Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/25278478-3395-468a-8257-8a56ef436de6.roa
File:                     25278478-3395-468a-8257-8a56ef436de6.roa (raw, json)
Hash identifier:          hxd0pzW1Haju/zNg+Guw5xo+vXxPbL6Q7rmIO8moIOQ=
Subject key identifier:   71:E9:C7:F1:29:7D:DA:59:D7:AD:A1:11:20:B9:77:4E:22:CD:DF:C6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5CD11A67B1D7BF0F44D2BF418D9EE71E2EF2D8DE
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/25278478-3395-468a-8257-8a56ef436de6.roa
Signing time:             Tue 15 Apr 2025 06:08:17 +0000
ROA not before:           Tue 15 Apr 2025 06:08:17 +0000
ROA not after:            Tue 20 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 15 Apr 2025 06:23:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:d1:1a:67:b1:d7:bf:0f:44:d2:bf:41:8d:9e:e7:1e:2e:f2:d8:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 15 06:08:17 2025 GMT
            Not After : May 20 23:59:59 2025 GMT
        Subject: serialNumber=eb05371ff5bd9e33ef908fe0dc1fee82f34dcb60925ad059d79c6d80717050b8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ff:5b:11:d4:b9:0e:d1:39:08:94:78:42:1f:
                    d2:d6:52:06:8b:c1:15:e0:0e:a3:65:53:74:78:0f:
                    00:8f:e0:f6:52:c3:d1:e2:7a:e4:9d:39:42:bd:cc:
                    8b:17:49:1c:38:a2:e4:8f:51:64:90:af:c5:33:57:
                    44:28:6f:7a:61:2e:ff:5c:fd:cf:63:5c:d1:16:83:
                    a0:33:c6:a3:05:0a:42:fc:ce:3b:8a:78:46:ca:b5:
                    b4:19:79:6a:fe:22:df:f9:f5:ed:fd:fe:88:4f:2f:
                    d8:16:ad:f6:e4:81:2e:ee:ff:71:18:03:fc:d5:1a:
                    de:bb:7e:00:92:dc:b9:ed:d9:20:bf:89:99:d0:1b:
                    ce:36:50:78:0f:28:84:44:90:b5:e5:fc:72:c8:51:
                    be:0e:92:da:cf:1d:c7:92:85:d6:85:41:b6:99:6d:
                    e0:ff:58:1c:2c:21:11:dc:db:59:96:c8:5a:f8:f8:
                    cd:47:2e:65:02:fb:9b:f3:e7:e5:89:85:b3:d4:2e:
                    72:a3:6d:ef:54:b0:f3:09:e3:43:7e:eb:17:dc:07:
                    28:25:9f:48:b7:74:df:7f:f5:5a:06:09:01:4e:33:
                    b0:97:fc:b6:41:4e:8d:ea:4e:f2:70:2c:c5:ec:5c:
                    a6:e9:03:12:e6:1f:c9:ee:50:ca:90:ce:c7:e1:eb:
                    81:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:E9:C7:F1:29:7D:DA:59:D7:AD:A1:11:20:B9:77:4E:22:CD:DF:C6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/25278478-3395-468a-8257-8a56ef436de6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:70:4b:f7:27:f2:fa:24:b5:ef:92:35:78:d5:f6:84:f5:79:
         90:43:45:0b:9f:d0:a5:60:3e:a6:bd:f8:cf:ff:f3:42:ea:f5:
         56:65:8b:ec:12:43:f0:15:4e:36:99:bc:8d:55:42:98:cb:f1:
         8f:bf:c6:60:e3:76:cd:f8:f0:0c:f8:58:2f:ce:7f:48:dc:ae:
         4d:78:b2:e2:d4:1d:82:25:4f:dd:52:4e:3c:08:10:10:5b:5e:
         bb:a2:f2:91:a2:d9:3a:23:0d:92:30:ee:69:f3:6b:ac:24:80:
         1a:2e:76:3d:ee:9a:1c:77:f4:47:b0:6c:42:45:aa:fb:2f:e4:
         3d:cc:a6:25:15:5e:b1:9f:8a:f3:31:ea:d9:8b:86:d8:22:f7:
         b9:ce:01:bc:8c:03:d8:d2:85:76:bb:77:49:be:a7:f1:54:d0:
         00:d4:44:60:50:27:9c:70:e2:32:37:6c:ea:73:6a:26:0f:22:
         3e:6c:c7:c8:bc:52:80:3c:73:72:15:7a:36:aa:9a:39:bd:2b:
         ce:0c:18:66:4c:55:af:24:07:ad:4d:7a:f8:e6:81:83:30:b1:
         40:bb:37:b0:8b:69:bd:9a:db:8f:dd:13:d3:c1:c9:29:25:c7:
         58:f4:22:a7:be:b7:c1:49:b8:33:4c:13:e7:b2:bc:81:2c:c6:
         4d:8a:01:57
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXNEaZ7HXvw9E0r9BjZ7nHi7y2N4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDE1MDYwODE3WhcNMjUwNTIwMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjA1MzcxZmY1YmQ5ZTMzZWY5MDhmZTBkYzFmZWU4MmYz
NGRjYjYwOTI1YWQwNTlkNzljNmQ4MDcxNzA1MGI4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCz/1sR1LkO0TkIlHhCH9LWUgaLwRXgDqNlU3R4DwCP4PZS
w9HieuSdOUK9zIsXSRw4ouSPUWSQr8UzV0Qob3phLv9c/c9jXNEWg6AzxqMFCkL8
zjuKeEbKtbQZeWr+It/59e39/ohPL9gWrfbkgS7u/3EYA/zVGt67fgCS3Lnt2SC/
iZnQG842UHgPKIREkLXl/HLIUb4OktrPHceShdaFQbaZbeD/WBwsIRHc21mWyFr4
+M1HLmUC+5vz5+WJhbPULnKjbe9UsPMJ40N+6xfcBygln0i3dN9/9VoGCQFOM7CX
/LZBTo3qTvJwLMXsXKbpAxLmH8nuUMqQzsfh64GxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUcenH8Sl92lnXraERILl3TiLN38YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzI1Mjc4NDc4LTMzOTUtNDY4YS04MjU3LThhNTZlZjQzNmRlNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD9wS/cn8vokte+SNXjV9oT1eZBD
RQuf0KVgPqa9+M//80Lq9VZli+wSQ/AVTjaZvI1VQpjL8Y+/xmDjds348Az4WC/O
f0jcrk14suLUHYIlT91STjwIEBBbXrui8pGi2TojDZIw7mnza6wkgBoudj3umhx3
9EewbEJFqvsv5D3MpiUVXrGfivMx6tmLhtgi97nOAbyMA9jShXa7d0m+p/FU0ADU
RGBQJ5xw4jI3bOpzaiYPIj5sx8i8UoA8c3IVejaqmjm9K84MGGZMVa8kB61Nevjm
gYMwsUC7N7CLab2a24/dE9PBySklx1j0Iqe+t8FJuDNME+eyvIEsxk2KAVc=
-----END CERTIFICATE-----