Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4cebf15-7e2b-417a-a43d-4c133127ed16.roa
File:                     a4cebf15-7e2b-417a-a43d-4c133127ed16.roa (raw, json)
Hash identifier:          NeqQeqmqpNVm0+pmpY+nc/JjYNPFOUlAHM63y/pM5DM=
Subject key identifier:   68:7E:39:8F:9A:B8:98:2C:1A:AE:B2:02:4E:C7:6A:CA:9F:03:81:48
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       5ADF964ED43C3A1894347546DF6D11A829FAABF3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4cebf15-7e2b-417a-a43d-4c133127ed16.roa
Signing time:             Thu 17 Apr 2025 16:22:10 +0000
ROA not before:           Thu 17 Apr 2025 16:22:10 +0000
ROA not after:            Thu 22 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1fbb:1000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Thu 17 Apr 2025 19:07:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:df:96:4e:d4:3c:3a:18:94:34:75:46:df:6d:11:a8:29:fa:ab:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Apr 17 16:22:10 2025 GMT
            Not After : May 22 23:59:59 2025 GMT
        Subject: serialNumber=d4ea5cc7818bb7124fe786156a1f6fd3b20d0035eb60fc71681777f2d4d21d97, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:cd:64:46:11:df:20:38:67:97:0b:47:67:88:
                    1a:4d:dc:e0:35:9f:36:30:03:87:32:2f:63:fd:43:
                    b9:a9:9f:1a:f0:2b:13:44:12:e4:9e:37:56:49:b8:
                    27:20:4f:43:85:1f:e1:50:f1:52:94:74:b8:d7:77:
                    17:17:a9:8e:82:e2:65:de:54:83:28:be:be:3c:15:
                    da:59:07:3d:52:22:9b:55:32:8f:d5:e9:4f:ef:9d:
                    66:a5:d9:db:51:b8:b7:36:03:83:60:67:4d:ac:b7:
                    6f:ab:dd:1e:2e:88:97:c2:0b:e7:db:6e:80:20:31:
                    db:ee:f6:e8:66:90:f2:2c:0f:f6:56:69:3a:88:c0:
                    7e:3f:4d:a6:4a:eb:b9:7c:5b:80:79:f0:ee:5c:ff:
                    25:5a:ee:e3:ab:ef:ad:61:38:c5:e3:fc:a8:a9:57:
                    28:77:20:77:39:5a:30:36:0f:fb:52:43:e8:32:b2:
                    3b:37:b9:f6:74:f7:58:bd:03:da:f5:be:0a:02:86:
                    61:11:f2:9a:f5:9a:76:80:c6:50:5f:73:6d:c0:c3:
                    64:8b:f6:d0:46:48:96:ba:3f:ea:16:86:22:a7:f8:
                    e1:ef:b2:92:6e:de:46:7f:0c:88:c2:84:d6:13:ac:
                    31:fe:b1:d2:b5:5b:28:df:e4:73:86:41:2e:53:e7:
                    ab:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:7E:39:8F:9A:B8:98:2C:1A:AE:B2:02:4E:C7:6A:CA:9F:03:81:48
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a4cebf15-7e2b-417a-a43d-4c133127ed16.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1fbb:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         1f:72:80:07:da:ac:51:56:66:a1:29:03:aa:47:8b:5f:8d:de:
         b3:dc:40:e2:c3:68:2f:64:56:9d:91:ad:83:d0:92:9e:c6:21:
         f1:68:92:02:9b:b0:22:51:ff:54:5e:94:6f:3f:60:b1:8f:76:
         fb:52:e3:53:ad:47:c3:14:d1:ad:98:21:de:57:ad:51:97:09:
         fc:76:85:c6:2b:26:a4:7c:32:26:4f:ff:59:66:6b:1d:b8:79:
         b0:6a:28:15:c6:fe:c8:dc:26:26:78:5b:b1:85:a9:7c:0d:e9:
         c9:46:5b:2c:40:9f:0e:4f:f0:ac:e3:bb:18:e2:a6:0d:70:e4:
         c6:f5:2f:ff:98:c1:f2:e7:59:57:91:8d:5f:d1:ba:eb:82:03:
         ce:09:e9:89:ec:13:11:d3:6a:a0:c6:14:a9:a4:0f:f3:a8:06:
         26:a7:51:9a:37:fe:a8:98:bd:b3:c6:c6:90:e4:c9:4c:bf:e4:
         b7:54:c2:b0:cc:45:4d:9b:24:15:04:86:ba:db:73:39:28:f1:
         3c:5a:7c:21:20:1d:d0:24:31:c1:34:97:a6:7d:55:9c:35:46:
         47:92:72:bc:18:cf:87:5f:63:05:9d:91:c0:02:c9:67:14:dd:
         a4:7a:5e:d1:27:44:08:dd:20:09:5b:81:2a:c6:d8:a0:f5:6d:
         59:e2:ec:8c
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUWt+WTtQ8OhiUNHVG320RqCn6q/MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNDE3MTYyMjEwWhcNMjUwNTIyMjM1OTU5
WjB6MUkwRwYDVQQFE0BkNGVhNWNjNzgxOGJiNzEyNGZlNzg2MTU2YTFmNmZkM2Iy
MGQwMDM1ZWI2MGZjNzE2ODE3NzdmMmQ0ZDIxZDk3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzzWRGEd8gOGeXC0dniBpN3OA1nzYwA4cyL2P9Q7mpnxrw
KxNEEuSeN1ZJuCcgT0OFH+FQ8VKUdLjXdxcXqY6C4mXeVIMovr48FdpZBz1SIptV
Mo/V6U/vnWal2dtRuLc2A4NgZ02st2+r3R4uiJfCC+fbboAgMdvu9uhmkPIsD/ZW
aTqIwH4/TaZK67l8W4B58O5c/yVa7uOr761hOMXj/KipVyh3IHc5WjA2D/tSQ+gy
sjs3ufZ091i9A9r1vgoChmER8pr1mnaAxlBfc23Aw2SL9tBGSJa6P+oWhiKn+OHv
spJu3kZ/DIjChNYTrDH+sdK1Wyjf5HOGQS5T56u3AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUaH45j5q4mCwarrICTsdqyp8DgUgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E0Y2ViZjE1LTdlMmItNDE3YS1hNDNkLTRjMTMzMTI3ZWQxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAB+7EDANBgkqhkiG9w0BAQsFAAOCAQEAH3KAB9qsUVZmoSkDqkeLX43e
s9xA4sNoL2RWnZGtg9CSnsYh8WiSApuwIlH/VF6Ubz9gsY92+1LjU61HwxTRrZgh
3letUZcJ/HaFxismpHwyJk//WWZrHbh5sGooFcb+yNwmJnhbsYWpfA3pyUZbLECf
Dk/wrOO7GOKmDXDkxvUv/5jB8udZV5GNX9G664IDzgnpiewTEdNqoMYUqaQP86gG
JqdRmjf+qJi9s8bGkOTJTL/kt1TCsMxFTZskFQSGuttzOSjxPFp8ISAd0CQxwTSX
pn1VnDVGR5JyvBjPh19jBZ2RwALJZxTdpHpe0SdECN0gCVuBKsbYoPVtWeLsjA==
-----END CERTIFICATE-----