Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4a2866ab-b255-4ada-9c62-c232f04b25d6.roa
File:                     4a2866ab-b255-4ada-9c62-c232f04b25d6.roa (raw, json)
Hash identifier:          BKaMveC6FEDauhJ0RIkBqDJz3V9FyrJqrgm1rP3fm48=
Subject key identifier:   D5:E6:4A:94:6D:D4:F5:A6:47:51:D5:8A:A2:76:9F:3A:BB:F7:1E:3D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       697C72413CA5A147628B9A479AC78742B6B6FBEC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4a2866ab-b255-4ada-9c62-c232f04b25d6.roa
Signing time:             Wed 30 Oct 2024 00:00:00 +0000
ROA not before:           Wed 30 Oct 2024 00:00:00 +0000
ROA not after:            Wed 04 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 30 Oct 2024 00:49:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:7c:72:41:3c:a5:a1:47:62:8b:9a:47:9a:c7:87:42:b6:b6:fb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 30 00:00:00 2024 GMT
            Not After : Dec  4 23:59:59 2024 GMT
        Subject: serialNumber=64fdf6f0f3c35d9468d774fe2b4cb1dc0cf4914b69b3c5b9b2894d851b057d68, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:50:41:c6:c1:97:ce:4e:66:6f:bd:16:72:71:
                    fd:89:21:18:70:f0:14:03:1c:96:e7:a2:9a:a8:c6:
                    90:36:d2:dd:f3:ba:43:63:19:fa:4f:ae:88:5b:b1:
                    3c:92:57:08:2f:56:0e:65:d6:19:56:6e:26:06:8f:
                    99:fc:39:8d:09:a6:9b:df:6d:e3:1f:ef:98:2e:ef:
                    26:07:56:40:77:55:cc:15:38:74:23:37:ad:38:cf:
                    19:72:87:a1:54:a1:a2:ed:fb:4c:fa:42:88:5d:e7:
                    74:f6:96:94:eb:f5:b6:4d:ba:a8:db:15:35:2d:42:
                    2b:fc:a5:37:a0:6e:d8:3c:5d:35:39:4b:98:dc:11:
                    0b:3e:6d:e2:b4:cd:de:7f:8f:4c:8d:7e:4e:a4:d1:
                    cb:d9:0e:c3:4d:25:51:72:0f:6d:c3:a3:6b:3f:7f:
                    b8:62:29:92:7b:e8:fd:7a:12:5a:95:eb:d0:51:f3:
                    ea:5f:b8:15:81:38:e9:73:b6:93:3e:61:c3:3f:2e:
                    85:ce:20:7b:b1:6e:71:f5:6c:37:32:30:1f:86:75:
                    90:d6:32:88:f1:32:4c:f1:d7:c5:84:b5:3b:c7:f1:
                    f7:27:2c:73:27:24:7c:38:c7:c8:80:86:85:7d:e0:
                    ca:d8:73:74:f6:18:93:90:85:89:1a:5d:c4:c1:11:
                    b8:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E6:4A:94:6D:D4:F5:A6:47:51:D5:8A:A2:76:9F:3A:BB:F7:1E:3D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4a2866ab-b255-4ada-9c62-c232f04b25d6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:d7:4f:27:bf:3b:51:11:28:b9:69:2f:ff:be:cf:51:32:cd:
         a4:ed:4c:0b:7f:c7:29:ad:c9:f3:c6:bf:c0:44:68:5a:01:6b:
         a5:30:cf:2a:8e:2a:da:9b:f9:2a:d1:d5:6f:a2:77:fe:3b:db:
         a5:aa:50:46:56:c8:f4:fd:6a:40:12:6a:a6:19:35:58:a7:50:
         c2:74:7b:35:02:90:b4:99:d4:a5:cc:cf:bf:22:48:c7:64:0b:
         f6:2a:64:d3:c1:bf:62:c5:b8:d0:90:f1:f2:a9:5e:19:b3:f2:
         9f:1d:1f:49:d7:f9:61:a6:89:b5:a7:d3:d8:86:77:84:61:0d:
         94:81:0d:39:be:10:cf:b0:df:b7:33:6b:06:7f:d3:b7:98:e8:
         dd:b0:18:52:42:51:3d:d8:29:d2:56:c6:51:14:0b:f9:f9:c7:
         3a:ab:4d:7d:8c:e5:a3:0c:2c:0f:40:e9:c8:82:00:21:4d:1b:
         2b:7a:75:60:6a:0d:20:2e:32:81:2e:a6:ca:ee:9d:60:d8:3c:
         6c:37:8e:9a:55:98:fb:8d:92:de:c5:06:9a:e9:e8:c6:be:31:
         c9:d8:1a:8c:79:24:2d:7a:8b:6a:49:ea:51:81:80:dd:7c:2e:
         83:f9:af:bf:dd:45:f7:03:05:77:ed:58:42:95:80:03:bd:8e:
         59:bc:06:f1
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaXxyQTyloUdii5pHmseHQra2++wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDMwMDAwMDAwWhcNMjQxMjA0MjM1OTU5
WjB6MUkwRwYDVQQFE0A2NGZkZjZmMGYzYzM1ZDk0NjhkNzc0ZmUyYjRjYjFkYzBj
ZjQ5MTRiNjliM2M1YjliMjg5NGQ4NTFiMDU3ZDY4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDHUEHGwZfOTmZvvRZycf2JIRhw8BQDHJbnopqoxpA20t3z
ukNjGfpProhbsTySVwgvVg5l1hlWbiYGj5n8OY0JppvfbeMf75gu7yYHVkB3VcwV
OHQjN604zxlyh6FUoaLt+0z6Qohd53T2lpTr9bZNuqjbFTUtQiv8pTegbtg8XTU5
S5jcEQs+beK0zd5/j0yNfk6k0cvZDsNNJVFyD23Do2s/f7hiKZJ76P16ElqV69BR
8+pfuBWBOOlztpM+YcM/LoXOIHuxbnH1bDcyMB+GdZDWMojxMkzx18WEtTvH8fcn
LHMnJHw4x8iAhoV94MrYc3T2GJOQhYkaXcTBEbh5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1eZKlG3U9aZHUdWKonafOrv3Hj0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRhMjg2NmFiLWIyNTUtNGFkYS05YzYyLWMyMzJmMDRiMjVkNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAJHXTye/O1ERKLlpL/++z1EyzaTt
TAt/xymtyfPGv8BEaFoBa6UwzyqOKtqb+SrR1W+id/4726WqUEZWyPT9akASaqYZ
NVinUMJ0ezUCkLSZ1KXMz78iSMdkC/YqZNPBv2LFuNCQ8fKpXhmz8p8dH0nX+WGm
ibWn09iGd4RhDZSBDTm+EM+w37czawZ/07eY6N2wGFJCUT3YKdJWxlEUC/n5xzqr
TX2M5aMMLA9A6ciCACFNGyt6dWBqDSAuMoEupsrunWDYPGw3jppVmPuNkt7FBprp
6Ma+McnYGox5JC16i2pJ6lGBgN18LoP5r7/dRfcDBXftWEKVgAO9jlm8BvE=
-----END CERTIFICATE-----