Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9e148e07-ff00-46f9-a313-0507e472f839.roa
File:                     9e148e07-ff00-46f9-a313-0507e472f839.roa (raw, json)
Hash identifier:          gNv8mx2wE8UOCjP6ti2fOAYzRW1hu8QLG8GSR2ysoLs=
Subject key identifier:   56:19:4D:61:8C:66:3E:61:9D:F5:24:C8:86:48:CB:1E:8B:D8:8B:D1
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3ADAD761CBB7029528F52BD1F755746939329EE1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9e148e07-ff00-46f9-a313-0507e472f839.roa
Signing time:             Mon 19 Aug 2024 00:00:00 +0000
ROA not before:           Mon 19 Aug 2024 00:00:00 +0000
ROA not after:            Mon 23 Sep 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 19 Aug 2024 08:23:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:da:d7:61:cb:b7:02:95:28:f5:2b:d1:f7:55:74:69:39:32:9e:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 19 00:00:00 2024 GMT
            Not After : Sep 23 23:59:59 2024 GMT
        Subject: serialNumber=23bbbea7d9210a04de38025436defd7774b3cdaf831961d09772d1e7d818c475, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ee:9e:c5:5b:26:25:2e:e2:f3:81:f4:88:fc:
                    b9:ec:1d:1f:e7:9b:5d:ef:9f:7b:50:1f:f5:7c:c9:
                    51:e6:f1:a5:52:1e:1f:dc:b2:f0:01:ba:62:e2:d1:
                    04:15:35:51:0c:33:e5:35:0b:44:58:4e:4c:1b:03:
                    10:3a:eb:80:9a:da:59:53:64:20:a8:97:4a:ee:ce:
                    5a:f4:fd:09:ed:03:fb:cd:9a:6a:25:3c:cf:60:6c:
                    82:05:62:2a:a7:44:bf:23:32:d9:e9:44:3d:08:fd:
                    c3:20:95:29:53:c1:74:b4:64:a5:24:d6:5b:e9:bb:
                    12:ea:eb:49:84:2b:13:d9:ef:50:07:db:18:97:ad:
                    6c:8e:dc:73:f4:78:ec:78:cf:79:47:79:78:8a:b2:
                    6c:1f:28:9f:32:62:2a:bf:31:33:b1:25:ba:dc:5d:
                    be:1b:60:c8:bd:e3:7b:2a:7f:c6:f8:ac:35:45:a3:
                    c8:17:c7:13:1e:26:c4:b5:a7:0a:5b:cf:9d:26:b3:
                    89:7f:0c:6b:70:58:1e:97:cc:9c:78:97:99:09:e1:
                    b0:d1:3e:74:7f:0d:dd:21:fb:b2:4c:68:83:c7:fc:
                    f3:b8:ec:b0:08:74:5f:b0:3c:d3:cd:c1:5f:ba:02:
                    c4:e6:f9:3c:2b:10:f4:b1:65:13:40:fa:7a:9b:ed:
                    d4:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:19:4D:61:8C:66:3E:61:9D:F5:24:C8:86:48:CB:1E:8B:D8:8B:D1
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/9e148e07-ff00-46f9-a313-0507e472f839.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:57:de:b5:e2:3f:1b:27:d6:58:1b:c8:f1:03:b4:d0:74:00:
         11:ea:d4:e0:e7:c7:3e:4c:9d:02:fe:86:f0:1f:5c:f9:18:0f:
         69:cd:db:65:c2:b0:70:1c:87:6e:b2:e3:24:d8:bf:6f:17:7c:
         ec:b7:24:20:e6:00:3b:e2:9a:42:94:b9:3d:61:54:81:e2:2e:
         bd:dc:9f:eb:41:1c:c6:95:cc:d5:e0:c1:39:79:52:1e:08:1c:
         57:f3:02:53:51:e0:12:7e:36:18:d5:85:40:25:f6:9a:e1:35:
         1b:cb:37:38:50:eb:23:fb:de:40:c7:e8:ab:86:4d:84:81:bc:
         4d:39:6d:38:96:3e:73:e3:ec:86:d7:e3:c4:6b:12:11:d1:5b:
         d8:91:1a:12:5c:7b:b9:ce:9c:a9:41:c6:ed:22:f5:ec:09:95:
         82:3b:de:ec:db:7b:3f:b4:ee:16:ad:38:b6:ff:a3:4e:84:53:
         d3:e5:ac:1d:66:5b:2a:a8:f1:3a:ad:72:05:4a:4d:b9:56:1a:
         84:63:4c:2c:44:34:01:d5:a8:31:0a:b0:b5:d7:60:91:40:9a:
         f7:3a:4e:f8:e0:bf:9e:bd:44:c7:f5:3a:ad:67:f1:5f:93:3b:
         8a:43:56:84:88:49:af:19:73:cd:05:43:98:34:4f:5a:5c:4e:
         46:ab:8e:a7
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUOtrXYcu3ApUo9SvR91V0aTkynuEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODE5MDAwMDAwWhcNMjQwOTIzMjM1OTU5
WjB6MUkwRwYDVQQFE0AyM2JiYmVhN2Q5MjEwYTA0ZGUzODAyNTQzNmRlZmQ3Nzc0
YjNjZGFmODMxOTYxZDA5NzcyZDFlN2Q4MThjNDc1MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDI7p7FWyYlLuLzgfSI/LnsHR/nm13vn3tQH/V8yVHm8aVS
Hh/csvABumLi0QQVNVEMM+U1C0RYTkwbAxA664Ca2llTZCCol0ruzlr0/QntA/vN
mmolPM9gbIIFYiqnRL8jMtnpRD0I/cMglSlTwXS0ZKUk1lvpuxLq60mEKxPZ71AH
2xiXrWyO3HP0eOx4z3lHeXiKsmwfKJ8yYiq/MTOxJbrcXb4bYMi943sqf8b4rDVF
o8gXxxMeJsS1pwpbz50ms4l/DGtwWB6XzJx4l5kJ4bDRPnR/Dd0h+7JMaIPH/PO4
7LAIdF+wPNPNwV+6AsTm+TwrEPSxZRNA+nqb7dSBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVhlNYYxmPmGd9STIhkjLHovYi9EwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzllMTQ4ZTA3LWZmMDAtNDZmOS1hMzEzLTA1MDdlNDcyZjgzOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAF1X3rXiPxsn1lgbyPEDtNB0ABHq
1ODnxz5MnQL+hvAfXPkYD2nN22XCsHAch26y4yTYv28XfOy3JCDmADvimkKUuT1h
VIHiLr3cn+tBHMaVzNXgwTl5Uh4IHFfzAlNR4BJ+NhjVhUAl9prhNRvLNzhQ6yP7
3kDH6KuGTYSBvE05bTiWPnPj7IbX48RrEhHRW9iRGhJce7nOnKlBxu0i9ewJlYI7
3uzbez+07hatOLb/o06EU9PlrB1mWyqo8TqtcgVKTblWGoRjTCxENAHVqDEKsLXX
YJFAmvc6Tvjgv569RMf1Oq1n8V+TO4pDVoSISa8Zc80FQ5g0T1pcTkarjqc=
-----END CERTIFICATE-----