Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff2291ce-39df-4295-b16d-ce7f7bfb30ef.roa
File:                     ff2291ce-39df-4295-b16d-ce7f7bfb30ef.roa (raw, json)
Hash identifier:          b+qswFR63W0Wn89340CRA59yn4jZMXG+k2rTDJZRE4k=
Subject key identifier:   A0:81:67:C9:AE:43:0B:94:BB:21:91:8F:CE:6D:2F:31:A3:87:DD:34
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       73D0F690E79DDD1DF5902C37FD5FBFD25C1FCC9B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff2291ce-39df-4295-b16d-ce7f7bfb30ef.roa
Signing time:             Thu 24 Apr 2025 09:08:18 +0000
ROA not before:           Thu 24 Apr 2025 09:08:18 +0000
ROA not after:            Thu 29 May 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 24 Apr 2025 09:23:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:d0:f6:90:e7:9d:dd:1d:f5:90:2c:37:fd:5f:bf:d2:5c:1f:cc:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 24 09:08:18 2025 GMT
            Not After : May 29 23:59:59 2025 GMT
        Subject: serialNumber=3979bff9fcbaad6f9ac7606334a5e08d93c2a888b1bb537e200051f5a2c5339a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:86:b7:62:99:c0:05:49:43:ba:3d:fd:e4:81:
                    75:8d:e9:ad:da:06:0e:a5:02:72:00:bb:95:71:d3:
                    93:6e:a5:0d:c9:fc:0e:a9:1d:51:46:49:aa:f7:47:
                    25:dd:68:7d:85:f8:67:71:15:72:ca:ab:c1:f6:85:
                    55:38:96:fd:1c:5e:0a:12:57:77:00:5d:4c:54:65:
                    2e:8b:5f:00:c1:08:77:dd:73:10:a6:14:15:ca:68:
                    67:ff:81:18:f5:97:b9:eb:d6:6a:07:92:1f:19:c2:
                    d3:91:a6:eb:2f:8f:52:17:86:37:93:69:37:09:1e:
                    b8:88:30:a6:c4:6d:f6:9a:16:5c:36:bc:2a:62:b5:
                    c9:24:aa:22:f7:d2:67:ad:d8:58:3e:6d:8c:48:ff:
                    a5:9c:15:4d:48:f4:f2:cb:68:42:ad:0a:23:e7:88:
                    aa:be:25:73:25:3e:41:85:32:14:d9:f0:76:6f:b2:
                    7e:5f:db:5e:c3:58:ca:db:ff:4b:5a:e8:94:23:24:
                    d5:27:e7:e8:9e:42:93:ec:fa:f1:a7:bc:01:f8:44:
                    01:53:e0:23:20:ee:16:5b:d3:db:06:fe:df:46:44:
                    24:44:df:86:28:0a:66:73:6b:d0:c2:a0:02:cf:0b:
                    1a:09:bd:ea:dc:28:54:9e:03:d5:d6:57:e1:69:c0:
                    9a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:81:67:C9:AE:43:0B:94:BB:21:91:8F:CE:6D:2F:31:A3:87:DD:34
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ff2291ce-39df-4295-b16d-ce7f7bfb30ef.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:da:f3:d7:56:9f:06:10:69:c8:1f:ae:5f:13:f8:06:7a:b7:
         d8:7e:2f:dc:87:cd:ae:ba:8d:d6:a3:03:76:65:1a:1b:52:57:
         ab:94:1c:b8:d8:76:f8:0c:a6:ed:e9:45:89:63:58:1b:b5:3c:
         ec:17:2b:bd:79:ab:75:a6:e6:b4:c4:46:f4:0b:23:92:5d:98:
         65:49:d7:27:5f:18:b8:04:fe:34:82:cb:50:ff:2d:d8:0a:ba:
         7d:90:d5:16:e9:8f:3b:6b:e8:aa:79:75:49:61:a2:31:83:d8:
         fa:0c:96:2d:18:4e:89:77:1e:3a:df:38:e6:58:11:34:f9:c2:
         6c:99:39:38:90:da:f9:e3:44:56:21:e7:49:23:82:c4:7b:59:
         ed:ca:3b:8c:7d:d3:2a:97:71:6d:2b:dc:e7:f9:c4:3f:32:e9:
         a7:0e:91:90:10:45:f0:84:b6:ca:80:c2:38:80:76:fd:f2:d2:
         aa:df:ed:93:c2:2c:c1:62:12:56:be:fb:ac:31:37:69:f4:eb:
         95:60:e2:6b:59:04:1f:5c:6e:11:9c:4b:5a:1a:c0:20:0f:7b:
         d4:c1:dc:d8:79:74:25:78:7c:5e:5f:70:28:2c:7d:ed:5d:1b:
         2f:9a:e2:d7:29:c4:90:c8:4f:38:f7:07:06:f7:90:7d:e5:a8:
         71:22:5a:2f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUc9D2kOed3R31kCw3/V+/0lwfzJswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwNDI0MDkwODE4WhcNMjUwNTI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzOTc5YmZmOWZjYmFhZDZmOWFjNzYwNjMzNGE1ZTA4ZDkz
YzJhODg4YjFiYjUzN2UyMDAwNTFmNWEyYzUzMzlhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCGhrdimcAFSUO6Pf3kgXWN6a3aBg6lAnIAu5Vx05NupQ3J
/A6pHVFGSar3RyXdaH2F+GdxFXLKq8H2hVU4lv0cXgoSV3cAXUxUZS6LXwDBCHfd
cxCmFBXKaGf/gRj1l7nr1moHkh8ZwtORpusvj1IXhjeTaTcJHriIMKbEbfaaFlw2
vCpitckkqiL30met2Fg+bYxI/6WcFU1I9PLLaEKtCiPniKq+JXMlPkGFMhTZ8HZv
sn5f217DWMrb/0ta6JQjJNUn5+ieQpPs+vGnvAH4RAFT4CMg7hZb09sG/t9GRCRE
34YoCmZza9DCoALPCxoJvercKFSeA9XWV+FpwJqfAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUoIFnya5DC5S7IZGPzm0vMaOH3TQwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2ZmMjI5MWNlLTM5ZGYtNDI5NS1iMTZkLWNlN2Y3YmZiMzBlZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAAPa89dWnwYQacgfrl8T+AZ6t9h+
L9yHza66jdajA3ZlGhtSV6uUHLjYdvgMpu3pRYljWBu1POwXK715q3Wm5rTERvQL
I5JdmGVJ1ydfGLgE/jSCy1D/LdgKun2Q1Rbpjztr6Kp5dUlhojGD2PoMli0YTol3
HjrfOOZYETT5wmyZOTiQ2vnjRFYh50kjgsR7We3KO4x90yqXcW0r3Of5xD8y6acO
kZAQRfCEtsqAwjiAdv3y0qrf7ZPCLMFiEla++6wxN2n065Vg4mtZBB9cbhGcS1oa
wCAPe9TB3Nh5dCV4fF5fcCgsfe1dGy+a4tcpxJDITzj3Bwb3kH3lqHEiWi8=
-----END CERTIFICATE-----