Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/aa794bc2-e175-479a-bf37-44865d31aeaa.roa
File:                     aa794bc2-e175-479a-bf37-44865d31aeaa.roa (raw, json)
Hash identifier:          yVIase/qS46pNDFT/NduQqNFzfFrmJMHsZ8bxZInTzU=
Subject key identifier:   93:9D:B8:4C:76:46:D9:8C:D4:2E:81:1F:F6:B8:13:7A:1F:4F:BB:B0
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       68CAF3000EAFE16F301DB143501686D1E2F796
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/aa794bc2-e175-479a-bf37-44865d31aeaa.roa
Signing time:             Fri 16 May 2025 17:30:18 +0000
ROA not before:           Fri 16 May 2025 17:30:18 +0000
ROA not after:            Fri 20 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        35.96.248.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 04 Jun 2025 22:37:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:ca:f3:00:0e:af:e1:6f:30:1d:b1:43:50:16:86:d1:e2:f7:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: May 16 17:30:18 2025 GMT
            Not After : Jun 20 23:59:59 2025 GMT
        Subject: serialNumber=b7c5e9afbe9698af6a0525a57c307779d7af0424dda46fde62eeee2dd0adcf3c, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:af:87:24:c3:3a:86:22:28:e1:d1:20:bc:87:
                    7a:b3:9a:03:70:2f:79:7e:25:37:52:b3:16:b8:34:
                    8d:7a:6f:af:62:5b:53:11:1d:c6:aa:85:99:49:40:
                    67:68:8f:78:e9:20:cf:5d:20:e8:af:e5:33:5e:b4:
                    9c:75:dc:ee:06:6a:a6:dc:4f:a9:4c:fc:a9:27:fe:
                    ce:ac:c0:e7:94:03:23:b9:95:25:4e:3f:86:f0:2e:
                    23:43:0f:ec:3e:84:53:5c:1e:0e:d5:bc:5b:8b:8f:
                    d4:44:e4:a2:42:c3:a7:58:fb:3b:33:77:41:e7:01:
                    9b:a1:1d:5f:35:90:12:2c:f3:c0:61:e0:85:f6:f0:
                    9e:82:a5:76:fc:f7:cf:a8:4d:f1:f3:99:13:a2:82:
                    0f:ea:15:a1:6d:02:0c:f1:df:7b:0c:b0:4c:fd:09:
                    5f:6a:2e:30:d1:db:6a:ad:aa:d5:be:7a:6d:71:f4:
                    67:1f:a8:e4:fa:ca:51:18:ba:a5:73:43:81:06:3e:
                    20:40:10:7d:9e:45:8c:46:c4:de:8d:90:58:3a:f1:
                    08:cf:80:c9:cf:9e:eb:7a:fc:e3:6c:f1:93:7b:3f:
                    5b:df:93:4a:39:a8:c0:0a:5c:63:b9:26:dd:26:ae:
                    3e:9c:de:f1:96:9c:bf:89:52:36:07:c6:c8:b3:9a:
                    99:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:9D:B8:4C:76:46:D9:8C:D4:2E:81:1F:F6:B8:13:7A:1F:4F:BB:B0
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/aa794bc2-e175-479a-bf37-44865d31aeaa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4f:ab:23:c3:34:b4:02:36:c4:62:4a:1d:6e:61:52:a0:39:
         cc:ad:b6:5d:3b:77:87:b7:09:9f:ac:12:fa:b4:25:9d:25:a3:
         4a:30:6b:ee:07:f7:79:3a:56:00:9f:83:70:ef:80:57:c7:5c:
         49:79:05:df:bc:8b:dd:49:1f:59:1f:da:55:5a:0d:37:97:2d:
