Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e66e37cf-8960-4f28-946d-f3ad046350e7.roa
File:                     e66e37cf-8960-4f28-946d-f3ad046350e7.roa (raw, json)
Hash identifier:          wfRmjDN0yDviAWnBEKv4dH9bLQrtTnJ9jAILetTXiic=
Subject key identifier:   66:5A:42:04:B4:16:4F:4F:18:9E:78:62:5C:F0:A3:89:E5:0D:E9:A2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0F8284A2BE1C51634B73FB427E76BB149554648E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e66e37cf-8960-4f28-946d-f3ad046350e7.roa
Signing time:             Sun 13 Apr 2025 06:38:20 +0000
ROA not before:           Sun 13 Apr 2025 06:38:20 +0000
ROA not after:            Sun 18 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 13 Apr 2025 06:58:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:82:84:a2:be:1c:51:63:4b:73:fb:42:7e:76:bb:14:95:54:64:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 13 06:38:20 2025 GMT
            Not After : May 18 23:59:59 2025 GMT
        Subject: serialNumber=7f46c53bcb4aa338c6e7df371ca3b9e2a8ad11bcbec8532d818cfea8c1510f6d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c0:11:ab:51:be:45:06:65:0c:9c:0c:1f:26:
                    61:f3:76:a9:7e:5e:0f:6d:c9:f8:41:d3:e5:2f:db:
                    09:09:ff:04:44:36:58:19:45:8e:29:8b:b6:84:35:
                    ed:0b:5f:a4:3a:bf:1a:79:aa:24:78:55:42:c0:9a:
                    1f:b6:07:e3:da:11:8e:96:97:78:ba:dd:81:d8:5a:
                    c9:77:22:38:25:93:a3:7e:a7:6a:a4:dd:6f:67:66:
                    8b:d8:14:ca:77:41:92:61:a1:86:19:c7:76:61:52:
                    bc:37:98:4e:0f:21:2d:4d:08:74:7e:13:bd:8e:ff:
                    7e:26:ff:d4:ba:eb:fb:37:60:70:a8:42:9b:6e:f3:
                    73:66:b2:21:7d:78:bc:8f:83:e7:fa:0a:1b:17:0a:
                    7b:39:b3:df:5e:dd:cc:6d:e6:34:36:b4:20:a1:88:
                    48:83:db:2b:15:92:8a:3f:22:30:9f:29:1b:d4:5a:
                    98:3e:02:49:8b:27:45:13:3a:b7:c4:a5:00:c6:c4:
                    f5:bc:40:0d:9a:fc:32:80:ed:34:89:03:b5:61:88:
                    e4:7e:9a:69:0b:15:93:fd:7c:8f:80:c2:15:dd:f5:
                    24:24:3e:8a:eb:98:78:9b:14:3e:0c:42:18:ef:54:
                    28:1d:43:de:40:5d:4e:c2:0b:2b:4c:1b:a4:b0:9b:
                    b2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:5A:42:04:B4:16:4F:4F:18:9E:78:62:5C:F0:A3:89:E5:0D:E9:A2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e66e37cf-8960-4f28-946d-f3ad046350e7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:ff:57:25:64:c5:6a:f9:e1:b4:98:42:1d:7d:c8:d8:a8:d4:
         9e:01:9a:c5:59:08:f3:23:d6:08:40:c8:0e:0c:ee:22:ba:8f:
         93:5a:a5:80:f8:f6:9a:27:e5:89:46:08:8f:c7:f4:f9:75:3c:
         d5:0c:e0:52:b9:12:64:a3:b4:97:d6:02:66:52:aa:fa:7f:e7:
         88:e3:79:74:67:99:31:d0:2b:19:82:5a:88:14:4a:4b:95:b7:
         c4:7b:82:0d:82:fa:e1:22:25:27:cb:21:37:4c:dd:7e:46:0a:
         7b:e4:40:cf:c5:21:9f:d3:8f:99:9a:c9:70:59:df:35:ea:96:
         24:7a:e2:2e:32:9e:c7:81:6a:b1:84:24:44:bc:b8:be:99:4d:
         9f:5d:63:d1:0f:3d:c9:1c:a7:dd:fd:b5:3b:d1:87:fb:40:7c:
         a8:a0:d0:27:69:cd:16:29:92:63:88:55:7c:55:91:a2:ac:34:
         c6:b3:fc:0c:37:73:84:ee:2c:73:47:b6:e3:23:27:54:02:6f:
         63:b9:c0:b0:df:7e:2b:75:40:8f:13:0d:2e:54:df:ab:48:e1:
         22:a5:02:e2:08:93:b5:46:42:f3:9c:c9:8c:24:e4:ce:32:a4:
         ab:ef:9f:a9:13:95:72:dc:10:58:fe:b3:10:63:ac:f1:4f:d2:
         7f:3f:04:9e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUD4KEor4cUWNLc/tCfna7FJVUZI4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDEzMDYzODIwWhcNMjUwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZjQ2YzUzYmNiNGFhMzM4YzZlN2RmMzcxY2EzYjllMmE4
YWQxMWJjYmVjODUzMmQ4MThjZmVhOGMxNTEwZjZkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1wBGrUb5FBmUMnAwfJmHzdql+Xg9tyfhB0+Uv2wkJ/wRE
NlgZRY4pi7aENe0LX6Q6vxp5qiR4VULAmh+2B+PaEY6Wl3i63YHYWsl3Ijglk6N+
p2qk3W9nZovYFMp3QZJhoYYZx3ZhUrw3mE4PIS1NCHR+E72O/34m/9S66/s3YHCo
Qptu83NmsiF9eLyPg+f6ChsXCns5s99e3cxt5jQ2tCChiEiD2ysVkoo/IjCfKRvU
Wpg+AkmLJ0UTOrfEpQDGxPW8QA2a/DKA7TSJA7VhiOR+mmkLFZP9fI+AwhXd9SQk
PorrmHibFD4MQhjvVCgdQ95AXU7CCytMG6Swm7KxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZlpCBLQWT08YnnhiXPCjieUN6aIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U2NmUzN2NmLTg5NjAtNGYyOC05NDZkLWYzYWQwNDYzNTBlNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJf/VyVkxWr54bSYQh19yNio1J4B
msVZCPMj1ghAyA4M7iK6j5NapYD49pon5YlGCI/H9Pl1PNUM4FK5EmSjtJfWAmZS
qvp/54jjeXRnmTHQKxmCWogUSkuVt8R7gg2C+uEiJSfLITdM3X5GCnvkQM/FIZ/T
j5mayXBZ3zXqliR64i4ynseBarGEJES8uL6ZTZ9dY9EPPckcp939tTvRh/tAfKig
0CdpzRYpkmOIVXxVkaKsNMaz/Aw3c4TuLHNHtuMjJ1QCb2O5wLDffit1QI8TDS5U
36tI4SKlAuIIk7VGQvOcyYwk5M4ypKvvn6kTlXLcEFj+sxBjrPFP0n8/BJ4=
-----END CERTIFICATE-----