Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44b4dd9c-9805-42be-be05-6edfebf5938b.roa
File:                     44b4dd9c-9805-42be-be05-6edfebf5938b.roa (raw, json)
Hash identifier:          qvwUqyp5JzKqk5ya/YLaf+xzSmdyA4IBWC0VsqGjkUg=
Subject key identifier:   4E:8E:A9:7A:80:05:C5:2E:DE:ED:3F:55:F9:4B:30:5F:BF:23:36:6C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       440123EC11B6F7686BE5F4613F35A9F4337FAF3A
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44b4dd9c-9805-42be-be05-6edfebf5938b.roa
Signing time:             Sun 24 Nov 2024 00:00:00 +0000
ROA not before:           Sun 24 Nov 2024 00:00:00 +0000
ROA not after:            Sun 29 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 24 Nov 2024 09:39:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:01:23:ec:11:b6:f7:68:6b:e5:f4:61:3f:35:a9:f4:33:7f:af:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 24 00:00:00 2024 GMT
            Not After : Dec 29 23:59:59 2024 GMT
        Subject: serialNumber=a70410a4595f4601656befa87311f42250d9cbf7f30f386f99d1126f910d544f, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:ef:e9:76:dc:de:3f:2a:3d:00:fa:8e:3e:17:
                    b1:3b:50:31:99:4c:f3:64:e5:a2:ce:76:a9:4f:5f:
                    4a:b7:c6:e6:3e:35:a0:4c:c6:c7:27:93:4b:9c:21:
                    1d:92:f3:0a:f6:cd:bc:75:2f:ce:ee:aa:94:d8:f1:
                    18:2e:b1:6f:97:f4:f0:6b:e4:29:bb:d1:fc:24:d7:
                    69:37:cf:f5:36:c7:37:71:50:54:e5:d7:da:a5:8b:
                    c1:70:65:f5:1e:f2:73:c6:1b:f1:5b:41:01:fa:44:
                    9f:cf:fd:cb:61:81:7a:7e:58:67:ee:07:ae:15:f9:
                    dc:2c:09:d5:f9:7e:04:27:44:42:b1:65:8f:2d:d1:
                    9b:2b:dd:98:f3:5c:23:1c:f6:e9:7d:0a:ff:aa:19:
                    e9:9f:41:61:79:a2:d9:d9:44:33:54:77:88:6b:34:
                    90:d4:68:be:4f:f6:43:a7:8a:4d:61:a9:00:b2:80:
                    1f:f0:9d:81:80:7d:30:31:8a:8e:2e:f5:96:22:24:
                    be:ea:4d:b9:dd:9f:42:a2:6d:87:ee:04:ba:c2:7a:
                    b7:51:dc:75:03:8f:4b:86:5f:02:2f:14:ff:7c:02:
                    1d:1e:12:1f:41:b8:c1:03:d2:f4:a6:23:30:40:a2:
                    14:9b:eb:23:f0:02:55:e3:2b:69:78:8b:5b:35:54:
                    16:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8E:A9:7A:80:05:C5:2E:DE:ED:3F:55:F9:4B:30:5F:BF:23:36:6C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44b4dd9c-9805-42be-be05-6edfebf5938b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:20:d4:05:90:ba:de:6c:3c:9a:73:2d:19:d5:1e:74:a3:b8:
         1c:03:82:a0:2a:d8:93:c5:72:6c:7c:8d:cf:7a:39:3b:1d:5f:
         94:c2:20:4e:c5:77:14:1a:f6:ba:0b:5a:6f:8d:5e:c8:26:00:
         df:2c:c7:81:43:16:5f:f9:fe:31:47:8e:bc:96:74:a8:04:b5:
         00:f5:ff:9d:81:6a:92:e1:8e:3f:99:0e:d7:47:7e:7e:da:5d:
         17:ee:47:d8:88:04:d4:4d:0b:83:4a:5c:3d:96:bb:4f:1c:78:
         21:2a:06:d4:d6:a4:7a:47:ce:0a:cb:c9:45:0e:ed:39:58:eb:
         21:44:76:35:4c:cb:22:e8:9d:4d:c5:63:04:61:08:13:a6:bd:
         0b:08:c7:2b:8d:a8:d9:45:ca:3c:ec:04:0c:79:32:ed:7c:1b:
         4e:b2:f4:2d:31:3e:48:14:92:a7:10:e4:2d:52:6f:27:03:24:
         2f:88:a0:5b:b7:2d:b3:6a:21:42:1c:5c:7c:7f:3d:d8:30:29:
         2f:7d:89:89:27:f9:e8:7b:b2:dc:66:c3:2f:f5:34:ef:80:8c:
         69:ca:3f:3a:a5:64:dd:bd:9b:8d:fc:98:82:8d:dc:09:77:e2:
         7d:dd:ee:1e:7f:7f:56:6c:02:a9:48:f6:7f:e0:5f:64:db:3f:
         a9:eb:0a:86
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIURAEj7BG292hr5fRhPzWp9DN/rzowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTI0MDAwMDAwWhcNMjQxMjI5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzA0MTBhNDU5NWY0NjAxNjU2YmVmYTg3MzExZjQyMjUw
ZDljYmY3ZjMwZjM4NmY5OWQxMTI2ZjkxMGQ1NDRmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCX7+l23N4/Kj0A+o4+F7E7UDGZTPNk5aLOdqlPX0q3xuY+
NaBMxscnk0ucIR2S8wr2zbx1L87uqpTY8RgusW+X9PBr5Cm70fwk12k3z/U2xzdx
UFTl19qli8FwZfUe8nPGG/FbQQH6RJ/P/cthgXp+WGfuB64V+dwsCdX5fgQnREKx
ZY8t0Zsr3ZjzXCMc9ul9Cv+qGemfQWF5otnZRDNUd4hrNJDUaL5P9kOnik1hqQCy
gB/wnYGAfTAxio4u9ZYiJL7qTbndn0KibYfuBLrCerdR3HUDj0uGXwIvFP98Ah0e
Eh9BuMED0vSmIzBAohSb6yPwAlXjK2l4i1s1VBb3AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTo6peoAFxS7e7T9V+UswX78jNmwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ0YjRkZDljLTk4MDUtNDJiZS1iZTA1LTZlZGZlYmY1OTM4Yi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGgg1AWQut5sPJpzLRnVHnSjuBwD
gqAq2JPFcmx8jc96OTsdX5TCIE7FdxQa9roLWm+NXsgmAN8sx4FDFl/5/jFHjryW
dKgEtQD1/52BapLhjj+ZDtdHfn7aXRfuR9iIBNRNC4NKXD2Wu08ceCEqBtTWpHpH
zgrLyUUO7TlY6yFEdjVMyyLonU3FYwRhCBOmvQsIxyuNqNlFyjzsBAx5Mu18G06y
9C0xPkgUkqcQ5C1SbycDJC+IoFu3LbNqIUIcXHx/PdgwKS99iYkn+eh7stxmwy/1
NO+AjGnKPzqlZN29m438mIKN3Al34n3d7h5/f1ZsAqlI9n/gX2TbP6nrCoY=
-----END CERTIFICATE-----