Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c6f03c3e-d625-4cf3-a5fc-abb9abaf1b3c.roa
File:                     c6f03c3e-d625-4cf3-a5fc-abb9abaf1b3c.roa (raw, json)
Hash identifier:          VKjxNo1SNzJcOMyU4JdaaLBg/wnXlFWu7KTiEVDKW6s=
Subject key identifier:   9A:2C:7A:71:F9:FF:FA:E2:DF:28:7A:DE:EE:78:F5:34:61:5A:F5:17
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3698CEFAE7BD606390213928A086D6B96A871C81
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c6f03c3e-d625-4cf3-a5fc-abb9abaf1b3c.roa
Signing time:             Mon 20 May 2024 00:00:00 +0000
ROA not before:           Mon 20 May 2024 00:00:00 +0000
ROA not after:            Mon 24 Jun 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 20 May 2024 07:28:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:98:ce:fa:e7:bd:60:63:90:21:39:28:a0:86:d6:b9:6a:87:1c:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: May 20 00:00:00 2024 GMT
            Not After : Jun 24 23:59:59 2024 GMT
        Subject: serialNumber=7cbf9b8aabf96abba9da589296535653c0142aec05ae2d5eeead8e6970bbd230, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b1:cb:8b:77:ca:d8:1e:4f:b8:81:83:a9:47:
                    fb:35:99:ec:01:60:6b:5d:93:49:a2:83:64:d3:2f:
                    0b:d1:b7:74:ed:77:8d:12:ae:30:b8:cc:57:3c:0f:
                    e4:57:ad:62:38:17:c0:95:d3:64:ca:34:e5:41:66:
                    3b:71:d8:e0:85:54:3a:c7:84:38:94:ec:68:bb:b3:
                    37:6e:a8:c8:52:10:e6:dc:4b:a1:bb:86:68:b0:5f:
                    83:69:56:50:1e:a6:2b:92:ff:cd:50:32:74:d6:85:
                    82:f9:41:de:fa:07:97:91:b7:60:ae:ac:df:68:e5:
                    6d:24:87:24:3d:6b:9e:24:cb:d2:28:26:56:34:93:
                    51:f9:f5:7a:58:30:0b:2e:8d:e5:81:cd:84:06:2f:
                    49:89:11:85:66:c5:15:b5:27:8d:e5:cc:3e:f7:51:
                    71:81:b2:8b:a6:57:80:c9:e1:1d:99:9a:94:06:93:
                    d1:75:73:dd:80:09:cd:8d:c0:45:af:2c:38:bb:43:
                    d2:35:11:03:74:38:8a:a6:24:0a:55:a0:3e:fa:4e:
                    47:bb:57:8f:1e:9c:1d:10:c4:4d:8c:70:ba:1a:3d:
                    70:84:f2:a3:e4:fd:5a:f3:84:9f:fc:a3:d0:91:ee:
                    99:bb:3e:f4:61:10:fa:ab:a5:6f:a8:4f:83:ec:10:
                    b2:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:2C:7A:71:F9:FF:FA:E2:DF:28:7A:DE:EE:78:F5:34:61:5A:F5:17
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/c6f03c3e-d625-4cf3-a5fc-abb9abaf1b3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:b5:ea:09:14:9c:d7:58:85:f6:44:8b:39:a8:77:69:53:23:
         d0:67:90:b2:db:8c:6d:fd:71:2a:55:8d:54:27:f3:6f:00:66:
         fc:f0:51:9c:37:fc:26:4c:07:7b:95:b3:9a:62:4f:93:8e:44:
         a0:5c:0e:65:a1:69:73:3d:0b:fc:26:8b:73:6f:13:d5:e4:ad:
         fe:58:41:13:90:2b:d9:d0:9a:2b:1c:a1:4d:b9:5c:c3:df:7a:
         e4:41:9c:33:9e:64:0b:d5:8e:66:b6:8e:5f:f2:91:64:d5:c2:
         2e:0b:af:15:ba:f4:cf:90:af:00:43:39:8e:77:d6:fd:e1:7c:
         7a:46:0b:f4:ae:1f:56:6e:4e:0c:da:54:d0:cd:54:9c:67:e1:
         64:d8:57:c8:91:69:58:ae:e8:c2:7f:ac:6c:6b:02:6c:13:d1:
         9b:f7:09:ae:1b:45:a8:84:79:56:e8:4a:f6:12:2c:82:9d:e7:
         77:aa:b7:d2:46:31:75:d2:85:6a:af:77:37:32:c2:6a:1b:70:
         51:fc:ad:46:e8:bd:22:7c:cc:ce:1b:36:e1:d7:a8:da:d4:00:
         d3:25:3c:66:68:01:a6:27:f5:03:8b:6a:72:66:ba:a0:c0:30:
         b8:80:b7:85:ed:a6:91:8f:df:91:dc:ca:6a:f5:14:cb:a7:15:
         e6:14:8e:a6
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUNpjO+ue9YGOQITkooIbWuWqHHIEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNTIwMDAwMDAwWhcNMjQwNjI0MjM1OTU5
WjB6MUkwRwYDVQQFE0A3Y2JmOWI4YWFiZjk2YWJiYTlkYTU4OTI5NjUzNTY1M2Mw
MTQyYWVjMDVhZTJkNWVlZWFkOGU2OTcwYmJkMjMwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDTscuLd8rYHk+4gYOpR/s1mewBYGtdk0mig2TTLwvRt3Tt
d40SrjC4zFc8D+RXrWI4F8CV02TKNOVBZjtx2OCFVDrHhDiU7Gi7szduqMhSEObc
S6G7hmiwX4NpVlAepiuS/81QMnTWhYL5Qd76B5eRt2CurN9o5W0khyQ9a54ky9Io
JlY0k1H59XpYMAsujeWBzYQGL0mJEYVmxRW1J43lzD73UXGBsoumV4DJ4R2ZmpQG
k9F1c92ACc2NwEWvLDi7Q9I1EQN0OIqmJApVoD76Tke7V48enB0QxE2McLoaPXCE
8qPk/VrzhJ/8o9CR7pm7PvRhEPqrpW+oT4PsELLzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmix6cfn/+uLfKHre7nj1NGFa9RcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2M2ZjAzYzNlLWQ2MjUtNGNmMy1hNWZjLWFiYjlhYmFmMWIzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAEq16gkUnNdYhfZEizmod2lTI9Bn
kLLbjG39cSpVjVQn828AZvzwUZw3/CZMB3uVs5piT5OORKBcDmWhaXM9C/wmi3Nv
E9Xkrf5YQROQK9nQmiscoU25XMPfeuRBnDOeZAvVjma2jl/ykWTVwi4LrxW69M+Q
rwBDOY531v3hfHpGC/SuH1ZuTgzaVNDNVJxn4WTYV8iRaViu6MJ/rGxrAmwT0Zv3
Ca4bRaiEeVboSvYSLIKd53eqt9JGMXXShWqvdzcywmobcFH8rUbovSJ8zM4bNuHX
qNrUANMlPGZoAaYn9QOLanJmuqDAMLiAt4XtppGP35Hcymr1FMunFeYUjqY=
-----END CERTIFICATE-----