Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/34001b1b-ecba-4240-b153-50af33a6ec56.roa
File:                     34001b1b-ecba-4240-b153-50af33a6ec56.roa (raw, json)
Hash identifier:          +mWmA2vBAaQTozuJhhuHnbq/0TuoXSm7z/7yPQKdalA=
Subject key identifier:   A7:51:59:23:AA:0A:E5:79:B9:A7:9E:B2:8A:A3:F4:8D:D0:BF:A3:FB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       353A75E7133D8961691155C80D531E3BF2A57DC7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/34001b1b-ecba-4240-b153-50af33a6ec56.roa
Signing time:             Sat 05 Jul 2025 21:53:18 +0000
ROA not before:           Sat 05 Jul 2025 21:53:18 +0000
ROA not after:            Sat 09 Aug 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 05 Jul 2025 22:13:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:3a:75:e7:13:3d:89:61:69:11:55:c8:0d:53:1e:3b:f2:a5:7d:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  5 21:53:18 2025 GMT
            Not After : Aug  9 23:59:59 2025 GMT
        Subject: serialNumber=d7226816c9bb01750844a06cf6efc50fc8d38b53c4ffeddd65c8c05f1e282820, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:bc:24:b4:ea:27:c1:a7:a8:6e:6b:94:82:37:
                    4b:0f:ce:13:3b:9a:16:41:97:99:26:1a:bf:4d:9d:
                    a1:8e:b9:e8:3a:1e:b6:13:fd:06:ae:26:a3:3f:72:
                    4b:c2:0b:45:45:6f:a4:6a:fb:17:ec:4d:97:2c:22:
                    c8:27:19:d1:5e:51:2f:29:90:2b:eb:94:f4:39:c9:
                    b8:6e:3f:fe:ab:17:c1:b7:6b:26:25:e3:9a:32:e0:
                    18:40:fc:48:b3:b0:93:d7:3b:f9:0b:07:51:17:c9:
                    07:f4:56:c2:21:b2:df:c1:02:d0:19:dc:1a:de:77:
                    b3:9c:a2:25:d4:7a:ce:aa:e3:35:2e:0c:89:18:92:
                    16:f6:9c:22:da:c4:f1:99:1c:59:0e:82:f1:18:76:
                    c3:f2:ad:e7:ac:4b:29:b8:15:6b:5f:5a:da:1c:7f:
                    0f:28:1a:24:7e:84:c6:89:b8:7d:72:f3:c1:24:94:
                    33:0e:69:4d:5e:60:e1:9b:27:9a:69:0d:0b:0d:e8:
                    5b:25:d4:af:60:01:be:e6:47:c7:49:59:6b:08:33:
                    b1:49:14:e7:af:70:ad:9e:65:a0:07:ed:c7:68:ae:
                    48:a6:94:0a:37:85:88:80:9a:0f:88:bd:c2:4a:22:
                    c5:98:47:6a:2b:92:38:0f:41:ff:e8:f8:16:c5:8a:
                    ea:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:51:59:23:AA:0A:E5:79:B9:A7:9E:B2:8A:A3:F4:8D:D0:BF:A3:FB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/34001b1b-ecba-4240-b153-50af33a6ec56.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:b6:1f:68:c1:49:13:4b:d8:48:74:32:54:a9:d6:5e:44:c6:
         5f:68:33:9b:28:9e:8b:fb:e0:e5:1f:72:bc:68:ce:ae:91:f1:
         3d:02:23:a2:64:c3:62:a9:f0:bb:04:44:24:e7:ef:05:f6:74:
         54:d4:9f:8a:bb:40:a4:a4:3e:f5:29:8e:e5:4d:17:f3:05:45:
         78:e7:7d:55:cf:0b:d4:c5:c6:81:36:0c:02:8a:88:3b:d4:7b:
         f1:ac:cf:00:bc:42:3f:5f:1d:bd:17:dc:c5:27:14:e4:f7:fe:
         37:1c:11:57:8c:9e:75:89:fc:c8:8b:fd:c5:49:a6:cc:71:36:
         04:48:eb:3d:2a:8a:86:08:e0:37:3d:87:ee:a5:d4:48:a1:dd:
         29:84:b4:b9:02:b9:79:b0:c3:73:2d:96:a3:55:9c:87:2e:dd:
         4b:e6:06:d0:5f:34:d7:a9:6d:7c:d0:af:7b:a9:0c:32:d6:8c:
         8c:55:b1:d3:c9:bd:64:6a:6f:c9:7f:08:1c:bc:0d:d7:31:2e:
         62:c0:2e:1e:e1:c1:31:fa:44:d7:5c:f1:22:bf:ef:fe:57:3f:
         6c:7e:a9:b2:0e:e4:be:4d:46:9b:3e:c7:b0:50:c3:7e:56:e9:
         2d:26:ae:6f:a3:6b:de:e7:06:c8:d9:e6:41:ab:51:b7:9c:1f:
         da:41:5f:a6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNTp15xM9iWFpEVXIDVMeO/KlfccwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNzA1MjE1MzE4WhcNMjUwODA5MjM1OTU5
WjB6MUkwRwYDVQQFE0BkNzIyNjgxNmM5YmIwMTc1MDg0NGEwNmNmNmVmYzUwZmM4
ZDM4YjUzYzRmZmVkZGQ2NWM4YzA1ZjFlMjgyODIwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxvCS06ifBp6hua5SCN0sPzhM7mhZBl5kmGr9NnaGOueg6
HrYT/QauJqM/ckvCC0VFb6Rq+xfsTZcsIsgnGdFeUS8pkCvrlPQ5ybhuP/6rF8G3
ayYl45oy4BhA/EizsJPXO/kLB1EXyQf0VsIhst/BAtAZ3Bred7OcoiXUes6q4zUu
DIkYkhb2nCLaxPGZHFkOgvEYdsPyreesSym4FWtfWtocfw8oGiR+hMaJuH1y88Ek
lDMOaU1eYOGbJ5ppDQsN6Fsl1K9gAb7mR8dJWWsIM7FJFOevcK2eZaAH7cdorkim
lAo3hYiAmg+IvcJKIsWYR2orkjgPQf/o+BbFiuqRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUp1FZI6oK5Xm5p56yiqP0jdC/o/swHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM0MDAxYjFiLWVjYmEtNDI0MC1iMTUzLTUwYWYzM2E2ZWM1Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHO2H2jBSRNL2Eh0MlSp1l5Exl9o
M5sonov74OUfcrxozq6R8T0CI6Jkw2Kp8LsERCTn7wX2dFTUn4q7QKSkPvUpjuVN
F/MFRXjnfVXPC9TFxoE2DAKKiDvUe/GszwC8Qj9fHb0X3MUnFOT3/jccEVeMnnWJ
/MiL/cVJpsxxNgRI6z0qioYI4Dc9h+6l1Eih3SmEtLkCuXmww3MtlqNVnIcu3Uvm
BtBfNNepbXzQr3upDDLWjIxVsdPJvWRqb8l/CBy8DdcxLmLALh7hwTH6RNdc8SK/
7/5XP2x+qbIO5L5NRps+x7BQw35W6S0mrm+ja97nBsjZ5kGrUbecH9pBX6Y=
-----END CERTIFICATE-----