Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a63fc8e1-558e-410e-b2e3-629eafa0e036.roa
File:                     a63fc8e1-558e-410e-b2e3-629eafa0e036.roa (raw, json)
Hash identifier:          jH1GUAHLIDY11ggHfNDzGaa+s37VlNmZUjAtXno8mSE=
Subject key identifier:   2A:53:D7:58:30:32:8B:D8:1B:0C:07:00:55:87:56:3A:40:BD:42:AB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       20983F0C886B839F6E63D355793A56B90A49A55C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a63fc8e1-558e-410e-b2e3-629eafa0e036.roa
Signing time:             Mon 05 May 2025 18:33:18 +0000
ROA not before:           Mon 05 May 2025 18:33:18 +0000
ROA not after:            Mon 09 Jun 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 05 May 2025 18:53:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:98:3f:0c:88:6b:83:9f:6e:63:d3:55:79:3a:56:b9:0a:49:a5:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May  5 18:33:18 2025 GMT
            Not After : Jun  9 23:59:59 2025 GMT
        Subject: serialNumber=7bed64a7e36a1007c264e9ab46690da3a5c3f7bb2527be93e7fb550ce4ead45d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e7:b7:18:bb:0d:70:ff:32:a0:05:7c:2d:27:
                    79:f9:2b:78:87:ff:0e:8d:36:77:8f:82:36:5a:ab:
                    f9:9a:6d:03:61:51:8f:57:a9:ca:1d:de:c3:6a:d3:
                    7a:db:b8:0f:ed:52:f0:fe:db:98:c4:00:87:8f:cd:
                    cc:f3:a2:28:1f:38:74:00:f2:3c:f8:d2:fd:97:8e:
                    0e:68:b2:00:14:0a:fd:de:80:cc:10:ed:b2:b4:97:
                    12:93:0c:38:a3:68:cb:5b:1c:1e:f4:a9:1a:69:2d:
                    82:e4:cf:be:d6:47:5d:40:76:a0:56:38:55:74:86:
                    72:84:1b:b7:57:64:c6:e9:aa:e0:54:83:ae:dd:1f:
                    b9:f5:94:f0:d0:8b:80:1a:37:f9:59:1c:d3:b0:88:
                    d4:cc:5c:a2:57:bd:50:16:5c:3e:51:7d:a9:b5:81:
                    05:d7:40:d7:4a:e9:ec:5a:ba:b3:d7:25:64:45:02:
                    66:d7:5a:2c:c8:97:cb:86:ce:ef:5a:36:bf:14:c6:
                    df:1c:3e:37:48:ec:82:c9:1d:52:20:ae:5e:b6:71:
                    fd:33:a8:3a:60:21:80:07:b7:5c:ca:2d:15:f7:01:
                    7b:2d:dc:df:fd:0d:eb:1b:e1:e9:38:cb:48:ed:e2:
                    ff:60:af:22:15:10:90:11:45:58:26:61:39:11:5e:
                    bc:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:53:D7:58:30:32:8B:D8:1B:0C:07:00:55:87:56:3A:40:BD:42:AB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/a63fc8e1-558e-410e-b2e3-629eafa0e036.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:af:a8:b1:04:0d:9d:66:45:49:36:1b:30:a1:e2:58:e7:ef:
         65:3e:80:c4:fe:b4:46:01:c7:96:a4:b5:d3:cb:ef:2c:29:88:
         3f:e2:cc:65:00:cc:7e:91:0b:9d:96:1c:9f:f1:19:5f:da:3f:
         b6:8d:a9:6f:e3:f8:61:8a:6d:eb:54:f5:48:fe:93:6f:cd:0e:
         e0:9e:31:13:b7:d2:33:97:4b:eb:55:6a:4c:25:f9:2f:26:7d:
         a2:71:62:3d:2c:be:c1:c9:f1:00:3d:8e:25:93:f9:3a:26:e2:
         95:03:08:52:91:47:d1:be:aa:90:dd:aa:bb:78:1c:03:f1:2c:
         4c:a3:49:3c:a7:56:71:80:0b:ef:8a:3e:68:70:17:4e:a5:75:
         1f:73:3f:a2:28:ac:1c:4f:7f:c5:b7:5b:96:7c:51:45:18:22:
         d4:7a:c9:f1:7c:10:52:dd:90:c8:f6:21:fd:73:f1:ae:ea:bd:
         c2:72:86:6c:26:cf:e1:71:b1:51:b9:c3:5a:d2:b0:78:30:e2:
         74:24:15:7f:d3:4f:7a:42:96:ad:fd:fd:bb:a0:15:ef:8f:79:
         e3:36:74:63:e4:68:3c:61:ca:1a:5f:8e:ff:13:26:02:58:c7:
         25:9d:e3:7e:24:0f:b4:3c:70:cd:2a:9c:e6:5a:fc:d9:44:bb:
         6e:c0:e0:64
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUIJg/DIhrg59uY9NVeTpWuQpJpVwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNTA1MTgzMzE4WhcNMjUwNjA5MjM1OTU5
WjB6MUkwRwYDVQQFE0A3YmVkNjRhN2UzNmExMDA3YzI2NGU5YWI0NjY5MGRhM2E1
YzNmN2JiMjUyN2JlOTNlN2ZiNTUwY2U0ZWFkNDVkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+57cYuw1w/zKgBXwtJ3n5K3iH/w6NNnePgjZaq/mabQNh
UY9Xqcod3sNq03rbuA/tUvD+25jEAIePzczzoigfOHQA8jz40v2Xjg5osgAUCv3e
gMwQ7bK0lxKTDDijaMtbHB70qRppLYLkz77WR11AdqBWOFV0hnKEG7dXZMbpquBU
g67dH7n1lPDQi4AaN/lZHNOwiNTMXKJXvVAWXD5Rfam1gQXXQNdK6exaurPXJWRF
AmbXWizIl8uGzu9aNr8Uxt8cPjdI7ILJHVIgrl62cf0zqDpgIYAHt1zKLRX3AXst
3N/9Desb4ek4y0jt4v9gryIVEJARRVgmYTkRXrzpAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKlPXWDAyi9gbDAcAVYdWOkC9QqswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2E2M2ZjOGUxLTU1OGUtNDEwZS1iMmUzLTYyOWVhZmEwZTAzNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABmvqLEEDZ1mRUk2GzCh4ljn72U+
gMT+tEYBx5aktdPL7ywpiD/izGUAzH6RC52WHJ/xGV/aP7aNqW/j+GGKbetU9Uj+
k2/NDuCeMRO30jOXS+tVakwl+S8mfaJxYj0svsHJ8QA9jiWT+Tom4pUDCFKRR9G+
qpDdqrt4HAPxLEyjSTynVnGAC++KPmhwF06ldR9zP6IorBxPf8W3W5Z8UUUYItR6
yfF8EFLdkMj2If1z8a7qvcJyhmwmz+FxsVG5w1rSsHgw4nQkFX/TT3pClq39/bug
Fe+PeeM2dGPkaDxhyhpfjv8TJgJYxyWd434kD7Q8cM0qnOZa/NlEu27A4GQ=
-----END CERTIFICATE-----