Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd2f943b-3889-415e-8c26-520caae0ab66.roa
File:                     cd2f943b-3889-415e-8c26-520caae0ab66.roa (raw, json)
Hash identifier:          0W6VSdaIor/7NhCA5ZLlz/+5hyptzlkL0Uo8/QcYmbU=
Subject key identifier:   8B:0E:EA:58:1F:F6:F6:F6:1D:23:A9:F1:8F:ED:C2:77:EF:C5:73:9E
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       23A846E47A016EEB2205BEF9C6B8BDE213D59634
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd2f943b-3889-415e-8c26-520caae0ab66.roa
Signing time:             Sun 13 Apr 2025 09:53:15 +0000
ROA not before:           Sun 13 Apr 2025 09:53:15 +0000
ROA not after:            Sun 18 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 13 Apr 2025 10:08:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:a8:46:e4:7a:01:6e:eb:22:05:be:f9:c6:b8:bd:e2:13:d5:96:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 13 09:53:15 2025 GMT
            Not After : May 18 23:59:59 2025 GMT
        Subject: serialNumber=ea35b6ec27b70ed706254a824b975d8d5adaf068319d482afe3dc7e32cbdb356, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:36:78:c7:45:b9:cb:69:3b:4c:e0:9e:b3:b6:
                    a6:c5:3f:1f:74:1b:4c:ba:b2:0d:53:d8:3e:71:17:
                    2c:18:7d:c4:bc:95:d5:5c:ce:ff:84:0a:95:82:f6:
                    5d:b4:4b:ee:be:4f:3b:89:d6:fa:bd:04:dc:8d:53:
                    44:bc:5a:4e:0c:89:1d:95:43:6d:d5:ec:e8:f6:88:
                    b5:37:7b:4d:5c:cd:f9:4b:3e:01:63:f2:89:e1:64:
                    35:0c:b1:9c:4f:0b:e2:0b:dd:10:3e:83:22:3d:0b:
                    8a:b8:41:2a:fc:88:ce:38:57:b2:51:77:de:c6:35:
                    9d:28:78:fe:36:9b:0c:1d:ea:af:fd:cc:22:23:a6:
                    46:f4:7a:22:c2:7c:88:fe:ab:8a:65:4d:34:7c:9f:
                    75:42:8a:4e:c6:20:55:c9:7e:bc:4b:0c:bf:14:33:
                    86:79:b3:37:4d:9b:49:0f:65:a2:21:55:71:35:8d:
                    88:fc:f1:ec:43:bd:b3:04:3b:fc:8f:22:38:ed:5d:
                    9a:d3:64:fb:28:d4:4b:82:67:94:80:14:cd:99:f2:
                    9c:df:5c:74:cd:15:12:1c:2d:e5:30:03:08:a6:ff:
                    8e:eb:2f:37:18:09:0c:4c:ce:60:79:71:16:6c:00:
                    9e:4e:f4:dc:4d:48:38:10:f6:65:90:a1:2f:6a:d3:
                    f8:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:0E:EA:58:1F:F6:F6:F6:1D:23:A9:F1:8F:ED:C2:77:EF:C5:73:9E
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cd2f943b-3889-415e-8c26-520caae0ab66.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:1e:82:af:ce:4c:e3:e0:37:f3:80:79:f0:ad:b6:ad:d6:65:
         09:e6:41:ad:0f:97:39:64:ae:d7:90:f5:2d:fb:91:33:57:d1:
         9e:08:c5:74:45:a1:c0:0f:80:74:93:cf:a2:35:fb:0a:5d:82:
         29:38:cc:ca:ad:68:6d:82:13:ac:ff:ad:14:82:0a:2c:01:eb:
         ba:e4:8f:45:f0:c2:77:a4:eb:89:f8:da:82:79:2b:c4:8b:f8:
         80:09:b9:32:9c:27:30:76:c9:6a:87:d8:74:2e:bd:e5:9c:df:
         9e:56:c4:ea:0b:33:de:7d:45:9e:eb:25:d1:f8:9e:19:51:2b:
         b9:6e:be:9f:9b:a1:c6:f1:38:c9:f4:84:8c:ce:a6:7b:4b:d8:
         37:97:53:38:ee:5e:a7:c8:fd:90:c6:fe:cc:48:3c:af:19:9a:
         89:65:9c:42:81:46:55:84:10:65:75:12:58:d6:f4:30:ad:6b:
         77:54:34:68:6e:e9:f5:44:a8:d3:68:f5:c5:60:19:99:7e:e9:
         78:cf:75:01:69:c5:38:85:ed:f2:95:9e:39:15:27:1f:9d:81:
         9c:07:66:6b:c3:f4:3f:6d:74:a0:4c:f7:8f:4d:ac:cc:81:56:
         67:42:c7:8b:09:03:92:60:9d:d1:81:ab:c8:44:bf:db:99:90:
         0c:cd:bd:b4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUI6hG5HoBbusiBb75xri94hPVljQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDEzMDk1MzE1WhcNMjUwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYTM1YjZlYzI3YjcwZWQ3MDYyNTRhODI0Yjk3NWQ4ZDVh
ZGFmMDY4MzE5ZDQ4MmFmZTNkYzdlMzJjYmRiMzU2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDcNnjHRbnLaTtM4J6ztqbFPx90G0y6sg1T2D5xFywYfcS8
ldVczv+ECpWC9l20S+6+TzuJ1vq9BNyNU0S8Wk4MiR2VQ23V7Oj2iLU3e01czflL
PgFj8onhZDUMsZxPC+IL3RA+gyI9C4q4QSr8iM44V7JRd97GNZ0oeP42mwwd6q/9
zCIjpkb0eiLCfIj+q4plTTR8n3VCik7GIFXJfrxLDL8UM4Z5szdNm0kPZaIhVXE1
jYj88exDvbMEO/yPIjjtXZrTZPso1EuCZ5SAFM2Z8pzfXHTNFRIcLeUwAwim/47r
LzcYCQxMzmB5cRZsAJ5O9NxNSDgQ9mWQoS9q0/jVAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUiw7qWB/29vYdI6nxj+3Cd+/Fc54wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NkMmY5NDNiLTM4ODktNDE1ZS04YzI2LTUyMGNhYWUwYWI2Ni5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAB4egq/OTOPgN/OAefCttq3WZQnm
Qa0PlzlkrteQ9S37kTNX0Z4IxXRFocAPgHSTz6I1+wpdgik4zMqtaG2CE6z/rRSC
CiwB67rkj0Xwwnek64n42oJ5K8SL+IAJuTKcJzB2yWqH2HQuveWc355WxOoLM959
RZ7rJdH4nhlRK7luvp+bocbxOMn0hIzOpntL2DeXUzjuXqfI/ZDG/sxIPK8Zmoll
nEKBRlWEEGV1EljW9DCta3dUNGhu6fVEqNNo9cVgGZl+6XjPdQFpxTiF7fKVnjkV
Jx+dgZwHZmvD9D9tdKBM949NrMyBVmdCx4sJA5JgndGBq8hEv9uZkAzNvbQ=
-----END CERTIFICATE-----