Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd06b35f-c75f-493a-a917-c17823d00ae2.roa
File:                     dd06b35f-c75f-493a-a917-c17823d00ae2.roa (raw, json)
Hash identifier:          9qT/50bbBNETtVM0azQ0mohJY0w3Sq38oSSioGfbzzM=
Subject key identifier:   BC:10:D7:F7:A9:44:F5:23:A6:D3:E5:88:96:E8:1C:FB:99:2F:7B:5D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       5B6D60037BAC7FBB15137E61B48875442169FE9E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd06b35f-c75f-493a-a917-c17823d00ae2.roa
Signing time:             Sat 31 Aug 2024 00:00:00 +0000
ROA not before:           Sat 31 Aug 2024 00:00:00 +0000
ROA not after:            Sat 05 Oct 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 31 Aug 2024 02:44:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:6d:60:03:7b:ac:7f:bb:15:13:7e:61:b4:88:75:44:21:69:fe:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 31 00:00:00 2024 GMT
            Not After : Oct  5 23:59:59 2024 GMT
        Subject: serialNumber=faa5819f6785a38572f26a664a5a3a3702a6495b7b79375e5f18babf3dd8dd20, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:5f:6c:00:da:bc:78:20:e5:fc:14:10:ad:f7:
                    2f:0d:67:a3:d1:e1:ba:20:3f:d0:95:a0:65:38:2b:
                    9e:10:21:31:05:ca:34:fa:c2:33:8f:0b:00:35:17:
                    30:fe:4f:c1:d9:56:c0:b5:34:75:e9:b9:ce:d0:83:
                    12:08:d9:a1:3c:01:87:7b:e1:44:da:6d:d2:a8:2b:
                    b1:f6:14:56:6b:6b:81:7c:dd:d7:32:55:5e:bd:15:
                    57:ff:fc:c0:cb:33:e7:c3:26:e9:60:8b:df:d8:a0:
                    67:c6:9c:fc:cb:e6:79:fd:82:93:89:75:ea:2f:88:
                    e1:c9:dd:03:72:20:c4:c8:f0:77:25:9a:39:8c:be:
                    d6:39:63:16:79:d7:5e:f1:d8:cb:dd:fa:45:82:bf:
                    9b:b3:79:4e:6b:fa:be:01:92:7b:4f:03:56:35:f7:
                    17:08:71:89:7b:88:24:d7:e1:3e:fe:51:cc:aa:3b:
                    4d:aa:18:24:83:1d:f8:0c:62:a5:cd:8d:4b:5d:ef:
                    c5:3f:e4:94:51:64:58:31:14:11:b6:3f:d8:d4:e6:
                    68:ab:69:b5:64:cf:1c:83:50:2c:d7:75:5c:47:2f:
                    55:eb:3f:b8:8b:a3:4e:f9:58:5b:b0:01:f2:22:70:
                    e9:9a:ba:cf:b4:bd:bf:af:f9:30:21:7c:7c:ee:8d:
                    b7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:10:D7:F7:A9:44:F5:23:A6:D3:E5:88:96:E8:1C:FB:99:2F:7B:5D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd06b35f-c75f-493a-a917-c17823d00ae2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:7e:c6:67:5e:13:fd:ea:c5:e8:da:66:68:1f:c3:a1:32:64:
         7b:90:9e:b2:be:69:c2:d8:65:ab:57:93:fc:73:3a:a4:ec:5c:
         7b:ac:96:40:46:26:80:a6:30:05:e5:24:12:4a:ee:8f:90:c1:
         a1:6b:c9:cd:9f:37:28:d7:12:f2:02:be:ba:f7:33:f6:9a:8f:
         8d:08:12:fd:7f:f5:6c:33:db:18:da:3a:41:38:a0:85:9a:f6:
         1d:06:88:08:6b:9a:ba:1b:3d:b4:4c:a4:72:3a:5b:25:2c:7b:
         8c:85:58:b7:2d:c0:ad:7b:ea:b6:e0:69:19:20:e1:7c:62:db:
         00:bb:6f:c2:69:87:f1:00:b2:84:d7:58:9e:1f:4a:dd:37:f4:
         76:c4:74:01:cf:0b:c6:3c:10:6f:13:ef:fd:7b:e1:ca:32:e3:
         64:7c:a3:60:6a:fb:9e:d2:00:19:5f:f0:fe:dc:0a:d9:14:e0:
         29:33:c5:9e:a5:fa:b1:c1:3f:ee:28:3d:6a:2c:60:d3:72:22:
         68:99:74:5f:54:00:ee:74:55:46:0d:60:35:fb:50:5c:c1:07:
         a9:d4:db:17:f8:a1:10:b3:b1:c9:0e:e8:21:ad:34:24:74:e4:
         af:0b:0e:b6:8b:27:2b:9e:6e:d8:97:9b:6e:de:ff:6c:3b:1c:
         ad:6d:25:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUW21gA3usf7sVE35htIh1RCFp/p4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwODMxMDAwMDAwWhcNMjQxMDA1MjM1OTU5
WjB6MUkwRwYDVQQFE0BmYWE1ODE5ZjY3ODVhMzg1NzJmMjZhNjY0YTVhM2EzNzAy
YTY0OTViN2I3OTM3NWU1ZjE4YmFiZjNkZDhkZDIwMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDzX2wA2rx4IOX8FBCt9y8NZ6PR4bogP9CVoGU4K54QITEF
yjT6wjOPCwA1FzD+T8HZVsC1NHXpuc7QgxII2aE8AYd74UTabdKoK7H2FFZra4F8
3dcyVV69FVf//MDLM+fDJulgi9/YoGfGnPzL5nn9gpOJdeoviOHJ3QNyIMTI8Hcl
mjmMvtY5YxZ5117x2Mvd+kWCv5uzeU5r+r4BkntPA1Y19xcIcYl7iCTX4T7+Ucyq
O02qGCSDHfgMYqXNjUtd78U/5JRRZFgxFBG2P9jU5mirabVkzxyDUCzXdVxHL1Xr
P7iLo075WFuwAfIicOmaus+0vb+v+TAhfHzujbe5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUvBDX96lE9SOm0+WIlugc+5kve10wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RkMDZiMzVmLWM3NWYtNDkzYS1hOTE3LWMxNzgyM2QwMGFlMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFF+xmdeE/3qxejaZmgfw6EyZHuQ
nrK+acLYZatXk/xzOqTsXHuslkBGJoCmMAXlJBJK7o+QwaFryc2fNyjXEvICvrr3
M/aaj40IEv1/9Wwz2xjaOkE4oIWa9h0GiAhrmrobPbRMpHI6WyUse4yFWLctwK17
6rbgaRkg4Xxi2wC7b8Jph/EAsoTXWJ4fSt039HbEdAHPC8Y8EG8T7/174coy42R8
o2Bq+57SABlf8P7cCtkU4CkzxZ6l+rHBP+4oPWosYNNyImiZdF9UAO50VUYNYDX7
UFzBB6nU2xf4oRCzsckO6CGtNCR05K8LDraLJyuebtiXm27e/2w7HK1tJRA=
-----END CERTIFICATE-----