Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cfd45b51-c127-42a6-bb5c-3ca2a6d77081.roa
File:                     cfd45b51-c127-42a6-bb5c-3ca2a6d77081.roa (raw, json)
Hash identifier:          TDhNOb+8oCZIBHZkFRv1h7DBHsRBygo69UbA/0pkMDA=
Subject key identifier:   40:2D:4D:C8:7D:03:06:C8:3E:A1:87:46:94:27:5C:6B:E2:EF:E2:87
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0E4823171FAB8321241B0609DFF0B48D176939A4
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cfd45b51-c127-42a6-bb5c-3ca2a6d77081.roa
Signing time:             Wed 23 Apr 2025 06:03:19 +0000
ROA not before:           Wed 23 Apr 2025 06:03:19 +0000
ROA not after:            Wed 28 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 23 Apr 2025 06:23:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:48:23:17:1f:ab:83:21:24:1b:06:09:df:f0:b4:8d:17:69:39:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 23 06:03:19 2025 GMT
            Not After : May 28 23:59:59 2025 GMT
        Subject: serialNumber=43fa77231e645ed75e126d4cf6a50d716cf09308dcc2cd48b26e07ad95dc7353, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:48:38:2a:36:8a:d2:43:4d:f6:bf:5d:02:b2:
                    1a:78:ab:0d:ce:38:8a:e4:f6:b8:b4:fd:24:12:b2:
                    52:4a:f5:2e:92:15:35:36:b6:3d:d1:08:dc:4c:ea:
                    cd:86:5f:5d:75:a5:a0:c4:be:17:b9:1c:db:7b:0f:
                    cc:9a:56:0e:f7:29:95:03:5f:4d:25:15:9d:b8:a9:
                    58:dd:2d:04:dc:b8:9e:ba:62:f6:2b:fa:cf:1e:32:
                    98:20:3f:aa:64:cf:92:f7:28:10:fe:bf:66:d9:b5:
                    93:19:6e:3e:f3:fd:7a:00:b0:34:60:a6:25:18:59:
                    ab:79:65:a8:7d:56:84:8a:dc:18:2b:8e:b4:d4:38:
                    3c:7e:75:9f:21:42:67:49:84:a6:b3:99:2a:20:e6:
                    1d:79:37:95:35:4b:50:a6:da:cc:f8:05:3a:5a:5c:
                    93:9d:dd:72:20:f8:e1:f0:f3:8b:b3:43:1e:d0:df:
                    b2:36:a5:f2:34:38:0c:aa:70:f1:b2:91:b5:1f:a2:
                    b0:2f:b8:56:89:b3:c6:60:72:17:7c:c0:b4:97:10:
                    55:01:04:8f:0e:3c:64:da:0e:aa:0b:fb:f6:40:2d:
                    ee:56:15:09:a4:bd:15:93:e5:00:87:b2:39:b8:73:
                    ef:19:10:53:5f:77:f3:7e:27:fc:7c:e6:df:ad:a0:
                    90:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:2D:4D:C8:7D:03:06:C8:3E:A1:87:46:94:27:5C:6B:E2:EF:E2:87
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/cfd45b51-c127-42a6-bb5c-3ca2a6d77081.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:26:d7:f3:80:8c:d4:f4:3a:95:04:72:b3:d2:71:56:da:17:
         d2:74:f3:8d:0f:46:fd:31:61:0a:ef:b6:05:ca:7d:a0:a6:2a:
         8e:b0:5f:7f:fc:4f:60:27:39:70:00:c6:c0:00:18:18:7b:5c:
         00:09:ee:95:21:7c:cb:99:f8:a0:ac:24:47:6e:e6:9c:8f:22:
         52:d9:f2:48:6c:08:99:8a:99:db:7f:97:09:e2:b7:07:c0:43:
         d8:38:3e:8d:86:97:5d:45:38:db:6e:07:3c:89:74:b1:17:b3:
         14:33:25:4d:9d:8d:2f:e1:bf:67:3e:a4:71:00:32:b6:3e:0d:
         34:52:76:2c:f8:8c:5d:50:13:d0:d6:12:4b:4c:88:26:85:dc:
         71:d8:97:ce:20:7e:cc:b6:06:c8:84:ee:6c:43:d5:a8:a1:a4:
         f1:38:8a:55:b3:ff:98:92:c0:52:20:ef:71:b0:6e:85:26:90:
         f8:57:34:b4:f2:b0:d3:c2:4e:fa:eb:c7:1a:6e:9b:cb:91:5f:
         1d:13:46:0a:2f:cb:7c:89:00:04:91:9e:4b:cb:52:6d:a4:5d:
         30:e3:2b:08:64:c1:d1:41:8e:9d:9b:d7:95:31:31:e5:0d:74:
         68:1e:85:6c:95:9e:1b:ae:99:0d:3c:63:3c:06:73:a5:c7:96:
         ed:14:f8:b5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDkgjFx+rgyEkGwYJ3/C0jRdpOaQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDIzMDYwMzE5WhcNMjUwNTI4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0M2ZhNzcyMzFlNjQ1ZWQ3NWUxMjZkNGNmNmE1MGQ3MTZj
ZjA5MzA4ZGNjMmNkNDhiMjZlMDdhZDk1ZGM3MzUzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDYSDgqNorSQ032v10Cshp4qw3OOIrk9ri0/SQSslJK9S6S
FTU2tj3RCNxM6s2GX111paDEvhe5HNt7D8yaVg73KZUDX00lFZ24qVjdLQTcuJ66
YvYr+s8eMpggP6pkz5L3KBD+v2bZtZMZbj7z/XoAsDRgpiUYWat5Zah9VoSK3Bgr
jrTUODx+dZ8hQmdJhKazmSog5h15N5U1S1Cm2sz4BTpaXJOd3XIg+OHw84uzQx7Q
37I2pfI0OAyqcPGykbUforAvuFaJs8Zgchd8wLSXEFUBBI8OPGTaDqoL+/ZALe5W
FQmkvRWT5QCHsjm4c+8ZEFNfd/N+J/x85t+toJBdAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQC1NyH0DBsg+oYdGlCdca+Lv4ocwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NmZDQ1YjUxLWMxMjctNDJhNi1iYjVjLTNjYTJhNmQ3NzA4MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHEm1/OAjNT0OpUEcrPScVbaF9J0
840PRv0xYQrvtgXKfaCmKo6wX3/8T2AnOXAAxsAAGBh7XAAJ7pUhfMuZ+KCsJEdu
5pyPIlLZ8khsCJmKmdt/lwnitwfAQ9g4Po2Gl11FONtuBzyJdLEXsxQzJU2djS/h
v2c+pHEAMrY+DTRSdiz4jF1QE9DWEktMiCaF3HHYl84gfsy2BsiE7mxD1aihpPE4
ilWz/5iSwFIg73GwboUmkPhXNLTysNPCTvrrxxpum8uRXx0TRgovy3yJAASRnkvL
Um2kXTDjKwhkwdFBjp2b15UxMeUNdGgehWyVnhuumQ08YzwGc6XHlu0U+LU=
-----END CERTIFICATE-----