Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea113d66-0e0f-48a2-bbee-ee902002c0a7.roa
File:                     ea113d66-0e0f-48a2-bbee-ee902002c0a7.roa (raw, json)
Hash identifier:          uWAT0z94y1oSz5rdVg4Og2eCrqaQz6h+YNyBpLH1Qb0=
Subject key identifier:   98:7D:BD:95:54:D2:17:B8:BB:85:B1:62:C1:C8:5F:78:AB:9F:96:8E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0B0643381881C3700AC86133432D175D1413941F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea113d66-0e0f-48a2-bbee-ee902002c0a7.roa
Signing time:             Wed 14 May 2025 19:03:19 +0000
ROA not before:           Wed 14 May 2025 19:03:19 +0000
ROA not after:            Wed 18 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 14 May 2025 19:23:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:06:43:38:18:81:c3:70:0a:c8:61:33:43:2d:17:5d:14:13:94:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 14 19:03:19 2025 GMT
            Not After : Jun 18 23:59:59 2025 GMT
        Subject: serialNumber=3bffb11d7a687f33c1bf3e41f5b6b0977fdec692d12af498726af839384adc3b, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:47:76:d2:eb:c8:20:5a:ca:93:f9:37:a2:c9:
                    50:cc:2f:ef:73:cc:e2:bd:bf:3d:81:73:e2:4e:c0:
                    12:cb:94:08:a5:f9:b6:bb:db:a7:0d:37:14:8f:80:
                    c6:5d:a6:09:0c:85:16:c8:47:9f:b5:9a:21:10:30:
                    d3:74:aa:5f:1d:a4:76:24:c8:8e:c3:37:45:06:b6:
                    5f:ae:5b:e4:bc:84:31:a4:59:97:b7:2e:17:9e:55:
                    12:8c:d7:58:12:8f:50:2c:71:87:f9:52:60:d4:d5:
                    c7:b3:94:4b:cc:23:d7:fd:ad:04:6d:5b:87:31:2f:
                    3b:c2:79:08:5f:af:25:56:60:7e:5d:20:b5:27:ae:
                    53:91:3d:a4:8d:cd:f6:2a:5b:75:c9:35:e6:68:76:
                    18:17:19:eb:3a:1b:45:e8:cd:7c:b7:d0:0c:b2:6d:
                    c7:a8:b2:82:55:5b:b6:34:1b:87:46:6b:ef:eb:ac:
                    d4:f4:e8:f0:7d:c4:d4:0d:8f:63:b3:a2:82:1d:05:
                    37:4d:fd:f1:62:7d:24:36:bb:25:eb:20:f9:7f:27:
                    53:1e:77:9f:bb:22:6d:09:39:cc:b9:37:f6:9e:35:
                    78:48:3a:2b:18:fa:7d:03:80:79:0b:f1:88:ab:9a:
                    1d:fc:22:35:92:0e:55:bc:ef:a7:08:c9:e7:4e:b2:
                    12:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:7D:BD:95:54:D2:17:B8:BB:85:B1:62:C1:C8:5F:78:AB:9F:96:8E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ea113d66-0e0f-48a2-bbee-ee902002c0a7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:10:a4:61:a4:ee:3a:71:20:34:dd:61:34:7d:0b:fe:15:07:
         c6:d5:f7:7f:c0:32:e2:11:13:f6:f0:26:8c:e1:c3:b3:50:68:
         9a:6f:12:75:22:0b:ac:08:b8:b7:d0:98:1d:56:6d:0e:36:ae:
         df:fc:29:08:d9:d5:8c:2c:6a:2b:ba:b1:13:38:56:b7:c4:33:
         a3:08:75:b5:53:ab:0e:74:97:7d:1c:e0:1e:3a:15:27:b2:4b:
         91:20:d9:02:75:e6:e5:a1:3a:84:45:4c:9d:38:ad:7b:1e:3e:
         75:3e:20:3a:2b:8d:d9:58:52:8b:3e:08:2a:02:67:d4:f9:90:
         41:54:6a:2b:19:3f:91:4b:45:05:76:d1:d0:79:12:8c:a0:d2:
         17:67:36:e6:ae:0b:9c:df:58:9d:7a:d7:d9:21:8f:28:74:16:
         14:ce:06:de:7a:3e:1e:3c:b8:53:d7:58:af:3b:d6:ae:70:cd:
         a4:79:f5:ec:72:f0:36:6c:a3:ef:4c:39:80:98:a3:03:db:9d:
         dc:3f:0c:d6:45:1d:d6:3f:ee:af:8a:c7:76:77:68:cd:d4:ec:
         cc:5c:54:0e:3f:5f:f8:73:ac:e4:52:7d:98:0c:c7:59:ee:d1:
         7d:c0:55:bd:48:02:c4:d7:2c:44:11:50:75:15:ba:a5:89:42:
         49:e3:0b:c4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUCwZDOBiBw3AKyGEzQy0XXRQTlB8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTE0MTkwMzE5WhcNMjUwNjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmZmYjExZDdhNjg3ZjMzYzFiZjNlNDFmNWI2YjA5Nzdm
ZGVjNjkyZDEyYWY0OTg3MjZhZjgzOTM4NGFkYzNiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCfR3bS68ggWsqT+TeiyVDML+9zzOK9vz2Bc+JOwBLLlAil
+ba726cNNxSPgMZdpgkMhRbIR5+1miEQMNN0ql8dpHYkyI7DN0UGtl+uW+S8hDGk
WZe3LheeVRKM11gSj1AscYf5UmDU1cezlEvMI9f9rQRtW4cxLzvCeQhfryVWYH5d
ILUnrlORPaSNzfYqW3XJNeZodhgXGes6G0XozXy30AyybceosoJVW7Y0G4dGa+/r
rNT06PB9xNQNj2OzooIdBTdN/fFifSQ2uyXrIPl/J1Med5+7Im0JOcy5N/aeNXhI
OisY+n0DgHkL8Yirmh38IjWSDlW876cIyedOshInAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmH29lVTSF7i7hbFiwchfeKuflo4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2VhMTEzZDY2LTBlMGYtNDhhMi1iYmVlLWVlOTAyMDAyYzBhNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFoQpGGk7jpxIDTdYTR9C/4VB8bV
93/AMuIRE/bwJozhw7NQaJpvEnUiC6wIuLfQmB1WbQ42rt/8KQjZ1Ywsaiu6sRM4
VrfEM6MIdbVTqw50l30c4B46FSeyS5Eg2QJ15uWhOoRFTJ04rXsePnU+IDorjdlY
Uos+CCoCZ9T5kEFUaisZP5FLRQV20dB5Eoyg0hdnNuauC5zfWJ1619khjyh0FhTO
Bt56Ph48uFPXWK871q5wzaR59exy8DZso+9MOYCYowPbndw/DNZFHdY/7q+Kx3Z3
aM3U7MxcVA4/X/hzrORSfZgMx1nu0X3AVb1IAsTXLEQRUHUVuqWJQknjC8Q=
-----END CERTIFICATE-----