Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9c8b8b3f-81d1-4c0a-a817-e94af77e4295.roa
File:                     9c8b8b3f-81d1-4c0a-a817-e94af77e4295.roa (raw, json)
Hash identifier:          nPtAWD86B0gelYYlNX8q9r/CeUJiVmOh/t1+5KHwU8M=
Subject key identifier:   1E:E3:DB:DE:81:FE:AB:6F:EB:E5:05:D6:9B:9B:19:05:4A:39:4F:81
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       57A17D7D93916C49297107074215022ACB91A314
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9c8b8b3f-81d1-4c0a-a817-e94af77e4295.roa
Signing time:             Tue 22 Apr 2025 07:48:21 +0000
ROA not before:           Tue 22 Apr 2025 07:48:21 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 22 Apr 2025 08:08:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:a1:7d:7d:93:91:6c:49:29:71:07:07:42:15:02:2a:cb:91:a3:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 22 07:48:21 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=9253f5da445c53c9af7f734dd2cdb525cc6e7884f7b73033998074079e9f4ccf, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:6b:b9:eb:16:1a:38:76:08:fb:a9:e7:b2:8e:
                    0f:58:d8:72:52:47:09:a9:66:1f:c2:f0:c9:c2:05:
                    88:10:26:a5:b6:01:b4:0d:ce:1a:d8:c6:db:f8:e5:
                    14:7d:83:42:9e:47:cd:6e:75:67:d3:39:3d:46:42:
                    5a:cd:4f:0c:e5:91:77:0c:33:88:37:fa:c2:87:ad:
                    83:55:b9:e2:d8:78:fd:f5:c2:a4:b7:4e:b6:83:74:
                    c6:a0:ef:ef:c4:05:81:96:21:39:a7:3c:e7:3a:7a:
                    4c:3b:3d:df:96:81:5e:56:ba:41:76:ef:7f:25:6c:
                    81:06:83:ec:8b:85:54:8f:af:4a:1b:3b:63:ad:b9:
                    ab:84:32:76:01:db:b1:81:80:f0:a6:c8:87:df:2f:
                    af:de:cd:ef:31:7c:97:77:f7:df:16:fa:b5:f2:18:
                    8e:35:2a:1e:78:ed:94:9e:0a:0f:b7:ea:84:22:2f:
                    07:ac:05:21:b7:1c:e6:f4:04:24:e8:cd:6f:f0:67:
                    73:92:f1:82:82:02:1c:da:8f:61:c0:24:d4:45:c1:
                    9d:bc:2c:5a:7a:0e:b2:ba:98:c0:62:37:49:b5:06:
                    bb:28:88:4c:a8:56:e6:e5:ee:b8:9e:f9:05:b6:89:
                    95:b6:4d:ba:da:0f:53:fa:e3:6a:1d:df:ef:b8:cb:
                    61:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:E3:DB:DE:81:FE:AB:6F:EB:E5:05:D6:9B:9B:19:05:4A:39:4F:81
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9c8b8b3f-81d1-4c0a-a817-e94af77e4295.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:62:86:63:3d:5e:a5:96:a1:55:0c:d6:7c:a8:7c:77:bb:91:
         46:3c:ae:33:89:d7:13:de:89:26:4f:af:54:95:27:cf:3e:77:
         04:1a:61:e8:8a:e5:ee:81:4f:ad:10:1d:52:2d:f2:85:d1:a2:
         b0:16:43:a3:34:76:f6:3c:75:5e:e9:5a:49:04:18:71:cd:82:
         a5:4e:69:85:34:80:20:32:f1:79:be:a4:58:8d:7f:2f:9f:4c:
         8e:11:c4:8a:d1:39:0b:d0:15:5a:23:5d:75:93:6a:82:9b:e4:
         e7:63:5b:8f:37:c8:a2:5b:f5:f9:97:26:19:dd:c4:d8:c8:52:
         50:85:d2:4d:66:3d:e6:ca:d0:81:64:d7:68:62:cc:ac:18:76:
         0b:09:4e:65:18:dd:1f:bc:b6:1c:ef:9c:25:85:18:64:35:4a:
         88:5b:3d:e9:85:03:6c:e8:48:06:c3:60:bc:c0:7c:1a:08:d3:
         fc:37:95:e2:88:22:62:b7:63:90:f1:4c:3c:e6:87:f7:80:ae:
         8b:5d:8e:27:83:f1:22:5f:13:65:7e:05:37:e0:94:b7:b1:9a:
         96:5e:83:ee:86:9b:a2:0d:ac:01:cf:01:5a:67:a1:2b:c9:c9:
         c9:4e:fd:3f:db:bf:16:c3:89:b5:35:eb:c6:1a:84:b3:ff:d9:
         00:1e:4c:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUV6F9fZORbEkpcQcHQhUCKsuRoxQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDIyMDc0ODIxWhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5MjUzZjVkYTQ0NWM1M2M5YWY3ZjczNGRkMmNkYjUyNWNj
NmU3ODg0ZjdiNzMwMzM5OTgwNzQwNzllOWY0Y2NmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDca7nrFho4dgj7qeeyjg9Y2HJSRwmpZh/C8MnCBYgQJqW2
AbQNzhrYxtv45RR9g0KeR81udWfTOT1GQlrNTwzlkXcMM4g3+sKHrYNVueLYeP31
wqS3TraDdMag7+/EBYGWITmnPOc6ekw7Pd+WgV5WukF2738lbIEGg+yLhVSPr0ob
O2OtuauEMnYB27GBgPCmyIffL6/eze8xfJd3998W+rXyGI41Kh547ZSeCg+36oQi
LwesBSG3HOb0BCTozW/wZ3OS8YKCAhzaj2HAJNRFwZ28LFp6DrK6mMBiN0m1Brso
iEyoVubl7rie+QW2iZW2TbraD1P642od3++4y2GxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUHuPb3oH+q2/r5QXWm5sZBUo5T4EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzljOGI4YjNmLTgxZDEtNGMwYS1hODE3LWU5NGFmNzdlNDI5NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAK9ihmM9XqWWoVUM1nyofHe7kUY8
rjOJ1xPeiSZPr1SVJ88+dwQaYeiK5e6BT60QHVIt8oXRorAWQ6M0dvY8dV7pWkkE
GHHNgqVOaYU0gCAy8Xm+pFiNfy+fTI4RxIrROQvQFVojXXWTaoKb5OdjW483yKJb
9fmXJhndxNjIUlCF0k1mPebK0IFk12hizKwYdgsJTmUY3R+8thzvnCWFGGQ1Sohb
PemFA2zoSAbDYLzAfBoI0/w3leKIImK3Y5DxTDzmh/eArotdjieD8SJfE2V+BTfg
lLexmpZeg+6Gm6INrAHPAVpnoSvJyclO/T/bvxbDibU168YahLP/2QAeTDA=
-----END CERTIFICATE-----