Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/39b91d95-f4f5-435d-9c01-8f6ccfe16e40.roa
File:                     39b91d95-f4f5-435d-9c01-8f6ccfe16e40.roa (raw, json)
Hash identifier:          gZePoHJTKJRP3Zc9TdNbWfjsVnrKw1J6YOJa4BqYJaw=
Subject key identifier:   B9:BF:46:55:4D:90:95:E4:97:D6:55:E2:BC:9D:DF:F0:EA:B2:8A:40
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0D4E0BDE029458F699076B25583C5D07B365C9B4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/39b91d95-f4f5-435d-9c01-8f6ccfe16e40.roa
Signing time:             Sat 03 May 2025 19:38:20 +0000
ROA not before:           Sat 03 May 2025 19:38:20 +0000
ROA not after:            Sat 07 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 03 May 2025 19:53:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:4e:0b:de:02:94:58:f6:99:07:6b:25:58:3c:5d:07:b3:65:c9:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May  3 19:38:20 2025 GMT
            Not After : Jun  7 23:59:59 2025 GMT
        Subject: serialNumber=1250fbf379b6e20d09edcf96c8461956a9fb3477b77cfd9e8687ff35c902170e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:92:d5:c8:46:02:4e:58:22:7c:0e:1f:3b:cf:
                    a2:60:55:a1:f6:58:16:c5:75:38:30:c0:87:36:a1:
                    ae:ae:41:e3:22:4b:57:fc:5b:24:f2:be:b9:a3:fd:
                    b2:25:ac:e6:c7:7b:a9:67:29:04:47:61:50:1d:df:
                    3a:c6:71:71:2e:64:83:f0:a5:a6:db:b7:2a:9a:bf:
                    90:0a:ab:2b:38:1d:f3:3f:ea:06:50:7d:96:a6:24:
                    f3:70:42:0b:83:4a:18:5d:bf:44:7f:cd:d7:84:60:
                    ff:31:06:ad:1d:dd:3e:a9:19:76:81:72:8b:6a:8f:
                    c6:20:28:6c:18:16:18:c4:b3:04:61:a3:74:45:d3:
                    07:fc:4c:2d:bb:fb:ea:2e:bb:16:39:bf:1e:c4:8c:
                    90:1c:6c:32:44:05:43:be:86:44:43:dd:65:78:22:
                    a1:1b:54:44:bf:9d:7e:21:f9:0f:8e:5f:5a:fa:35:
                    02:17:9d:39:3b:37:6a:bd:ba:22:bb:e1:56:0b:51:
                    0f:9b:73:6d:42:d4:97:48:a1:3a:b4:91:f5:9d:c5:
                    94:ed:82:67:c4:be:9f:1e:6a:27:ce:f2:81:c1:17:
                    0a:5a:6e:80:5d:d8:7c:d4:fc:e7:e6:5b:4a:13:a1:
                    65:3a:31:c0:33:87:e1:1c:b3:4a:67:a4:49:4f:0b:
                    b4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:BF:46:55:4D:90:95:E4:97:D6:55:E2:BC:9D:DF:F0:EA:B2:8A:40
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/39b91d95-f4f5-435d-9c01-8f6ccfe16e40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:53:03:d0:fd:ef:2a:16:f5:86:90:d9:9a:26:43:e8:aa:86:
         53:9d:fc:0a:df:ce:d5:bb:a7:6f:a5:77:11:c0:f1:11:c3:6e:
         cb:22:1a:cb:8a:9f:d9:7d:d9:67:7e:8b:af:16:ea:c2:65:da:
         30:17:c1:76:56:dd:2b:76:d3:82:9e:06:a8:82:fa:01:f2:74:
         a6:83:87:d0:af:9d:33:4f:21:f3:a9:51:5b:6a:d5:42:00:6f:
         ae:70:42:7f:78:86:95:30:63:89:36:92:7d:e9:a7:85:53:1f:
         13:90:07:f6:72:21:0c:e0:72:f7:1e:05:64:be:e3:95:8a:17:
         b7:e5:03:6e:f5:0c:66:1d:18:13:ca:63:c1:25:1e:58:18:29:
         c7:92:7c:00:1d:60:b0:f3:a5:38:4e:89:42:ad:bb:9c:ba:01:
         5f:af:7f:4f:09:d6:bb:07:ad:38:68:12:80:9d:d4:ae:a9:8a:
         ce:51:30:bc:7f:f7:46:a5:ed:15:f0:56:9a:3c:03:6f:3e:c9:
         5e:8b:01:83:66:77:b2:98:cf:73:0b:19:2e:b3:78:78:5b:1a:
         7b:09:84:a1:dc:58:d0:5a:bf:9c:35:82:10:68:09:0b:6c:c9:
         68:28:f2:87:a0:f0:d3:00:a8:61:7a:40:ba:f2:e2:26:91:55:
         31:f1:6d:f3
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDU4L3gKUWPaZB2slWDxdB7NlybQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTAzMTkzODIwWhcNMjUwNjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMjUwZmJmMzc5YjZlMjBkMDllZGNmOTZjODQ2MTk1NmE5
ZmIzNDc3Yjc3Y2ZkOWU4Njg3ZmYzNWM5MDIxNzBlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAktXIRgJOWCJ8Dh87z6JgVaH2WBbFdTgwwIc2oa6uQeMi
S1f8WyTyvrmj/bIlrObHe6lnKQRHYVAd3zrGcXEuZIPwpabbtyqav5AKqys4HfM/
6gZQfZamJPNwQguDShhdv0R/zdeEYP8xBq0d3T6pGXaBcotqj8YgKGwYFhjEswRh
o3RF0wf8TC27++ouuxY5vx7EjJAcbDJEBUO+hkRD3WV4IqEbVES/nX4h+Q+OX1r6
NQIXnTk7N2q9uiK74VYLUQ+bc21C1JdIoTq0kfWdxZTtgmfEvp8eaifO8oHBFwpa
boBd2HzU/OfmW0oToWU6McAzh+Ecs0pnpElPC7QrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUub9GVU2QleSX1lXivJ3f8OqyikAwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzM5YjkxZDk1LWY0ZjUtNDM1ZC05YzAxLThmNmNjZmUxNmU0MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGFTA9D97yoW9YaQ2ZomQ+iqhlOd
/ArfztW7p2+ldxHA8RHDbssiGsuKn9l92Wd+i68W6sJl2jAXwXZW3St204KeBqiC
+gHydKaDh9CvnTNPIfOpUVtq1UIAb65wQn94hpUwY4k2kn3pp4VTHxOQB/ZyIQzg
cvceBWS+45WKF7flA271DGYdGBPKY8ElHlgYKceSfAAdYLDzpThOiUKtu5y6AV+v
f08J1rsHrThoEoCd1K6pis5RMLx/90al7RXwVpo8A28+yV6LAYNmd7KYz3MLGS6z
eHhbGnsJhKHcWNBav5w1ghBoCQtsyWgo8oeg8NMAqGF6QLry4iaRVTHxbfM=
-----END CERTIFICATE-----