Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/228bc5eb-1f4d-4138-9772-2719ab776e6f.roa
File:                     228bc5eb-1f4d-4138-9772-2719ab776e6f.roa (raw, json)
Hash identifier:          nq3pGaUFlV+D2s+Tnu9kfWV6lonUsur8h1dONtgZCv0=
Subject key identifier:   C1:5E:5D:DB:CE:FE:74:CA:C4:63:87:A1:78:EE:5A:E5:78:75:76:B9
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4B006D115308CCC5A2F211294EB12EC600C4FD04
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/228bc5eb-1f4d-4138-9772-2719ab776e6f.roa
Signing time:             Tue 18 Mar 2025 14:53:17 +0000
ROA not before:           Tue 18 Mar 2025 14:53:17 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 18 Mar 2025 15:08:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:00:6d:11:53:08:cc:c5:a2:f2:11:29:4e:b1:2e:c6:00:c4:fd:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 18 14:53:17 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:47:8f:e7:09:65:d2:61:39:99:1b:b3:d4:f8:
                    f1:5a:1e:b8:75:e3:f9:73:a9:78:c2:24:f3:61:a6:
                    1f:50:01:c2:34:8f:f7:20:16:6f:1a:75:41:49:ef:
                    7c:b1:d5:95:3d:9a:97:b2:6e:56:24:15:95:20:a9:
                    11:f1:7f:d6:ab:b6:ff:05:a9:a3:37:20:36:9a:8d:
                    f6:6c:ad:f2:81:96:43:ec:38:10:8c:a1:0d:60:63:
                    87:96:73:bb:28:11:9b:81:3b:47:de:32:77:b9:2a:
                    6a:66:e2:46:18:21:05:83:c2:ee:8e:3c:7e:7e:62:
                    b6:5a:5e:63:0e:bf:81:ce:29:20:6c:c9:8c:1c:31:
                    e3:19:54:bb:bb:2d:1d:d5:b4:33:a8:27:8c:ad:bb:
                    e4:b3:3b:1b:91:f1:b4:53:38:f1:23:b2:8d:0b:d6:
                    e4:eb:54:eb:6f:c2:ac:56:f9:e9:5b:59:03:76:0e:
                    54:41:9e:3b:7e:dc:f4:23:6a:fb:30:ae:af:c6:25:
                    19:ca:84:30:4a:6c:cd:ce:47:ba:1e:53:0d:0f:95:
                    c1:b9:e3:1e:06:93:0c:11:20:a4:68:98:1a:49:00:
                    f6:a7:04:84:d7:48:22:c6:62:17:63:c6:d0:26:38:
                    eb:ec:1b:df:94:0a:38:33:9f:13:b7:e6:d3:28:4f:
                    46:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:5E:5D:DB:CE:FE:74:CA:C4:63:87:A1:78:EE:5A:E5:78:75:76:B9
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/228bc5eb-1f4d-4138-9772-2719ab776e6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:b9:87:f1:68:52:a3:12:80:f1:7f:09:d8:33:9c:f5:ff:1c:
         57:b7:93:40:82:a8:38:6c:5c:f4:5c:27:9c:ae:19:fe:51:af:
         f0:bd:22:86:1b:84:3d:40:43:fc:13:7d:79:64:06:98:c3:6d:
         2c:f4:96:17:2c:9d:6d:ad:a2:3a:3e:82:2c:12:f1:1b:c9:04:
         3a:eb:09:9a:f0:92:b2:90:cc:45:46:58:af:4d:c3:71:43:56:
         ba:6b:16:1e:71:06:4b:f7:1c:d7:19:6d:8a:58:b4:3a:fe:55:
         e1:25:f0:6c:81:57:04:dc:da:8f:e5:d7:33:d7:de:cb:e5:65:
         96:bf:1a:02:65:20:f3:74:87:8c:e7:cd:e9:93:f3:94:95:f9:
         2e:21:16:bf:27:bf:53:0f:2f:07:a5:54:3b:5d:a0:35:3f:6f:
         0d:4c:bd:d2:c5:95:3f:d4:87:b6:b3:e7:5c:6b:dd:35:0b:02:
         39:c6:5d:0d:5b:f4:86:26:50:77:79:b8:07:1f:d9:87:d2:fd:
         0a:88:1f:04:e7:95:79:3f:f8:6a:18:e3:c7:1a:88:5d:e5:96:
         4b:58:be:a8:cc:f3:23:89:43:cb:86:c9:cb:4a:51:e8:4a:1b:
         63:bf:d0:30:13:3f:a9:0c:e6:79:68:1e:85:ae:a3:ee:68:54:
         13:d3:88:22
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUSwBtEVMIzMWi8hEpTrEuxgDE/QQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzE4MTQ1MzE3WhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNjFkN2ZmNTNkZmIzZDViOWQxMWZjYTE3YmJjOWRlOTIx
NzQ5M2E0NTY0ZmEyYzA0MThlMTEwMWMxOTcyOGE4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDFR4/nCWXSYTmZG7PU+PFaHrh14/lzqXjCJPNhph9QAcI0
j/cgFm8adUFJ73yx1ZU9mpeyblYkFZUgqRHxf9artv8FqaM3IDaajfZsrfKBlkPs
OBCMoQ1gY4eWc7soEZuBO0feMne5Kmpm4kYYIQWDwu6OPH5+YrZaXmMOv4HOKSBs
yYwcMeMZVLu7LR3VtDOoJ4ytu+SzOxuR8bRTOPEjso0L1uTrVOtvwqxW+elbWQN2
DlRBnjt+3PQjavswrq/GJRnKhDBKbM3OR7oeUw0PlcG54x4GkwwRIKRomBpJAPan
BITXSCLGYhdjxtAmOOvsG9+UCjgznxO35tMoT0avAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwV5d287+dMrEY4eheO5a5Xh1drkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIyOGJjNWViLTFmNGQtNDEzOC05NzcyLTI3MTlhYjc3NmU2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFC5h/FoUqMSgPF/CdgznPX/HFe3
k0CCqDhsXPRcJ5yuGf5Rr/C9IoYbhD1AQ/wTfXlkBpjDbSz0lhcsnW2tojo+giwS
8RvJBDrrCZrwkrKQzEVGWK9Nw3FDVrprFh5xBkv3HNcZbYpYtDr+VeEl8GyBVwTc
2o/l1zPX3svlZZa/GgJlIPN0h4znzemT85SV+S4hFr8nv1MPLwelVDtdoDU/bw1M
vdLFlT/Uh7az51xr3TULAjnGXQ1b9IYmUHd5uAcf2YfS/QqIHwTnlXk/+GoY48ca
iF3llktYvqjM8yOJQ8uGyctKUehKG2O/0DATP6kM5nloHoWuo+5oVBPTiCI=
-----END CERTIFICATE-----