         57:5d:fb:28:42:95:70:59:ff:27:25:7a:63:2d:e6:f4:7d:06:
         16:2a:e7:5b:54:33:22:12:0e:86:3f:55:07:50:f8:db:48:13:
         1c:2c:40:9b:f5:4b:2f:c1:50:f7:b3:d0:63:14:40:f7:22:97:
         d5:c3:39:09:94:49:df:80:89:43:d8:49:21:47:e4:ec:1b:34:
         5e:25:64:b2:90:5c:66:c7:fb:d1:11:38:ba:93:0f:65:51:07:
         98:84:85:d7:1b:70:eb:d1:b1:43:32:2c:7a:95:63:87:50:a6:
         cb:1d:cf:f2:c3:06:87:59:72:ca:fe:7d:dc:94:23:d6:12:1f:
         d8:70:ff:80:8d:80:55:ef:3b:1d:66:bf:52:d5:d7:97:72:08:
         49:71:ad:57:05:e4:08:e2:2c:4c:04:40:b6:21:17:49:d0:31:
         3c:80:d2:0c:90:da:72:d9:85:17:d4:67:f7:f2:3a:02:ab:41:
         e2:60:82:b4
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgITaMrzAA6v4W8wHbFDUBaG0eL3ljANBgkqhkiG9w0BAQsF
ADA9MTswOQYDVQQDEzI5YWIwMTVmMzgyNmUwMTM1MTJhNDUyOThhNDJmMmJhYmEx
ZmE3MmY4ZDI3OTM4ODc4YzAeFw0yNTA1MTYxNzMwMThaFw0yNTA2MjAyMzU5NTla
MHoxSTBHBgNVBAUTQGI3YzVlOWFmYmU5Njk4YWY2YTA1MjVhNTdjMzA3Nzc5ZDdh
ZjA0MjRkZGE0NmZkZTYyZWVlZTJkZDBhZGNmM2MxLTArBgNVBAMTJDhjZDg0NDJm
LTIzNWYtNDE3MS04NGU2LThlMTAwN2E2NGM2MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALGvhyTDOoYiKOHRILyHerOaA3AveX4lN1KzFrg0jXpvr2Jb
UxEdxqqFmUlAZ2iPeOkgz10g6K/lM160nHXc7gZqptxPqUz8qSf+zqzA55QDI7mV
JU4/hvAuI0MP7D6EU1weDtW8W4uP1ETkokLDp1j7OzN3QecBm6EdXzWQEizzwGHg
hfbwnoKldvz3z6hN8fOZE6KCD+oVoW0CDPHfewywTP0JX2ouMNHbaq2q1b56bXH0
Zx+o5PrKURi6pXNDgQY+IEAQfZ5FjEbE3o2QWDrxCM+Ayc+e63r842zxk3s/W9+T
SjmowApcY7km3SauPpze8Zacv4lSNgfGyLOamYMCAwEAAaOCArEwggKtMB0GA1Ud
DgQWBBSTnbhMdkbZjNQugR/2uBN6H0+7sDAfBgNVHSMEGDAWgBRqzD59oudtmREP
1jnEE35CQplw2DAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHg
BggrBgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2Fy
aW4tcnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMv
MDM1NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzY3NTU5NzBjLTQ3
NDctNDk5ZC05Nzc0LTVlMTMwOGM1MDFhNy85YWIwMTVmMzgyNmUwMTM1MTJhNDUy
OThhNDJmMmJhYmExZmE3MmY4ZDI3OTM4ODc4Yy5jZXIwgZ4GCCsGAQUFBwELBIGR
MIGOMIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9lNzJkOGRiMC00NzI4LTRmYzEtYmRkOC00NzEx
Mjk4NjYzNjIvYWE3OTRiYzItZTE3NS00NzlhLWJmMzctNDQ4NjVkMzFhZWFhLnJv
YTCBiAYDVR0fBIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0
LTIuYW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgt
NDcxMTI5ODY2MzYyL2JnRTFFcVJTbUtRdks2dWgtbkw0MG5rNGg0dy5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEw
BgMEACNg+DANBgkqhkiG9w0BAQsFAAOCAQEALk+rI8M0tAI2xGJKHW5hUqA5zK22
XTt3h7cJn6wS+rQlnSWjSjBr7gf3eTpWAJ+DcO+AV8dcSXkF37yL3UkfWR/aVVoN
N5ctV137KEKVcFn/JyV6Yy3m9H0GFirnW1QzIhIOhj9VB1D420gTHCxAm/VLL8FQ
97PQYxRA9yKX1cM5CZRJ34CJQ9hJIUfk7Bs0XiVkspBcZsf70RE4upMPZVEHmISF
1xtw69GxQzIsepVjh1Cmyx3P8sMGh1lyyv593JQj1hIf2HD/gI2AVe87HWa/UtXX
l3IISXGtVwXkCOIsTARAtiEXSdAxPIDSDJDactmFF9Rn9/I6AqtB4mCCtA==
-----END CERTIFICATE-----