Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/35ee84eb-a3bd-4d10-a2fc-4365e465df8a.roa
File:                     35ee84eb-a3bd-4d10-a2fc-4365e465df8a.roa (raw, json)
Hash identifier:          MKebsNf2aJLaCoz3fWDf6E9VGNZ68VKaAu9e0Lngg2c=
Subject key identifier:   1E:E7:05:DC:D9:59:21:11:CB:76:E0:83:8F:C3:14:A9:3D:FD:F1:F0
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2FCE0234B841255C39D0466093E42646B7481358
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/35ee84eb-a3bd-4d10-a2fc-4365e465df8a.roa
Signing time:             Mon 28 Apr 2025 20:28:21 +0000
ROA not before:           Mon 28 Apr 2025 20:28:21 +0000
ROA not after:            Mon 02 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 28 Apr 2025 20:43:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:ce:02:34:b8:41:25:5c:39:d0:46:60:93:e4:26:46:b7:48:13:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 28 20:28:21 2025 GMT
            Not After : Jun  2 23:59:59 2025 GMT
        Subject: serialNumber=f550ded8afba93ec9a259fafa902355e4aa41e3bbab13310b8ec0422e624a5aa, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:54:27:e1:2a:57:1b:79:40:6a:30:d3:2b:16:
                    a9:c2:67:0d:d3:fa:64:fb:06:f1:62:f8:b5:0f:13:
                    8d:9f:b0:a6:ea:74:e6:50:8a:ec:ac:57:0d:d7:ea:
                    65:c9:39:47:53:29:24:cf:c7:33:58:14:4e:0d:37:
                    ed:e8:ca:33:7f:da:50:eb:c1:82:3f:82:ae:ad:23:
                    56:20:0f:a8:72:fe:b7:62:41:0d:06:ad:5f:fd:89:
                    86:36:13:79:26:16:ac:c4:eb:67:86:f6:a4:2d:05:
                    2c:4c:f0:3a:ee:a0:f1:f4:f4:85:e2:a6:4d:30:e8:
                    27:4c:96:01:7f:ca:76:71:e1:41:1b:54:15:fd:12:
                    91:47:a5:d9:c6:89:0f:1f:28:c8:67:de:06:23:8d:
                    2b:f9:b0:c2:5b:4c:35:c9:df:12:71:c7:cc:2d:d2:
                    ed:28:7d:ce:9f:01:45:17:c3:6b:91:d5:c1:b2:8e:
                    42:16:48:f8:41:be:37:30:0e:12:8c:cc:5a:c1:16:
                    7a:6b:92:45:63:58:c2:e5:63:be:dc:69:f3:d7:e7:
                    a6:9b:68:14:20:38:96:fd:d4:6c:57:99:f3:7b:19:
                    f6:ab:eb:c9:be:eb:63:f8:88:46:70:7e:5b:28:54:
                    00:a4:98:db:25:3e:8f:b8:cf:b4:34:22:88:0e:3e:
                    98:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:E7:05:DC:D9:59:21:11:CB:76:E0:83:8F:C3:14:A9:3D:FD:F1:F0
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/35ee84eb-a3bd-4d10-a2fc-4365e465df8a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:6a:48:21:0c:f5:b5:1c:e0:a1:c4:33:d2:3d:5c:20:e9:3c:
         0c:24:da:51:e9:c1:43:f7:ba:c8:4e:31:c4:18:98:63:3a:c8:
         50:12:49:8e:d8:6f:45:fa:7b:18:96:88:16:1d:eb:55:f6:be:
         dc:92:5f:88:f7:e7:d4:30:fd:d0:3f:b2:ef:ac:3c:aa:d6:38:
         b7:56:08:30:9f:8e:aa:6f:13:c3:c5:d6:67:38:13:e0:1d:ec:
         18:d9:e8:c2:45:76:cb:a7:c9:3e:7c:33:29:23:1e:9c:17:82:
         de:53:10:18:71:fe:10:de:4b:ca:af:18:b8:65:a8:7e:c8:f3:
         53:bc:a0:5f:bc:92:1f:a0:78:45:a0:6f:c0:fe:22:85:25:51:
         2f:51:a8:be:ab:07:64:e1:44:ef:2f:9c:b3:6d:58:b9:18:07:
         c6:a7:07:f9:9e:81:49:df:ec:f0:81:b0:ed:c7:84:71:25:be:
         b0:a7:d1:40:75:b1:57:23:68:d1:66:5b:93:f0:9d:84:10:3f:
         01:6c:2c:75:56:21:e8:7e:a3:71:a6:d0:01:da:1f:b0:a3:ce:
         f0:50:22:55:d3:a3:33:46:ab:80:6a:07:e5:cf:54:36:46:c9:
         78:4e:03:e9:9e:ee:b0:fb:f6:97:4c:4e:3a:5f:b0:e1:c7:3f:
         9e:ba:6d:6f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL84CNLhBJVw50EZgk+QmRrdIE1gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDI4MjAyODIxWhcNMjUwNjAyMjM1OTU5
WjB6MUkwRwYDVQQFE0BmNTUwZGVkOGFmYmE5M2VjOWEyNTlmYWZhOTAyMzU1ZTRh
YTQxZTNiYmFiMTMzMTBiOGVjMDQyMmU2MjRhNWFhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDCVCfhKlcbeUBqMNMrFqnCZw3T+mT7BvFi+LUPE42fsKbq
dOZQiuysVw3X6mXJOUdTKSTPxzNYFE4NN+3oyjN/2lDrwYI/gq6tI1YgD6hy/rdi
QQ0GrV/9iYY2E3kmFqzE62eG9qQtBSxM8DruoPH09IXipk0w6CdMlgF/ynZx4UEb
VBX9EpFHpdnGiQ8fKMhn3gYjjSv5sMJbTDXJ3xJxx8wt0u0ofc6fAUUXw2uR1cGy
jkIWSPhBvjcwDhKMzFrBFnprkkVjWMLlY77cafPX56abaBQgOJb91GxXmfN7Gfar
68m+62P4iEZwflsoVACkmNslPo+4z7Q0IogOPpivAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHucF3NlZIRHLduCDj8MUqT398fAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM1ZWU4NGViLWEzYmQtNGQxMC1hMmZjLTQzNjVlNDY1ZGY4YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD5qSCEM9bUc4KHEM9I9XCDpPAwk
2lHpwUP3ushOMcQYmGM6yFASSY7Yb0X6exiWiBYd61X2vtySX4j359Qw/dA/su+s
PKrWOLdWCDCfjqpvE8PF1mc4E+Ad7BjZ6MJFdsunyT58MykjHpwXgt5TEBhx/hDe
S8qvGLhlqH7I81O8oF+8kh+geEWgb8D+IoUlUS9RqL6rB2ThRO8vnLNtWLkYB8an
B/megUnf7PCBsO3HhHElvrCn0UB1sVcjaNFmW5PwnYQQPwFsLHVWIeh+o3Gm0AHa
H7CjzvBQIlXTozNGq4BqB+XPVDZGyXhOA+me7rD79pdMTjpfsOHHP566bW8=
-----END CERTIFICATE-----