Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3647c1a3-f893-49ba-93c1-8480c7d724ac.roa
File:                     3647c1a3-f893-49ba-93c1-8480c7d724ac.roa (raw, json)
Hash identifier:          t8XAaFzz4m0BbcbpOFqsE/GYtSQRDx4DWM9zEXM82Bc=
Subject key identifier:   EB:3A:72:3E:10:53:15:81:32:BF:FA:05:C6:1D:6E:D7:9B:E9:74:E7
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1EFD8CA991DCD64344A8E7D9DAE4C7AF9C77ABAA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3647c1a3-f893-49ba-93c1-8480c7d724ac.roa
Signing time:             Sat 19 Apr 2025 15:28:15 +0000
ROA not before:           Sat 19 Apr 2025 15:28:15 +0000
ROA not after:            Sat 24 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 19 Apr 2025 15:48:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:fd:8c:a9:91:dc:d6:43:44:a8:e7:d9:da:e4:c7:af:9c:77:ab:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 19 15:28:15 2025 GMT
            Not After : May 24 23:59:59 2025 GMT
        Subject: serialNumber=2cc919505f442009204e75033c1161d08319ff089ce42e8cfa3ad679870177a1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5d:1b:53:0e:74:3a:17:fa:f1:da:53:01:29:
                    8e:77:f0:18:47:6a:f0:ca:68:01:06:75:e0:92:af:
                    87:0b:e2:15:fe:da:d0:45:5a:fc:ff:26:0c:c5:19:
                    b1:f6:05:c3:de:73:89:d6:31:4f:70:7f:12:e1:63:
                    72:e8:10:c0:d9:80:f7:30:27:20:cf:7a:de:40:96:
                    c1:88:25:c1:98:33:c2:cf:fa:37:a7:43:fc:5d:3e:
                    46:3d:dc:87:db:5c:f6:3c:5e:5d:18:9b:d2:6e:cf:
                    ee:aa:a6:5b:8d:1b:41:6e:c1:c4:f4:26:f9:c4:31:
                    bf:78:46:9e:00:69:80:1c:53:88:91:5a:bd:80:3b:
                    d2:66:a5:09:f5:7e:47:87:e1:1d:54:ba:ba:98:89:
                    bf:72:38:51:1e:d7:41:16:61:fb:15:b5:b2:ec:15:
                    0d:78:d4:1a:1b:e0:76:05:fa:d0:5a:bf:16:36:86:
                    42:ce:cb:ae:df:42:ff:91:32:61:87:07:05:4f:93:
                    79:61:5c:fa:57:b1:c9:99:af:42:6b:fa:f9:2a:e5:
                    ef:c7:b1:27:e8:39:d6:33:a9:88:07:a8:39:95:21:
                    d0:56:9f:98:17:0a:0e:a8:28:75:38:db:8a:cf:7e:
                    55:03:67:91:5e:5d:3e:dc:04:f1:d9:79:1e:ce:a1:
                    3e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:3A:72:3E:10:53:15:81:32:BF:FA:05:C6:1D:6E:D7:9B:E9:74:E7
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3647c1a3-f893-49ba-93c1-8480c7d724ac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:36:f2:b4:2b:a3:6e:f2:59:fd:70:33:61:24:eb:29:2e:c5:
         97:7f:94:20:7b:8d:ec:b4:7d:92:84:bf:e3:f6:6a:2b:6b:16:
         fa:73:16:99:04:1f:2d:c6:6e:c0:25:1e:2f:b7:c8:04:14:14:
         ec:5b:f3:44:c7:14:1e:c1:3d:cd:a3:4b:2d:11:c4:59:08:aa:
         22:a1:4c:b9:5d:e9:9f:8a:29:d0:c4:b9:6b:40:83:ee:96:60:
         a7:72:09:1e:e1:80:55:d7:6a:e1:06:cd:16:13:17:68:ae:c7:
         d8:7e:37:9b:ed:85:ff:64:63:a0:5c:de:44:cc:bf:1c:62:d7:
         80:4b:fa:c3:bf:97:2b:92:f3:df:cd:6f:7b:1b:fa:74:cb:37:
         2a:0d:0d:53:da:0d:fa:81:50:ca:f5:2d:28:41:13:2d:a9:2a:
         a5:26:d7:87:44:84:df:ba:a3:c1:42:42:04:10:c1:20:dd:b7:
         29:2d:44:e5:24:31:8a:95:b7:61:4e:c5:e6:8c:71:e5:e5:ef:
         ed:c9:cf:7a:7e:02:09:86:c1:9b:5a:54:c9:25:14:ca:51:a1:
         5c:42:70:8f:de:77:32:ff:b9:5e:d9:97:c3:fc:6a:2a:1c:32:
         4b:98:02:62:89:3c:5a:2e:c1:ba:fb:3c:71:e5:b1:bf:a5:d8:
         93:be:78:d3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHv2MqZHc1kNEqOfZ2uTHr5x3q6owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDE5MTUyODE1WhcNMjUwNTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyY2M5MTk1MDVmNDQyMDA5MjA0ZTc1MDMzYzExNjFkMDgz
MTlmZjA4OWNlNDJlOGNmYTNhZDY3OTg3MDE3N2ExMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQClXRtTDnQ6F/rx2lMBKY538BhHavDKaAEGdeCSr4cL4hX+
2tBFWvz/JgzFGbH2BcPec4nWMU9wfxLhY3LoEMDZgPcwJyDPet5AlsGIJcGYM8LP
+jenQ/xdPkY93IfbXPY8Xl0Ym9Juz+6qpluNG0FuwcT0JvnEMb94Rp4AaYAcU4iR
Wr2AO9JmpQn1fkeH4R1UurqYib9yOFEe10EWYfsVtbLsFQ141Bob4HYF+tBavxY2
hkLOy67fQv+RMmGHBwVPk3lhXPpXscmZr0Jr+vkq5e/HsSfoOdYzqYgHqDmVIdBW
n5gXCg6oKHU424rPflUDZ5FeXT7cBPHZeR7OoT6/AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6zpyPhBTFYEyv/oFxh1u15vpdOcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM2NDdjMWEzLWY4OTMtNDliYS05M2MxLTg0ODBjN2Q3MjRhYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF828rQro27yWf1wM2Ek6ykuxZd/
lCB7jey0fZKEv+P2aitrFvpzFpkEHy3GbsAlHi+3yAQUFOxb80THFB7BPc2jSy0R
xFkIqiKhTLld6Z+KKdDEuWtAg+6WYKdyCR7hgFXXauEGzRYTF2iux9h+N5vthf9k
Y6Bc3kTMvxxi14BL+sO/lyuS89/Nb3sb+nTLNyoNDVPaDfqBUMr1LShBEy2pKqUm
14dEhN+6o8FCQgQQwSDdtyktROUkMYqVt2FOxeaMceXl7+3Jz3p+AgmGwZtaVMkl
FMpRoVxCcI/edzL/uV7Zl8P8aiocMkuYAmKJPFouwbr7PHHlsb+l2JO+eNM=
-----END CERTIFICATE-----