Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff8db8de-db5b-493f-b809-87d484a9388a.roa
File:                     ff8db8de-db5b-493f-b809-87d484a9388a.roa (raw, json)
Hash identifier:          81n8RB1K5Aci7Kd6/98nMgQz9RHF3A5Bw6VjwmROAI8=
Subject key identifier:   DC:DB:7C:7E:3A:9A:E1:F4:E9:C5:51:C7:F7:5C:AC:FC:07:BA:55:4C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0D11B762866B5E1DED42079435B924613600A03C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff8db8de-db5b-493f-b809-87d484a9388a.roa
Signing time:             Wed 26 Mar 2025 14:18:20 +0000
ROA not before:           Wed 26 Mar 2025 14:18:20 +0000
ROA not after:            Wed 30 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 26 Mar 2025 14:38:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:11:b7:62:86:6b:5e:1d:ed:42:07:94:35:b9:24:61:36:00:a0:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 26 14:18:20 2025 GMT
            Not After : Apr 30 23:59:59 2025 GMT
        Subject: serialNumber=be2f3d8ad26fd2a9f8207d4919130b88c1dc95f991b77ffc23050ba35fd725a9, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:65:8f:c6:fc:aa:a4:74:18:62:4d:ad:13:b5:
                    cf:8e:66:68:a1:26:46:15:21:6c:ed:7f:6b:5a:16:
                    00:3d:d0:1c:f3:24:50:ed:fc:df:13:2d:fc:38:e1:
                    3d:22:6f:ee:6e:1c:95:9d:26:ef:4d:e7:68:2d:7b:
                    13:bc:8e:32:cb:ec:37:6f:0d:d7:0a:9d:41:f9:d6:
                    09:6b:ac:f6:66:af:6b:85:c7:9d:83:06:93:17:33:
                    f4:77:e7:87:e4:38:63:27:b9:86:7f:34:20:b6:55:
                    22:b7:89:e0:05:ef:51:12:b3:de:a1:60:d1:e5:bc:
                    f2:c5:f7:25:1c:99:eb:3a:22:b8:2d:1a:9f:77:a6:
                    f8:f9:7b:0d:e5:21:15:2e:fb:b4:1f:e1:00:78:fb:
                    de:76:21:be:61:d9:df:1f:5d:07:e0:ac:5a:43:53:
                    5b:29:9d:a8:27:74:aa:d4:1b:da:23:dc:61:57:92:
                    c1:f0:2d:22:cf:cc:e4:70:d3:67:02:b2:33:ff:90:
                    f1:73:75:b8:b3:27:32:9a:33:88:06:b5:41:01:2d:
                    6d:9f:f8:43:4d:ea:05:58:47:9b:92:c3:af:32:76:
                    b7:68:74:08:98:a3:85:99:f8:11:a4:e3:00:d2:ea:
                    94:25:e7:d6:ac:42:e4:f6:2e:27:48:2b:6f:cb:ae:
                    cc:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:DB:7C:7E:3A:9A:E1:F4:E9:C5:51:C7:F7:5C:AC:FC:07:BA:55:4C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff8db8de-db5b-493f-b809-87d484a9388a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:57:43:bd:cc:60:7d:c9:34:d3:86:32:c0:6c:e8:de:24:98:
         9e:55:87:5d:4c:0a:7b:fb:48:22:0a:15:fb:18:42:18:a5:17:
         4f:7f:f5:ef:46:63:c3:44:6f:17:d4:4e:b6:ed:02:00:e2:c6:
         3e:d5:52:d9:02:a0:84:73:af:2e:76:72:6e:9c:d5:dc:aa:f1:
         42:e4:f5:21:7f:46:82:4f:70:b1:4e:ea:94:e4:a6:e6:d3:f1:
         2c:5b:ac:5f:43:cb:b3:ee:46:5d:e3:d5:93:f5:a8:c1:ff:33:
         5a:05:15:45:df:8e:ef:ad:4c:11:cc:aa:97:79:0a:7c:24:ac:
         fc:72:c7:ea:d2:c2:33:e5:3d:01:6d:f2:99:18:c9:50:10:11:
         44:8f:22:ec:db:27:38:c5:61:ed:00:6f:81:fd:f1:bc:33:fc:
         ac:cf:92:03:fb:f4:f1:54:1b:26:ee:1a:85:64:a4:a4:da:66:
         ef:98:fd:0d:51:5e:5d:e5:87:6b:0b:2e:0d:ea:67:8e:db:4c:
         6f:f4:94:b5:dd:e5:bd:41:aa:d5:a9:54:f1:2b:15:be:da:6f:
         de:c4:37:23:ba:a8:04:25:f3:0d:99:89:c0:8e:75:76:95:61:
         a5:b3:97:c3:0f:85:55:38:e4:93:9e:00:ec:a8:ab:d9:75:24:
         7f:91:b6:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDRG3YoZrXh3tQgeUNbkkYTYAoDwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzI2MTQxODIwWhcNMjUwNDMwMjM1OTU5
WjB6MUkwRwYDVQQFE0BiZTJmM2Q4YWQyNmZkMmE5ZjgyMDdkNDkxOTEzMGI4OGMx
ZGM5NWY5OTFiNzdmZmMyMzA1MGJhMzVmZDcyNWE5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCbZY/G/KqkdBhiTa0Ttc+OZmihJkYVIWztf2taFgA90Bzz
JFDt/N8TLfw44T0ib+5uHJWdJu9N52gtexO8jjLL7DdvDdcKnUH51glrrPZmr2uF
x52DBpMXM/R354fkOGMnuYZ/NCC2VSK3ieAF71ESs96hYNHlvPLF9yUcmes6Irgt
Gp93pvj5ew3lIRUu+7Qf4QB4+952Ib5h2d8fXQfgrFpDU1spnagndKrUG9oj3GFX
ksHwLSLPzORw02cCsjP/kPFzdbizJzKaM4gGtUEBLW2f+ENN6gVYR5uSw68ydrdo
dAiYo4WZ+BGk4wDS6pQl59asQuT2LidIK2/LrsxjAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3Nt8fjqa4fTpxVHH91ys/Ae6VUwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZmOGRiOGRlLWRiNWItNDkzZi1iODA5LTg3ZDQ4NGE5Mzg4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD1XQ73MYH3JNNOGMsBs6N4kmJ5V
h11MCnv7SCIKFfsYQhilF09/9e9GY8NEbxfUTrbtAgDixj7VUtkCoIRzry52cm6c
1dyq8ULk9SF/RoJPcLFO6pTkpubT8SxbrF9Dy7PuRl3j1ZP1qMH/M1oFFUXfju+t
TBHMqpd5CnwkrPxyx+rSwjPlPQFt8pkYyVAQEUSPIuzbJzjFYe0Ab4H98bwz/KzP
kgP79PFUGybuGoVkpKTaZu+Y/Q1RXl3lh2sLLg3qZ47bTG/0lLXd5b1BqtWpVPEr
Fb7ab97ENyO6qAQl8w2ZicCOdXaVYaWzl8MPhVU45JOeAOyoq9l1JH+RtgM=
-----END CERTIFICATE-----