Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/079cc1e2-817f-4601-bbf9-167342dd67d8.roa
File:                     079cc1e2-817f-4601-bbf9-167342dd67d8.roa (raw, json)
Hash identifier:          fcc1xxrOikina3RveaXUHFEZqPY1SVuEGYaBmp3JsFo=
Subject key identifier:   E2:42:99:A4:6D:F3:87:F6:C2:BB:A0:20:4E:A3:ED:C5:1E:B8:98:68
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7205CBBFC69E5EC202CA6FA42770C2BD827A7F68
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/079cc1e2-817f-4601-bbf9-167342dd67d8.roa
Signing time:             Wed 12 Mar 2025 00:21:38 +0000
ROA not before:           Wed 12 Mar 2025 00:21:38 +0000
ROA not after:            Wed 16 Apr 2025 23:59:59 +0000
asID:                     8987
IP address blocks:        168.185.4.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Tue 18 Mar 2025 16:37:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:05:cb:bf:c6:9e:5e:c2:02:ca:6f:a4:27:70:c2:bd:82:7a:7f:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 12 00:21:38 2025 GMT
            Not After : Apr 16 23:59:59 2025 GMT
        Subject: serialNumber=f8f266fc4a29d9a2162581e5b7e29427235081e6a42f4006675b7ff10bf0b9e7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:58:c5:a7:24:d8:5d:90:4f:3d:eb:81:38:71:
                    bf:c0:55:6c:63:ed:e1:a6:81:c8:76:f8:49:6c:3a:
                    73:b1:22:26:af:b8:54:d4:20:3d:7a:51:c1:7f:df:
                    90:92:6d:e2:71:f4:d5:d2:cd:72:63:2d:d5:bd:ea:
                    ac:84:b0:83:8f:02:3d:8f:00:81:a7:38:25:15:67:
                    e1:23:fc:34:6c:fa:91:88:49:f3:c8:08:58:7f:3e:
                    5d:27:f1:ca:ee:6f:dc:ab:3b:0a:d4:34:d8:9a:e6:
                    7a:c2:06:03:a2:ca:89:4e:23:93:22:0d:ba:2b:fa:
                    4e:53:c1:7a:27:5b:ae:4e:14:43:2b:78:87:3a:62:
                    0e:d8:35:63:2f:b9:7a:72:cf:6f:07:1d:f9:98:44:
                    99:d3:1a:92:72:a2:86:45:78:28:de:55:3e:62:f0:
                    05:c4:33:10:97:89:05:e7:fb:53:46:38:a9:0f:87:
                    a9:5b:d9:8b:72:13:4d:86:b0:05:19:30:3e:f6:10:
                    01:61:5a:7d:5f:84:67:79:b0:94:45:e3:11:ab:b3:
                    ed:b8:04:d6:60:81:90:3c:a4:45:16:57:f3:6b:65:
                    ec:e4:63:21:cd:17:43:8a:24:82:ee:b3:29:1c:88:
                    34:23:fd:75:e6:4d:3d:36:68:31:ee:b2:1a:f9:ce:
                    9a:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:42:99:A4:6D:F3:87:F6:C2:BB:A0:20:4E:A3:ED:C5:1E:B8:98:68
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/079cc1e2-817f-4601-bbf9-167342dd67d8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.185.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:52:7e:b8:9f:8a:81:4a:d0:7f:b7:b6:fe:94:ec:b5:7e:f6:
         9d:dd:21:43:ad:8e:a7:9a:4c:4d:8b:b7:f2:75:37:6f:57:f8:
         40:f0:14:0a:c2:ac:e8:0b:5a:33:da:7e:16:d0:fb:68:e5:5e:
         ef:44:8e:1e:57:eb:aa:17:da:04:56:43:e9:a6:17:32:82:36:
         c9:45:4d:86:29:19:4c:f6:80:6e:fc:17:6f:ba:6e:e7:dd:22:
         db:14:d0:dd:81:f3:89:de:53:3e:58:cc:3a:c5:a2:e7:45:9c:
         9d:7e:9f:b3:3d:d9:a0:2f:ed:6e:34:ad:1b:67:bd:2e:a6:ba:
         87:f6:0a:f3:39:cf:9b:1f:c7:0f:da:8b:bb:9c:25:f0:a9:0f:
         40:52:eb:07:68:a9:3a:c6:25:f5:eb:17:51:2c:76:98:a2:c4:
         ea:8c:87:0e:5e:a1:0c:02:bd:db:19:bd:cb:43:6d:83:19:73:
         05:3b:08:ff:a5:e2:ce:d7:26:62:b3:50:68:6b:5a:02:84:ca:
         f8:33:06:ad:6c:75:72:c9:02:3d:f0:83:b7:28:9e:e3:5f:54:
         e4:d9:f6:90:86:9a:83:e0:01:5c:0d:92:02:20:ef:14:88:65:
         98:2e:a0:23:3f:3d:2c:fd:b9:62:6e:f2:27:b4:05:bb:6a:0a:
         6c:43:e9:07
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcgXLv8aeXsICym+kJ3DCvYJ6f2gwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEyMDAyMTM4WhcNMjUwNDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BmOGYyNjZmYzRhMjlkOWEyMTYyNTgxZTViN2UyOTQyNzIz
NTA4MWU2YTQyZjQwMDY2NzViN2ZmMTBiZjBiOWU3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcWMWnJNhdkE8964E4cb/AVWxj7eGmgch2+ElsOnOxIiav
uFTUID16UcF/35CSbeJx9NXSzXJjLdW96qyEsIOPAj2PAIGnOCUVZ+Ej/DRs+pGI
SfPICFh/Pl0n8crub9yrOwrUNNia5nrCBgOiyolOI5MiDbor+k5TwXonW65OFEMr
eIc6Yg7YNWMvuXpyz28HHfmYRJnTGpJyooZFeCjeVT5i8AXEMxCXiQXn+1NGOKkP
h6lb2YtyE02GsAUZMD72EAFhWn1fhGd5sJRF4xGrs+24BNZggZA8pEUWV/NrZezk
YyHNF0OKJILusykciDQj/XXmTT02aDHushr5zpoHAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU4kKZpG3zh/bCu6AgTqPtxR64mGgwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzA3OWNjMWUyLTgxN2YtNDYwMS1iYmY5LTE2NzM0MmRkNjdkOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKouQQwDQYJKoZIhvcNAQELBQADggEBAHpSfrifioFK0H+3tv6U7LV+9p3d
IUOtjqeaTE2Lt/J1N29X+EDwFArCrOgLWjPafhbQ+2jlXu9Ejh5X66oX2gRWQ+mm
FzKCNslFTYYpGUz2gG78F2+6bufdItsU0N2B84neUz5YzDrFoudFnJ1+n7M92aAv
7W40rRtnvS6muof2CvM5z5sfxw/ai7ucJfCpD0BS6wdoqTrGJfXrF1EsdpiixOqM
hw5eoQwCvdsZvctDbYMZcwU7CP+l4s7XJmKzUGhrWgKEyvgzBq1sdXLJAj3wg7co
nuNfVOTZ9pCGmoPgAVwNkgIg7xSIZZguoCM/PSz9uWJu8ie0BbtqCmxD6Qc=
-----END CERTIFICATE-----