Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6a539696-6b26-42be-a14a-89bc8abc4afc.roa
File:                     6a539696-6b26-42be-a14a-89bc8abc4afc.roa (raw, json)
Hash identifier:          5m8FiRfGwBfATWJjRdFPu2XYuupQyKN5Gq0lewueb4Y=
Subject key identifier:   B2:2B:7E:C0:02:A5:C0:26:C0:B4:83:D2:6C:7A:C6:AF:F0:C9:31:A6
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       374771AF6484711478524E36B35FF312D89EBF75
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6a539696-6b26-42be-a14a-89bc8abc4afc.roa
Signing time:             Thu 25 Jul 2024 00:00:00 +0000
ROA not before:           Thu 25 Jul 2024 00:00:00 +0000
ROA not after:            Thu 29 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 Jul 2024 17:38:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:47:71:af:64:84:71:14:78:52:4e:36:b3:5f:f3:12:d8:9e:bf:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul 25 00:00:00 2024 GMT
            Not After : Aug 29 23:59:59 2024 GMT
        Subject: serialNumber=574e906422c1899e5f9b620e4bd7155e2af83a947cefa06bb49d997172ac0bb4, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a2:34:a4:f3:0c:fb:85:8b:db:4c:eb:cd:63:
                    e1:9d:41:4a:e1:ea:4c:1b:2d:05:35:b8:02:b2:10:
                    b0:c3:37:73:49:2c:42:69:7d:82:c3:f4:92:46:7e:
                    f2:20:b5:53:24:31:89:ce:51:07:37:53:d9:4d:be:
                    9a:87:a9:08:af:48:36:ba:b1:d8:81:29:b1:34:b1:
                    a2:b0:2e:8a:7c:9e:f8:ba:ef:f0:24:6d:bf:13:c1:
                    95:a2:df:46:85:d7:fd:62:ca:da:b4:94:5e:d7:18:
                    33:5b:df:ab:3d:ca:4a:29:e7:30:b0:80:a5:5e:9f:
                    86:75:3a:5c:35:63:91:9a:b5:70:ae:72:b9:c1:1f:
                    f7:68:2b:de:a5:31:06:60:53:3b:5c:2d:0a:70:99:
                    26:56:fd:ef:cb:f4:84:05:8f:a0:e3:49:52:5d:d6:
                    62:fb:b0:32:4b:a3:70:0f:cd:0f:17:87:d7:aa:0b:
                    d5:5f:ce:9e:f5:38:81:da:69:15:36:4d:05:de:99:
                    95:f9:26:1e:ff:ab:bd:d7:68:59:8c:19:fa:56:c6:
                    d7:06:4f:a3:67:ad:52:d5:51:0e:c0:65:eb:11:75:
                    bb:f1:6c:c7:2e:80:ce:46:35:01:21:17:20:34:98:
                    9c:90:92:3d:e1:f1:8a:a9:f4:44:91:51:a8:f9:1b:
                    de:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:2B:7E:C0:02:A5:C0:26:C0:B4:83:D2:6C:7A:C6:AF:F0:C9:31:A6
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/6a539696-6b26-42be-a14a-89bc8abc4afc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:dd:c9:c2:79:fb:f3:3b:24:24:7a:9f:51:d8:58:23:ad:07:
         e7:f7:c4:f0:ed:6e:0a:6c:b2:51:ee:2a:35:4c:9f:38:f7:bf:
         15:23:1f:d8:17:f5:12:71:bd:d4:d0:8d:b4:39:24:5c:24:ff:
         81:53:68:92:24:74:5d:89:81:bb:33:d1:b7:15:0a:10:ca:a8:
         c1:7d:fa:59:3a:a6:58:91:8e:17:35:96:ef:b3:a5:b6:26:37:
         fb:dc:c7:65:bc:11:31:ac:ef:46:90:bb:55:80:a0:5a:e1:a4:
         f3:d8:12:4d:cc:c9:8d:d2:46:c6:dc:65:b2:0a:40:f0:d5:1a:
         fd:f5:30:4d:c1:23:41:b3:27:e0:d3:bb:06:b1:26:31:4c:82:
         24:3b:8d:aa:b4:d1:17:d9:af:1e:2b:e9:e0:88:4c:d5:de:81:
         71:60:73:86:0f:b3:ee:c6:cf:9a:29:f5:1d:b0:7b:3e:ae:37:
         d8:8e:0d:35:de:1e:ed:c9:5f:b6:d5:31:ae:97:89:c7:16:82:
         fa:7e:ee:c5:dd:88:cb:f0:44:88:54:df:4f:51:e6:a7:f7:c9:
         4b:33:24:06:b2:57:f9:02:16:ca:94:a6:c2:3d:39:bd:9d:54:
         ef:5c:e0:1f:75:91:75:b4:d1:53:33:c1:f4:19:c1:cb:e4:4f:
         71:46:54:ac
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUN0dxr2SEcRR4Uk42s1/zEtiev3UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzI1MDAwMDAwWhcNMjQwODI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A1NzRlOTA2NDIyYzE4OTllNWY5YjYyMGU0YmQ3MTU1ZTJh
ZjgzYTk0N2NlZmEwNmJiNDlkOTk3MTcyYWMwYmI0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5ojSk8wz7hYvbTOvNY+GdQUrh6kwbLQU1uAKyELDDN3NJ
LEJpfYLD9JJGfvIgtVMkMYnOUQc3U9lNvpqHqQivSDa6sdiBKbE0saKwLop8nvi6
7/Akbb8TwZWi30aF1/1iytq0lF7XGDNb36s9ykop5zCwgKVen4Z1Olw1Y5GatXCu
crnBH/doK96lMQZgUztcLQpwmSZW/e/L9IQFj6DjSVJd1mL7sDJLo3APzQ8Xh9eq
C9Vfzp71OIHaaRU2TQXemZX5Jh7/q73XaFmMGfpWxtcGT6NnrVLVUQ7AZesRdbvx
bMcugM5GNQEhFyA0mJyQkj3h8Yqp9ESRUaj5G95pAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsit+wAKlwCbAtIPSbHrGr/DJMaYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzZhNTM5Njk2LTZiMjYtNDJiZS1hMTRhLTg5YmM4YWJjNGFmYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKHdycJ5+/M7JCR6n1HYWCOtB+f3
xPDtbgpsslHuKjVMnzj3vxUjH9gX9RJxvdTQjbQ5JFwk/4FTaJIkdF2Jgbsz0bcV
ChDKqMF9+lk6pliRjhc1lu+zpbYmN/vcx2W8ETGs70aQu1WAoFrhpPPYEk3MyY3S
RsbcZbIKQPDVGv31ME3BI0GzJ+DTuwaxJjFMgiQ7jaq00RfZrx4r6eCITNXegXFg
c4YPs+7Gz5op9R2wez6uN9iODTXeHu3JX7bVMa6XiccWgvp+7sXdiMvwRIhU309R
5qf3yUszJAayV/kCFsqUpsI9Ob2dVO9c4B91kXW00VMzwfQZwcvkT3FGVKw=
-----END CERTIFICATE-----