Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4af6a7a0-da59-47e3-ac6d-0729d3396916.roa
File:                     4af6a7a0-da59-47e3-ac6d-0729d3396916.roa (raw, json)
Hash identifier:          mt1gCQboJAb0mQJdOz+6G6FpEKtcEdjjVZAy+KLbl7Q=
Subject key identifier:   4D:E6:00:B1:3E:A3:63:80:26:00:EC:FA:A5:46:F1:47:29:F2:9D:43
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7BA34BF322A8CDD005567DF326D337F0774768F8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4af6a7a0-da59-47e3-ac6d-0729d3396916.roa
Signing time:             Sat 03 May 2025 14:58:16 +0000
ROA not before:           Sat 03 May 2025 14:58:16 +0000
ROA not after:            Sat 07 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 03 May 2025 15:18:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:a3:4b:f3:22:a8:cd:d0:05:56:7d:f3:26:d3:37:f0:77:47:68:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May  3 14:58:16 2025 GMT
            Not After : Jun  7 23:59:59 2025 GMT
        Subject: serialNumber=f418a3535295cc1d030513a3d7cf741dedb91f913470d272d622e94c3f229ace, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:90:21:4e:bb:35:d6:14:4e:f5:75:98:09:bc:
                    91:2c:0b:f5:68:62:fc:ee:04:e3:46:0b:32:dd:f0:
                    fd:1e:8f:83:6f:5d:28:3b:2e:fb:fb:5b:bd:9f:31:
                    ce:11:32:74:34:c1:62:44:d5:9b:e4:ce:a1:ed:69:
                    de:b7:2f:03:9f:67:87:66:d2:1f:ac:34:17:ea:54:
                    62:2a:d3:46:8d:43:44:9e:4a:93:f3:1b:e8:9f:32:
                    9d:5c:da:a7:c5:b1:a0:b1:c5:d1:42:cf:79:35:50:
                    49:9c:bc:a9:0e:3e:dc:3a:6a:12:e1:51:49:e9:54:
                    8f:5a:4e:3e:37:6a:9b:a0:69:d3:13:4f:69:5a:4a:
                    ac:c5:2d:3f:c3:a4:ad:71:32:10:80:fd:6c:25:b1:
                    db:78:82:f9:b0:b1:ce:23:82:4f:00:1b:02:f1:15:
                    e5:7b:c4:13:68:fd:59:c3:47:ca:1d:95:b7:65:34:
                    e5:0b:84:bd:f0:ef:cd:e1:bd:d1:ad:b7:3b:ec:a5:
                    5d:28:2d:11:cd:19:d2:1b:9b:16:c0:6f:71:85:fb:
                    a0:2c:ff:f1:ba:c0:b2:55:4b:49:29:55:90:36:e4:
                    89:5d:b5:cf:cb:48:a9:52:9f:b4:6d:2d:d4:48:a3:
                    32:52:d2:5b:ce:b8:dd:ac:d5:38:9f:1e:18:d2:4d:
                    7c:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:E6:00:B1:3E:A3:63:80:26:00:EC:FA:A5:46:F1:47:29:F2:9D:43
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4af6a7a0-da59-47e3-ac6d-0729d3396916.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:5d:16:b4:b6:e4:64:c8:75:7b:50:b5:72:6d:0c:67:d7:c6:
         c7:61:cb:c3:e1:40:72:d2:48:9a:08:7a:c0:98:06:18:e7:02:
         af:dd:99:2f:ff:eb:b2:05:2d:fc:cc:21:35:18:2a:50:c8:2f:
         e8:9e:70:b7:93:c9:bf:c9:ad:0d:6f:d1:d4:ec:dd:73:ce:7b:
         d7:a6:8e:95:18:d3:96:a2:ac:b1:5b:5d:89:6b:9b:2d:70:a8:
         cf:59:5f:bb:65:e1:09:9f:33:22:b9:91:d9:b3:d9:51:06:5f:
         68:78:8b:2f:f3:84:89:55:2b:28:a4:68:98:eb:e1:f9:e0:c5:
         5c:bf:ce:81:1d:8b:73:be:27:3f:79:11:bc:f9:4f:c4:fe:e4:
         cd:68:62:53:c6:2d:c6:d7:f7:2d:58:16:2a:52:02:5f:e6:76:
         b1:df:db:04:6b:08:f8:27:ec:7a:e1:7e:74:3e:b8:9f:21:3c:
         60:64:bb:76:ef:29:5f:f3:74:60:4f:a8:37:93:cf:06:4e:4d:
         0b:a8:7d:4f:1a:4d:41:b1:b4:dd:b2:44:56:1a:a6:f0:50:08:
         8c:ac:1a:b4:88:c4:67:5a:e5:56:23:83:f3:18:b1:35:3b:16:
         37:fd:fb:60:6b:4a:34:fd:64:99:32:cc:4e:6f:72:7f:86:cd:
         a3:1d:97:da
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUe6NL8yKozdAFVn3zJtM38HdHaPgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTAzMTQ1ODE2WhcNMjUwNjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BmNDE4YTM1MzUyOTVjYzFkMDMwNTEzYTNkN2NmNzQxZGVk
YjkxZjkxMzQ3MGQyNzJkNjIyZTk0YzNmMjI5YWNlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDXkCFOuzXWFE71dZgJvJEsC/VoYvzuBONGCzLd8P0ej4Nv
XSg7Lvv7W72fMc4RMnQ0wWJE1ZvkzqHtad63LwOfZ4dm0h+sNBfqVGIq00aNQ0Se
SpPzG+ifMp1c2qfFsaCxxdFCz3k1UEmcvKkOPtw6ahLhUUnpVI9aTj43apugadMT
T2laSqzFLT/DpK1xMhCA/Wwlsdt4gvmwsc4jgk8AGwLxFeV7xBNo/VnDR8odlbdl
NOULhL3w783hvdGttzvspV0oLRHNGdIbmxbAb3GF+6As//G6wLJVS0kpVZA25Ild
tc/LSKlSn7RtLdRIozJS0lvOuN2s1TifHhjSTXyDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTeYAsT6jY4AmAOz6pUbxRynynUMwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRhZjZhN2EwLWRhNTktNDdlMy1hYzZkLTA3MjlkMzM5NjkxNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADddFrS25GTIdXtQtXJtDGfXxsdh
y8PhQHLSSJoIesCYBhjnAq/dmS//67IFLfzMITUYKlDIL+iecLeTyb/JrQ1v0dTs
3XPOe9emjpUY05airLFbXYlrmy1wqM9ZX7tl4QmfMyK5kdmz2VEGX2h4iy/zhIlV
KyikaJjr4fngxVy/zoEdi3O+Jz95Ebz5T8T+5M1oYlPGLcbX9y1YFipSAl/mdrHf
2wRrCPgn7HrhfnQ+uJ8hPGBku3bvKV/zdGBPqDeTzwZOTQuofU8aTUGxtN2yRFYa
pvBQCIysGrSIxGda5VYjg/MYsTU7Fjf9+2BrSjT9ZJkyzE5vcn+GzaMdl9o=
-----END CERTIFICATE-----