Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f6bac0b-cd7d-4d39-bf3e-d382d62ab38c.roa
File:                     5f6bac0b-cd7d-4d39-bf3e-d382d62ab38c.roa (raw, json)
Hash identifier:          oO/HBeMCa6uJLOEMZnDmoKh7gujeyLVHPV1zISZTijc=
Subject key identifier:   82:E4:26:3D:9E:14:D7:9E:63:7D:FF:A3:8F:CE:A6:A0:09:18:9F:C3
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5D5F2AE07924DB2669BF96AE723B0385AFDA9D4D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f6bac0b-cd7d-4d39-bf3e-d382d62ab38c.roa
Signing time:             Wed 30 Apr 2025 15:53:21 +0000
ROA not before:           Wed 30 Apr 2025 15:53:21 +0000
ROA not after:            Wed 04 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 30 Apr 2025 16:13:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:5f:2a:e0:79:24:db:26:69:bf:96:ae:72:3b:03:85:af:da:9d:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 30 15:53:21 2025 GMT
            Not After : Jun  4 23:59:59 2025 GMT
        Subject: serialNumber=bfecc554eeb4b102e8191d31a2272541027b80315ffd7550562eb3c1e4598663, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a0:d9:f8:18:0a:06:eb:b8:3d:e0:7e:ee:38:
                    3b:21:29:18:35:d8:47:5d:36:08:18:2c:66:ae:9e:
                    26:f9:a8:73:cb:5b:1a:bd:e4:da:f8:64:8b:51:4c:
                    96:d2:53:bf:04:00:cf:c0:4e:34:b8:cd:79:95:d9:
                    db:5b:9e:4c:ca:4c:ca:a6:df:79:27:a7:ab:25:a7:
                    13:51:85:38:b3:bd:eb:cd:51:5f:15:34:98:78:bb:
                    25:2a:6e:a9:51:a9:2c:51:2e:49:54:b5:1d:ff:81:
                    31:5a:17:a8:a4:0e:1c:8f:55:c8:4e:1f:2e:df:d3:
                    69:89:48:74:b7:9f:c1:4e:b3:8a:e1:01:81:5b:14:
                    08:43:83:4e:60:50:13:ac:c6:56:cc:9f:78:08:35:
                    26:f8:e0:65:25:66:12:b6:b8:b7:b2:2b:05:91:e2:
                    e2:bf:c5:ba:2b:6d:f5:50:88:fd:51:0b:e7:cb:c0:
                    fe:15:11:f8:44:87:da:b7:d9:ce:1e:af:82:92:bb:
                    e9:a2:95:2e:eb:48:b2:62:06:54:6f:b2:fd:d5:fd:
                    4f:18:53:eb:31:9c:50:92:5c:5c:01:b2:0e:4f:33:
                    64:4f:38:2a:94:66:81:b9:52:02:e0:46:35:a1:8f:
                    65:2c:2a:ae:53:ac:5f:13:17:b8:a6:93:07:99:0e:
                    91:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:E4:26:3D:9E:14:D7:9E:63:7D:FF:A3:8F:CE:A6:A0:09:18:9F:C3
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5f6bac0b-cd7d-4d39-bf3e-d382d62ab38c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:58:e2:5c:9a:8f:50:8e:af:69:4a:9d:51:25:b4:23:67:f7:
         d8:89:45:7c:b4:29:fe:c6:86:69:98:a9:e2:ca:96:19:8d:5b:
         bf:e8:4a:ba:69:75:95:7f:2b:f8:42:59:a4:8b:fe:98:e4:27:
         1c:51:0c:1e:13:3d:de:9b:b4:6d:ab:61:f8:f2:43:c8:69:f0:
         44:3b:3d:c1:c6:17:30:31:ad:c8:86:81:9d:e3:e5:49:08:56:
         44:e3:92:22:56:bd:ba:87:fe:0d:51:3e:5d:71:77:89:1d:35:
         c9:50:98:a6:30:dc:f8:e2:cc:62:07:bc:1e:b6:18:7b:5f:46:
         c1:40:8c:2b:c5:3f:8b:f9:4d:4a:c3:2d:72:bb:ba:9f:ae:85:
         44:5b:61:f1:5a:84:33:b2:32:7d:5f:22:ef:3a:81:1e:70:e7:
         6d:f3:a1:04:d3:41:b0:6b:ed:ec:9c:9e:02:88:8c:36:e3:26:
         52:ab:24:b1:ff:9a:94:25:f9:15:ec:8e:d0:34:e5:19:1b:db:
         33:c3:8a:70:59:b9:06:e7:5b:1c:f5:38:67:04:a0:73:ac:94:
         95:2a:24:a8:6c:2c:6a:f8:b4:35:b7:41:af:56:c2:09:37:bf:
         ae:3a:ce:4d:c1:bc:0b:bf:19:c0:c8:2e:4d:52:4b:79:32:c3:
         5b:60:23:e7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXV8q4Hkk2yZpv5aucjsDha/anU0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDMwMTU1MzIxWhcNMjUwNjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0BiZmVjYzU1NGVlYjRiMTAyZTgxOTFkMzFhMjI3MjU0MTAy
N2I4MDMxNWZmZDc1NTA1NjJlYjNjMWU0NTk4NjYzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCvoNn4GAoG67g94H7uODshKRg12EddNggYLGaunib5qHPL
Wxq95Nr4ZItRTJbSU78EAM/ATjS4zXmV2dtbnkzKTMqm33knp6slpxNRhTizvevN
UV8VNJh4uyUqbqlRqSxRLklUtR3/gTFaF6ikDhyPVchOHy7f02mJSHS3n8FOs4rh
AYFbFAhDg05gUBOsxlbMn3gINSb44GUlZhK2uLeyKwWR4uK/xborbfVQiP1RC+fL
wP4VEfhEh9q32c4er4KSu+milS7rSLJiBlRvsv3V/U8YU+sxnFCSXFwBsg5PM2RP
OCqUZoG5UgLgRjWhj2UsKq5TrF8TF7imkweZDpG3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUguQmPZ4U155jff+jj86moAkYn8MwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVmNmJhYzBiLWNkN2QtNGQzOS1iZjNlLWQzODJkNjJhYjM4Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADZY4lyaj1COr2lKnVEltCNn99iJ
RXy0Kf7GhmmYqeLKlhmNW7/oSrppdZV/K/hCWaSL/pjkJxxRDB4TPd6btG2rYfjy
Q8hp8EQ7PcHGFzAxrciGgZ3j5UkIVkTjkiJWvbqH/g1RPl1xd4kdNclQmKYw3Pji
zGIHvB62GHtfRsFAjCvFP4v5TUrDLXK7up+uhURbYfFahDOyMn1fIu86gR5w523z
oQTTQbBr7eycngKIjDbjJlKrJLH/mpQl+RXsjtA05Rkb2zPDinBZuQbnWxz1OGcE
oHOslJUqJKhsLGr4tDW3Qa9Wwgk3v646zk3BvAu/GcDILk1SS3kyw1tgI+c=
-----END CERTIFICATE-----