Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22053818-7e84-4e00-a51a-8823a6fcde78.roa
File:                     22053818-7e84-4e00-a51a-8823a6fcde78.roa (raw, json)
Hash identifier:          3LiG8GQWN4t1QLN7d9nMLH9BGymuKnURcUeMnaZFLf4=
Subject key identifier:   B7:FF:FD:61:98:D2:DC:F9:08:A1:6C:E7:BA:99:C7:EB:22:51:09:5F
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       76DE03943722AEEF604FEA9F47BD70DE6AE97B93
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22053818-7e84-4e00-a51a-8823a6fcde78.roa
Signing time:             Tue 18 Jun 2024 00:00:00 +0000
ROA not before:           Tue 18 Jun 2024 00:00:00 +0000
ROA not after:            Tue 23 Jul 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 18 Jun 2024 10:33:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:de:03:94:37:22:ae:ef:60:4f:ea:9f:47:bd:70:de:6a:e9:7b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 18 00:00:00 2024 GMT
            Not After : Jul 23 23:59:59 2024 GMT
        Subject: serialNumber=a31e775231f1a6f292ba78a45ca3a9ef20027f13c50d069c869868299350ba4e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:67:c2:cf:81:43:40:0f:e6:62:5b:02:31:53:
                    12:29:d9:b2:51:71:35:dd:37:08:e8:b3:f2:e4:48:
                    74:f7:5c:62:a0:70:a4:c1:9d:7c:b4:11:8f:be:f4:
                    ee:a1:3b:d1:06:c3:cc:70:17:73:3f:e1:08:23:20:
                    6c:f5:77:60:aa:47:0f:24:ae:b3:5a:61:3f:44:85:
                    b5:54:5b:a4:53:bc:10:1b:0e:42:fe:75:bc:86:fb:
                    73:1e:53:f7:28:40:20:f3:19:81:ea:40:54:eb:1b:
                    34:0b:70:83:3a:63:ee:48:45:2f:ab:89:b3:06:ed:
                    bc:d1:0d:69:8b:ca:c9:ad:5a:f3:48:2f:ff:e9:ce:
                    4d:aa:e4:22:f2:23:f9:38:50:f6:8c:f8:3c:ca:c9:
                    f7:d4:da:2c:b4:dd:c9:e5:1b:7b:ca:f5:21:4a:42:
                    40:eb:a5:0b:bf:b0:fe:1c:7a:76:b1:4d:9a:6f:e4:
                    3c:23:81:7f:72:10:a7:3d:72:bc:54:90:e2:06:3c:
                    28:a7:8e:0e:4c:5c:1d:91:ac:63:91:a4:b2:fb:f4:
                    a7:b5:a8:fb:74:a1:c3:86:28:5b:b0:8b:95:6f:75:
                    12:98:75:f6:b0:23:94:5b:89:c6:c2:29:5f:51:ce:
                    db:b6:fa:37:42:2b:96:95:fe:fb:23:19:f4:dd:c5:
                    33:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:FF:FD:61:98:D2:DC:F9:08:A1:6C:E7:BA:99:C7:EB:22:51:09:5F
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/22053818-7e84-4e00-a51a-8823a6fcde78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:d7:02:ea:77:b3:de:62:d7:e3:f4:3a:c3:da:0d:3a:1b:9e:
         02:45:ac:62:69:ae:a2:2a:1d:ff:d2:e2:ed:dc:c0:85:8a:29:
         ed:4e:56:08:7f:68:96:05:bf:6f:e0:4d:8c:8d:24:58:9f:d6:
         49:ee:54:50:6c:23:14:50:dc:c7:d5:e7:6c:78:06:68:77:f1:
         98:c6:e1:90:ea:6a:4b:54:e7:40:6a:5b:aa:85:58:df:be:0f:
         3c:4f:08:d5:91:f4:c1:c7:c5:c4:98:b4:cb:d0:98:d7:45:db:
         c4:6d:17:0c:90:3c:5c:2a:93:86:fd:3c:ae:3e:a7:00:a1:33:
         c5:2d:d2:39:fe:93:e9:97:f9:20:4b:44:3c:6c:46:7a:85:c6:
         6b:a2:b0:ca:58:aa:92:44:bc:dc:da:32:3e:91:3f:9e:c8:c7:
         7c:77:dd:f8:9d:ba:ad:24:43:36:e4:8f:89:59:9f:42:6a:2b:
         ca:c7:97:9e:b8:36:ab:65:57:dd:e2:2f:81:a9:fc:82:c9:72:
         78:35:6d:fe:c0:40:ba:6a:0f:47:72:f3:5a:bf:83:c2:96:9c:
         09:38:8f:49:10:9e:38:95:26:e9:87:f9:fe:3a:d9:f5:26:ef:
         41:0c:61:16:24:f9:9a:99:d8:d8:88:e0:77:e9:56:c8:35:4a:
         fe:4e:65:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdt4DlDciru9gT+qfR71w3mrpe5MwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNjE4MDAwMDAwWhcNMjQwNzIzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhMzFlNzc1MjMxZjFhNmYyOTJiYTc4YTQ1Y2EzYTllZjIw
MDI3ZjEzYzUwZDA2OWM4Njk4NjgyOTkzNTBiYTRlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCrZ8LPgUNAD+ZiWwIxUxIp2bJRcTXdNwjos/LkSHT3XGKg
cKTBnXy0EY++9O6hO9EGw8xwF3M/4QgjIGz1d2CqRw8krrNaYT9EhbVUW6RTvBAb
DkL+dbyG+3MeU/coQCDzGYHqQFTrGzQLcIM6Y+5IRS+ribMG7bzRDWmLysmtWvNI
L//pzk2q5CLyI/k4UPaM+DzKyffU2iy03cnlG3vK9SFKQkDrpQu/sP4cenaxTZpv
5DwjgX9yEKc9crxUkOIGPCinjg5MXB2RrGORpLL79Ke1qPt0ocOGKFuwi5VvdRKY
dfawI5RbicbCKV9Rztu2+jdCK5aV/vsjGfTdxTM5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUt//9YZjS3PkIoWznupnH6yJRCV8wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzIyMDUzODE4LTdlODQtNGUwMC1hNTFhLTg4MjNhNmZjZGU3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIfXAup3s95i1+P0OsPaDTobngJF
rGJprqIqHf/S4u3cwIWKKe1OVgh/aJYFv2/gTYyNJFif1knuVFBsIxRQ3MfV52x4
Bmh38ZjG4ZDqaktU50BqW6qFWN++DzxPCNWR9MHHxcSYtMvQmNdF28RtFwyQPFwq
k4b9PK4+pwChM8Ut0jn+k+mX+SBLRDxsRnqFxmuisMpYqpJEvNzaMj6RP57Ix3x3
3fiduq0kQzbkj4lZn0JqK8rHl564NqtlV93iL4Gp/ILJcng1bf7AQLpqD0dy81q/
g8KWnAk4j0kQnjiVJumH+f462fUm70EMYRYk+ZqZ2NiI4HfpVsg1Sv5OZb0=
-----END CERTIFICATE-----