Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e748a9ca-a932-4d02-8a5a-6d02b2f7863a.roa
File:                     e748a9ca-a932-4d02-8a5a-6d02b2f7863a.roa (raw, json)
Hash identifier:          LzJsZN9TMjSSY91k+Nmv+XesP8B6S8ZSq8W2fug/gIw=
Subject key identifier:   21:46:D3:FC:82:44:1C:BD:B4:97:51:41:88:94:16:C9:43:0B:F8:D9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2F80A836A6762FC827459E7D8318781A55A5016F
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e748a9ca-a932-4d02-8a5a-6d02b2f7863a.roa
Signing time:             Tue 22 Apr 2025 00:38:17 +0000
ROA not before:           Tue 22 Apr 2025 00:38:17 +0000
ROA not after:            Tue 27 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 22 Apr 2025 00:53:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:80:a8:36:a6:76:2f:c8:27:45:9e:7d:83:18:78:1a:55:a5:01:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 22 00:38:17 2025 GMT
            Not After : May 27 23:59:59 2025 GMT
        Subject: serialNumber=831947e3b617b368831aa7a641e95508da1950959669dedbdc34062a5602b2ac, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:88:13:9f:a4:78:7c:aa:8c:2c:94:fb:e9:c3:
                    a8:a1:90:9b:27:a3:9f:7c:0a:50:fd:3c:aa:7f:5e:
                    90:39:43:c2:13:4b:6b:5c:19:ce:ab:15:81:95:1a:
                    26:ad:cc:45:0a:59:2c:90:f0:19:a7:12:fc:37:5d:
                    10:12:da:89:4f:60:38:de:45:1c:36:3f:41:4a:b3:
                    52:d4:46:d7:30:3a:8c:92:da:07:31:7f:1c:d7:fe:
                    ab:69:61:f6:f4:52:73:80:61:4f:81:44:9a:59:d7:
                    a3:17:80:f9:c4:80:56:31:01:86:0b:00:c6:93:ca:
                    fe:64:04:d2:9b:df:0d:ca:68:05:f1:74:69:83:8c:
                    54:be:11:35:b0:a0:73:0d:f8:ba:cd:16:02:6c:62:
                    3a:68:fb:40:4f:10:6d:cf:d3:cb:f8:e8:09:61:e7:
                    4c:05:8b:73:e0:30:21:b5:99:89:c0:d2:33:4a:8f:
                    00:bc:40:96:ed:db:97:c0:9d:ee:c5:c0:ab:c4:e0:
                    d8:a5:6c:19:6b:5d:ef:bb:b4:ca:8c:61:6a:a0:d7:
                    df:f8:ae:66:89:79:f0:8c:90:d6:8f:2e:1c:47:c9:
                    43:0c:60:f3:bc:71:27:b7:84:1a:4c:f8:6c:00:47:
                    f3:9f:0a:f9:ff:df:ed:f7:79:f1:be:c1:fa:79:87:
                    37:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:46:D3:FC:82:44:1C:BD:B4:97:51:41:88:94:16:C9:43:0B:F8:D9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e748a9ca-a932-4d02-8a5a-6d02b2f7863a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:9b:a1:b3:52:9b:73:c7:a0:02:73:cd:0e:f5:31:67:ec:30:
         15:8f:ac:b5:d3:ed:52:9b:29:8d:7b:3c:0a:8c:7a:95:9a:65:
         7f:03:29:23:ab:ca:25:ae:a2:bd:f9:a0:61:68:fe:30:b6:3c:
         8a:7f:1b:4c:d7:65:c3:f3:61:d0:0b:0a:d5:d3:79:1c:cb:eb:
         91:49:08:8c:fc:4b:79:0b:12:de:74:ae:ae:ae:2e:ec:e2:69:
         02:e1:c8:a6:d8:9f:5d:44:58:6b:8c:c4:1f:01:00:bb:76:6f:
         f4:9b:8c:43:64:80:4e:c5:da:7a:54:af:13:79:3f:6a:60:0c:
         68:98:d0:35:f8:31:b1:cc:87:a1:fc:a9:87:6b:ef:1f:ae:5f:
         d1:66:5b:c5:25:17:78:4f:42:0e:63:4a:ad:a5:fb:b8:3e:53:
         79:75:08:ad:8c:45:85:bf:b1:61:93:b1:5f:a5:f8:85:f5:e3:
         8a:e2:f1:0a:77:fe:f2:2c:76:a0:00:cf:3c:8a:d3:08:c0:92:
         37:49:21:da:b6:0c:71:bd:b4:39:cd:02:c2:a5:d5:25:a2:ee:
         8a:10:6c:e4:fe:30:8b:e6:5b:c4:6d:3a:24:1b:3b:b8:a9:1a:
         ad:05:c6:b1:b5:6e:1d:cc:f6:06:fc:91:b8:59:69:c2:a7:3f:
         2a:ab:31:c0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL4CoNqZ2L8gnRZ59gxh4GlWlAW8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDIyMDAzODE3WhcNMjUwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MzE5NDdlM2I2MTdiMzY4ODMxYWE3YTY0MWU5NTUwOGRh
MTk1MDk1OTY2OWRlZGJkYzM0MDYyYTU2MDJiMmFjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuiBOfpHh8qowslPvpw6ihkJsno598ClD9PKp/XpA5Q8IT
S2tcGc6rFYGVGiatzEUKWSyQ8BmnEvw3XRAS2olPYDjeRRw2P0FKs1LURtcwOoyS
2gcxfxzX/qtpYfb0UnOAYU+BRJpZ16MXgPnEgFYxAYYLAMaTyv5kBNKb3w3KaAXx
dGmDjFS+ETWwoHMN+LrNFgJsYjpo+0BPEG3P08v46Alh50wFi3PgMCG1mYnA0jNK
jwC8QJbt25fAne7FwKvE4NilbBlrXe+7tMqMYWqg19/4rmaJefCMkNaPLhxHyUMM
YPO8cSe3hBpM+GwAR/OfCvn/3+33efG+wfp5hzfBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIUbT/IJEHL20l1FBiJQWyUML+NkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U3NDhhOWNhLWE5MzItNGQwMi04YTVhLTZkMDJiMmY3ODYzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH+bobNSm3PHoAJzzQ71MWfsMBWP
rLXT7VKbKY17PAqMepWaZX8DKSOryiWuor35oGFo/jC2PIp/G0zXZcPzYdALCtXT
eRzL65FJCIz8S3kLEt50rq6uLuziaQLhyKbYn11EWGuMxB8BALt2b/SbjENkgE7F
2npUrxN5P2pgDGiY0DX4MbHMh6H8qYdr7x+uX9FmW8UlF3hPQg5jSq2l+7g+U3l1
CK2MRYW/sWGTsV+l+IX144ri8Qp3/vIsdqAAzzyK0wjAkjdJIdq2DHG9tDnNAsKl
1SWi7ooQbOT+MIvmW8RtOiQbO7ipGq0FxrG1bh3M9gb8kbhZacKnPyqrMcA=
-----END CERTIFICATE-----