Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9caa320c-4fc6-48a6-b939-d049e3da9802.roa
File:                     9caa320c-4fc6-48a6-b939-d049e3da9802.roa (raw, json)
Hash identifier:          eokT9ZHqXtuX1fVfcnoNJEIYMKCLtWFLSIbxfc2hQv4=
Subject key identifier:   96:BD:44:0A:81:42:C2:16:2D:59:08:5A:FA:50:D0:24:20:47:68:B5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       6D37338D77256396F14DCD9A68CDDB62371EEF64
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9caa320c-4fc6-48a6-b939-d049e3da9802.roa
Signing time:             Fri 17 May 2024 00:00:00 +0000
ROA not before:           Fri 17 May 2024 00:00:00 +0000
ROA not after:            Fri 21 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 17 May 2024 00:53:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:37:33:8d:77:25:63:96:f1:4d:cd:9a:68:cd:db:62:37:1e:ef:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 17 00:00:00 2024 GMT
            Not After : Jun 21 23:59:59 2024 GMT
        Subject: serialNumber=8f9d29ccd22a422bb68bd7eadd1d41cd4347c9e081f98b092c2ec36433ee817d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:55:ed:d3:41:d2:cf:63:09:c6:90:1a:a0:2d:
                    ce:ea:35:82:65:ae:dd:76:00:17:70:69:59:3e:f9:
                    2e:46:44:fd:0c:dc:2d:dc:74:8b:b4:fd:e9:fd:c8:
                    a8:4e:bb:20:d7:d2:19:44:ad:c7:ef:fa:fe:43:5f:
                    72:5e:3c:28:2b:c4:28:01:e1:84:6d:b7:e4:4d:2a:
                    a1:bf:91:f1:7d:c7:ff:a4:1c:e7:22:9c:29:06:13:
                    01:83:ae:08:23:35:c5:97:6b:7f:82:c6:81:9b:ad:
                    3a:d6:35:78:c2:ca:b5:c1:17:8c:fe:e3:50:0f:cd:
                    b5:fb:60:f8:84:40:f6:e1:fa:07:24:f5:22:dc:25:
                    4c:e1:c2:80:85:39:bd:1d:15:fc:f8:9a:cb:8c:b3:
                    ca:04:cc:fc:13:ed:c7:14:25:e6:4e:62:ef:e2:09:
                    f1:10:73:ef:9d:e2:f2:46:2b:74:d4:7e:a3:12:54:
                    7a:19:61:dc:a7:67:0c:b1:e6:8e:09:20:02:e2:4c:
                    de:26:be:97:78:77:0e:d8:94:92:cf:29:1e:4b:7c:
                    fb:ed:3b:3e:2d:04:3c:47:b7:06:de:1c:ed:60:02:
                    e2:e0:80:e8:fa:4e:ef:e1:82:ad:73:13:25:e7:62:
                    fe:e9:49:dd:10:22:f5:f2:31:49:fc:02:ce:b7:a7:
                    42:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:BD:44:0A:81:42:C2:16:2D:59:08:5A:FA:50:D0:24:20:47:68:B5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9caa320c-4fc6-48a6-b939-d049e3da9802.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:d5:b4:6c:29:ea:83:51:60:d8:89:7c:04:04:d6:79:bd:ee:
         63:72:18:a9:c8:5d:9e:cf:b8:71:1a:71:6f:7e:4a:da:52:ab:
         2c:a7:32:84:56:e1:d2:3d:18:31:eb:80:e1:35:ed:95:d3:cd:
         70:35:01:4a:0e:1e:ef:c1:f5:46:21:e8:7d:4b:4a:8f:b3:04:
         6e:8c:8e:de:32:10:ba:2a:0f:20:42:25:4a:13:29:8b:01:ed:
         3a:2a:f5:4b:ef:d9:09:8a:eb:89:cf:b7:d1:57:cb:30:35:31:
         d5:05:9d:53:1f:0e:af:2a:21:94:2b:24:cf:32:b3:dd:5b:77:
         86:27:86:54:31:37:e0:29:90:63:4c:28:26:b0:be:6c:66:12:
         81:eb:87:53:e5:73:2a:ec:69:70:17:fc:3d:78:e3:c8:0d:dc:
         fe:b9:ae:05:04:d3:0f:27:38:30:da:b9:50:94:d1:35:03:90:
         bb:de:fb:9a:3b:2d:09:de:8c:61:c8:b8:1b:52:c5:2b:c6:3e:
         39:7b:9c:af:e9:7b:d4:b2:57:72:31:7f:77:9b:eb:6d:ce:63:
         9b:22:47:9c:38:ca:56:35:c2:85:7f:86:51:62:4c:93:be:36:
         da:aa:e3:71:91:aa:c7:24:01:cc:d2:c8:32:10:b4:59:0b:0a:
         27:b3:24:e5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbTczjXclY5bxTc2aaM3bYjce72QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTE3MDAwMDAwWhcNMjQwNjIxMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZjlkMjljY2QyMmE0MjJiYjY4YmQ3ZWFkZDFkNDFjZDQz
NDdjOWUwODFmOThiMDkyYzJlYzM2NDMzZWU4MTdkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTVe3TQdLPYwnGkBqgLc7qNYJlrt12ABdwaVk++S5GRP0M
3C3cdIu0/en9yKhOuyDX0hlErcfv+v5DX3JePCgrxCgB4YRtt+RNKqG/kfF9x/+k
HOcinCkGEwGDrggjNcWXa3+CxoGbrTrWNXjCyrXBF4z+41APzbX7YPiEQPbh+gck
9SLcJUzhwoCFOb0dFfz4msuMs8oEzPwT7ccUJeZOYu/iCfEQc++d4vJGK3TUfqMS
VHoZYdynZwyx5o4JIALiTN4mvpd4dw7YlJLPKR5LfPvtOz4tBDxHtwbeHO1gAuLg
gOj6Tu/hgq1zEyXnYv7pSd0QIvXyMUn8As63p0KZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUlr1ECoFCwhYtWQha+lDQJCBHaLUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzljYWEzMjBjLTRmYzYtNDhhNi1iOTM5LWQwNDllM2RhOTgwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABLVtGwp6oNRYNiJfAQE1nm97mNy
GKnIXZ7PuHEacW9+StpSqyynMoRW4dI9GDHrgOE17ZXTzXA1AUoOHu/B9UYh6H1L
So+zBG6Mjt4yELoqDyBCJUoTKYsB7Toq9Uvv2QmK64nPt9FXyzA1MdUFnVMfDq8q
IZQrJM8ys91bd4YnhlQxN+ApkGNMKCawvmxmEoHrh1PlcyrsaXAX/D1448gN3P65
rgUE0w8nODDauVCU0TUDkLve+5o7LQnejGHIuBtSxSvGPjl7nK/pe9SyV3Ixf3eb
623OY5siR5w4ylY1woV/hlFiTJO+Ntqq43GRqsckAczSyDIQtFkLCiezJOU=
-----END CERTIFICATE-----