Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fefdfb86-d54d-46be-a202-690d581b7d51.roa
File:                     fefdfb86-d54d-46be-a202-690d581b7d51.roa (raw, json)
Hash identifier:          i93C47BTkCWRQ+lChc18vs9RPtoz09Ya5HgFODYbbms=
Subject key identifier:   71:FF:21:3E:B5:4A:8C:27:94:7B:88:70:67:CE:FC:5F:2A:3B:3F:EA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0B43D5479D9916DF089F24014F339A27925A117B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fefdfb86-d54d-46be-a202-690d581b7d51.roa
Signing time:             Sat 26 Apr 2025 15:03:18 +0000
ROA not before:           Sat 26 Apr 2025 15:03:18 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 26 Apr 2025 15:23:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:43:d5:47:9d:99:16:df:08:9f:24:01:4f:33:9a:27:92:5a:11:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 26 15:03:18 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=2559670dd2b7650b42b94755f8167c2f8f2bd756b55f8209bda11755207cbd0c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:35:71:14:40:e3:c8:29:ab:d6:29:50:9d:92:
                    2b:92:da:ca:f3:33:ee:fc:cc:ec:a6:6b:79:7c:82:
                    10:f8:ac:76:32:93:47:16:d7:43:03:fc:7f:59:49:
                    c8:c6:7e:43:95:10:26:c4:b8:d2:c3:ef:22:0f:2c:
                    5f:1b:5b:d4:a8:4d:db:19:79:88:8d:88:ed:64:9f:
                    78:86:77:01:2f:2f:bd:0a:ef:41:94:eb:bd:1b:4d:
                    ef:b0:4e:1a:a1:65:7b:4f:45:69:f3:60:52:26:5f:
                    f7:85:d7:45:ca:e9:15:85:33:4c:28:89:28:0a:a0:
                    68:3c:47:26:7d:89:d4:f6:46:27:7e:9b:40:db:86:
                    db:96:ec:c8:2f:e4:1d:a9:11:21:f6:b0:8f:15:a6:
                    49:a7:93:15:ba:8c:95:13:09:37:62:2c:66:b2:d6:
                    2d:f9:ab:de:9a:d1:66:99:75:e0:05:ca:d5:7c:90:
                    f5:91:2a:42:e6:b9:29:8a:33:42:74:5f:a2:17:d1:
                    87:e2:96:e8:e7:bf:c9:38:e3:03:e1:d1:b9:e3:93:
                    5b:db:61:98:b8:e4:42:d3:76:2a:c1:b7:3e:43:00:
                    2e:4a:dc:62:29:c1:e5:f7:dc:9c:74:4c:56:7f:70:
                    19:d4:77:be:22:54:16:60:8b:b3:02:7b:b2:5e:3f:
                    84:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:FF:21:3E:B5:4A:8C:27:94:7B:88:70:67:CE:FC:5F:2A:3B:3F:EA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/fefdfb86-d54d-46be-a202-690d581b7d51.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:1f:dd:1c:51:de:c4:49:77:e4:cd:fc:45:ff:8f:98:e3:97:
         67:6e:e1:3e:16:5a:83:62:df:b8:da:33:b6:ef:44:c4:42:a8:
         d0:eb:77:37:be:6f:79:f5:0e:04:50:9f:43:d9:d2:51:e9:9f:
         36:0f:6d:03:7f:f2:a9:65:48:1b:38:08:ce:ac:17:58:ed:d8:
         5d:76:40:97:f7:af:4e:c1:a4:d0:1d:74:20:92:0a:53:46:44:
         3c:cc:ef:7d:06:19:55:91:e1:5e:74:3a:89:14:de:aa:d9:9a:
         80:a8:99:d9:2d:eb:c1:4f:d8:1b:47:c7:09:5e:91:33:6e:f8:
         b1:f9:23:c2:dc:30:de:ba:2b:d5:64:67:c8:c2:7d:76:59:1f:
         b7:3c:17:72:b5:d6:94:5b:63:e1:1f:28:1a:21:db:e2:1d:a2:
         42:73:4c:18:0d:05:a8:20:5a:43:c9:83:dc:18:25:d0:ee:05:
         a9:1c:a7:54:f0:e2:1e:90:32:fd:23:c6:5a:e3:e9:27:58:c8:
         33:b2:1b:66:b6:2a:96:c6:74:5f:55:28:22:eb:52:57:41:eb:
         2b:d7:63:4e:4b:b4:ae:11:90:a0:31:ad:69:bd:46:cb:c5:7b:
         4a:93:29:0c:15:27:98:85:63:ff:02:4a:04:b4:f4:3d:6c:af:
         22:08:62:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUC0PVR52ZFt8InyQBTzOaJ5JaEXswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDI2MTUwMzE4WhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyNTU5NjcwZGQyYjc2NTBiNDJiOTQ3NTVmODE2N2MyZjhm
MmJkNzU2YjU1ZjgyMDliZGExMTc1NTIwN2NiZDBjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCWNXEUQOPIKavWKVCdkiuS2srzM+78zOyma3l8ghD4rHYy
k0cW10MD/H9ZScjGfkOVECbEuNLD7yIPLF8bW9SoTdsZeYiNiO1kn3iGdwEvL70K
70GU670bTe+wThqhZXtPRWnzYFImX/eF10XK6RWFM0woiSgKoGg8RyZ9idT2Rid+
m0DbhtuW7Mgv5B2pESH2sI8VpkmnkxW6jJUTCTdiLGay1i35q96a0WaZdeAFytV8
kPWRKkLmuSmKM0J0X6IX0Yfilujnv8k44wPh0bnjk1vbYZi45ELTdirBtz5DAC5K
3GIpweX33Jx0TFZ/cBnUd74iVBZgi7MCe7JeP4SlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcf8hPrVKjCeUe4hwZ878Xyo7P+owHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZlZmRmYjg2LWQ1NGQtNDZiZS1hMjAyLTY5MGQ1ODFiN2Q1MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAA8f3RxR3sRJd+TN/EX/j5jjl2du
4T4WWoNi37jaM7bvRMRCqNDrdze+b3n1DgRQn0PZ0lHpnzYPbQN/8qllSBs4CM6s
F1jt2F12QJf3r07BpNAddCCSClNGRDzM730GGVWR4V50OokU3qrZmoComdkt68FP
2BtHxwlekTNu+LH5I8LcMN66K9VkZ8jCfXZZH7c8F3K11pRbY+EfKBoh2+IdokJz
TBgNBaggWkPJg9wYJdDuBakcp1Tw4h6QMv0jxlrj6SdYyDOyG2a2KpbGdF9VKCLr
UldB6yvXY05LtK4RkKAxrWm9RsvFe0qTKQwVJ5iFY/8CSgS09D1sryIIYmc=
-----END CERTIFICATE-----