Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3d94330b-2bcf-4c75-8a5c-7bb8062349e4.roa
File:                     3d94330b-2bcf-4c75-8a5c-7bb8062349e4.roa (raw, json)
Hash identifier:          Y4hHUGG3ea7t/Z8J9fqW3D+JenFwfLYIIIidMAUQIrU=
Subject key identifier:   BB:39:58:FF:43:04:90:97:46:A5:21:EC:70:BC:9F:E1:07:FD:32:D2
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       32B4677034492D60C5F8ABB30A2EF916E55C1EE7
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3d94330b-2bcf-4c75-8a5c-7bb8062349e4.roa
Signing time:             Mon 20 May 2024 00:00:00 +0000
ROA not before:           Mon 20 May 2024 00:00:00 +0000
ROA not after:            Mon 24 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 20 May 2024 16:53:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:b4:67:70:34:49:2d:60:c5:f8:ab:b3:0a:2e:f9:16:e5:5c:1e:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 20 00:00:00 2024 GMT
            Not After : Jun 24 23:59:59 2024 GMT
        Subject: serialNumber=9901cd8cdc347691bb9e4446b3a776587ed019989c906a100f0901aa7e9ebdfd, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:81:35:86:85:7e:43:b6:96:41:1d:9b:c1:62:
                    c9:44:b2:eb:dc:17:0c:d1:6d:3b:f8:e5:ad:c5:fe:
                    49:55:dd:db:69:39:bf:67:ce:83:1c:ae:d7:a5:e4:
                    69:e0:3c:ba:0f:19:c5:15:b6:5a:2b:a8:4d:a9:4c:
                    ee:d0:3c:31:6b:bc:38:ff:de:1d:ba:29:5c:fe:b6:
                    3d:28:e4:77:49:43:fa:81:d4:c6:e5:29:28:9d:bb:
                    7d:44:16:c3:7f:f1:a0:fc:00:28:31:76:40:13:28:
                    da:36:03:2d:a0:e6:b5:66:50:76:8c:9d:dd:46:9d:
                    89:b5:39:01:3f:06:4d:0b:ac:d3:8d:50:6b:c8:49:
                    df:33:6a:ac:69:c7:c9:7e:65:89:e0:b9:38:56:bd:
                    18:fb:01:71:1f:91:a8:d9:31:fd:4a:06:1b:d9:79:
                    b7:f2:02:10:cd:b4:cb:a3:54:44:68:a0:13:7a:35:
                    e7:9f:1a:77:8f:2e:b0:57:8a:fc:12:81:cc:34:4a:
                    65:9e:79:9b:57:83:eb:c1:5b:88:5e:ab:63:35:14:
                    85:8e:0d:de:53:33:a9:df:7f:05:41:d3:75:b6:ac:
                    40:be:45:4e:ff:a9:c5:82:6f:f2:00:ae:14:b3:30:
                    dc:a7:92:56:cf:4f:b6:72:1b:f7:2d:90:ca:56:f8:
                    23:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:39:58:FF:43:04:90:97:46:A5:21:EC:70:BC:9F:E1:07:FD:32:D2
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/3d94330b-2bcf-4c75-8a5c-7bb8062349e4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:b5:23:c4:cb:1b:8e:e0:83:40:c2:b2:58:fa:7d:93:03:0e:
         78:4a:e9:c0:5e:10:b9:88:d1:58:e6:13:2e:e0:05:13:f0:fd:
         11:3c:49:fa:b9:b0:4f:fd:07:c1:1a:65:5f:43:c4:f4:4e:12:
         c6:21:6d:b8:d1:ec:fb:94:e0:03:af:bd:31:51:3d:43:22:f1:
         29:41:f5:43:d3:0c:1d:75:10:aa:e9:31:37:06:63:59:52:4f:
         2c:aa:c6:00:13:30:7b:ea:e9:53:24:9c:76:50:db:13:6c:fb:
         e7:2c:7a:99:d9:ff:8b:b6:ae:61:3b:5f:ba:ca:c9:0d:30:4f:
         00:df:f7:7e:59:47:f7:fb:69:e7:4a:ef:71:df:d2:ff:d2:f0:
         4d:af:a4:45:fb:19:a3:f4:e0:d5:28:a7:ab:18:c1:7e:7f:dc:
         65:36:6f:94:2a:76:40:6d:de:1a:58:64:ba:94:fc:28:5f:24:
         dc:e7:04:72:01:21:af:67:50:f0:fe:b3:9d:9b:d5:40:54:ef:
         95:b9:fb:7e:1c:9c:8c:d9:93:32:6f:04:95:40:37:20:f8:47:
         75:b8:18:ea:01:e0:90:7c:a1:51:cd:bc:39:97:8a:e1:e2:b9:
         a9:aa:11:6e:38:85:d3:99:80:c1:b7:9c:8b:fb:b6:ca:35:f5:
         f7:f6:c8:fc
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUMrRncDRJLWDF+KuzCi75FuVcHucwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTIwMDAwMDAwWhcNMjQwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OTAxY2Q4Y2RjMzQ3NjkxYmI5ZTQ0NDZiM2E3NzY1ODdl
ZDAxOTk4OWM5MDZhMTAwZjA5MDFhYTdlOWViZGZkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDKgTWGhX5DtpZBHZvBYslEsuvcFwzRbTv45a3F/klV3dtp
Ob9nzoMcrtel5GngPLoPGcUVtlorqE2pTO7QPDFrvDj/3h26KVz+tj0o5HdJQ/qB
1MblKSidu31EFsN/8aD8ACgxdkATKNo2Ay2g5rVmUHaMnd1GnYm1OQE/Bk0LrNON
UGvISd8zaqxpx8l+ZYnguThWvRj7AXEfkajZMf1KBhvZebfyAhDNtMujVERooBN6
NeefGnePLrBXivwSgcw0SmWeeZtXg+vBW4heq2M1FIWODd5TM6nffwVB03W2rEC+
RU7/qcWCb/IArhSzMNynklbPT7ZyG/ctkMpW+CMhAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUuzlY/0MEkJdGpSHscLyf4Qf9MtIwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzNkOTQzMzBiLTJiY2YtNGM3NS04YTVjLTdiYjgwNjIzNDllNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHC1I8TLG47gg0DCslj6fZMDDnhK
6cBeELmI0VjmEy7gBRPw/RE8Sfq5sE/9B8EaZV9DxPROEsYhbbjR7PuU4AOvvTFR
PUMi8SlB9UPTDB11EKrpMTcGY1lSTyyqxgATMHvq6VMknHZQ2xNs++csepnZ/4u2
rmE7X7rKyQ0wTwDf935ZR/f7aedK73Hf0v/S8E2vpEX7GaP04NUop6sYwX5/3GU2
b5QqdkBt3hpYZLqU/ChfJNznBHIBIa9nUPD+s52b1UBU75W5+34cnIzZkzJvBJVA
NyD4R3W4GOoB4JB8oVHNvDmXiuHiuamqEW44hdOZgMG3nIv7tso19ff2yPw=
-----END CERTIFICATE-----