Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd38eeb2-e4e4-4e9e-899a-7813cbc8078f.roa
File:                     dd38eeb2-e4e4-4e9e-899a-7813cbc8078f.roa (raw, json)
Hash identifier:          c+rRo1gf+OpqRlVRIbxRnZwi2QTGEoy0/zVON26ViU4=
Subject key identifier:   EA:57:DD:1A:70:82:55:96:D8:CB:89:BF:DA:90:6A:B9:57:29:3A:17
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1CE3161BD9E109F2A43E098A5FC286512B08270C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd38eeb2-e4e4-4e9e-899a-7813cbc8078f.roa
Signing time:             Fri 14 Jun 2024 00:00:00 +0000
ROA not before:           Fri 14 Jun 2024 00:00:00 +0000
ROA not after:            Fri 19 Jul 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 14 Jun 2024 20:23:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:e3:16:1b:d9:e1:09:f2:a4:3e:09:8a:5f:c2:86:51:2b:08:27:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jun 14 00:00:00 2024 GMT
            Not After : Jul 19 23:59:59 2024 GMT
        Subject: serialNumber=0ac9d23160f59d33eb61c6919318fa78a93bd5b289555906674b231d43444177, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:25:f3:f1:6c:63:36:dc:45:32:0d:1c:ea:bd:
                    07:15:9d:b4:36:25:17:e0:04:9d:15:e3:2f:9e:ba:
                    b3:68:1f:47:58:73:ac:57:8e:fb:6d:ba:71:4e:e6:
                    80:15:0e:c7:54:77:4f:ca:c9:14:0a:51:f5:1a:c8:
                    17:8a:5d:c9:38:04:17:a1:61:49:e6:89:a1:cc:e0:
                    d1:a9:d8:5e:d1:39:42:ef:22:f7:d6:4e:d9:37:06:
                    8d:fc:9f:79:0c:f2:54:99:81:18:03:6c:d4:9c:33:
                    89:78:15:29:3e:6b:d5:b9:d0:c2:a3:7b:c4:29:7d:
                    c5:ff:c3:33:0f:e8:4d:f0:88:ec:94:f4:6f:6b:c8:
                    bc:4f:08:b0:3a:0b:e8:e8:dd:5e:75:73:51:bc:af:
                    01:35:90:af:da:98:71:a0:a6:d3:83:34:ce:3d:ac:
                    ca:ad:93:c0:2c:97:f4:1e:6a:54:8e:b5:60:c0:12:
                    fb:28:40:b5:ca:97:0b:59:a1:01:89:d1:5f:fa:bd:
                    6c:bb:1d:38:ad:d5:b0:13:b2:aa:63:4b:ff:ce:f9:
                    ea:0f:43:1e:6a:5d:ca:fb:de:d6:22:f7:85:1c:f5:
                    06:f1:1d:8e:5f:f3:c9:79:e6:b7:09:8a:cd:07:44:
                    9a:70:9a:81:a6:74:e9:23:39:5b:77:64:24:05:95:
                    b9:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:57:DD:1A:70:82:55:96:D8:CB:89:BF:DA:90:6A:B9:57:29:3A:17
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd38eeb2-e4e4-4e9e-899a-7813cbc8078f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:08:71:82:9c:85:6c:22:f5:d7:d6:25:15:f8:df:83:bc:17:
         d4:5d:3d:67:4b:03:1a:b6:7d:82:93:a6:75:a5:35:6f:ed:4c:
         41:94:20:9d:5d:fb:9c:75:62:75:6e:cc:81:87:75:86:be:6d:
         a9:67:de:b8:22:64:80:5f:ac:9d:57:46:28:0e:fd:a0:63:22:
         83:dd:ce:af:f2:23:19:a5:af:82:89:0d:26:0d:7c:69:f8:93:
         59:5c:d6:45:f2:51:c3:c3:e3:18:10:c4:cb:88:5f:19:02:3b:
         8e:65:03:a7:b0:07:a7:1e:41:08:c3:d4:fc:3a:0b:e8:65:78:
         c3:4f:5f:f3:3a:4b:19:c4:c9:a1:0c:41:5a:1d:1f:9d:84:f6:
         57:60:f0:72:49:6b:16:ab:ab:65:72:1e:a1:d9:d9:57:45:75:
         1a:a7:37:bb:ac:c4:07:2e:51:38:a2:75:47:f2:64:16:10:0a:
         2b:71:2a:e7:ea:82:8c:17:9f:7e:67:ec:c5:fb:38:71:14:21:
         57:d3:50:37:bd:93:e8:44:e1:b6:3c:b3:ce:48:4b:de:f9:b6:
         c1:cf:2c:61:74:9b:d6:fb:7d:de:c6:0b:fe:d1:bb:0b:88:cb:
         15:47:f3:32:ee:99:42:41:a0:13:b0:85:8d:c9:f2:61:1c:a6:
         8d:57:99:6a
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHOMWG9nhCfKkPgmKX8KGUSsIJwwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNjE0MDAwMDAwWhcNMjQwNzE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AwYWM5ZDIzMTYwZjU5ZDMzZWI2MWM2OTE5MzE4ZmE3OGE5
M2JkNWIyODk1NTU5MDY2NzRiMjMxZDQzNDQ0MTc3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuJfPxbGM23EUyDRzqvQcVnbQ2JRfgBJ0V4y+eurNoH0dY
c6xXjvttunFO5oAVDsdUd0/KyRQKUfUayBeKXck4BBehYUnmiaHM4NGp2F7ROULv
IvfWTtk3Bo38n3kM8lSZgRgDbNScM4l4FSk+a9W50MKje8QpfcX/wzMP6E3wiOyU
9G9ryLxPCLA6C+jo3V51c1G8rwE1kK/amHGgptODNM49rMqtk8Asl/QealSOtWDA
EvsoQLXKlwtZoQGJ0V/6vWy7HTit1bATsqpjS//O+eoPQx5qXcr73tYi94Uc9Qbx
HY5f88l55rcJis0HRJpwmoGmdOkjOVt3ZCQFlblHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6lfdGnCCVZbYy4m/2pBquVcpOhcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RkMzhlZWIyLWU0ZTQtNGU5ZS04OTlhLTc4MTNjYmM4MDc4Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHcIcYKchWwi9dfWJRX434O8F9Rd
PWdLAxq2fYKTpnWlNW/tTEGUIJ1d+5x1YnVuzIGHdYa+baln3rgiZIBfrJ1XRigO
/aBjIoPdzq/yIxmlr4KJDSYNfGn4k1lc1kXyUcPD4xgQxMuIXxkCO45lA6ewB6ce
QQjD1Pw6C+hleMNPX/M6SxnEyaEMQVodH52E9ldg8HJJaxarq2VyHqHZ2VdFdRqn
N7usxAcuUTiidUfyZBYQCitxKufqgowXn35n7MX7OHEUIVfTUDe9k+hE4bY8s85I
S975tsHPLGF0m9b7fd7GC/7RuwuIyxVH8zLumUJBoBOwhY3J8mEcpo1XmWo=
-----END CERTIFICATE-----