Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8eef34d5-44d5-4dd6-8f00-89f0e17f72c5.roa
File:                     8eef34d5-44d5-4dd6-8f00-89f0e17f72c5.roa (raw, json)
Hash identifier:          NbwufzxTbf0uduJdQzshq7M9BSy+a5VEvM52AMFzHrI=
Subject key identifier:   31:21:D5:DB:32:5E:02:A0:21:B9:8E:3B:EC:CC:25:81:67:54:29:EA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       691CF683AFBFFA40D1778FBEFCBADE5442B144DF
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8eef34d5-44d5-4dd6-8f00-89f0e17f72c5.roa
Signing time:             Wed 05 Jun 2024 00:00:00 +0000
ROA not before:           Wed 05 Jun 2024 00:00:00 +0000
ROA not after:            Wed 10 Jul 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 05 Jun 2024 13:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:1c:f6:83:af:bf:fa:40:d1:77:8f:be:fc:ba:de:54:42:b1:44:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun  5 00:00:00 2024 GMT
            Not After : Jul 10 23:59:59 2024 GMT
        Subject: serialNumber=99081f7f73bd94ef4b292188aeb23b17983ff1ce5b2b87c6d1cb33f3cc8861c1, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:c8:2f:96:d1:ed:1b:2b:1a:f2:80:23:1e:38:
                    6a:ba:72:ca:d5:59:f0:b5:7c:36:b9:c0:65:d2:b5:
                    a3:e0:20:22:54:84:3e:8a:94:77:6b:c4:0b:36:06:
                    e4:f8:3b:20:71:2b:1c:67:79:e0:09:ea:ca:38:ab:
                    e9:b2:60:ed:4c:86:08:f4:32:44:67:90:ac:8e:e2:
                    a3:15:2f:68:cd:c6:d4:be:04:82:b1:24:39:99:9b:
                    cf:7e:42:4e:0a:f5:58:12:0b:05:74:a9:57:19:c6:
                    1a:b3:a1:6d:90:da:49:80:43:b5:bf:a9:c9:4e:9c:
                    f2:95:56:17:83:1f:24:98:25:c7:4a:10:06:df:6c:
                    ea:34:45:25:5c:06:85:93:32:07:7e:63:61:0a:6b:
                    7e:15:8e:64:b6:5d:42:5f:f6:4f:12:55:a2:3a:98:
                    4a:f3:20:f9:1a:6d:d3:a4:ec:d9:bb:92:67:4d:29:
                    eb:15:cc:35:91:26:c8:bc:b2:20:d8:b0:2d:69:8f:
                    58:20:ba:ec:c0:26:7c:f7:5f:32:c8:51:64:7b:88:
                    1a:0c:c5:82:34:b9:b2:47:22:f4:83:67:4a:23:2e:
                    e0:22:8c:20:82:e7:a5:f3:3c:2a:30:fa:16:40:96:
                    cf:06:4f:8d:c5:09:53:7e:20:8a:a4:d5:93:a2:89:
                    dc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:21:D5:DB:32:5E:02:A0:21:B9:8E:3B:EC:CC:25:81:67:54:29:EA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8eef34d5-44d5-4dd6-8f00-89f0e17f72c5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:c1:d9:80:05:8f:40:a8:f1:1e:60:cd:aa:61:e1:44:90:cb:
         93:d0:82:7e:04:f0:bd:88:c1:30:c8:b9:be:25:da:a3:37:29:
         40:72:0e:43:22:99:b8:83:06:94:6d:91:eb:73:cd:b5:d7:ce:
         71:0d:45:7c:ad:85:5d:8f:89:65:54:ea:34:ec:fc:5e:ff:36:
         4b:b2:28:2b:69:36:9d:06:5b:9a:cc:7a:fb:3d:50:f6:31:69:
         bc:1b:19:58:62:67:da:15:61:3e:92:b7:d1:f1:1e:d3:b1:6a:
         48:99:ee:e6:99:bc:23:79:40:f9:61:35:48:4a:2e:53:2d:fa:
         51:44:03:7a:63:41:02:8c:54:da:62:4a:6a:a4:94:7c:81:fe:
         70:b5:11:14:6e:5c:6a:6f:96:b4:01:c2:48:9e:2e:64:7b:c6:
         a9:3e:d8:8c:28:cc:90:59:ea:2a:ca:22:77:5f:ac:c8:4a:84:
         3e:46:1e:80:7e:f4:66:39:d5:52:97:db:53:7e:04:86:4f:2f:
         e5:7d:64:10:fc:1b:b3:b4:b9:20:07:9d:ee:95:7c:4f:88:86:
         54:72:d0:8e:29:ee:c6:6f:af:0d:f2:cf:0a:d8:76:77:6a:cc:
         5b:37:24:41:74:c4:bd:5d:66:10:25:2b:8f:65:85:86:69:ed:
         08:6c:f5:bd
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUaRz2g6+/+kDRd4++/LreVEKxRN8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNjA1MDAwMDAwWhcNMjQwNzEwMjM1OTU5
WjB6MUkwRwYDVQQFE0A5OTA4MWY3ZjczYmQ5NGVmNGIyOTIxODhhZWIyM2IxNzk4
M2ZmMWNlNWIyYjg3YzZkMWNiMzNmM2NjODg2MWMxMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDpyC+W0e0bKxrygCMeOGq6csrVWfC1fDa5wGXStaPgICJU
hD6KlHdrxAs2BuT4OyBxKxxneeAJ6so4q+myYO1Mhgj0MkRnkKyO4qMVL2jNxtS+
BIKxJDmZm89+Qk4K9VgSCwV0qVcZxhqzoW2Q2kmAQ7W/qclOnPKVVheDHySYJcdK
EAbfbOo0RSVcBoWTMgd+Y2EKa34VjmS2XUJf9k8SVaI6mErzIPkabdOk7Nm7kmdN
KesVzDWRJsi8siDYsC1pj1gguuzAJnz3XzLIUWR7iBoMxYI0ubJHIvSDZ0ojLuAi
jCCC56XzPCow+hZAls8GT43FCVN+IIqk1ZOiidynAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUMSHV2zJeAqAhuY477MwlgWdUKeowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhlZWYzNGQ1LTQ0ZDUtNGRkNi04ZjAwLTg5ZjBlMTdmNzJjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADrB2YAFj0Co8R5gzaph4USQy5PQ
gn4E8L2IwTDIub4l2qM3KUByDkMimbiDBpRtketzzbXXznENRXythV2PiWVU6jTs
/F7/NkuyKCtpNp0GW5rMevs9UPYxabwbGVhiZ9oVYT6St9HxHtOxakiZ7uaZvCN5
QPlhNUhKLlMt+lFEA3pjQQKMVNpiSmqklHyB/nC1ERRuXGpvlrQBwkieLmR7xqk+
2IwozJBZ6irKIndfrMhKhD5GHoB+9GY51VKX21N+BIZPL+V9ZBD8G7O0uSAHne6V
fE+IhlRy0I4p7sZvrw3yzwrYdndqzFs3JEF0xL1dZhAlK49lhYZp7Qhs9b0=
-----END CERTIFICATE-----