Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2b299a20-220b-456d-bfaf-1f028101e969.roa
File:                     2b299a20-220b-456d-bfaf-1f028101e969.roa (raw, json)
Hash identifier:          ovqa3Nl1kjyCWf0wCCm0ZIp80Y34M5vSRwHnHgu6u8k=
Subject key identifier:   4E:E0:41:81:C6:1A:5B:C8:1E:DA:05:BD:29:0F:B8:71:28:F9:8C:B8
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       1D66987F08CDEDDBBE7E8CCA55B2C804A0C94292
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2b299a20-220b-456d-bfaf-1f028101e969.roa
Signing time:             Wed 04 Jun 2025 22:37:02 +0000
ROA not before:           Wed 04 Jun 2025 22:37:02 +0000
ROA not after:            Wed 09 Jul 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        35.96.0.0/16 maxlen: 24
Validation:               Failed, certificate revoked on Thu 05 Jun 2025 14:39:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:66:98:7f:08:cd:ed:db:be:7e:8c:ca:55:b2:c8:04:a0:c9:42:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jun  4 22:37:02 2025 GMT
            Not After : Jul  9 23:59:59 2025 GMT
        Subject: serialNumber=6013fe9b040bdb171b4b44b19b1190795c33085a8f9d7c3a90dcf4c2b0235951, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:96:3e:63:58:4a:a7:45:6f:92:69:58:92:da:
                    0d:86:0e:a1:63:1d:f3:a7:0a:80:10:b8:7a:fc:cf:
                    54:ee:46:dd:71:d3:17:89:c9:0a:80:ec:ba:0a:ce:
                    96:10:20:bc:d4:4c:f5:01:74:ff:01:08:5e:28:42:
                    a1:c2:59:b9:f5:03:25:c8:7b:8c:dd:17:0a:c9:60:
                    8f:dd:1c:ad:e3:65:12:1d:bc:f3:c0:bd:90:e3:17:
                    ad:e6:5a:d1:e4:7f:33:66:75:8a:04:54:6d:c8:81:
                    0a:70:3a:cb:5f:34:a7:9c:1e:7f:60:94:6a:da:ea:
                    78:8d:a3:58:2a:09:2e:b6:8b:b3:e4:84:8c:f6:17:
                    cd:af:3e:78:f2:50:f5:ee:92:d5:9e:1d:02:da:58:
                    cd:db:8c:f1:dd:cd:f5:dd:0d:9e:c9:92:00:4b:e0:
                    52:50:89:03:0b:46:54:eb:94:a7:24:47:b2:4b:a5:
                    1c:f4:2f:26:14:bd:93:3d:d1:e4:38:98:55:a0:02:
                    4e:e7:27:2e:76:cd:fc:dd:41:e4:bf:dc:c9:e6:6c:
                    9b:e6:5a:fb:12:35:a1:69:44:db:2e:c1:5b:51:34:
                    fb:7f:6e:ab:cf:eb:a8:e6:13:3b:b6:af:d9:f2:73:
                    71:bd:6e:77:6c:b1:fe:2c:04:10:17:6b:9e:25:9d:
                    4c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:E0:41:81:C6:1A:5B:C8:1E:DA:05:BD:29:0F:B8:71:28:F9:8C:B8
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/2b299a20-220b-456d-bfaf-1f028101e969.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         8c:6d:fc:fd:88:d2:d1:62:2a:4c:cc:a0:a7:cc:7a:a1:d0:03:
         38:db:94:08:84:9c:e6:d6:94:85:08:6c:e0:de:b9:a4:c5:31:
         aa:c8:eb:1b:51:c6:72:78:0f:85:31:12:89:4d:7c:59:d8:39:
         ed:ca:9c:d0:ec:74:3f:98:41:e9:84:06:bd:d7:c2:7d:ac:83:
         98:2c:45:8c:f7:ac:87:bf:f6:8b:59:e9:26:72:c4:f1:dd:de:
         52:6a:09:34:1d:ec:be:dc:4c:41:a9:ee:3e:cd:c1:87:64:c1:
         ea:e6:c5:3b:7d:e4:0b:36:c5:4f:7b:bd:f2:cf:0b:d1:fc:cb:
         70:ae:4e:2e:94:09:ee:0c:54:fb:d4:f3:25:66:3c:68:6a:a1:
         e3:34:72:73:9b:cc:8c:d4:6d:5b:22:57:ad:0e:b0:df:ea:3f:
         e3:a8:14:6b:c1:f8:7f:15:8d:3c:e9:e9:13:44:32:4f:f9:7e:
         b0:a8:54:51:b0:d3:39:1b:d5:4a:71:85:78:cc:a2:cc:82:d2:
         6c:24:1f:a1:c0:6e:89:bb:dc:10:0c:b5:a0:c0:b2:0a:f3:ae:
         e3:66:5b:70:80:04:29:c1:89:12:39:74:f8:c2:c1:56:e7:ee:
         5d:b0:de:f7:1c:9d:79:03:1b:3b:ed:40:c0:3d:d9:6c:9c:c7:
         c3:72:8b:96
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUHWaYfwjN7du+fozKVbLIBKDJQpIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNjA0MjIzNzAyWhcNMjUwNzA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A2MDEzZmU5YjA0MGJkYjE3MWI0YjQ0YjE5YjExOTA3OTVj
MzMwODVhOGY5ZDdjM2E5MGRjZjRjMmIwMjM1OTUxMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC7lj5jWEqnRW+SaViS2g2GDqFjHfOnCoAQuHr8z1TuRt1x
0xeJyQqA7LoKzpYQILzUTPUBdP8BCF4oQqHCWbn1AyXIe4zdFwrJYI/dHK3jZRId
vPPAvZDjF63mWtHkfzNmdYoEVG3IgQpwOstfNKecHn9glGra6niNo1gqCS62i7Pk
hIz2F82vPnjyUPXuktWeHQLaWM3bjPHdzfXdDZ7JkgBL4FJQiQMLRlTrlKckR7JL
pRz0LyYUvZM90eQ4mFWgAk7nJy52zfzdQeS/3MnmbJvmWvsSNaFpRNsuwVtRNPt/
bqvP66jmEzu2r9nyc3G9bndssf4sBBAXa54lnUwZAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUTuBBgcYaW8ge2gW9KQ+4cSj5jLgwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzJiMjk5YTIwLTIyMGItNDU2ZC1iZmFmLTFmMDI4MTAxZTk2OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAjYDANBgkqhkiG9w0BAQsFAAOCAQEAjG38/YjS0WIqTMygp8x6odADONuU
CISc5taUhQhs4N65pMUxqsjrG1HGcngPhTESiU18Wdg57cqc0Ox0P5hB6YQGvdfC
fayDmCxFjPesh7/2i1npJnLE8d3eUmoJNB3svtxMQanuPs3Bh2TB6ubFO33kCzbF
T3u98s8L0fzLcK5OLpQJ7gxU+9TzJWY8aGqh4zRyc5vMjNRtWyJXrQ6w3+o/46gU
a8H4fxWNPOnpE0QyT/l+sKhUUbDTORvVSnGFeMyizILSbCQfocBuibvcEAy1oMCy
CvOu42ZbcIAEKcGJEjl0+MLBVufuXbDe9xydeQMbO+1AwD3ZbJzHw3KLlg==
-----END CERTIFICATE-----