Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/38d15e26-6ebe-449a-b7be-c9b5bc9aa2d8.roa
File:                     38d15e26-6ebe-449a-b7be-c9b5bc9aa2d8.roa (raw, json)
Hash identifier:          kpcHmPRlgCKMD8V1udWs5Pnin4QVnBVwFElaGfhnKSE=
Subject key identifier:   3D:EE:C2:ED:2E:D5:DB:2B:35:20:F7:41:61:CD:D9:4A:8B:FA:25:7F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1887AEDE4947435D9F606348ED5E2A6AFD66CA71
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/38d15e26-6ebe-449a-b7be-c9b5bc9aa2d8.roa
Signing time:             Wed 23 Apr 2025 23:23:18 +0000
ROA not before:           Wed 23 Apr 2025 23:23:18 +0000
ROA not after:            Wed 28 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 23 Apr 2025 23:43:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:87:ae:de:49:47:43:5d:9f:60:63:48:ed:5e:2a:6a:fd:66:ca:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 23 23:23:18 2025 GMT
            Not After : May 28 23:59:59 2025 GMT
        Subject: serialNumber=a835d6654a9fd3c359c6a32fa2a29d522ae7643544861cbdc4008e62d31a89cb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d2:11:9f:1b:07:db:73:78:b1:c5:41:79:ea:
                    de:36:bf:82:17:6d:1f:21:79:69:4a:6d:6c:f5:fc:
                    a1:ca:23:60:cb:48:b0:35:e5:15:a2:0e:cc:38:57:
                    86:9d:5d:d8:58:3c:ae:cc:7c:ed:7c:3e:8b:09:82:
                    20:b8:b6:06:49:44:26:c9:4a:6a:ad:5e:c0:d9:71:
                    1b:7c:ab:15:af:cd:3b:e7:3a:fd:93:3d:87:17:a3:
                    d0:93:72:ed:4b:96:02:f2:a7:6b:ca:23:08:d9:7d:
                    cb:d1:8b:0e:08:0b:3c:75:79:e6:a2:95:a8:26:8c:
                    a7:d5:b7:98:bd:59:0c:c8:df:29:e7:04:cc:92:a9:
                    88:81:63:64:c9:31:dd:5b:24:89:40:b3:a7:56:1a:
                    02:c7:42:a2:d6:14:c2:f8:5f:18:a0:4f:ca:99:bf:
                    c4:18:fa:50:4a:e2:aa:00:99:38:67:01:05:b4:1f:
                    be:20:e5:46:f4:76:9b:5e:d4:76:92:dc:ae:0b:4a:
                    05:ea:af:d4:04:7d:59:72:5a:6a:e2:c0:77:c9:96:
                    82:c4:23:48:3d:76:87:51:f9:92:da:b5:1f:08:3b:
                    f9:55:1c:ca:18:46:b4:bd:eb:f8:2e:7e:bb:44:57:
                    b7:98:8c:e2:4c:f6:e4:6a:aa:94:15:41:d7:6c:5a:
                    3a:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:EE:C2:ED:2E:D5:DB:2B:35:20:F7:41:61:CD:D9:4A:8B:FA:25:7F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/38d15e26-6ebe-449a-b7be-c9b5bc9aa2d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:e8:d1:13:cf:67:a2:ce:b2:e2:2f:5a:fd:d0:8d:47:0d:59:
         b2:c1:a5:09:9c:8f:8f:4c:89:0c:2d:4b:e9:d6:b5:aa:68:25:
         e0:eb:7b:b3:ea:31:00:aa:ce:20:f9:2d:5b:b7:1b:46:ab:89:
         63:02:c8:42:cc:41:cf:c8:2d:9c:cd:56:c2:6c:1d:54:5c:e6:
         25:42:e2:81:27:a4:c4:62:13:0d:a1:b0:be:74:7b:b8:44:e3:
         e9:d2:ff:89:b4:1b:52:8a:24:1d:09:e2:8c:0f:8b:36:0b:c3:
         10:4a:49:bd:ad:f4:53:17:00:64:66:04:d2:2d:04:92:5a:12:
         e0:33:6b:ae:b1:bd:e7:7e:b6:90:bd:bb:1b:e2:3d:bc:da:61:
         7e:30:46:83:86:2a:73:a0:ed:bb:ae:6b:ee:2e:be:a6:04:31:
         fa:c0:de:29:60:b9:1a:29:2e:9f:e0:d3:62:76:79:4f:42:f0:
         e6:42:de:8c:eb:54:30:73:43:ef:92:da:bc:15:c6:fd:bd:70:
         a0:78:af:93:73:dd:e5:ac:a5:80:f1:53:20:b6:8e:55:61:fe:
         79:bc:c5:20:9e:ed:f1:f7:0f:a8:50:26:03:dd:9e:63:5c:70:
         8a:70:bd:85:7c:af:f8:62:7d:97:5b:3e:3e:86:bf:07:33:eb:
         c3:ff:ab:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGIeu3klHQ12fYGNI7V4qav1mynEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDIzMjMyMzE4WhcNMjUwNTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0BhODM1ZDY2NTRhOWZkM2MzNTljNmEzMmZhMmEyOWQ1MjJh
ZTc2NDM1NDQ4NjFjYmRjNDAwOGU2MmQzMWE4OWNiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCR0hGfGwfbc3ixxUF56t42v4IXbR8heWlKbWz1/KHKI2DL
SLA15RWiDsw4V4adXdhYPK7MfO18PosJgiC4tgZJRCbJSmqtXsDZcRt8qxWvzTvn
Ov2TPYcXo9CTcu1LlgLyp2vKIwjZfcvRiw4ICzx1eeailagmjKfVt5i9WQzI3ynn
BMySqYiBY2TJMd1bJIlAs6dWGgLHQqLWFML4XxigT8qZv8QY+lBK4qoAmThnAQW0
H74g5Ub0dpte1HaS3K4LSgXqr9QEfVlyWmriwHfJloLEI0g9dodR+ZLatR8IO/lV
HMoYRrS96/gufrtEV7eYjOJM9uRqqpQVQddsWjr7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPe7C7S7V2ys1IPdBYc3ZSov6JX8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM4ZDE1ZTI2LTZlYmUtNDQ5YS1iN2JlLWM5YjViYzlhYTJkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKTo0RPPZ6LOsuIvWv3QjUcNWbLB
pQmcj49MiQwtS+nWtapoJeDre7PqMQCqziD5LVu3G0ariWMCyELMQc/ILZzNVsJs
HVRc5iVC4oEnpMRiEw2hsL50e7hE4+nS/4m0G1KKJB0J4owPizYLwxBKSb2t9FMX
AGRmBNItBJJaEuAza66xved+tpC9uxviPbzaYX4wRoOGKnOg7buua+4uvqYEMfrA
3ilguRopLp/g02J2eU9C8OZC3ozrVDBzQ++S2rwVxv29cKB4r5Nz3eWspYDxUyC2
jlVh/nm8xSCe7fH3D6hQJgPdnmNccIpwvYV8r/hifZdbPj6Gvwcz68P/q+k=
-----END CERTIFICATE-----