Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44d0a9ab-b6c9-468c-a6c1-af2f0afc319a.roa
File:                     44d0a9ab-b6c9-468c-a6c1-af2f0afc319a.roa (raw, json)
Hash identifier:          Qk4pQep/ENLnR9dfI45vuAKdNdSwySbMCrQs+O91FLU=
Subject key identifier:   41:25:71:94:15:E1:D3:C6:E2:F4:45:18:A2:DE:22:8D:72:58:31:FB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       757BAE43BBED9AFCA7EC62184C611BB257162BF6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44d0a9ab-b6c9-468c-a6c1-af2f0afc319a.roa
Signing time:             Tue 19 Nov 2024 00:00:00 +0000
ROA not before:           Tue 19 Nov 2024 00:00:00 +0000
ROA not after:            Tue 24 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Nov 2024 12:48:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:7b:ae:43:bb:ed:9a:fc:a7:ec:62:18:4c:61:1b:b2:57:16:2b:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 19 00:00:00 2024 GMT
            Not After : Dec 24 23:59:59 2024 GMT
        Subject: serialNumber=ae5bf6341b52502c91be7ee717b648c4c2408744b137745c1d05dae1aeb99aa8, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:65:cd:a1:62:62:f8:b8:e0:f3:71:10:34:fe:
                    a2:a1:de:9d:13:c5:d0:c7:b1:b4:c4:d6:58:f3:70:
                    f1:1b:20:83:cf:6b:35:8f:6b:64:dd:e8:d6:65:99:
                    87:9a:22:05:c3:b9:6d:f1:34:c0:13:24:be:00:0c:
                    e2:1a:4d:b1:0c:e1:e8:e1:d3:39:7e:ed:a0:c1:11:
                    1d:4b:fd:f3:79:79:e7:17:a2:9c:22:42:86:0c:87:
                    bf:d6:67:8c:3f:84:5b:17:3f:59:fa:07:86:a5:e3:
                    a2:b2:a9:23:b2:6f:38:30:fb:17:76:d8:cb:5c:56:
                    0a:ad:09:7d:1f:5d:e9:d7:b4:29:a3:b5:b9:a5:b7:
                    9c:5c:e9:ce:da:36:f0:61:bc:7e:38:fd:e8:ae:20:
                    d9:59:bf:a7:fc:ac:b5:ce:00:62:fb:5b:fa:23:63:
                    d5:bc:5c:55:9c:52:02:67:f7:67:60:65:6c:41:bc:
                    80:e0:fc:ea:d8:5a:69:60:cd:b5:a3:7e:4d:b9:7d:
                    47:be:8b:5f:ec:99:c7:10:39:ff:7b:08:76:80:9f:
                    39:91:9f:0d:2f:05:4d:ae:85:65:05:77:c6:6b:cd:
                    98:ec:a9:31:e2:26:10:f3:57:ba:ec:52:5e:5a:bb:
                    68:ab:f4:f3:49:52:3f:45:5b:63:56:c9:ce:56:f4:
                    67:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:25:71:94:15:E1:D3:C6:E2:F4:45:18:A2:DE:22:8D:72:58:31:FB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/44d0a9ab-b6c9-468c-a6c1-af2f0afc319a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:45:1f:1c:ba:fc:e1:32:f7:cc:09:3f:68:24:da:79:ae:16:
         5d:ad:e1:55:fa:d9:fc:9f:7e:3d:01:76:50:06:77:b5:da:5e:
         5c:d2:e9:f6:8c:9a:34:ae:61:f2:16:5d:d3:98:e9:a6:60:4a:
         f7:f5:fb:cd:34:47:00:5d:56:ae:73:48:5f:95:81:d6:13:f5:
         44:3f:6f:b2:f5:d2:d3:73:64:6e:2a:58:c7:35:45:74:39:0c:
         dc:38:db:78:d6:01:38:93:81:5e:d8:a6:24:8a:50:05:a8:f0:
         35:1d:39:b3:b8:22:d0:74:55:9d:d3:b8:6b:06:1b:55:d8:5e:
         ae:49:07:76:6e:18:0e:3c:1b:9a:84:9b:b9:6b:0e:e2:96:43:
         25:00:66:65:48:90:98:e0:db:fd:d1:17:32:35:92:a3:ed:4b:
         9d:e3:16:b6:b5:40:fa:48:3a:84:ae:f5:02:ac:a0:84:dd:11:
         55:40:0f:3d:b6:b5:04:bc:f8:48:31:5a:09:1b:8f:e0:da:d3:
         18:aa:7f:62:51:31:3a:95:95:3f:d3:eb:00:9e:35:c8:07:e5:
         a4:37:fd:fa:53:9b:69:42:9a:f9:92:01:e7:fa:40:7a:3c:7f:
         64:7b:ae:c6:df:a6:50:23:0b:0c:94:5d:d3:7e:8f:62:b6:df:
         79:18:07:0e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUdXuuQ7vtmvyn7GIYTGEbslcWK/YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTE5MDAwMDAwWhcNMjQxMjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0BhZTViZjYzNDFiNTI1MDJjOTFiZTdlZTcxN2I2NDhjNGMy
NDA4NzQ0YjEzNzc0NWMxZDA1ZGFlMWFlYjk5YWE4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCVZc2hYmL4uODzcRA0/qKh3p0TxdDHsbTE1ljzcPEbIIPP
azWPa2Td6NZlmYeaIgXDuW3xNMATJL4ADOIaTbEM4ejh0zl+7aDBER1L/fN5eecX
opwiQoYMh7/WZ4w/hFsXP1n6B4al46KyqSOybzgw+xd22MtcVgqtCX0fXenXtCmj
tbmlt5xc6c7aNvBhvH44/eiuINlZv6f8rLXOAGL7W/ojY9W8XFWcUgJn92dgZWxB
vIDg/OrYWmlgzbWjfk25fUe+i1/smccQOf97CHaAnzmRnw0vBU2uhWUFd8ZrzZjs
qTHiJhDzV7rsUl5au2ir9PNJUj9FW2NWyc5W9GfZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQSVxlBXh08bi9EUYot4ijXJYMfswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ0ZDBhOWFiLWI2YzktNDY4Yy1hNmMxLWFmMmYwYWZjMzE5YS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFRFHxy6/OEy98wJP2gk2nmuFl2t
4VX62fyffj0BdlAGd7XaXlzS6faMmjSuYfIWXdOY6aZgSvf1+800RwBdVq5zSF+V
gdYT9UQ/b7L10tNzZG4qWMc1RXQ5DNw423jWATiTgV7YpiSKUAWo8DUdObO4ItB0
VZ3TuGsGG1XYXq5JB3ZuGA48G5qEm7lrDuKWQyUAZmVIkJjg2/3RFzI1kqPtS53j
Fra1QPpIOoSu9QKsoITdEVVADz22tQS8+EgxWgkbj+Da0xiqf2JRMTqVlT/T6wCe
NcgH5aQ3/fpTm2lCmvmSAef6QHo8f2R7rsbfplAjCwyUXdN+j2K233kYBw4=
-----END CERTIFICATE-----