Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/a80e1a1c-1ea0-4528-ac96-20c192fcc87a.roa
File:                     a80e1a1c-1ea0-4528-ac96-20c192fcc87a.roa (raw, json)
Hash identifier:          JEarkE/Bznt8B32sfAVX2Hh4iIfbo9u5TJXz+qr5KME=
Subject key identifier:   B4:CF:AB:40:A5:D1:A3:59:7D:F6:3B:B9:31:CF:53:87:22:AE:BC:84
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       2126632A5D664861478BFD0F976E62C22FF19E29
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/a80e1a1c-1ea0-4528-ac96-20c192fcc87a.roa
Signing time:             Wed 04 Jun 2025 00:50:34 +0000
ROA not before:           Wed 04 Jun 2025 00:50:34 +0000
ROA not after:            Wed 09 Jul 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.240.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 04 Jun 2025 22:37:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:26:63:2a:5d:66:48:61:47:8b:fd:0f:97:6e:62:c2:2f:f1:9e:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Jun  4 00:50:34 2025 GMT
            Not After : Jul  9 23:59:59 2025 GMT
        Subject: serialNumber=0bfbf63bf0528e11f8dc39bc43b95da28b12b8ff353f11a06ac649521e32ed3f, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:75:d6:5b:94:6a:90:aa:f5:9d:5d:1b:40:f8:
                    a2:cd:73:e4:60:64:c3:1b:6c:cc:1b:cc:e7:18:ee:
                    a5:2e:cc:d3:dd:e0:c7:c6:6a:ba:e5:8f:e8:dc:fa:
                    15:f4:cb:38:62:e6:69:6e:35:29:4f:2d:04:2c:81:
                    b2:94:c8:f7:9e:41:a3:30:4f:4d:29:f1:68:9b:d4:
                    e4:2e:b5:b1:8c:fc:e5:a1:30:52:ad:e5:78:17:2a:
                    2b:d0:0b:74:af:f3:9f:60:6f:ab:92:23:16:44:bb:
                    1f:7a:7c:33:de:48:e0:63:ae:4a:ec:5c:c0:96:ea:
                    a5:11:24:e2:3e:24:4b:eb:49:69:8d:05:0c:d7:dd:
                    5b:25:fe:66:98:21:7b:d2:0d:29:4c:42:9e:11:87:
                    5a:18:23:f9:81:d2:be:38:58:b3:81:f9:c9:e2:81:
                    cc:7f:97:10:f1:28:85:8c:1a:8e:a0:f6:3a:74:18:
                    5e:63:ad:d4:9e:25:92:f5:43:25:3b:0e:bf:ea:26:
                    4d:58:6f:c0:29:19:3a:39:a0:9a:8d:23:b5:5f:bc:
                    6f:b8:e4:0b:10:0b:99:7f:8e:40:38:93:67:c0:56:
                    eb:ec:67:84:cf:65:1b:f4:72:ac:b7:67:41:c6:d4:
                    43:20:4a:34:bb:bf:14:04:40:36:3e:e4:29:9d:72:
                    e5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:CF:AB:40:A5:D1:A3:59:7D:F6:3B:B9:31:CF:53:87:22:AE:BC:84
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/a80e1a1c-1ea0-4528-ac96-20c192fcc87a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:e8:12:8d:07:69:ca:47:84:5b:59:70:65:88:c7:cf:ce:22:
         ec:e4:e2:cd:17:00:84:cd:16:cb:ae:a8:68:f5:a6:24:f5:48:
         55:4c:b2:9a:b9:53:ac:44:d9:1a:6b:7e:4d:be:96:ef:39:87:
         62:7a:d1:87:63:3b:fe:55:15:81:da:1e:2a:6c:c1:ea:cf:75:
         4c:89:df:25:8a:e4:f6:2b:f7:0e:93:8e:4a:a9:c3:fb:0f:eb:
         22:b0:b1:2f:8f:07:9e:0b:86:b3:4f:ee:1a:1f:4e:b8:4f:81:
         82:96:a9:f0:64:67:77:a6:ad:5f:0f:84:47:60:96:0b:eb:e7:
         dc:4e:3c:a6:7f:f7:cb:3c:b4:8a:88:38:5b:f7:a5:5a:ad:63:
         e0:4f:6f:ab:19:69:eb:5f:e5:f0:09:dc:4f:64:7b:60:75:6a:
         b1:92:94:71:82:6f:aa:af:66:79:4e:9e:1d:2f:4f:48:e3:05:
         6d:3c:cc:4a:e5:8c:67:78:e9:55:17:e4:73:cf:e6:56:d0:eb:
         eb:93:37:17:10:18:de:f2:9c:ba:64:86:5d:ea:2d:0e:48:bc:
         81:f4:86:c9:78:6d:4d:1e:4b:45:e7:0d:2d:e2:a2:4a:ee:93:
         ff:c9:ca:04:e7:57:16:9d:83:c1:3b:bc:5c:10:8b:c5:c9:9e:
         8c:0d:c5:38
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUISZjKl1mSGFHi/0Pl25iwi/xnikwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUwNjA0MDA1MDM0WhcNMjUwNzA5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYmZiZjYzYmYwNTI4ZTExZjhkYzM5YmM0M2I5NWRhMjhi
MTJiOGZmMzUzZjExYTA2YWM2NDk1MjFlMzJlZDNmMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDRddZblGqQqvWdXRtA+KLNc+RgZMMbbMwbzOcY7qUuzNPd
4MfGarrlj+jc+hX0yzhi5mluNSlPLQQsgbKUyPeeQaMwT00p8Wib1OQutbGM/OWh
MFKt5XgXKivQC3Sv859gb6uSIxZEux96fDPeSOBjrkrsXMCW6qURJOI+JEvrSWmN
BQzX3Vsl/maYIXvSDSlMQp4Rh1oYI/mB0r44WLOB+cnigcx/lxDxKIWMGo6g9jp0
GF5jrdSeJZL1QyU7Dr/qJk1Yb8ApGTo5oJqNI7VfvG+45AsQC5l/jkA4k2fAVuvs
Z4TPZRv0cqy3Z0HG1EMgSjS7vxQEQDY+5CmdcuVZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUtM+rQKXRo1l99ju5Mc9ThyKuvIQwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyL2E4MGUxYTFjLTFlYTAtNDUyOC1hYzk2LTIwYzE5MmZjYzg3YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYPAwDQYJKoZIhvcNAQELBQADggEBACDoEo0HacpHhFtZcGWIx8/OIuzk
4s0XAITNFsuuqGj1piT1SFVMspq5U6xE2Rprfk2+lu85h2J60YdjO/5VFYHaHips
werPdUyJ3yWK5PYr9w6Tjkqpw/sP6yKwsS+PB54LhrNP7hofTrhPgYKWqfBkZ3em
rV8PhEdglgvr59xOPKZ/98s8tIqIOFv3pVqtY+BPb6sZaetf5fAJ3E9ke2B1arGS
lHGCb6qvZnlOnh0vT0jjBW08zErljGd46VUX5HPP5lbQ6+uTNxcQGN7ynLpkhl3q
LQ5IvIH0hsl4bU0eS0XnDS3iokruk//JygTnVxadg8E7vFwQi8XJnowNxTg=
-----END CERTIFICATE-----