Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54cc67c8-5666-4d4f-88da-c13fef38d903.roa
File:                     54cc67c8-5666-4d4f-88da-c13fef38d903.roa (raw, json)
Hash identifier:          Zrp9ZbLRzLVMo/B+WduzTuVfYOSdgiTps83U6cGGJ5Y=
Subject key identifier:   5E:6A:75:06:33:37:8C:DF:3E:E3:25:15:9F:1E:91:58:02:4E:54:15
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5B6801D8C31158DC471A3FAB3212469FDCFEDE0D
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54cc67c8-5666-4d4f-88da-c13fef38d903.roa
Signing time:             Thu 21 Nov 2024 00:00:00 +0000
ROA not before:           Thu 21 Nov 2024 00:00:00 +0000
ROA not after:            Thu 26 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 21 Nov 2024 10:43:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:68:01:d8:c3:11:58:dc:47:1a:3f:ab:32:12:46:9f:dc:fe:de:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov 21 00:00:00 2024 GMT
            Not After : Dec 26 23:59:59 2024 GMT
        Subject: serialNumber=aacf018e71945c90e03321088a1d6cf2ccfa6b78cc5751053d35c885e6d9fc1e, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f1:1b:90:bd:d0:cf:ae:a5:d8:d1:e6:f3:7a:
                    26:80:f7:c4:59:5e:aa:bd:aa:93:ab:c9:80:d6:71:
                    fd:da:62:93:44:3d:32:6c:7b:9c:ed:56:0a:72:ca:
                    86:d0:80:76:67:dd:87:30:ee:db:c4:49:be:9d:26:
                    d5:39:51:85:fc:dc:2b:f1:fe:2f:f9:f8:c2:d8:e4:
                    8b:a2:cd:84:10:83:7e:dd:fe:71:01:22:45:e9:ed:
                    df:af:0d:4a:76:c8:17:bc:3a:2e:09:5d:a8:9c:d6:
                    bb:35:a2:51:e5:b9:d6:5e:df:d1:2a:7c:8d:85:0d:
                    01:b7:20:0b:77:25:28:63:75:7f:4e:d6:ec:b5:60:
                    26:ea:fb:0a:3b:1e:65:ca:96:a7:ba:9f:14:4e:69:
                    93:6a:c9:63:6d:db:f1:9c:a4:e3:7c:47:ce:d7:6f:
                    41:e4:0a:fc:88:c5:08:92:9b:d0:3d:20:6d:56:00:
                    10:83:62:b8:b4:13:c5:97:8f:af:01:65:d4:a9:fa:
                    ad:bb:6b:9e:3c:60:60:cf:3c:1d:b6:16:bd:71:a8:
                    02:2e:d9:8a:fc:1c:03:86:13:aa:da:0c:fb:63:c3:
                    ad:77:70:a3:52:9d:22:99:e0:b2:01:74:c3:9b:98:
                    79:5c:ea:cb:60:4f:2d:86:6a:da:22:b0:5c:38:ae:
                    b8:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:6A:75:06:33:37:8C:DF:3E:E3:25:15:9F:1E:91:58:02:4E:54:15
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/54cc67c8-5666-4d4f-88da-c13fef38d903.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:bf:36:00:08:1a:c8:02:28:41:34:67:69:37:dd:5c:d4:78:
         51:bb:c2:9e:e6:ba:cc:38:c8:f4:f3:eb:a0:e2:7d:68:90:14:
         16:a7:26:90:5a:38:54:20:02:01:69:fb:ec:71:eb:ac:58:42:
         28:7b:c4:e1:b4:66:dc:02:2a:a2:c8:d9:16:5e:c0:1a:af:a1:
         7f:40:12:77:fa:8a:25:1a:e1:3b:ca:11:42:aa:41:cb:df:a4:
         09:28:b2:d0:e4:ca:61:66:8c:96:de:a2:4b:51:0f:a8:e0:f5:
         09:31:af:8f:b6:26:c4:a7:b0:83:f4:3c:62:10:e0:bd:f0:bb:
         ea:ba:a8:08:a3:99:11:ae:22:d6:24:7b:26:1b:fd:f9:42:f0:
         81:15:78:f7:e1:5e:60:7a:6b:d2:c2:6b:bd:76:71:04:63:80:
         4c:59:84:df:30:c9:0a:af:33:12:3c:97:da:56:11:bf:98:94:
         ab:ad:15:f6:fd:29:95:82:bf:b8:93:c4:34:9b:8e:d6:cb:b2:
         55:55:0f:8a:0a:d0:e1:b9:5c:8e:ef:46:c3:2e:15:7f:a2:01:
         e9:c7:b4:07:5e:c3:1c:b3:74:88:c1:98:3e:9b:35:5c:2f:51:
         44:e6:72:62:dc:75:f7:f3:a6:6a:7e:f2:0a:56:fe:aa:24:7e:
         70:8e:d0:0f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW2gB2MMRWNxHGj+rMhJGn9z+3g0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTIxMDAwMDAwWhcNMjQxMjI2MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYWNmMDE4ZTcxOTQ1YzkwZTAzMzIxMDg4YTFkNmNmMmNj
ZmE2Yjc4Y2M1NzUxMDUzZDM1Yzg4NWU2ZDlmYzFlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCm8RuQvdDPrqXY0ebzeiaA98RZXqq9qpOryYDWcf3aYpNE
PTJse5ztVgpyyobQgHZn3Ycw7tvESb6dJtU5UYX83Cvx/i/5+MLY5IuizYQQg37d
/nEBIkXp7d+vDUp2yBe8Oi4JXaic1rs1olHludZe39EqfI2FDQG3IAt3JShjdX9O
1uy1YCbq+wo7HmXKlqe6nxROaZNqyWNt2/GcpON8R87Xb0HkCvyIxQiSm9A9IG1W
ABCDYri0E8WXj68BZdSp+q27a548YGDPPB22Fr1xqAIu2Yr8HAOGE6raDPtjw613
cKNSnSKZ4LIBdMObmHlc6stgTy2GatoisFw4rrixAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUXmp1BjM3jN8+4yUVnx6RWAJOVBUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU0Y2M2N2M4LTU2NjYtNGQ0Zi04OGRhLWMxM2ZlZjM4ZDkwMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADG/NgAIGsgCKEE0Z2k33VzUeFG7
wp7musw4yPTz66DifWiQFBanJpBaOFQgAgFp++xx66xYQih7xOG0ZtwCKqLI2RZe
wBqvoX9AEnf6iiUa4TvKEUKqQcvfpAkostDkymFmjJbeoktRD6jg9Qkxr4+2JsSn
sIP0PGIQ4L3wu+q6qAijmRGuItYkeyYb/flC8IEVePfhXmB6a9LCa712cQRjgExZ
hN8wyQqvMxI8l9pWEb+YlKutFfb9KZWCv7iTxDSbjtbLslVVD4oK0OG5XI7vRsMu
FX+iAenHtAdewxyzdIjBmD6bNVwvUUTmcmLcdffzpmp+8gpW/qokfnCO0A8=
-----END CERTIFICATE-----