Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/421d9891-4f86-4625-9377-7159a7048e91.roa
File:                     421d9891-4f86-4625-9377-7159a7048e91.roa (raw, json)
Hash identifier:          y8b1om1UEJjNufJaIswkZpnZHPvDTGsdmgnQIKoAGRs=
Subject key identifier:   D2:87:17:FD:C4:3C:4B:16:BF:DD:D3:B0:2D:EF:E4:F6:7A:11:78:3D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0672082381D85D91737DD04B52BF516E676DADD2
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/421d9891-4f86-4625-9377-7159a7048e91.roa
Signing time:             Tue 26 Nov 2024 00:00:00 +0000
ROA not before:           Tue 26 Nov 2024 00:00:00 +0000
ROA not after:            Tue 31 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 26 Nov 2024 08:44:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:72:08:23:81:d8:5d:91:73:7d:d0:4b:52:bf:51:6e:67:6d:ad:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 26 00:00:00 2024 GMT
            Not After : Dec 31 23:59:59 2024 GMT
        Subject: serialNumber=4301fc1e1aa47a04a5ff21229c6bef9eb25de8b6e2450010a6458896fd483b2a, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e4:8c:cb:e2:d4:1e:63:f8:1b:b9:79:11:38:
                    77:25:6d:4b:b5:da:58:07:93:04:bd:d7:ed:39:d2:
                    bc:76:d5:67:22:8f:5c:53:cd:7c:50:57:8d:f5:ff:
                    3b:14:7f:a6:9a:35:0a:58:71:d8:3c:88:d3:e6:35:
                    02:57:d3:1b:c1:74:71:02:5f:f5:90:5a:15:83:5d:
                    49:e0:72:b2:d9:b5:e5:1b:8e:69:2a:d9:c5:52:1b:
                    5d:32:83:f8:97:af:27:99:99:10:50:ba:72:f8:a5:
                    a3:93:b0:15:08:e1:d4:98:70:20:39:b7:c8:aa:05:
                    3b:c0:64:ee:bd:64:a5:53:bf:3f:7a:54:43:91:98:
                    38:71:24:7c:d0:73:42:7e:ad:fc:17:e8:9c:15:45:
                    fa:3a:d3:95:9d:e2:b0:09:ce:d5:f6:18:d0:c2:75:
                    2d:30:40:27:08:d0:8c:20:6e:6f:2c:f9:ec:ee:ba:
                    03:86:6b:98:7e:da:12:42:44:b9:c2:f3:17:46:72:
                    23:4e:21:cb:70:21:ca:95:fd:b1:15:49:14:72:4c:
                    b7:0e:94:d7:47:71:5f:f8:22:77:a7:06:c6:c6:2b:
                    56:19:84:d1:d1:01:9a:5b:3e:59:e5:38:b9:fc:99:
                    7d:7b:ab:e0:ab:9b:89:20:25:b8:1b:4f:6c:da:2d:
                    90:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:87:17:FD:C4:3C:4B:16:BF:DD:D3:B0:2D:EF:E4:F6:7A:11:78:3D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/421d9891-4f86-4625-9377-7159a7048e91.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:90:3c:c7:34:03:97:58:9a:43:40:23:10:db:58:e5:1a:4d:
         e9:30:2e:fc:e4:1f:7b:40:89:90:d5:84:e4:b3:66:c2:9e:33:
         9d:39:14:9d:53:7e:e4:02:d5:f8:be:fe:67:86:bf:79:68:7b:
         71:02:f3:7e:d3:dc:a2:4b:b0:9d:7a:c2:ae:c5:c0:c4:60:16:
         3b:dd:9c:32:62:ba:2e:44:ee:ee:f9:45:d1:72:e9:73:50:b6:
         03:1e:a9:9a:b8:a0:60:16:33:5f:a5:0a:50:fa:23:9c:ad:80:
         65:90:77:91:67:12:03:79:20:92:7a:05:eb:4c:ea:4d:5b:ce:
         81:a5:51:7f:39:73:0c:75:1d:e0:62:32:81:11:3c:bf:b7:ef:
         a4:61:7b:cc:1d:d1:59:32:aa:c9:e1:95:00:c6:9f:37:89:eb:
         50:35:35:ef:bc:99:32:b8:be:8a:03:d3:1a:fe:b5:68:c4:35:
         86:a7:6f:c0:07:2e:65:06:78:3d:a7:79:c9:75:28:8c:94:ac:
         cd:55:be:0d:34:f9:e7:8d:7e:ab:44:fc:da:7c:fb:63:f6:2e:
         81:3d:d4:5b:6a:06:e7:3b:8e:4d:03:cf:3e:69:8a:ba:6c:7d:
         67:d3:ae:8d:26:a6:29:dd:64:b1:2a:64:d4:a2:71:fc:f7:9d:
         7a:9b:2f:58
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBnIII4HYXZFzfdBLUr9RbmdtrdIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTI2MDAwMDAwWhcNMjQxMjMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A0MzAxZmMxZTFhYTQ3YTA0YTVmZjIxMjI5YzZiZWY5ZWIy
NWRlOGI2ZTI0NTAwMTBhNjQ1ODg5NmZkNDgzYjJhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDD5IzL4tQeY/gbuXkROHclbUu12lgHkwS91+050rx21Wci
j1xTzXxQV431/zsUf6aaNQpYcdg8iNPmNQJX0xvBdHECX/WQWhWDXUngcrLZteUb
jmkq2cVSG10yg/iXryeZmRBQunL4paOTsBUI4dSYcCA5t8iqBTvAZO69ZKVTvz96
VEORmDhxJHzQc0J+rfwX6JwVRfo605Wd4rAJztX2GNDCdS0wQCcI0Iwgbm8s+ezu
ugOGa5h+2hJCRLnC8xdGciNOIctwIcqV/bEVSRRyTLcOlNdHcV/4InenBsbGK1YZ
hNHRAZpbPlnlOLn8mX17q+Crm4kgJbgbT2zaLZDNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0ocX/cQ8Sxa/3dOwLe/k9noReD0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQyMWQ5ODkxLTRmODYtNDYyNS05Mzc3LTcxNTlhNzA0OGU5MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGGQPMc0A5dYmkNAIxDbWOUaTekw
LvzkH3tAiZDVhOSzZsKeM505FJ1TfuQC1fi+/meGv3loe3EC837T3KJLsJ16wq7F
wMRgFjvdnDJiui5E7u75RdFy6XNQtgMeqZq4oGAWM1+lClD6I5ytgGWQd5FnEgN5
IJJ6BetM6k1bzoGlUX85cwx1HeBiMoERPL+376Rhe8wd0VkyqsnhlQDGnzeJ61A1
Ne+8mTK4vooD0xr+tWjENYanb8AHLmUGeD2necl1KIyUrM1Vvg00+eeNfqtE/Np8
+2P2LoE91FtqBuc7jk0Dzz5pirpsfWfTro0mpindZLEqZNSicfz3nXqbL1g=
-----END CERTIFICATE-----