Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/1bb98b27-b941-46f3-8c71-44485912312c.roa
File:                     1bb98b27-b941-46f3-8c71-44485912312c.roa (raw, json)
Hash identifier:          AgZoa5gOQQfamauRZxmsSrDYNoY8RMObC+BhQHfyYvU=
Subject key identifier:   96:76:C0:21:29:11:C4:CF:87:88:C5:41:E9:69:1D:80:4F:39:76:CF
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       32B624E45730734F5F79A6A167695EADD5D41013
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/1bb98b27-b941-46f3-8c71-44485912312c.roa
Signing time:             Mon 10 Jun 2024 00:00:00 +0000
ROA not before:           Mon 10 Jun 2024 00:00:00 +0000
ROA not after:            Mon 15 Jul 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2605:9cc0:f033::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 11 Jun 2024 19:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:b6:24:e4:57:30:73:4f:5f:79:a6:a1:67:69:5e:ad:d5:d4:10:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Jun 10 00:00:00 2024 GMT
            Not After : Jul 15 23:59:59 2024 GMT
        Subject: serialNumber=5bf2985fcf8366721dde29b5c510f358bdf53ce1c5c61cd0148645d9b5a479ed, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:ee:98:72:b4:67:ca:18:73:36:36:a3:95:e9:
                    b6:f0:22:f9:51:89:8b:cc:c5:8e:e4:3c:43:e4:2b:
                    0b:46:17:fa:33:bd:33:33:b3:4c:b9:01:4a:b0:77:
                    c1:1c:2e:26:02:e6:10:e1:95:b8:5f:15:91:da:52:
                    fd:f8:cb:3b:d3:6e:8e:7d:6f:95:7e:fd:79:80:68:
                    9b:33:d3:6b:59:f1:f8:9b:e1:6d:14:07:c6:c0:2e:
                    f0:68:58:f3:68:83:c4:8c:0e:dc:96:0c:d0:ad:cc:
                    b0:0b:52:c6:5a:dd:a0:dc:71:f7:57:05:93:28:52:
                    73:a1:bc:2d:95:56:07:9f:77:9f:9b:da:6e:d8:7a:
                    d0:f5:3b:18:b0:75:5b:19:8c:f3:70:33:06:5c:39:
                    ef:cc:60:34:97:ae:15:ef:04:ab:93:e0:8f:22:d5:
                    ee:9d:1a:b5:b7:40:73:a9:8d:8e:2c:46:be:ee:4a:
                    f2:ea:79:35:dc:23:b0:db:74:ce:55:ec:c2:e4:d2:
                    fb:96:97:4e:2b:82:56:1e:c8:b7:3f:e9:6d:5b:0b:
                    a4:52:10:bb:e2:d0:e4:16:27:2e:c5:32:30:18:d0:
                    71:46:b2:82:16:47:c2:63:53:27:65:ee:0f:ab:31:
                    e9:68:8b:42:50:64:ae:bb:79:33:00:75:0b:bf:d6:
                    b3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:76:C0:21:29:11:C4:CF:87:88:C5:41:E9:69:1D:80:4F:39:76:CF
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/1bb98b27-b941-46f3-8c71-44485912312c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:f033::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:22:22:ba:db:0a:a3:06:14:5f:aa:8e:eb:a4:15:da:e0:83:
         39:a7:44:2f:bd:8d:85:02:50:05:b7:15:d9:78:de:58:85:75:
         b5:4a:47:0a:ac:58:e3:54:f0:5b:5d:e6:97:5f:af:3e:c1:23:
         58:3a:00:ab:a0:f9:bb:15:ed:a0:96:d9:27:00:e2:f3:c4:fc:
         39:aa:b7:e2:20:d2:9c:8c:1f:32:86:59:a6:63:ec:33:ab:ab:
         14:51:69:95:d0:bb:c5:62:a9:2e:74:b4:04:76:72:f8:26:2c:
         89:c3:16:ac:fc:b5:8e:67:81:56:65:a4:c5:a8:26:aa:84:1c:
         e6:8b:16:de:2e:91:96:21:7f:c7:21:ed:b4:80:f2:b5:74:49:
         ff:71:3b:22:d7:a6:8a:33:4e:1a:fc:57:ab:b1:7e:55:c8:68:
         09:d0:8e:56:0b:33:7b:ee:ed:20:dc:ff:24:f4:64:4e:dd:ad:
         13:d2:be:80:e3:be:9a:78:48:e0:aa:53:cc:2a:66:ff:7c:64:
         e9:17:b1:96:2f:4c:70:44:cc:b0:fa:57:f6:e4:30:45:38:47:
         94:df:e5:42:86:37:90:4e:a7:ee:ba:0d:b4:4e:2c:5d:86:ec:
         50:43:5d:57:cf:15:27:36:7e:7e:df:1d:63:f2:15:1a:e6:f6:
         3b:2a:c8:1b
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUMrYk5Fcwc09feaahZ2lerdXUEBMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjQwNjEwMDAwMDAwWhcNMjQwNzE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A1YmYyOTg1ZmNmODM2NjcyMWRkZTI5YjVjNTEwZjM1OGJk
ZjUzY2UxYzVjNjFjZDAxNDg2NDVkOWI1YTQ3OWVkMS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDp7phytGfKGHM2NqOV6bbwIvlRiYvMxY7kPEPkKwtGF/oz
vTMzs0y5AUqwd8EcLiYC5hDhlbhfFZHaUv34yzvTbo59b5V+/XmAaJsz02tZ8fib
4W0UB8bALvBoWPNog8SMDtyWDNCtzLALUsZa3aDccfdXBZMoUnOhvC2VVgefd5+b
2m7YetD1OxiwdVsZjPNwMwZcOe/MYDSXrhXvBKuT4I8i1e6dGrW3QHOpjY4sRr7u
SvLqeTXcI7DbdM5V7MLk0vuWl04rglYeyLc/6W1bC6RSELvi0OQWJy7FMjAY0HFG
soIWR8JjUydl7g+rMeloi0JQZK67eTMAdQu/1rMNAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUlnbAISkRxM+HiMVB6WkdgE85ds8wHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzFiYjk4YjI3LWI5NDEtNDZmMy04YzcxLTQ0NDg1OTEyMzEyYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBZzA8DMwDQYJKoZIhvcNAQELBQADggEBAFUiIrrbCqMGFF+qjuukFdrg
gzmnRC+9jYUCUAW3Fdl43liFdbVKRwqsWONU8Ftd5pdfrz7BI1g6AKug+bsV7aCW
2ScA4vPE/Dmqt+Ig0pyMHzKGWaZj7DOrqxRRaZXQu8ViqS50tAR2cvgmLInDFqz8
tY5ngVZlpMWoJqqEHOaLFt4ukZYhf8ch7bSA8rV0Sf9xOyLXpoozThr8V6uxflXI
aAnQjlYLM3vu7SDc/yT0ZE7drRPSvoDjvpp4SOCqU8wqZv98ZOkXsZYvTHBEzLD6
V/bkMEU4R5Tf5UKGN5BOp+66DbROLF2G7FBDXVfPFSc2fn7fHWPyFRrm9jsqyBs=
-----END CERTIFICATE-----