Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/394d79ac-cc9e-42b9-bbf2-8144e00e5ad9.roa
File:                     394d79ac-cc9e-42b9-bbf2-8144e00e5ad9.roa (raw, json)
Hash identifier:          272Y9nlJnFc0kfwnxIEwcrz8CmrwitGz/a/8i+AHh+A=
Subject key identifier:   3E:EB:18:F6:24:9E:6C:8C:37:93:8A:F0:42:A1:5A:5B:3D:D7:81:B8
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       01B774A10835B34FECB2907F1F576B8537B2F41F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/394d79ac-cc9e-42b9-bbf2-8144e00e5ad9.roa
Signing time:             Tue 25 Mar 2025 17:41:21 +0000
ROA not before:           Tue 25 Mar 2025 17:41:21 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ff4:8080::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 19:08:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:b7:74:a1:08:35:b3:4f:ec:b2:90:7f:1f:57:6b:85:37:b2:f4:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 25 17:41:21 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=4db45a5986141b469898e810d798d973851c57076c537dc8205294213d5627ad, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:72:79:b2:09:3e:43:26:14:0a:22:56:a4:a9:
                    75:59:b5:20:d2:a2:30:7d:1d:4c:fc:89:d8:74:17:
                    20:fd:c7:19:30:8f:11:a1:3f:38:1e:2b:19:76:d9:
                    f8:a2:74:55:94:9d:32:19:30:ae:6b:50:0b:4c:b9:
                    99:a6:a1:4f:55:61:a3:9a:bc:bd:2d:87:1b:38:48:
                    b8:69:b2:4d:55:ca:03:85:72:a0:80:34:14:ee:a0:
                    a7:b1:93:7a:ac:e0:85:1f:a1:5f:8f:1f:3a:ad:ef:
                    46:ae:d7:a4:82:d8:05:67:57:6e:a4:ac:e0:ec:1e:
                    a2:68:24:80:b9:8b:51:89:13:e3:48:e3:e9:42:3a:
                    86:15:65:44:f1:6f:f5:6c:d2:28:3d:e9:06:41:1a:
                    a5:31:87:6e:51:d2:a9:dd:1c:8e:a4:80:db:81:89:
                    f4:de:d8:86:63:7f:66:cd:71:dc:43:c0:db:46:cb:
                    ad:c1:91:bd:25:8b:2a:81:44:2d:d4:e3:10:35:6c:
                    ad:67:dd:a8:7e:d6:34:79:d8:6d:1d:ed:fd:86:a5:
                    33:b8:46:c3:06:d7:7f:dc:02:8b:86:73:3c:68:7b:
                    24:9b:07:26:7c:55:a0:42:bf:9b:9e:64:96:49:d6:
                    81:fd:9b:c1:30:30:30:0d:03:6a:3f:dd:cf:fd:bd:
                    da:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:EB:18:F6:24:9E:6C:8C:37:93:8A:F0:42:A1:5A:5B:3D:D7:81:B8
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/394d79ac-cc9e-42b9-bbf2-8144e00e5ad9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff4:8080::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:18:2b:50:b9:26:7d:6b:8e:2d:96:53:3b:bf:d4:70:b8:47:
         b6:51:e5:39:a4:7d:6f:11:63:1a:50:f4:39:29:5f:68:dd:21:
         df:2b:fd:c1:74:c0:d7:7d:f9:ba:fc:75:27:2e:99:1e:73:64:
         6f:58:3f:d2:5f:15:3d:bd:fe:c3:c5:3a:99:66:05:9c:ef:2c:
         bf:5e:4b:50:8c:ea:7e:37:59:8a:52:2c:1a:85:aa:4c:cd:0c:
         27:17:0e:96:5c:24:b1:82:37:31:a4:80:4f:56:d1:eb:2f:8d:
         0d:45:e2:39:8b:34:ca:f1:60:3f:58:d6:f6:79:95:da:14:d4:
         e2:de:7b:e3:0f:8a:f2:a8:4a:43:5a:b0:0b:39:b9:2f:b6:b8:
         92:24:af:06:25:21:fa:95:8a:9a:db:70:a1:1d:c3:81:50:33:
         99:19:e2:c2:e1:30:59:a6:41:67:a8:38:4d:97:a2:f0:86:33:
         84:49:74:7b:db:2e:79:7f:e7:d1:93:a5:84:12:c1:0d:0f:28:
         62:00:f9:c7:a6:22:e9:d9:4e:2a:c8:0d:4d:7e:e6:5e:d7:a5:
         f4:72:09:fb:0e:4f:3d:46:b2:36:f0:a7:a5:ac:96:13:05:0a:
         be:2e:1d:53:f1:8f:fe:dd:04:9a:05:c0:6c:5b:57:42:56:b2:
         be:37:77:c7
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUAbd0oQg1s0/sspB/H1drhTey9B8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzI1MTc0MTIxWhcNMjUwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A0ZGI0NWE1OTg2MTQxYjQ2OTg5OGU4MTBkNzk4ZDk3Mzg1
MWM1NzA3NmM1MzdkYzgyMDUyOTQyMTNkNTYyN2FkMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC4cnmyCT5DJhQKIlakqXVZtSDSojB9HUz8idh0FyD9xxkw
jxGhPzgeKxl22fiidFWUnTIZMK5rUAtMuZmmoU9VYaOavL0thxs4SLhpsk1VygOF
cqCANBTuoKexk3qs4IUfoV+PHzqt70au16SC2AVnV26krODsHqJoJIC5i1GJE+NI
4+lCOoYVZUTxb/Vs0ig96QZBGqUxh25R0qndHI6kgNuBifTe2IZjf2bNcdxDwNtG
y63Bkb0liyqBRC3U4xA1bK1n3ah+1jR52G0d7f2GpTO4RsMG13/cAouGczxoeySb
ByZ8VaBCv5ueZJZJ1oH9m8EwMDANA2o/3c/9vdqNAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUPusY9iSebIw3k4rwQqFaWz3XgbgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzM5NGQ3OWFjLWNjOWUtNDJiOS1iYmYyLTgxNDRlMDBlNWFkOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmAB/0gIAwDQYJKoZIhvcNAQELBQADggEBAG4YK1C5Jn1rji2WUzu/1HC4
R7ZR5TmkfW8RYxpQ9DkpX2jdId8r/cF0wNd9+br8dScumR5zZG9YP9JfFT29/sPF
OplmBZzvLL9eS1CM6n43WYpSLBqFqkzNDCcXDpZcJLGCNzGkgE9W0esvjQ1F4jmL
NMrxYD9Y1vZ5ldoU1OLee+MPivKoSkNasAs5uS+2uJIkrwYlIfqViprbcKEdw4FQ
M5kZ4sLhMFmmQWeoOE2XovCGM4RJdHvbLnl/59GTpYQSwQ0PKGIA+cemIunZTirI
DU1+5l7XpfRyCfsOTz1Gsjbwp6WslhMFCr4uHVPxj/7dBJoFwGxbV0JWsr43d8c=
-----END CERTIFICATE-----