c2:93:39:72:60:4c:be:28:f7:ff:02:c7:5c:9a:a9:
         2c:04:aa:3f:3d:43:c7:e4:06:9e:bb:d2:d7:e5:7c:ac:f0:53:
         73:7e:c1:a1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIS1XsMOcMvvSZRVSHirL9YWLZZYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNjEyMTQ1ODE4WhcNMjUwNzE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzM2FlMjE2OTE0M2UxZWU1YTRlZGNmZjllZDYwYzEzYmU2
ZjFiNjA0OWJjMWRhNWNiMmJhN2VjZGFkMDdkNjA4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7+Md6i7I7lQIR5zXKlYn7NJzyJvNyQWwmjSZP2LU/HSWh
p3JgfS/nn2QC1U4ZqGX046zXMl/nYxlUztgo4vBuWCh8ywKSwArfXmqpB45GhG15
r8FI5fmtQO6hSiMTIfIfaP+oWkdfAVOUx8QiCCNEdt1Uzz9o58remf7aUgnLl1eE
A0X44ROnnoBFlgXCQMT1WZdU2vYuKMPsWtRskUT27fNPZpIhv25ZkXgB6VhcENBZ
q2eh9+b9d40amTrn/YZF3GeLl1V5u6gK8jcJX34hA/JnPdtpTRFrsHXGCQay7gCg
0XFlovk6LzESTxPzUhRRHp/cD1tJzRKwntDFYIl1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwnD+qYa0/bApqxM6yQUM/CTK2y0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NiZGVkZDllLTgzYjgtNGQ5NS04NWNlLTc5MmY0MTEzOTcwYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAX3roBk/X8B840Vd6Ely1hUuPJj
UNqblrP7AiN6PiNKH3ETexWSnC4Sp0KNysEDjIZXRsW9tPpgXUtszFv4egzXCT90
LBOaG5nQ0wRk/ovdObGZ5LjaA/oaQaseLeKXvKeVHw3NBX4xw5c6Vha28DePyRzT
gPtRJ7l/zR29bIwTiYue1xBGIhN5Z1VhBJkhQoDe9jaMp8TSDPaVTJ9qTxpMa6Ed
14bA2QvHl1T4bvb0W5tcZieGJVGoIzO9SrYnOmslqIe4SpWY7i9czZto0Dxu1/si
YSuJ253RvsKTOXJgTL4o9/8Cx1yaqSwEqj89Q8fkBp670tflfKzwU3N+waE=
-----END CERTIFICATE-----