Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e3e240e-e4eb-46b4-a027-bd46171dcf1a.roa
File:                     8e3e240e-e4eb-46b4-a027-bd46171dcf1a.roa (raw, json)
Hash identifier:          PFq1t2BFkCbHyyTbj2SXDBQggGutspqmO+aTmFOaWEo=
Subject key identifier:   F7:13:86:D3:2A:07:29:E7:0D:BC:50:2D:1A:25:33:3B:53:AD:F3:A6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7E6E6CA0F0127C607190D4685FB979F07859DAF8
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e3e240e-e4eb-46b4-a027-bd46171dcf1a.roa
Signing time:             Sat 26 Apr 2025 09:38:20 +0000
ROA not before:           Sat 26 Apr 2025 09:38:20 +0000
ROA not after:            Sat 31 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 26 Apr 2025 09:53:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:6e:6c:a0:f0:12:7c:60:71:90:d4:68:5f:b9:79:f0:78:59:da:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 26 09:38:20 2025 GMT
            Not After : May 31 23:59:59 2025 GMT
        Subject: serialNumber=eab42576ebe193aa143ee0e51a730709dbb7c3da3bc6d2f270ef37aeb692b920, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:50:5b:33:24:1d:76:70:5f:6e:54:47:45:6c:
                    de:b4:b6:66:75:8e:ec:de:ac:0a:01:0d:17:20:22:
                    7c:c6:e5:bf:f9:c1:3a:53:77:3b:df:ed:a8:8c:3b:
                    02:93:b9:19:3c:fd:b8:c6:9c:0e:36:85:63:a7:a7:
                    94:2f:a1:7a:a7:05:18:1a:ba:e7:c2:5b:4c:98:3e:
                    01:8d:08:01:d4:90:06:ca:ea:e4:27:fb:1c:5b:1c:
                    4f:db:54:33:03:96:c9:1d:6d:ad:4f:80:1d:e5:8c:
                    4a:f0:df:11:83:b9:0f:78:d0:a7:36:86:b9:84:9f:
                    0f:48:58:f0:8c:e7:89:7f:fc:02:5d:0f:59:8c:c9:
                    1d:7f:64:da:1b:ca:d1:59:10:6d:00:bd:6f:1d:4a:
                    76:7d:1b:c5:1a:b8:a2:6d:64:60:9c:c6:b6:6d:8c:
                    79:38:dd:9e:b9:bc:4c:b3:94:4b:fe:47:16:66:20:
                    4b:c5:68:f4:14:9c:22:c9:4f:96:8a:f3:3b:a3:a8:
                    d5:90:f6:eb:12:85:19:b7:8a:d7:32:07:f8:8c:f1:
                    0e:97:d9:6d:0b:8d:e3:b7:32:bd:62:02:72:66:b5:
                    77:91:7d:99:e7:63:40:d6:d9:d9:6b:90:b3:e6:4d:
                    53:29:a3:2a:ad:9a:5c:09:96:4a:1c:70:63:73:2a:
                    25:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:13:86:D3:2A:07:29:E7:0D:BC:50:2D:1A:25:33:3B:53:AD:F3:A6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8e3e240e-e4eb-46b4-a027-bd46171dcf1a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:00:65:c4:11:fc:de:98:86:7f:f1:6f:6a:99:72:6e:2b:ef:
         eb:ea:eb:93:39:ab:84:a1:63:82:c1:a5:81:a1:2c:a2:26:41:
         5e:e1:54:f4:ce:64:0c:d8:67:b3:44:52:e4:63:93:f5:d9:a2:
         7d:94:e3:33:c5:c4:93:1c:ef:34:bc:6c:de:0f:49:32:fa:f4:
         55:fc:61:6b:10:83:5f:d5:a6:c9:ea:92:15:dd:27:7d:be:cf:
         d6:17:3e:2c:dc:98:02:f4:f2:42:db:27:8c:2a:21:7e:44:00:
         eb:e9:bb:90:39:01:8b:60:b1:2e:87:69:d7:4e:0e:90:e7:20:
         0d:e2:5a:7c:66:ad:c1:e7:43:4b:46:d8:31:75:9c:28:81:2a:
         8e:07:62:a6:b0:35:a3:22:4c:f9:d4:74:2c:54:a1:5a:0b:24:
         1f:5a:65:70:c8:dd:0f:70:7d:f0:5e:0d:66:17:86:e8:43:ed:
         be:78:60:7e:4b:6f:d6:fe:c2:5e:91:18:41:3d:91:ab:7b:42:
         ff:07:a7:d3:d3:4c:e1:d0:7d:05:6f:00:98:eb:5b:00:f2:88:
         52:29:ba:e3:0b:6a:37:c4:58:13:14:c6:de:73:b5:66:52:f8:
         a6:8e:31:39:2b:88:0e:ec:75:6d:6a:03:29:20:1e:81:40:ee:
         72:13:92:be
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfm5soPASfGBxkNRoX7l58HhZ2vgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDI2MDkzODIwWhcNMjUwNTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0BlYWI0MjU3NmViZTE5M2FhMTQzZWUwZTUxYTczMDcwOWRi
YjdjM2RhM2JjNmQyZjI3MGVmMzdhZWI2OTJiOTIwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCnUFszJB12cF9uVEdFbN60tmZ1juzerAoBDRcgInzG5b/5
wTpTdzvf7aiMOwKTuRk8/bjGnA42hWOnp5QvoXqnBRgauufCW0yYPgGNCAHUkAbK
6uQn+xxbHE/bVDMDlskdba1PgB3ljErw3xGDuQ940Kc2hrmEnw9IWPCM54l//AJd
D1mMyR1/ZNobytFZEG0AvW8dSnZ9G8UauKJtZGCcxrZtjHk43Z65vEyzlEv+RxZm
IEvFaPQUnCLJT5aK8zujqNWQ9usShRm3itcyB/iM8Q6X2W0LjeO3Mr1iAnJmtXeR
fZnnY0DW2dlrkLPmTVMpoyqtmlwJlkoccGNzKiXRAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU9xOG0yoHKecNvFAtGiUzO1Ot86YwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhlM2UyNDBlLWU0ZWItNDZiNC1hMDI3LWJkNDYxNzFkY2YxYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIMAZcQR/N6Yhn/xb2qZcm4r7+vq
65M5q4ShY4LBpYGhLKImQV7hVPTOZAzYZ7NEUuRjk/XZon2U4zPFxJMc7zS8bN4P
STL69FX8YWsQg1/VpsnqkhXdJ32+z9YXPizcmAL08kLbJ4wqIX5EAOvpu5A5AYtg
sS6HaddODpDnIA3iWnxmrcHnQ0tG2DF1nCiBKo4HYqawNaMiTPnUdCxUoVoLJB9a
ZXDI3Q9wffBeDWYXhuhD7b54YH5Lb9b+wl6RGEE9kat7Qv8Hp9PTTOHQfQVvAJjr
WwDyiFIpuuMLajfEWBMUxt5ztWZS+KaOMTkriA7sdW1qAykgHoFA7nITkr4=
-----END CERTIFICATE-----