Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4813c78f-0a9c-4500-b856-618d3273d6c9.roa
File:                     4813c78f-0a9c-4500-b856-618d3273d6c9.roa (raw, json)
Hash identifier:          8Mr4epfbnyfh2BFaGts85cWBHKS2PEW4DoV1eg4yaOk=
Subject key identifier:   93:B5:A3:89:8D:14:79:05:18:4D:BF:E0:DD:80:C4:21:06:A3:F8:A5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2DB35124E3A3ECC9169B191CE7C9FB3FFD0C538D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4813c78f-0a9c-4500-b856-618d3273d6c9.roa
Signing time:             Thu 08 Aug 2024 00:00:00 +0000
ROA not before:           Thu 08 Aug 2024 00:00:00 +0000
ROA not after:            Thu 12 Sep 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 08 Aug 2024 23:34:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:b3:51:24:e3:a3:ec:c9:16:9b:19:1c:e7:c9:fb:3f:fd:0c:53:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug  8 00:00:00 2024 GMT
            Not After : Sep 12 23:59:59 2024 GMT
        Subject: serialNumber=add94b91074daad7d5a1d8cf6739f30e6e6236cc9eafaa91de128a75f968b159, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:78:2c:e1:d4:09:dc:a5:3c:9c:cf:d1:63:f1:
                    d7:48:0b:7a:8a:e6:30:04:45:7c:d4:b9:46:d1:45:
                    f4:65:a0:5e:3c:85:0d:62:98:4e:ef:8b:d4:bf:d0:
                    72:e8:59:26:e6:9c:d0:06:df:32:8d:94:3a:23:01:
                    e0:57:90:93:48:48:8e:24:6f:fd:65:a2:e7:f0:90:
                    a6:64:12:a1:9f:41:94:21:b7:a0:ce:c1:be:6c:a5:
                    c2:2e:31:dd:c0:40:b6:78:3d:19:d1:63:62:a4:20:
                    ec:44:2e:db:7c:7e:b7:7b:32:98:2d:02:a4:4a:41:
                    53:bf:98:74:31:e6:65:28:e8:2d:71:17:ea:25:d6:
                    e5:08:e1:fe:16:33:e8:11:0c:78:b8:a1:ca:d6:54:
                    75:9f:6b:f3:a0:0d:99:55:92:cb:3e:bd:b7:a2:c3:
                    c0:b0:25:3c:65:bb:9b:0e:44:2b:86:fe:de:4c:78:
                    fa:25:21:0b:d3:4d:c5:ed:ea:9d:cf:f2:56:fe:22:
                    fe:9a:cd:c0:d1:9c:7f:cd:54:68:e6:11:02:73:29:
                    bb:a2:f0:43:77:d5:f7:4a:ff:50:71:06:b4:d8:06:
                    a6:84:ea:02:09:88:20:bb:8c:d6:a3:de:6e:0a:90:
                    fe:d7:b9:a2:bb:13:36:a1:d5:c2:dc:86:03:cd:d2:
                    31:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:B5:A3:89:8D:14:79:05:18:4D:BF:E0:DD:80:C4:21:06:A3:F8:A5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4813c78f-0a9c-4500-b856-618d3273d6c9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:f1:c8:1b:c4:f3:5d:84:5d:d8:c5:40:63:b2:11:36:e3:89:
         d1:6b:3c:7c:13:71:15:3f:da:e7:93:09:2b:f5:19:61:56:3d:
         03:28:55:44:ab:c5:86:b8:5f:8f:32:b5:c5:cb:17:48:0d:6f:
         b1:1c:d0:11:ec:53:99:26:03:4e:43:f3:82:95:8e:3f:70:79:
         91:43:f8:79:61:e5:c3:4e:c5:2a:af:b3:d6:d1:af:d4:f8:b2:
         13:e4:6e:c0:c5:93:d2:b9:24:82:cd:ec:35:17:bb:9b:15:c4:
         c1:34:c5:f9:97:49:c6:30:97:58:25:37:5d:67:1c:d7:52:ea:
         69:1f:a8:81:21:68:fa:d4:dd:37:7d:34:85:03:58:89:7d:4d:
         64:d6:d0:1f:79:d9:71:bf:e8:08:6f:3f:a2:44:25:ac:8a:f1:
         75:1a:8e:20:57:93:1e:ad:8b:04:d6:c1:58:8d:aa:5f:95:89:
         e2:00:ca:68:28:0d:c4:3e:bd:65:ac:7e:45:01:69:01:22:ce:
         a5:dd:2e:1a:0b:f7:de:4c:2b:93:e0:21:d3:73:7d:d8:9a:f8:
         d0:ab:f1:95:3f:d8:c6:61:42:ae:26:14:a6:2f:ea:92:a7:f8:
         2b:2d:16:75:8e:55:ab:8d:82:67:52:0f:7e:a2:67:e2:4a:8b:
         fb:65:0e:03
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIULbNRJOOj7MkWmxkc58n7P/0MU40wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODA4MDAwMDAwWhcNMjQwOTEyMjM1OTU5
WjB6MUkwRwYDVQQFE0BhZGQ5NGI5MTA3NGRhYWQ3ZDVhMWQ4Y2Y2NzM5ZjMwZTZl
NjIzNmNjOWVhZmFhOTFkZTEyOGE3NWY5NjhiMTU5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDZeCzh1AncpTycz9Fj8ddIC3qK5jAERXzUuUbRRfRloF48
hQ1imE7vi9S/0HLoWSbmnNAG3zKNlDojAeBXkJNISI4kb/1loufwkKZkEqGfQZQh
t6DOwb5spcIuMd3AQLZ4PRnRY2KkIOxELtt8frd7MpgtAqRKQVO/mHQx5mUo6C1x
F+ol1uUI4f4WM+gRDHi4ocrWVHWfa/OgDZlVkss+vbeiw8CwJTxlu5sORCuG/t5M
ePolIQvTTcXt6p3P8lb+Iv6azcDRnH/NVGjmEQJzKbui8EN31fdK/1BxBrTYBqaE
6gIJiCC7jNaj3m4KkP7XuaK7Ezah1cLchgPN0jG7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUk7WjiY0UeQUYTb/g3YDEIQaj+KUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzQ4MTNjNzhmLTBhOWMtNDUwMC1iODU2LTYxOGQzMjczZDZjOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFLxyBvE812EXdjFQGOyETbjidFr
PHwTcRU/2ueTCSv1GWFWPQMoVUSrxYa4X48ytcXLF0gNb7Ec0BHsU5kmA05D84KV
jj9weZFD+Hlh5cNOxSqvs9bRr9T4shPkbsDFk9K5JILN7DUXu5sVxME0xfmXScYw
l1glN11nHNdS6mkfqIEhaPrU3Td9NIUDWIl9TWTW0B952XG/6AhvP6JEJayK8XUa
jiBXkx6tiwTWwViNql+VieIAymgoDcQ+vWWsfkUBaQEizqXdLhoL995MK5PgIdNz
fdia+NCr8ZU/2MZhQq4mFKYv6pKn+CstFnWOVauNgmdSD36iZ+JKi/tlDgM=
-----END CERTIFICATE-----