Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/71b47ec1-8c9e-4e57-9e2b-165ca8391fa6.roa
File:                     71b47ec1-8c9e-4e57-9e2b-165ca8391fa6.roa (raw, json)
Hash identifier:          wwq31Ab27VBPlaBAvS++/v9GD0fcE8fFR31tGSCGxXI=
Subject key identifier:   B3:2D:F5:B9:78:11:2D:C9:B6:FA:47:65:62:9C:C4:C4:51:7D:D7:57
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5CB68FC69E4086AC60BC3A488ED33C008F832952
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/71b47ec1-8c9e-4e57-9e2b-165ca8391fa6.roa
Signing time:             Thu 07 Nov 2024 00:00:00 +0000
ROA not before:           Thu 07 Nov 2024 00:00:00 +0000
ROA not after:            Thu 12 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 07 Nov 2024 22:33:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:b6:8f:c6:9e:40:86:ac:60:bc:3a:48:8e:d3:3c:00:8f:83:29:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Nov  7 00:00:00 2024 GMT
            Not After : Dec 12 23:59:59 2024 GMT
        Subject: serialNumber=6a1d459d70b8bcfb3a7006e106e7f758a9d41ca1aa54831f16d5a3d89d8c4663, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:78:05:3c:f6:22:74:b4:7e:fc:b6:3f:73:1b:
                    40:38:1c:23:87:15:6d:58:c3:10:ee:eb:61:6c:57:
                    c6:21:43:a7:50:60:a7:67:3f:44:5f:c3:17:33:93:
                    da:1b:4d:61:9e:cf:f3:08:31:d1:53:9a:55:9a:2f:
                    93:9d:2d:dd:5b:a7:57:13:d8:43:d5:1a:f5:7d:2e:
                    b9:72:dc:a1:ef:10:4e:07:3d:a8:b4:d4:90:7b:64:
                    b0:bc:58:16:01:78:28:bf:5d:b3:1d:e4:46:60:64:
                    fe:9d:55:e0:d3:90:a8:e2:01:fa:88:98:b1:ee:45:
                    04:4c:7e:65:20:18:bb:0c:68:f3:95:9b:ab:7d:7e:
                    08:d6:a3:98:d4:89:fb:ca:93:d2:cb:87:1f:15:ec:
                    7e:1e:7d:e8:c1:d3:d4:cc:1a:c2:5d:ab:2b:ee:7c:
                    78:e4:cb:c5:d8:f3:eb:e6:a4:c3:83:e4:80:76:1b:
                    63:59:dc:d4:d7:df:e1:86:08:ad:23:e1:ff:40:e5:
                    bd:72:e2:a4:96:4f:e3:40:08:2f:78:4e:66:61:ce:
                    70:6f:4f:1b:5d:38:0d:17:be:67:12:a6:75:b1:24:
                    87:ed:25:13:c6:3c:11:db:06:78:42:f4:2f:ed:e9:
                    3b:60:09:ae:a6:2d:35:45:b6:1e:cd:c8:7f:80:e1:
                    a6:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:2D:F5:B9:78:11:2D:C9:B6:FA:47:65:62:9C:C4:C4:51:7D:D7:57
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/71b47ec1-8c9e-4e57-9e2b-165ca8391fa6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:a7:ab:3f:35:26:46:b9:ff:8b:5d:46:92:ce:62:a6:30:b3:
         f7:37:8f:4c:27:ff:df:18:c6:25:bc:1e:66:3e:70:cc:47:8b:
         41:89:06:19:1a:8e:d2:2b:05:47:17:65:c5:b9:5a:5d:ae:41:
         d5:29:c0:f2:bd:aa:a1:f3:b5:7c:cb:56:a0:36:12:6c:bf:7f:
         d9:d0:f6:d3:f8:83:63:c0:ae:1f:14:aa:ef:9e:2f:b3:ea:cb:
         cc:94:bb:e8:ae:bb:cd:d4:ae:11:4d:ec:29:76:52:cb:1e:d2:
         19:4b:45:d0:6a:64:c6:2f:82:2c:15:c7:7f:31:31:af:ac:7a:
         17:40:17:cc:fe:c3:b1:08:00:16:52:d0:3f:31:7d:e1:b8:c4:
         33:03:85:88:5b:f4:3c:d2:0c:e4:59:a7:63:9f:8c:e5:19:bc:
         ce:d3:7d:ce:c9:ba:4d:30:a1:e8:d4:75:97:5c:db:b7:db:76:
         fd:71:90:33:43:03:52:13:96:64:e0:77:af:72:52:c3:2c:74:
         fd:1d:0a:c7:2e:65:09:67:4d:0e:3d:b9:25:7b:dc:cd:97:ea:
         67:cd:5c:85:2e:4f:c3:5e:12:a8:23:56:d3:1e:fa:2d:1b:36:
         61:c1:21:60:78:0b:f1:83:26:4a:a2:43:1d:1f:78:36:9f:3a:
         d9:a9:20:72
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUXLaPxp5AhqxgvDpIjtM8AI+DKVIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMTA3MDAwMDAwWhcNMjQxMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0A2YTFkNDU5ZDcwYjhiY2ZiM2E3MDA2ZTEwNmU3Zjc1OGE5
ZDQxY2ExYWE1NDgzMWYxNmQ1YTNkODlkOGM0NjYzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbeAU89iJ0tH78tj9zG0A4HCOHFW1YwxDu62FsV8YhQ6dQ
YKdnP0Rfwxczk9obTWGez/MIMdFTmlWaL5OdLd1bp1cT2EPVGvV9Lrly3KHvEE4H
Pai01JB7ZLC8WBYBeCi/XbMd5EZgZP6dVeDTkKjiAfqImLHuRQRMfmUgGLsMaPOV
m6t9fgjWo5jUifvKk9LLhx8V7H4efejB09TMGsJdqyvufHjky8XY8+vmpMOD5IB2
G2NZ3NTX3+GGCK0j4f9A5b1y4qSWT+NACC94TmZhznBvTxtdOA0XvmcSpnWxJIft
JRPGPBHbBnhC9C/t6TtgCa6mLTVFth7NyH+A4aazAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsy31uXgRLcm2+kdlYpzExFF911cwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzcxYjQ3ZWMxLThjOWUtNGU1Ny05ZTJiLTE2NWNhODM5MWZhNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACinqz81Jka5/4tdRpLOYqYws/c3
j0wn/98YxiW8HmY+cMxHi0GJBhkajtIrBUcXZcW5Wl2uQdUpwPK9qqHztXzLVqA2
Emy/f9nQ9tP4g2PArh8Uqu+eL7Pqy8yUu+iuu83UrhFN7Cl2Usse0hlLRdBqZMYv
giwVx38xMa+sehdAF8z+w7EIABZS0D8xfeG4xDMDhYhb9DzSDORZp2OfjOUZvM7T
fc7Juk0woejUdZdc27fbdv1xkDNDA1ITlmTgd69yUsMsdP0dCscuZQlnTQ49uSV7
3M2X6mfNXIUuT8NeEqgjVtMe+i0bNmHBIWB4C/GDJkqiQx0feDafOtmpIHI=
-----END CERTIFICATE-----