Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/4f4eb4db-a0e0-4435-906c-dd0adf5c7803.roa
File:                     4f4eb4db-a0e0-4435-906c-dd0adf5c7803.roa (raw, json)
Hash identifier:          Q2m1DUNLFulmtx0v4mr2EZeivYpnvI3VijF01Vxgrr4=
Subject key identifier:   22:EB:E2:7D:6F:DB:20:5F:3E:8E:EB:3E:DA:B6:D3:B7:25:7E:AB:11
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       1504E94585E2D1940FC187A50E4AC17C20512857
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/4f4eb4db-a0e0-4435-906c-dd0adf5c7803.roa
Signing time:             Wed 04 Jun 2025 00:50:28 +0000
ROA not before:           Wed 04 Jun 2025 00:50:28 +0000
ROA not after:            Wed 09 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.0.0/12 maxlen: 12
Validation:               Failed, certificate revoked on Wed 04 Jun 2025 22:37:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:04:e9:45:85:e2:d1:94:0f:c1:87:a5:0e:4a:c1:7c:20:51:28:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jun  4 00:50:28 2025 GMT
            Not After : Jul  9 23:59:59 2025 GMT
        Subject: serialNumber=a3af7e130525bfe1f3b7061e14c340a6b2531f1a36a68345e4c9d4d6cff16161, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:8e:89:0c:2e:34:dd:d7:3f:98:6a:6d:3a:e9:
                    3f:bc:b5:fc:45:d1:a4:68:77:47:5e:58:60:e3:b8:
                    f5:e3:f1:41:55:fe:4b:01:89:78:c7:33:e7:f1:fa:
                    16:67:c9:5b:c1:0d:73:48:87:49:fa:c9:59:dc:f1:
                    63:fb:cf:1d:f3:4b:e2:d6:71:09:5e:cc:b0:8e:4e:
                    2d:0f:fd:b4:7d:6f:16:1d:6b:db:69:e5:36:94:b5:
                    33:37:c7:78:9e:9d:1c:10:a5:63:d8:d3:fd:4a:7e:
                    5d:9c:30:f1:13:8c:e7:fc:6f:53:2d:88:64:cf:f4:
                    2d:65:92:b2:d9:4f:90:87:ff:d4:d1:18:1d:23:79:
                    21:80:33:a3:68:c7:53:23:07:88:8b:6f:ce:05:28:
                    df:f7:fa:c5:08:3f:ae:12:9b:2e:00:70:7e:9a:4b:
                    e8:40:c7:e0:71:a4:0d:60:4f:43:48:f6:0b:2b:de:
                    a7:04:c6:6b:e7:a9:b6:08:4e:13:ba:64:c6:cd:02:
                    c8:89:1b:51:7c:63:d2:c8:17:7a:55:f7:87:a7:28:
                    80:59:db:98:5b:1a:a2:1e:8d:34:c1:b0:e5:92:01:
                    b9:d2:4d:0a:90:75:4a:08:98:76:18:6b:f1:a4:51:
                    01:eb:13:38:77:14:6e:6b:31:c1:3b:1e:0d:6c:39:
                    06:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:EB:E2:7D:6F:DB:20:5F:3E:8E:EB:3E:DA:B6:D3:B7:25:7E:AB:11
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/4f4eb4db-a0e0-4435-906c-dd0adf5c7803.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.0.0/12

    Signature Algorithm: sha256WithRSAEncryption
         20:d5:14:ff:04:f1:28:92:98:13:87:90:86:4d:ff:de:67:41:
         d0:ef:2b:2f:18:3f:46:ca:7b:d5:1a:4b:26:5c:fb:33:22:5c:
         ef:e4:70:46:14:31:96:fb:2b:12:fd:d7:b7:29:db:f1:b3:77:
         8b:78:ad:20:6d:0c:46:25:c6:cf:93:96:b9:5f:64:87:b1:8d:
         60:db:3e:24:aa:a1:a4:26:52:80:30:cb:db:02:d5:83:a2:e2:
         be:7a:18:8e:20:61:46:03:ec:9d:93:2f:1f:52:00:38:b9:1d:
         57:46:11:28:9b:6e:4a:e8:7d:70:d7:d1:90:0e:c4:d9:02:1d:
         97:b0:a8:3e:45:d1:a5:c1:da:72:40:6d:45:8d:77:d5:d9:a1:
         43:3c:24:47:ff:7f:f5:60:58:dc:6a:90:87:f6:71:8a:eb:92:
         f6:7f:57:40:31:d7:7a:7a:71:c7:e5:6f:95:81:80:b5:d4:b6:
         06:ac:9c:94:2f:ed:34:57:e8:15:ea:06:aa:d2:f5:8a:5f:dd:
         f9:23:e3:24:c5:81:1c:66:99:6c:ac:c1:fc:2d:2b:95:e7:8a:
         3c:48:12:08:63:0a:f8:20:b1:df:25:00:c6:dd:de:73:27:37:
         4f:4a:60:fc:df:68:fe:fe:dc:94:a5:e8:09:2d:38:3e:36:00:
         a4:ac:b6:cb
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFQTpRYXi0ZQPwYelDkrBfCBRKFcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNjA0MDA1MDI4WhcNMjUwNzA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhM2FmN2UxMzA1MjViZmUxZjNiNzA2MWUxNGMzNDBhNmIy
NTMxZjFhMzZhNjgzNDVlNGM5ZDRkNmNmZjE2MTYxMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCJjokMLjTd1z+Yam066T+8tfxF0aRod0deWGDjuPXj8UFV
/ksBiXjHM+fx+hZnyVvBDXNIh0n6yVnc8WP7zx3zS+LWcQlezLCOTi0P/bR9bxYd
a9tp5TaUtTM3x3ienRwQpWPY0/1Kfl2cMPETjOf8b1MtiGTP9C1lkrLZT5CH/9TR
GB0jeSGAM6Nox1MjB4iLb84FKN/3+sUIP64Smy4AcH6aS+hAx+BxpA1gT0NI9gsr
3qcExmvnqbYIThO6ZMbNAsiJG1F8Y9LIF3pV94enKIBZ25hbGqIejTTBsOWSAbnS
TQqQdUoImHYYa/GkUQHrEzh3FG5rMcE7Hg1sOQbXAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUIuvifW/bIF8+jus+2rbTtyV+qxEwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzRmNGViNGRiLWEwZTAtNDQzNS05MDZjLWRkMGFkZjVjNzgwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwQjYDANBgkqhkiG9w0BAQsFAAOCAQEAINUU/wTxKJKYE4eQhk3/3mdB0O8r
Lxg/Rsp71RpLJlz7MyJc7+RwRhQxlvsrEv3Xtynb8bN3i3itIG0MRiXGz5OWuV9k
h7GNYNs+JKqhpCZSgDDL2wLVg6LivnoYjiBhRgPsnZMvH1IAOLkdV0YRKJtuSuh9
cNfRkA7E2QIdl7CoPkXRpcHackBtRY131dmhQzwkR/9/9WBY3GqQh/ZxiuuS9n9X
QDHXenpxx+VvlYGAtdS2BqyclC/tNFfoFeoGqtL1il/d+SPjJMWBHGaZbKzB/C0r
leeKPEgSCGMK+CCx3yUAxt3ecyc3T0pg/N9o/v7clKXoCS04PjYApKy2yw==
-----END CERTIFICATE-----