Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f06d6c52-4ffe-447a-95c9-b6320b3601c3.roa
File:                     f06d6c52-4ffe-447a-95c9-b6320b3601c3.roa (raw, json)
Hash identifier:          Zb1O/iUm6mf1sSPaRwqhI0bxxN1buMfPeq+EdlvFvK0=
Subject key identifier:   1E:2D:07:64:30:69:C3:57:20:5D:DE:89:C5:75:0D:9F:A5:3E:19:5D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       FD7D32B8DE807987C8CD9B1D2436F2146ED9DB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f06d6c52-4ffe-447a-95c9-b6320b3601c3.roa
Signing time:             Mon 19 May 2025 09:43:11 +0000
ROA not before:           Mon 19 May 2025 09:43:11 +0000
ROA not after:            Mon 23 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 19 May 2025 09:58:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            fd:7d:32:b8:de:80:79:87:c8:cd:9b:1d:24:36:f2:14:6e:d9:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 19 09:43:11 2025 GMT
            Not After : Jun 23 23:59:59 2025 GMT
        Subject: serialNumber=8b10273623a580f76dd21ce03f18a38bc1362db07f73628b671621533ee3843c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:35:dd:84:b2:28:10:35:a1:71:ff:a7:4a:14:
                    72:a7:4b:52:6f:92:d6:bf:ab:ac:5e:6d:95:9d:0e:
                    7f:11:d2:6f:42:f5:30:6b:3b:8d:b5:8e:f5:0f:b3:
                    07:80:3f:c3:55:b2:6e:c0:ac:94:8e:73:58:f2:ae:
                    1a:de:e2:2f:17:5b:1d:03:e3:ea:57:24:e0:3c:bc:
                    0b:8b:9d:ab:90:56:77:b5:63:e3:10:bf:e4:bd:35:
                    0f:51:de:5c:1d:45:a3:61:6c:f8:0a:63:ae:f8:3b:
                    66:a6:18:60:8a:11:48:2d:5a:6a:ba:d2:05:17:74:
                    50:f9:15:c3:51:b7:ee:2e:65:77:ad:a2:b3:cd:84:
                    a4:85:db:31:da:81:48:04:76:b8:25:fa:1b:0b:9a:
                    a1:78:58:e3:42:34:0e:a8:42:f8:6b:58:c3:22:8b:
                    af:c6:01:72:4c:23:21:11:a5:a5:ff:4f:44:76:23:
                    b5:52:d2:7d:78:80:60:40:08:c0:05:ac:59:d7:c6:
                    eb:a6:76:b2:07:6b:e2:22:37:86:9f:62:93:3f:af:
                    f1:dc:0e:a1:6b:8f:d9:b3:cb:07:fc:c3:ac:d2:61:
                    bb:3d:69:eb:d8:25:0b:7d:7b:8b:c9:44:2a:be:29:
                    39:ce:ad:ef:43:e4:56:cc:fc:52:f4:b5:af:d6:2a:
                    31:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:2D:07:64:30:69:C3:57:20:5D:DE:89:C5:75:0D:9F:A5:3E:19:5D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/f06d6c52-4ffe-447a-95c9-b6320b3601c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:a1:40:39:c2:05:28:b4:0e:eb:49:98:1a:58:76:1e:33:26:
         01:81:a7:2d:26:a0:08:74:e7:4c:55:58:72:d2:a8:19:85:79:
         60:4e:b0:e3:d4:e2:6c:69:8f:f4:c8:01:7c:60:b5:bc:9c:4e:
         ea:96:20:bf:d0:31:3c:75:ce:68:3d:1f:3b:63:96:3d:45:f1:
         ef:42:31:0f:8f:3c:ea:de:2b:86:c9:35:7a:a6:4b:50:db:d7:
         62:10:12:c3:89:a2:7a:61:b4:aa:e4:19:3e:32:dc:a5:34:e3:
         69:96:ca:a1:61:30:51:d0:5c:8c:ad:aa:9a:67:98:7d:b2:25:
         fa:ef:14:0e:cc:c1:95:c3:8d:49:14:2b:67:88:32:10:83:ee:
         61:48:b9:f6:55:63:e3:72:31:68:31:f7:89:2c:1e:33:2f:35:
         f0:5a:1d:1c:f8:64:36:93:35:ae:93:86:06:a1:96:f5:58:4c:
         97:62:3b:8f:a3:f1:40:81:7f:f7:4c:5e:c0:6f:63:b9:d1:69:
         7d:89:e6:d9:6e:6c:9d:a6:be:fd:6f:25:c5:63:07:51:44:9a:
         5b:f1:47:a1:8c:87:b1:3e:e4:cf:60:cd:2c:88:43:e1:11:f4:
         a1:21:6f:db:47:c4:16:e5:5b:1a:90:13:23:54:c7:cf:25:37:
         5c:c4:71:2d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAP19MrjegHmHyM2bHSQ28hRu2dswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTE5MDk0MzExWhcNMjUwNjIzMjM1OTU5
WjB6MUkwRwYDVQQFE0A4YjEwMjczNjIzYTU4MGY3NmRkMjFjZTAzZjE4YTM4YmMx
MzYyZGIwN2Y3MzYyOGI2NzE2MjE1MzNlZTM4NDNjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDvNd2EsigQNaFx/6dKFHKnS1Jvkta/q6xebZWdDn8R0m9C
9TBrO421jvUPsweAP8NVsm7ArJSOc1jyrhre4i8XWx0D4+pXJOA8vAuLnauQVne1
Y+MQv+S9NQ9R3lwdRaNhbPgKY674O2amGGCKEUgtWmq60gUXdFD5FcNRt+4uZXet
orPNhKSF2zHagUgEdrgl+hsLmqF4WONCNA6oQvhrWMMii6/GAXJMIyERpaX/T0R2
I7VS0n14gGBACMAFrFnXxuumdrIHa+IiN4afYpM/r/HcDqFrj9mzywf8w6zSYbs9
aevYJQt9e4vJRCq+KTnOre9D5FbM/FL0ta/WKjFXAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHi0HZDBpw1cgXd6JxXUNn6U+GV0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2YwNmQ2YzUyLTRmZmUtNDQ3YS05NWM5LWI2MzIwYjM2MDFjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEWhQDnCBSi0DutJmBpYdh4zJgGB
py0moAh050xVWHLSqBmFeWBOsOPU4mxpj/TIAXxgtbycTuqWIL/QMTx1zmg9Hztj
lj1F8e9CMQ+PPOreK4bJNXqmS1Db12IQEsOJonphtKrkGT4y3KU042mWyqFhMFHQ
XIytqppnmH2yJfrvFA7MwZXDjUkUK2eIMhCD7mFIufZVY+NyMWgx94ksHjMvNfBa
HRz4ZDaTNa6ThgahlvVYTJdiO4+j8UCBf/dMXsBvY7nRaX2J5tlubJ2mvv1vJcVj
B1FEmlvxR6GMh7E+5M9gzSyIQ+ER9KEhb9tHxBblWxqQEyNUx88lN1zEcS0=
-----END CERTIFICATE-----