Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/19deea7e-5604-4c06-8e79-b7a3e23958cc.roa
File:                     19deea7e-5604-4c06-8e79-b7a3e23958cc.roa (raw, json)
Hash identifier:          15XyeslVQrd0W+u3bCzFrH58q50OID3QXMi/cFKq5E8=
Subject key identifier:   B7:CD:53:41:BF:7B:2E:A7:23:87:CA:49:45:E9:90:7A:83:A9:3F:5F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2954BE68FE24FA0BD7E7385E4BB0DA2540E620DA
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/19deea7e-5604-4c06-8e79-b7a3e23958cc.roa
Signing time:             Thu 25 Jul 2024 00:00:00 +0000
ROA not before:           Thu 25 Jul 2024 00:00:00 +0000
ROA not after:            Thu 29 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 Jul 2024 02:03:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:54:be:68:fe:24:fa:0b:d7:e7:38:5e:4b:b0:da:25:40:e6:20:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 25 00:00:00 2024 GMT
            Not After : Aug 29 23:59:59 2024 GMT
        Subject: serialNumber=344bec272edf664b36027836bb690b787437bfdc330746a882188f99b1845054, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:34:66:4d:f5:d0:f4:fe:c6:94:c4:da:66:93:
                    9e:fb:22:58:16:97:b9:7f:39:b8:9c:5c:a3:ed:ed:
                    04:c0:88:10:82:9f:87:02:06:a5:3e:9c:56:9a:e6:
                    b3:d6:87:b1:52:1b:10:dd:39:7b:9d:0c:72:97:30:
                    c1:74:ce:3f:a5:9e:b5:c4:87:36:23:1c:c0:94:56:
                    c1:18:16:2f:5b:9b:6b:fe:d3:5f:d6:bc:c6:d2:e5:
                    d7:a1:27:a4:67:f0:ea:ff:75:6e:50:09:39:d0:3e:
                    00:a0:25:68:b4:a9:f5:69:a9:2e:32:7d:8d:e8:48:
                    5b:45:91:d4:2d:61:cd:55:c6:8f:2c:b7:09:68:3d:
                    98:39:32:92:f7:a7:0e:de:17:68:43:8a:8b:10:bf:
                    df:5a:3a:ce:37:d2:58:d9:f7:bd:73:50:6c:20:16:
                    1f:3d:ea:f4:33:6c:ce:2c:d7:d8:bd:71:38:5b:64:
                    f2:c0:4b:c5:74:cc:6d:d5:33:a3:22:ac:4a:7f:f7:
                    38:6e:7b:8c:bc:4a:c1:42:58:de:17:6f:b2:7b:6a:
                    74:1b:fd:4f:b5:fd:0a:43:81:00:7a:9e:b0:36:b3:
                    fe:b0:ae:04:b2:ff:e4:c0:63:4c:1d:24:64:a1:2d:
                    1e:74:97:f5:8a:ae:f0:e3:3e:00:30:fc:74:6c:db:
                    6a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:CD:53:41:BF:7B:2E:A7:23:87:CA:49:45:E9:90:7A:83:A9:3F:5F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/19deea7e-5604-4c06-8e79-b7a3e23958cc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:de:7a:ae:92:a2:4e:8e:43:25:dd:17:a8:57:38:a4:49:0e:
         2d:47:60:42:3b:16:82:f4:88:28:49:ea:7e:f1:c3:70:9b:c0:
         e6:29:0b:9e:97:80:1e:27:50:46:f3:93:27:28:d2:72:8a:11:
         59:50:ec:f9:59:fb:49:1e:b7:bc:82:f6:62:4d:93:fb:06:6c:
         6a:31:f2:81:40:72:08:8b:ed:25:b6:75:54:2d:b5:09:61:70:
         95:34:c4:56:18:5b:1c:e2:69:8f:7b:a4:d4:a8:74:88:c7:af:
         4a:99:d2:87:2a:b9:06:59:db:8c:cb:5d:28:17:08:25:13:b0:
         d2:ab:95:be:d5:1e:40:b9:15:a7:c2:17:6e:7d:71:d2:09:90:
         6c:5f:f7:ff:29:ef:30:cf:23:58:89:96:cb:c2:74:db:93:6b:
         5c:08:05:3c:40:15:93:57:6b:fe:cb:e4:f4:60:53:87:2d:ef:
         d7:33:fb:2a:28:54:05:41:6a:bb:a6:bc:36:24:db:92:4b:2c:
         36:5e:2f:ee:b4:f6:f1:5b:e3:57:7d:2e:cf:f2:8b:0a:02:e7:
         47:9c:7d:72:85:95:6e:93:4f:a8:b9:7c:42:12:42:8c:4b:b9:
         98:24:92:1b:9a:8f:77:13:f8:1d:a9:db:6e:70:c1:d9:6b:f4:
         1c:bb:84:fa
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUKVS+aP4k+gvX5zheS7DaJUDmINowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzI1MDAwMDAwWhcNMjQwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNDRiZWMyNzJlZGY2NjRiMzYwMjc4MzZiYjY5MGI3ODc0
MzdiZmRjMzMwNzQ2YTg4MjE4OGY5OWIxODQ1MDU0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDSNGZN9dD0/saUxNpmk577IlgWl7l/ObicXKPt7QTAiBCC
n4cCBqU+nFaa5rPWh7FSGxDdOXudDHKXMMF0zj+lnrXEhzYjHMCUVsEYFi9bm2v+
01/WvMbS5dehJ6Rn8Or/dW5QCTnQPgCgJWi0qfVpqS4yfY3oSFtFkdQtYc1Vxo8s
twloPZg5MpL3pw7eF2hDiosQv99aOs430ljZ971zUGwgFh896vQzbM4s19i9cThb
ZPLAS8V0zG3VM6MirEp/9zhue4y8SsFCWN4Xb7J7anQb/U+1/QpDgQB6nrA2s/6w
rgSy/+TAY0wdJGShLR50l/WKrvDjPgAw/HRs22o9AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUt81TQb97Lqcjh8pJRemQeoOpP18wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE5ZGVlYTdlLTU2MDQtNGMwNi04ZTc5LWI3YTNlMjM5NThjYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABPeeq6Sok6OQyXdF6hXOKRJDi1H
YEI7FoL0iChJ6n7xw3CbwOYpC56XgB4nUEbzkyco0nKKEVlQ7PlZ+0ket7yC9mJN
k/sGbGox8oFAcgiL7SW2dVQttQlhcJU0xFYYWxziaY97pNSodIjHr0qZ0ocquQZZ
24zLXSgXCCUTsNKrlb7VHkC5FafCF259cdIJkGxf9/8p7zDPI1iJlsvCdNuTa1wI
BTxAFZNXa/7L5PRgU4ct79cz+yooVAVBarumvDYk25JLLDZeL+609vFb41d9Ls/y
iwoC50ecfXKFlW6TT6i5fEISQoxLuZgkkhuaj3cT+B2p225wwdlr9By7hPo=
-----END CERTIFICATE-----