Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/67984c73-0b4a-4837-a81b-945dce080f06.roa
File:                     67984c73-0b4a-4837-a81b-945dce080f06.roa (raw, json)
Hash identifier:          d4kN+h0rd+HjeSMBHypGg0IPyhNVD4+tVkfUBcqd47o=
Subject key identifier:   6D:38:F1:7B:B2:8A:AF:36:19:CD:55:F7:CD:8E:8C:06:6A:3A:9F:DD
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       1846156F3D2C64706DB6C00D96A0F0EEDB0E2043
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/67984c73-0b4a-4837-a81b-945dce080f06.roa
Signing time:             Wed 04 Jun 2025 21:22:09 +0000
ROA not before:           Wed 04 Jun 2025 21:22:09 +0000
ROA not after:            Wed 09 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.0.0/20 maxlen: 24
Validation:               Failed, certificate revoked on Wed 04 Jun 2025 22:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:46:15:6f:3d:2c:64:70:6d:b6:c0:0d:96:a0:f0:ee:db:0e:20:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jun  4 21:22:09 2025 GMT
            Not After : Jul  9 23:59:59 2025 GMT
        Subject: serialNumber=bff13ff2290e41ef13a3d7bb1d5393fd780d2266cd613aff0a0d35e70c5d92a0, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ee:4d:d4:32:a3:8d:79:9a:8d:d6:3b:be:83:
                    35:7b:cc:62:d5:48:9b:51:ca:8e:6d:6b:54:c5:c4:
                    b5:24:f4:2c:15:a6:ab:a0:9e:74:a4:43:fe:0e:e0:
                    59:60:5a:cf:eb:91:7a:eb:54:05:54:c1:33:30:61:
                    3a:7b:d3:59:93:b7:92:08:03:1a:fd:c7:5c:17:0c:
                    5a:a3:13:cb:48:e7:de:88:b0:94:d9:4e:c2:2f:36:
                    76:55:18:77:3b:dc:4c:cf:ae:56:2f:bb:9c:24:37:
                    31:38:c5:26:22:fc:57:fe:39:8c:0f:ee:6b:c9:41:
                    95:3e:63:4f:c5:59:b4:14:10:ae:85:23:34:ec:76:
                    7f:4d:ef:eb:a1:44:38:85:a2:78:77:68:4f:1c:db:
                    f4:56:f5:7a:91:e5:42:e8:e0:4f:2f:07:58:04:3c:
                    7b:ee:3f:63:70:b3:55:36:f9:f8:99:c0:46:e1:68:
                    03:cb:7f:21:ff:ca:3e:3f:18:b4:6e:5f:59:7d:87:
                    51:c0:6d:f5:d8:84:cb:9b:66:2d:fa:38:ba:fb:d6:
                    00:f9:ea:9d:0c:34:71:d4:3b:a3:50:11:23:43:ef:
                    ac:62:a8:7a:6e:61:55:d6:ea:53:26:55:b6:45:3b:
                    8b:96:09:1a:3a:53:8e:92:bd:b8:26:c1:9d:1f:80:
                    b8:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:38:F1:7B:B2:8A:AF:36:19:CD:55:F7:CD:8E:8C:06:6A:3A:9F:DD
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/67984c73-0b4a-4837-a81b-945dce080f06.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         62:f6:19:c0:6b:ca:59:20:3c:0f:f8:a5:21:c1:d5:51:1b:47:
         ac:25:f0:4d:57:b6:39:c8:21:34:f7:69:61:55:6b:eb:37:bd:
         b1:e8:51:6d:b1:aa:60:98:e4:e8:cd:3a:4c:9f:1d:72:0a:fc:
         e8:49:fa:6e:96:a7:03:fd:4c:65:bd:e5:41:8b:93:5f:cf:51:
         47:84:30:f5:07:69:60:0e:b1:97:cb:2c:1c:83:f5:48:35:9e:
         4f:be:d6:8e:e0:99:62:2e:81:21:49:87:2f:60:da:3a:00:52:
         df:dc:a3:77:f5:d3:9a:08:e8:13:4e:1a:c2:39:71:92:93:4f:
         9f:23:4b:cc:4a:f4:36:38:14:a3:68:60:a8:01:ad:e2:fc:2c:
         ce:56:95:32:43:14:15:39:3d:b9:15:15:07:0a:2b:87:a6:a8:
         bb:36:aa:94:7d:95:79:89:b8:ac:7c:3f:6b:e4:08:e8:9f:fb:
         8d:e8:25:fa:18:86:38:1b:c0:92:46:10:42:95:50:3e:9c:6d:
         c5:7b:a7:97:64:3f:49:e6:4c:c0:c5:3e:15:bf:06:63:da:48:
         47:88:ee:ea:0c:5f:a8:85:05:e4:96:f4:e5:c0:2f:d5:25:df:
         98:32:f1:2e:b1:64:20:2a:59:43:ef:4c:36:81:79:34:dd:d2:
         1c:b7:aa:a2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGEYVbz0sZHBttsANlqDw7tsOIEMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNjA0MjEyMjA5WhcNMjUwNzA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmYxM2ZmMjI5MGU0MWVmMTNhM2Q3YmIxZDUzOTNmZDc4
MGQyMjY2Y2Q2MTNhZmYwYTBkMzVlNzBjNWQ5MmEwMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCf7k3UMqONeZqN1ju+gzV7zGLVSJtRyo5ta1TFxLUk9CwV
pqugnnSkQ/4O4FlgWs/rkXrrVAVUwTMwYTp701mTt5IIAxr9x1wXDFqjE8tI596I
sJTZTsIvNnZVGHc73EzPrlYvu5wkNzE4xSYi/Ff+OYwP7mvJQZU+Y0/FWbQUEK6F
IzTsdn9N7+uhRDiFonh3aE8c2/RW9XqR5ULo4E8vB1gEPHvuP2Nws1U2+fiZwEbh
aAPLfyH/yj4/GLRuX1l9h1HAbfXYhMubZi36OLr71gD56p0MNHHUO6NQESND76xi
qHpuYVXW6lMmVbZFO4uWCRo6U46SvbgmwZ0fgLhvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUbTjxe7KKrzYZzVX3zY6MBmo6n90wHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzY3OTg0YzczLTBiNGEtNDgzNy1hODFiLTk0NWRjZTA4MGYwNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAQjYAAwDQYJKoZIhvcNAQELBQADggEBAGL2GcBrylkgPA/4pSHB1VEbR6wl
8E1XtjnIITT3aWFVa+s3vbHoUW2xqmCY5OjNOkyfHXIK/OhJ+m6WpwP9TGW95UGL
k1/PUUeEMPUHaWAOsZfLLByD9Ug1nk++1o7gmWIugSFJhy9g2joAUt/co3f105oI
6BNOGsI5cZKTT58jS8xK9DY4FKNoYKgBreL8LM5WlTJDFBU5PbkVFQcKK4emqLs2
qpR9lXmJuKx8P2vkCOif+43oJfoYhjgbwJJGEEKVUD6cbcV7p5dkP0nmTMDFPhW/
BmPaSEeI7uoMX6iFBeSW9OXAL9Ul35gy8S6xZCAqWUPvTDaBeTTd0hy3qqI=
-----END CERTIFICATE-----