Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/23752717-b0a0-4f0a-9aa8-9741a0007df4.roa
File:                     23752717-b0a0-4f0a-9aa8-9741a0007df4.roa (raw, json)
Hash identifier:          MgMFVJX1lQ3dU3/Lfz2IZAFN/A5bMZhXpDfgzADxmUM=
Subject key identifier:   2A:BF:33:68:4A:DF:D4:45:12:E3:3D:C1:0E:85:1A:89:27:00:21:FE
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       CAEB53C0BFA3E080CCC3C6448E27FEB2CE1FE0
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/23752717-b0a0-4f0a-9aa8-9741a0007df4.roa
Signing time:             Mon 14 Apr 2025 04:28:18 +0000
ROA not before:           Mon 14 Apr 2025 04:28:18 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 14 Apr 2025 04:48:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ca:eb:53:c0:bf:a3:e0:80:cc:c3:c6:44:8e:27:fe:b2:ce:1f:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 14 04:28:18 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=72730f9b26f40405c99a117c81853f9b36a88ccc7571aa41d6d05eac56327dfa, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:27:f5:9a:44:94:59:1e:c5:c3:91:aa:ec:32:
                    8b:04:30:09:e4:31:03:2e:db:81:55:28:44:96:21:
                    3f:26:ed:f0:e5:b7:32:7e:55:6c:a3:66:27:33:2a:
                    d7:91:7b:da:6f:ef:46:9b:1f:9f:30:dd:e7:35:e3:
                    e7:82:cd:14:ed:b6:8b:91:00:30:1d:8a:eb:e9:bb:
                    f1:e8:cf:d1:0b:ef:10:83:5d:e2:49:b8:00:41:21:
                    7b:f4:31:1e:c7:0d:29:12:d6:38:7f:c8:13:06:76:
                    ac:94:93:2f:9a:72:1e:d6:31:e3:ec:99:d0:f1:63:
                    57:ef:f2:5d:0a:5a:5b:75:be:60:28:f0:29:30:87:
                    32:e6:ad:17:75:a5:16:33:bc:fc:50:3f:d4:c6:22:
                    40:fb:56:bb:05:97:11:37:31:e5:a9:0b:a2:43:6f:
                    96:a8:c2:0e:f3:10:f9:52:18:af:f4:ba:de:5c:44:
                    8f:8a:38:54:03:f1:81:eb:01:67:f4:6f:9b:c1:83:
                    84:c5:bb:72:37:df:fe:2d:67:bd:e5:13:9e:f9:8c:
                    0e:e3:6f:55:c4:df:eb:55:a3:6e:0f:d6:66:50:06:
                    d3:f4:c8:6a:f3:6c:38:2f:02:8c:b4:ab:87:cf:53:
                    b1:6d:7d:cd:65:60:a9:a7:89:de:b7:09:99:c4:2e:
                    91:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:BF:33:68:4A:DF:D4:45:12:E3:3D:C1:0E:85:1A:89:27:00:21:FE
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/23752717-b0a0-4f0a-9aa8-9741a0007df4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:2c:12:94:82:4d:45:9f:b5:f5:60:72:51:d2:0a:19:a9:ef:
         9b:17:f9:95:50:56:8d:5e:3d:8e:bd:7b:4d:18:ea:53:54:65:
         8e:92:22:8a:38:b9:dd:b7:e7:ac:03:55:e1:bf:5b:4f:13:85:
         70:a1:95:e5:6f:61:c5:d5:84:41:fa:f3:f2:ac:72:a5:44:73:
         e5:ae:16:89:2d:51:32:21:19:f2:23:88:5b:b5:ca:52:a1:45:
         dc:85:13:7c:c2:1d:f8:55:c9:c3:0c:54:bb:6b:3a:c6:30:9f:
         06:ce:a5:39:83:f4:49:c3:b5:b3:63:36:de:bd:ba:d1:37:76:
         f0:41:ce:98:62:38:88:04:92:2e:6d:e3:18:db:d5:05:f0:38:
         4a:c2:ab:e2:ae:88:78:92:e6:c5:aa:81:33:98:64:14:c0:77:
         c0:13:a7:82:1e:60:b2:d6:7d:33:48:eb:a4:40:83:65:37:c7:
         6f:1d:03:7f:c6:14:ef:28:b6:07:eb:8e:9d:ee:4f:52:1a:71:
         8f:b4:c0:26:35:01:87:aa:36:fa:22:04:d6:66:83:7f:55:52:
         ba:d8:d0:35:1a:31:a7:b5:37:1d:14:c9:ea:69:a7:d9:a6:7a:
         20:ed:bc:93:03:78:d0:0c:27:eb:f3:9c:46:26:14:2f:f5:3c:
         a3:61:10:92
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUAMrrU8C/o+CAzMPGRI4n/rLOH+AwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDE0MDQyODE4WhcNMjUwNTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3MjczMGY5YjI2ZjQwNDA1Yzk5YTExN2M4MTg1M2Y5YjM2
YTg4Y2NjNzU3MWFhNDFkNmQwNWVhYzU2MzI3ZGZhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCaJ/WaRJRZHsXDkarsMosEMAnkMQMu24FVKESWIT8m7fDl
tzJ+VWyjZiczKteRe9pv70abH58w3ec14+eCzRTttouRADAdiuvpu/Hoz9EL7xCD
XeJJuABBIXv0MR7HDSkS1jh/yBMGdqyUky+ach7WMePsmdDxY1fv8l0KWlt1vmAo
8CkwhzLmrRd1pRYzvPxQP9TGIkD7VrsFlxE3MeWpC6JDb5aowg7zEPlSGK/0ut5c
RI+KOFQD8YHrAWf0b5vBg4TFu3I33/4tZ73lE575jA7jb1XE3+tVo24P1mZQBtP0
yGrzbDgvAoy0q4fPU7Ftfc1lYKmnid63CZnELpHTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKr8zaErf1EUS4z3BDoUaiScAIf4wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIzNzUyNzE3LWIwYTAtNGYwYS05YWE4LTk3NDFhMDAwN2RmNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABcsEpSCTUWftfVgclHSChmp75sX
+ZVQVo1ePY69e00Y6lNUZY6SIoo4ud2356wDVeG/W08ThXChleVvYcXVhEH68/Ks
cqVEc+WuFoktUTIhGfIjiFu1ylKhRdyFE3zCHfhVycMMVLtrOsYwnwbOpTmD9EnD
tbNjNt69utE3dvBBzphiOIgEki5t4xjb1QXwOErCq+KuiHiS5sWqgTOYZBTAd8AT
p4IeYLLWfTNI66RAg2U3x28dA3/GFO8otgfrjp3uT1IacY+0wCY1AYeqNvoiBNZm
g39VUrrY0DUaMae1Nx0Uyeppp9mmeiDtvJMDeNAMJ+vznEYmFC/1PKNhEJI=
-----END CERTIFICATE-----