Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/81602c59-de6e-4321-a955-1efdae2f758c.roa
File:                     81602c59-de6e-4321-a955-1efdae2f758c.roa (raw, json)
Hash identifier:          EgAMrKHAQW7IVACv0cHoN3aD6uIrSZ9sNw106GQ/5pM=
Subject key identifier:   33:10:DB:EE:BA:E8:9B:5F:7E:51:23:FA:B0:CE:00:7C:01:FB:0C:36
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4087E9BAA6E1BA0ED5EC7BD801E0F7FF46B3F16C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/81602c59-de6e-4321-a955-1efdae2f758c.roa
Signing time:             Mon 07 Oct 2024 00:00:00 +0000
ROA not before:           Mon 07 Oct 2024 00:00:00 +0000
ROA not after:            Mon 11 Nov 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 07 Oct 2024 07:33:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:87:e9:ba:a6:e1:ba:0e:d5:ec:7b:d8:01:e0:f7:ff:46:b3:f1:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct  7 00:00:00 2024 GMT
            Not After : Nov 11 23:59:59 2024 GMT
        Subject: serialNumber=142d3060cb08b22985d11f60d8821afa2576a1a473fa9abd244836999d84b649, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a6:b2:d1:f1:55:20:4d:8f:09:8e:8b:2a:5a:
                    43:45:ba:69:04:1e:6e:df:5d:37:ef:36:b9:29:2b:
                    35:eb:c2:e0:e0:df:29:e1:8a:52:52:26:77:62:af:
                    b7:15:8e:ea:d6:23:1f:33:b8:9b:9d:24:63:43:7f:
                    4d:71:99:eb:19:d8:7a:7f:0b:78:2c:d3:ab:1e:d2:
                    92:c6:05:e8:d3:bd:2d:e0:93:7a:b3:38:b6:89:9f:
                    92:5f:b6:5e:8e:b2:e3:40:df:78:f8:de:96:86:8d:
                    88:03:7f:61:a4:1b:6e:0e:d9:fb:ff:dc:55:f3:01:
                    f9:fb:48:8a:a1:cf:57:ff:2e:38:5d:b1:55:21:3d:
                    96:21:84:62:91:65:2a:aa:7c:cb:ab:00:37:52:9f:
                    b9:74:34:89:f5:d2:ee:f8:33:22:9a:8d:cb:ba:41:
                    c2:b5:c8:04:94:06:a7:a9:b4:54:70:be:71:7e:0e:
                    1e:6d:da:e7:99:25:39:08:ed:0f:d1:b9:10:c0:72:
                    a0:1c:e7:43:e3:1a:7a:6d:bb:4e:0d:19:db:9f:60:
                    c2:35:52:a7:d5:bd:b2:f6:a6:b5:1c:b9:de:cc:c1:
                    e7:45:f2:26:6b:50:65:50:d7:ef:e1:a2:19:54:ec:
                    53:4c:a8:3f:2c:c4:b9:49:20:a0:59:4f:ec:76:82:
                    a0:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:10:DB:EE:BA:E8:9B:5F:7E:51:23:FA:B0:CE:00:7C:01:FB:0C:36
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/81602c59-de6e-4321-a955-1efdae2f758c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:35:08:13:a0:cb:c4:d0:a8:6e:9c:54:58:1a:bf:e7:91:9a:
         7e:f5:04:d7:41:ab:bc:54:2e:e5:44:91:c5:92:61:eb:f3:93:
         37:fd:8b:fb:2f:5f:37:e0:7c:dc:45:03:16:1b:57:b7:09:99:
         1d:40:ce:66:ee:c3:6f:f5:89:2a:7b:b0:58:06:e7:6d:b2:a1:
         6b:1f:4c:15:58:0f:b3:9d:e8:9f:92:75:40:ae:e5:fb:d2:45:
         46:9a:87:4c:39:cc:d5:4c:2a:7b:2c:bb:5e:3d:71:86:12:bb:
         37:92:ca:70:ae:02:82:9d:66:c4:8e:49:57:e8:9e:e1:83:da:
         9d:7c:cf:cf:8c:79:f3:e1:c6:cd:16:11:79:d1:ee:c1:b4:c0:
         b8:57:4e:04:27:dc:08:1f:ca:d5:39:ec:20:20:27:4c:d0:25:
         7f:51:3e:7b:74:b4:d0:2f:4c:55:6d:d9:7c:f4:b3:9a:24:55:
         bb:77:b2:36:4d:91:4c:97:43:08:c1:41:3b:39:2a:f9:c3:1d:
         23:ea:9a:66:e2:04:f4:d4:bf:b5:8d:90:cb:85:a7:de:35:88:
         24:02:ce:bc:68:0c:2f:d9:cf:57:a8:9e:ea:33:cc:03:43:55:
         31:05:76:95:17:ec:3c:dd:f4:e5:f6:cd:70:26:0f:6b:96:67:
         82:a5:dc:4f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQIfpuqbhug7V7HvYAeD3/0az8WwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDA3MDAwMDAwWhcNMjQxMTExMjM1OTU5
WjB6MUkwRwYDVQQFE0AxNDJkMzA2MGNiMDhiMjI5ODVkMTFmNjBkODgyMWFmYTI1
NzZhMWE0NzNmYTlhYmQyNDQ4MzY5OTlkODRiNjQ5MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC/prLR8VUgTY8JjosqWkNFumkEHm7fXTfvNrkpKzXrwuDg
3ynhilJSJndir7cVjurWIx8zuJudJGNDf01xmesZ2Hp/C3gs06se0pLGBejTvS3g
k3qzOLaJn5Jftl6OsuNA33j43paGjYgDf2GkG24O2fv/3FXzAfn7SIqhz1f/Ljhd
sVUhPZYhhGKRZSqqfMurADdSn7l0NIn10u74MyKajcu6QcK1yASUBqeptFRwvnF+
Dh5t2ueZJTkI7Q/RuRDAcqAc50PjGnptu04NGdufYMI1UqfVvbL2prUcud7MwedF
8iZrUGVQ1+/hohlU7FNMqD8sxLlJIKBZT+x2gqBFAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMxDb7rrom19+USP6sM4AfAH7DDYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzgxNjAyYzU5LWRlNmUtNDMyMS1hOTU1LTFlZmRhZTJmNzU4Yy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHk1CBOgy8TQqG6cVFgav+eRmn71
BNdBq7xULuVEkcWSYevzkzf9i/svXzfgfNxFAxYbV7cJmR1Azmbuw2/1iSp7sFgG
522yoWsfTBVYD7Od6J+SdUCu5fvSRUaah0w5zNVMKnssu149cYYSuzeSynCuAoKd
ZsSOSVfonuGD2p18z8+MefPhxs0WEXnR7sG0wLhXTgQn3AgfytU57CAgJ0zQJX9R
Pnt0tNAvTFVt2Xz0s5okVbt3sjZNkUyXQwjBQTs5KvnDHSPqmmbiBPTUv7WNkMuF
p941iCQCzrxoDC/Zz1eonuozzANDVTEFdpUX7Dzd9OX2zXAmD2uWZ4Kl3E8=
-----END CERTIFICATE-----