Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/774e9637-4a6f-43d8-9f7c-257f8d6e400a.roa
File:                     774e9637-4a6f-43d8-9f7c-257f8d6e400a.roa (raw, json)
Hash identifier:          N9SQ01VS4+iXUGlmAfM+wZAMKBs034W6s6JfPIHDZSY=
Subject key identifier:   66:4E:93:3E:1B:86:E8:A2:9D:60:A3:19:25:90:9C:26:6B:9C:BC:C6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       71606B316C349650F4A2D11DCB6BEBD1A2A37C00
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/774e9637-4a6f-43d8-9f7c-257f8d6e400a.roa
Signing time:             Fri 18 Apr 2025 18:43:19 +0000
ROA not before:           Fri 18 Apr 2025 18:43:19 +0000
ROA not after:            Fri 23 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 18 Apr 2025 18:58:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:60:6b:31:6c:34:96:50:f4:a2:d1:1d:cb:6b:eb:d1:a2:a3:7c:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 18 18:43:19 2025 GMT
            Not After : May 23 23:59:59 2025 GMT
        Subject: serialNumber=eb61dbdbc1cd1f8147d75614e17f6c62d43d919ac5fdb1575d586ab1754579ab, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:4a:b2:5b:26:5e:00:a5:a3:84:71:cb:68:82:
                    c7:7f:8f:d3:11:1a:d7:9e:26:ff:a4:3d:72:bb:c6:
                    bc:1f:53:fc:b6:a4:6a:96:9f:48:eb:19:6d:fb:90:
                    37:c7:e6:3a:90:73:06:93:d7:40:59:9a:cf:de:66:
                    d9:64:27:c3:25:f1:0e:21:ff:df:a3:ed:73:65:0d:
                    d8:c5:cf:1a:62:06:da:0f:e8:94:55:33:32:10:c2:
                    54:9b:05:48:27:b1:70:f2:41:6f:6a:36:46:fe:83:
                    d6:5c:e3:bf:b0:56:f0:b3:4f:ce:4e:00:4b:e0:97:
                    68:e3:0d:da:96:1b:4d:a0:9b:0a:bf:69:24:54:78:
                    bc:03:de:9e:00:8f:c4:78:a9:5a:59:7d:9f:17:fb:
                    19:dc:e7:e4:72:91:49:54:80:d2:21:78:d9:6d:b5:
                    00:a7:e4:06:8b:56:fa:d8:6e:62:a8:ae:a5:36:e5:
                    78:3d:5e:e7:e9:73:af:70:da:fc:57:44:58:d5:8b:
                    00:24:a7:87:15:27:c3:00:cf:c4:ca:94:91:05:45:
                    99:e4:f7:04:1d:45:fe:da:13:5c:a8:79:db:d3:5a:
                    bc:93:69:46:4b:48:a3:f9:f9:0e:89:cf:15:2d:72:
                    37:c3:7b:43:94:de:8a:cd:6f:86:ce:b8:ba:50:dd:
                    15:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:4E:93:3E:1B:86:E8:A2:9D:60:A3:19:25:90:9C:26:6B:9C:BC:C6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/774e9637-4a6f-43d8-9f7c-257f8d6e400a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:ce:0e:e1:90:94:a9:d5:2e:39:55:c0:c9:d9:18:97:6f:ff:
         4f:b2:68:af:84:72:ee:29:7d:36:96:34:30:0c:db:1b:72:58:
         ed:fb:15:83:e4:bd:a1:5d:63:38:79:da:46:2f:f5:27:79:15:
         2b:87:53:4f:3e:7a:dc:e1:79:fa:b2:4f:fb:90:d4:36:69:14:
         39:ec:81:c8:77:c9:51:31:19:c8:1b:81:a8:b5:86:88:cb:cf:
         91:61:76:90:ea:ba:c4:64:5a:9c:4b:9f:fe:b6:0e:bf:ab:d9:
         37:7a:6e:e1:be:6e:5c:ed:78:2d:48:68:e9:bc:01:83:8a:99:
         43:69:4f:96:f5:fd:6d:65:19:94:1b:ca:35:b0:09:b1:a6:2f:
         b2:75:99:95:19:cb:0e:bd:cb:98:4e:2e:f6:05:4d:dc:66:35:
         80:fb:4c:3f:e1:bf:f6:df:86:75:75:e9:a5:69:c3:93:11:77:
         6e:90:0c:43:60:05:23:87:5e:de:be:8f:b6:d6:78:6d:e3:93:
         f5:2d:0a:24:b2:42:92:41:b0:6f:c4:2b:e4:14:bb:7d:55:b1:
         c2:5b:24:99:3f:d6:4e:72:cb:25:71:73:58:d6:87:ad:ff:7c:
         7c:e6:0c:ed:a6:48:6e:98:84:68:0a:1e:a2:d3:4f:e6:19:4b:
         35:09:f1:69
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcWBrMWw0llD0otEdy2vr0aKjfAAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDE4MTg0MzE5WhcNMjUwNTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjYxZGJkYmMxY2QxZjgxNDdkNzU2MTRlMTdmNmM2MmQ0
M2Q5MTlhYzVmZGIxNTc1ZDU4NmFiMTc1NDU3OWFiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDgSrJbJl4ApaOEcctogsd/j9MRGteeJv+kPXK7xrwfU/y2
pGqWn0jrGW37kDfH5jqQcwaT10BZms/eZtlkJ8Ml8Q4h/9+j7XNlDdjFzxpiBtoP
6JRVMzIQwlSbBUgnsXDyQW9qNkb+g9Zc47+wVvCzT85OAEvgl2jjDdqWG02gmwq/
aSRUeLwD3p4Aj8R4qVpZfZ8X+xnc5+RykUlUgNIheNlttQCn5AaLVvrYbmKorqU2
5Xg9Xufpc69w2vxXRFjViwAkp4cVJ8MAz8TKlJEFRZnk9wQdRf7aE1yoedvTWryT
aUZLSKP5+Q6JzxUtcjfDe0OU3orNb4bOuLpQ3RUTAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZk6TPhuG6KKdYKMZJZCcJmucvMYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2Lzc3NGU5NjM3LTRhNmYtNDNkOC05ZjdjLTI1N2Y4ZDZlNDAwYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFbODuGQlKnVLjlVwMnZGJdv/0+y
aK+Ecu4pfTaWNDAM2xtyWO37FYPkvaFdYzh52kYv9Sd5FSuHU08+etzhefqyT/uQ
1DZpFDnsgch3yVExGcgbgai1hojLz5FhdpDqusRkWpxLn/62Dr+r2Td6buG+blzt
eC1IaOm8AYOKmUNpT5b1/W1lGZQbyjWwCbGmL7J1mZUZyw69y5hOLvYFTdxmNYD7
TD/hv/bfhnV16aVpw5MRd26QDENgBSOHXt6+j7bWeG3jk/UtCiSyQpJBsG/EK+QU
u31VscJbJJk/1k5yyyVxc1jWh63/fHzmDO2mSG6YhGgKHqLTT+YZSzUJ8Wk=
-----END CERTIFICATE-----