Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54e9d325-9f00-4aa5-a835-a0b5189c5028.roa
File:                     54e9d325-9f00-4aa5-a835-a0b5189c5028.roa (raw, json)
Hash identifier:          nDQX71ojB013n61WlwpOrrL0ZxYdo3XTEDhXCKgqzMc=
Subject key identifier:   61:BF:0C:5E:B9:6B:B7:FC:D7:30:8C:79:89:B3:AC:D8:B1:92:92:EA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       61BFCCD6928BF156774A90081161965F7388110D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54e9d325-9f00-4aa5-a835-a0b5189c5028.roa
Signing time:             Sat 08 Mar 2025 00:13:19 +0000
ROA not before:           Sat 08 Mar 2025 00:13:19 +0000
ROA not after:            Sat 12 Apr 2025 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 08 Mar 2025 00:28:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:bf:cc:d6:92:8b:f1:56:77:4a:90:08:11:61:96:5f:73:88:11:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar  8 00:13:19 2025 GMT
            Not After : Apr 12 23:59:59 2025 GMT
        Subject: CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c9:79:c5:69:6c:d7:cd:ac:6f:f0:d6:98:82:
                    40:0d:f2:f0:54:51:70:57:56:37:d2:43:50:e5:3f:
                    10:20:71:9f:87:7c:bc:26:3e:cc:d9:ff:4c:ab:45:
                    10:89:82:8f:49:fc:4a:e7:93:be:f2:6d:d1:cc:82:
                    9b:c6:d4:1d:b3:ca:6e:4f:1e:b9:59:52:5c:a1:98:
                    6e:19:f8:95:4b:2f:0c:34:14:48:7b:16:78:80:1d:
                    ee:be:36:61:18:d8:ea:f9:86:3d:94:cc:c3:7c:b1:
                    9f:e7:0a:10:85:00:4c:f7:ee:65:66:d0:b2:0d:8b:
                    a5:a5:26:63:76:c2:49:af:56:41:24:39:3a:42:f4:
                    ca:a2:60:cc:72:3a:41:62:ab:ad:70:fc:42:2a:80:
                    42:b6:7f:90:ee:48:d6:78:4c:50:d1:35:5b:71:4c:
                    83:5e:13:fb:a8:95:1f:c9:57:66:86:ac:7a:72:18:
                    ba:18:ad:77:f5:e8:e8:23:8b:fc:66:2c:8c:10:48:
                    34:76:b6:e0:2b:6e:8b:39:24:5e:d8:86:4c:06:02:
                    a9:0a:d3:99:96:24:58:4b:7b:64:a8:90:71:f8:98:
                    73:94:b5:fb:60:84:3e:a6:34:92:fe:1b:1d:e5:c0:
                    34:1a:26:af:c4:1c:72:42:28:15:43:c6:49:4f:a3:
                    c4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:BF:0C:5E:B9:6B:B7:FC:D7:30:8C:79:89:B3:AC:D8:B1:92:92:EA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54e9d325-9f00-4aa5-a835-a0b5189c5028.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:fd:a6:91:e6:3a:fe:89:db:3c:b7:2d:62:64:84:6f:e8:c4:
         4c:eb:2d:3a:2b:cd:0d:55:65:6d:49:d4:39:2a:cd:62:ca:6e:
         67:55:8b:3b:3a:a4:e5:f2:ed:52:fc:ba:f1:00:5f:81:c6:ce:
         9a:25:42:63:c2:3c:e6:0f:25:eb:00:30:a7:bc:fe:d1:67:4a:
         2f:1b:24:1d:76:a8:e8:68:bb:80:c1:2a:d1:2e:49:b4:be:da:
         4a:4e:7c:04:a2:18:88:f6:35:e0:cb:c3:a7:8b:09:56:d4:32:
         b1:90:b8:b3:5e:87:e5:3c:30:6d:31:66:a9:9a:63:3a:f3:e8:
         11:d8:8a:09:60:c2:15:c0:94:f6:80:13:7c:54:7d:ee:58:2a:
         a4:61:5e:32:b3:a9:fa:c6:0a:75:0c:e7:85:9f:c4:c5:a1:c6:
         e6:07:cc:85:fa:e3:8e:20:b3:5a:af:0f:0b:93:88:57:ef:c4:
         cd:d1:0e:6c:58:e6:7c:97:03:52:b4:f1:ab:5c:d8:9a:6d:6a:
         18:b2:d0:fb:c4:e8:01:1b:75:0c:00:10:7d:44:3d:d6:ad:dd:
         02:07:8b:9d:38:97:3b:eb:d1:0e:bf:bb:60:d0:59:cb:31:b1:
         94:b7:2d:ed:ca:a2:ec:39:28:ef:92:35:94:dc:b3:b0:21:a9:
         0f:0a:1d:6f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUYb/M1pKL8VZ3SpAIEWGWX3OIEQ0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjUwMzA4MDAxMzE5WhcNMjUwNDEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2ZjFiYjllNDQxZjdlNjJiOTQ0ZDk3MGEwZDA1NWExMWI4
MWNiNGE1MDYxZjg5YzkwODJhNTdkMWE1MDNjYjJmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDjyXnFaWzXzaxv8NaYgkAN8vBUUXBXVjfSQ1DlPxAgcZ+H
fLwmPszZ/0yrRRCJgo9J/Ernk77ybdHMgpvG1B2zym5PHrlZUlyhmG4Z+JVLLww0
FEh7FniAHe6+NmEY2Or5hj2UzMN8sZ/nChCFAEz37mVm0LINi6WlJmN2wkmvVkEk
OTpC9MqiYMxyOkFiq61w/EIqgEK2f5DuSNZ4TFDRNVtxTINeE/uolR/JV2aGrHpy
GLoYrXf16Ogji/xmLIwQSDR2tuArbos5JF7YhkwGAqkK05mWJFhLe2SokHH4mHOU
tftghD6mNJL+Gx3lwDQaJq/EHHJCKBVDxklPo8StAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYb8MXrlrt/zXMIx5ibOs2LGSkuowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU0ZTlkMzI1LTlmMDAtNGFhNS1hODM1LWEwYjUxODljNTAyOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIj9ppHmOv6J2zy3LWJkhG/oxEzr
LTorzQ1VZW1J1DkqzWLKbmdVizs6pOXy7VL8uvEAX4HGzpolQmPCPOYPJesAMKe8
/tFnSi8bJB12qOhou4DBKtEuSbS+2kpOfASiGIj2NeDLw6eLCVbUMrGQuLNeh+U8
MG0xZqmaYzrz6BHYiglgwhXAlPaAE3xUfe5YKqRhXjKzqfrGCnUM54WfxMWhxuYH
zIX6444gs1qvDwuTiFfvxM3RDmxY5nyXA1K08atc2Jptahiy0PvE6AEbdQwAEH1E
Pdat3QIHi504lzvr0Q6/u2DQWcsxsZS3Le3Kouw5KO+SNZTcs7AhqQ8KHW8=
-----END CERTIFICATE-----