Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/426db6bd-abbe-4da2-99ba-4731f03a17cc.roa
File:                     426db6bd-abbe-4da2-99ba-4731f03a17cc.roa (raw, json)
Hash identifier:          OBiNp0uE1d2THjgD8n5YTzGTqLaGE7IcMeF5VEi4q4k=
Subject key identifier:   19:B7:FE:15:0B:14:8E:12:FF:AC:AF:D1:D0:42:D0:62:E1:26:12:9F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1F4ED97E6A50FD4F561F08771B8D7CB9648D32D2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/426db6bd-abbe-4da2-99ba-4731f03a17cc.roa
Signing time:             Fri 07 Mar 2025 03:48:24 +0000
ROA not before:           Fri 07 Mar 2025 03:48:24 +0000
ROA not after:            Fri 11 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 07 Mar 2025 04:03:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:4e:d9:7e:6a:50:fd:4f:56:1f:08:77:1b:8d:7c:b9:64:8d:32:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  7 03:48:24 2025 GMT
            Not After : Apr 11 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8a:a5:57:8b:37:d2:26:ea:13:c8:24:ab:1a:
                    8a:b7:ed:02:29:c9:3b:3f:1e:a7:48:61:cb:03:c5:
                    8d:60:33:ca:71:a7:46:bf:6e:71:16:53:c2:ce:d6:
                    fe:6d:9e:dd:ed:47:c0:63:5d:1d:54:c0:0c:a8:86:
                    b7:fd:8c:90:a4:e3:e7:69:7e:59:2b:ee:8f:d8:02:
                    48:f3:1e:bc:27:94:7d:0c:e2:2e:28:4f:4d:da:ba:
                    d9:8c:71:21:42:27:48:70:97:da:4d:6c:f0:e3:91:
                    18:86:a3:2e:6b:3f:19:f3:63:25:83:19:a9:cd:38:
                    3d:da:4c:fb:5b:bc:5e:95:59:1a:f9:d9:d6:a9:36:
                    b8:e4:d7:d4:43:6d:53:ee:08:bb:27:25:9e:51:5a:
                    68:01:36:6d:76:5f:c9:c3:4f:82:8a:87:63:2f:07:
                    28:d0:6b:c8:35:dd:cc:e8:74:2c:fc:1c:ae:24:aa:
                    a9:fc:cd:c8:eb:fa:cc:5c:ec:f0:af:f9:99:5d:36:
                    90:3b:6d:03:17:96:42:83:d3:5f:3c:5a:d0:47:9b:
                    75:cb:07:47:40:d0:37:69:5d:b3:4a:9a:fb:c1:da:
                    b5:1f:d1:d0:25:ce:fe:f3:98:d8:fb:3e:8d:a2:ff:
                    e7:ae:70:c9:30:c2:6d:1d:6d:f1:96:79:9f:c4:9a:
                    66:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:B7:FE:15:0B:14:8E:12:FF:AC:AF:D1:D0:42:D0:62:E1:26:12:9F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/426db6bd-abbe-4da2-99ba-4731f03a17cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:44:81:6c:7b:dc:36:b3:12:2e:f9:7d:49:c4:0a:02:0a:c9:
         20:76:1d:f4:ee:0f:ef:5d:92:a9:98:6f:6d:ab:e4:b5:6d:7a:
         9a:6c:61:21:1e:d6:45:60:7c:fb:0e:72:b7:39:0f:32:b5:d5:
         36:c1:0f:3f:c9:98:41:e8:0a:00:31:0b:92:1d:b8:dc:b4:97:
         66:15:a1:d8:a5:93:c9:9d:30:e4:a4:4d:ea:bb:34:37:76:19:
         9c:a8:ac:7d:36:19:ee:34:86:ea:59:f1:94:af:4d:ad:98:84:
         89:d9:ee:8b:68:54:f8:b4:0e:9a:60:29:fa:bd:85:30:a8:ef:
         aa:f3:b3:82:31:64:97:f7:f1:0d:44:b1:10:84:26:24:a6:15:
         78:a7:83:fa:b7:b5:77:37:54:ef:0a:eb:77:fd:4a:bd:2f:82:
         29:6d:29:aa:48:18:00:f5:22:82:b7:11:db:aa:e5:36:1f:7e:
         2e:cd:24:27:66:81:73:ba:34:a4:9b:0c:80:35:f6:23:fd:f3:
         d3:ce:1b:2d:6c:a4:ca:d1:8b:89:6a:56:78:92:f4:54:be:15:
         3a:3c:40:9e:38:da:8d:d3:00:07:3e:35:89:e9:66:a2:98:6b:
         fc:45:1d:16:81:c2:e8:fa:79:50:f0:b0:25:4f:83:e2:8d:e0:
         c8:e3:af:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUH07ZfmpQ/U9WHwh3G418uWSNMtIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA3MDM0ODI0WhcNMjUwNDExMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NmYzZDA0YjgxMDQ3NjBiZGMyOTU0ZWRmY2Y5OWVkZTJi
MDY3Mjg5MGE0OGE5NGMxNjUzNTVjNGJjNGZiOGM2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtiqVXizfSJuoTyCSrGoq37QIpyTs/HqdIYcsDxY1gM8px
p0a/bnEWU8LO1v5tnt3tR8BjXR1UwAyohrf9jJCk4+dpflkr7o/YAkjzHrwnlH0M
4i4oT03autmMcSFCJ0hwl9pNbPDjkRiGoy5rPxnzYyWDGanNOD3aTPtbvF6VWRr5
2dapNrjk19RDbVPuCLsnJZ5RWmgBNm12X8nDT4KKh2MvByjQa8g13czodCz8HK4k
qqn8zcjr+sxc7PCv+ZldNpA7bQMXlkKD0188WtBHm3XLB0dA0DdpXbNKmvvB2rUf
0dAlzv7zmNj7Po2i/+eucMkwwm0dbfGWeZ/EmmbBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUGbf+FQsUjhL/rK/R0ELQYuEmEp8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQyNmRiNmJkLWFiYmUtNGRhMi05OWJhLTQ3MzFmMDNhMTdjYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAH5EgWx73DazEi75fUnECgIKySB2
HfTuD+9dkqmYb22r5LVteppsYSEe1kVgfPsOcrc5DzK11TbBDz/JmEHoCgAxC5Id
uNy0l2YVodilk8mdMOSkTeq7NDd2GZyorH02Ge40hupZ8ZSvTa2YhInZ7otoVPi0
DppgKfq9hTCo76rzs4IxZJf38Q1EsRCEJiSmFXing/q3tXc3VO8K63f9Sr0vgilt
KapIGAD1IoK3Eduq5TYffi7NJCdmgXO6NKSbDIA19iP989POGy1spMrRi4lqVniS
9FS+FTo8QJ442o3TAAc+NYnpZqKYa/xFHRaBwuj6eVDwsCVPg+KN4Mjjr08=
-----END CERTIFICATE-----