Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8c89c691-e7c0-4cc1-99d8-db73de997b75.roa
File:                     8c89c691-e7c0-4cc1-99d8-db73de997b75.roa (raw, json)
Hash identifier:          rLdXSzrA0A+KrnWuqTbSFddJic46K1bC90L9+JF73+I=
Subject key identifier:   21:76:11:33:3A:41:16:05:BB:9D:1E:25:9A:0B:C2:AE:6A:A0:A2:CA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3D9C578C0EAA5E5ACA58947E51AE6BDC14784150
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8c89c691-e7c0-4cc1-99d8-db73de997b75.roa
Signing time:             Sun 27 Oct 2024 00:00:00 +0000
ROA not before:           Sun 27 Oct 2024 00:00:00 +0000
ROA not after:            Sun 01 Dec 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 28 Oct 2024 00:14:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:9c:57:8c:0e:aa:5e:5a:ca:58:94:7e:51:ae:6b:dc:14:78:41:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Oct 27 00:00:00 2024 GMT
            Not After : Dec  1 23:59:59 2024 GMT
        Subject: serialNumber=2f73aea330e236b7e6fa814aa0997c8b6c7e0042742890889dd71bd239e49478, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:9a:bd:f9:d8:1f:a0:3a:4f:d4:c9:96:5b:5d:
                    79:41:cf:4d:e5:1b:cc:e2:ad:24:dd:4e:39:74:c9:
                    24:4e:01:74:d6:48:f3:65:f4:81:59:a3:dc:ff:93:
                    45:de:0c:6f:4b:f6:a1:77:3a:15:c9:3e:ab:85:b2:
                    52:6a:b5:2b:7a:f3:6f:4c:68:54:8d:99:2e:b1:57:
                    31:99:0b:e7:72:2c:3f:1a:c3:fb:03:cf:2a:c5:c1:
                    75:f2:ed:e3:20:2f:d8:57:74:79:4c:87:e4:94:f7:
                    c1:f0:03:fd:64:ab:ee:f8:20:e1:75:25:92:8a:f4:
                    9f:d9:83:4d:04:49:4c:65:37:47:1f:90:26:f7:a3:
                    7e:ae:2e:83:30:42:fd:f6:ed:50:0a:b1:be:b4:17:
                    e6:dd:14:fe:b8:9b:ba:39:96:27:0d:ad:07:15:dc:
                    15:b8:29:09:5e:78:1f:a5:ba:b7:77:eb:bb:14:73:
                    c5:68:d4:a3:4b:e1:a5:31:1b:96:a8:32:19:0b:7a:
                    b0:6d:df:73:f7:b8:48:fb:7a:9f:e3:0a:52:ec:6d:
                    f4:f6:fe:74:e2:1c:6c:40:83:f8:61:ad:72:7e:a3:
                    2c:d4:ef:2f:0a:40:79:14:0f:d6:3f:97:02:09:03:
                    91:86:3f:ba:e3:61:95:b6:3f:f1:4b:fc:bc:8d:81:
                    d5:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:76:11:33:3A:41:16:05:BB:9D:1E:25:9A:0B:C2:AE:6A:A0:A2:CA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8c89c691-e7c0-4cc1-99d8-db73de997b75.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:6d:2a:b1:20:3f:f8:d0:4f:f4:15:58:e8:43:98:b1:99:02:
         81:29:6f:bf:5c:df:6d:48:ed:db:46:32:20:14:da:77:ff:90:
         c6:d4:b9:06:62:d1:34:c3:39:73:7b:17:54:70:a6:02:c2:83:
         88:57:15:18:cf:20:27:fa:36:40:8c:1c:be:68:da:4e:0a:fa:
         35:27:8c:10:98:67:22:54:8c:13:8e:8b:8e:48:72:8c:fe:3b:
         96:4b:cd:d7:3a:30:d4:16:b7:74:b2:f9:b5:ed:31:2d:b1:b7:
         35:e3:d6:87:ee:a4:b0:57:e9:de:ce:92:ba:92:c6:7c:6e:c9:
         ae:9b:b6:eb:cd:ae:bf:ac:c4:5a:71:23:b4:fb:7e:bb:5a:b0:
         bc:ae:b7:94:ae:db:f7:09:a5:0d:9e:c2:53:73:46:16:49:d4:
         20:e9:47:fa:41:73:b2:c6:f0:8a:4b:8f:a1:54:b4:43:50:d9:
         11:4f:81:f4:da:ed:eb:d1:7a:c8:9a:1e:e1:9d:78:42:2c:ac:
         af:9d:14:ea:44:42:44:44:ee:26:6d:d0:9a:52:5f:73:87:47:
         c0:f8:20:1f:f8:90:48:b2:ae:5b:62:38:34:ea:ed:b8:f8:41:
         10:39:aa:37:c9:85:1e:03:fe:c1:fd:32:48:9a:c6:22:ee:5d:
         44:df:52:7b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPZxXjA6qXlrKWJR+Ua5r3BR4QVAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQxMDI3MDAwMDAwWhcNMjQxMjAxMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZjczYWVhMzMwZTIzNmI3ZTZmYTgxNGFhMDk5N2M4YjZj
N2UwMDQyNzQyODkwODg5ZGQ3MWJkMjM5ZTQ5NDc4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCLmr352B+gOk/UyZZbXXlBz03lG8zirSTdTjl0ySROAXTW
SPNl9IFZo9z/k0XeDG9L9qF3OhXJPquFslJqtSt6829MaFSNmS6xVzGZC+dyLD8a
w/sDzyrFwXXy7eMgL9hXdHlMh+SU98HwA/1kq+74IOF1JZKK9J/Zg00ESUxlN0cf
kCb3o36uLoMwQv327VAKsb60F+bdFP64m7o5licNrQcV3BW4KQleeB+lurd367sU
c8Vo1KNL4aUxG5aoMhkLerBt33P3uEj7ep/jClLsbfT2/nTiHGxAg/hhrXJ+oyzU
7y8KQHkUD9Y/lwIJA5GGP7rjYZW2P/FL/LyNgdXLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUIXYRMzpBFgW7nR4lmgvCrmqgosowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhjODljNjkxLWU3YzAtNGNjMS05OWQ4LWRiNzNkZTk5N2I3NS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHNtKrEgP/jQT/QVWOhDmLGZAoEp
b79c321I7dtGMiAU2nf/kMbUuQZi0TTDOXN7F1RwpgLCg4hXFRjPICf6NkCMHL5o
2k4K+jUnjBCYZyJUjBOOi45Icoz+O5ZLzdc6MNQWt3Sy+bXtMS2xtzXj1ofupLBX
6d7OkrqSxnxuya6btuvNrr+sxFpxI7T7frtasLyut5Su2/cJpQ2ewlNzRhZJ1CDp
R/pBc7LG8IpLj6FUtENQ2RFPgfTa7evResiaHuGdeEIsrK+dFOpEQkRE7iZt0JpS
X3OHR8D4IB/4kEiyrltiODTq7bj4QRA5qjfJhR4D/sH9MkiaxiLuXUTfUns=
-----END CERTIFICATE-----