Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/40048411-9f25-4c2b-ac1f-54231589d13a.roa
File:                     40048411-9f25-4c2b-ac1f-54231589d13a.roa (raw, json)
Hash identifier:          enCaMlU12mj3MbrdHJhR4WU9YsisycuJh7y2Lb8Nd40=
Subject key identifier:   7E:80:A7:95:6A:21:8D:62:18:6A:78:6F:19:AC:5C:B4:AF:6D:3E:CF
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       520D670218C99521EC677D31D628C59711DFE689
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/40048411-9f25-4c2b-ac1f-54231589d13a.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        139.89.0.0/16 maxlen: 24
Validation:               Failed, certificate revoked on Wed 15 Jan 2025 22:10:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:0d:67:02:18:c9:95:21:ec:67:7d:31:d6:28:c5:97:11:df:e6:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:8a:0e:a1:23:1a:a1:20:bb:fd:b7:43:81:7d:
                    b2:57:59:4c:82:d2:eb:53:54:d3:0e:88:63:b5:34:
                    e0:43:e1:4c:13:6d:47:56:42:be:a4:4e:5f:ed:fa:
                    0d:fb:a7:84:3d:73:95:f3:b0:89:77:65:cf:66:a1:
                    a2:89:80:d7:3d:43:3f:b3:c0:c8:54:f5:1b:b6:87:
                    8c:10:94:fc:7e:28:38:72:7e:43:d6:07:6b:72:9e:
                    86:81:94:25:31:d5:e5:0a:bd:01:9a:ac:42:75:fc:
                    58:30:07:2c:6f:80:a9:9c:0c:46:30:52:6a:b5:9b:
                    ca:5d:db:fc:c0:da:91:c9:9f:65:33:8f:70:9d:e6:
                    32:93:30:fe:a6:58:0f:5d:2f:63:80:bd:0a:47:0f:
                    05:eb:ff:c5:c5:d8:95:42:2f:23:8f:aa:01:a3:66:
                    f5:b9:83:a8:b3:66:fb:ee:2f:23:d6:99:61:0e:0a:
                    b6:c5:4e:9d:88:3c:9a:cf:91:7e:14:93:60:19:32:
                    90:d2:17:ed:4e:36:3b:1a:68:68:7c:fe:28:27:29:
                    16:a0:fc:8b:9b:be:4b:bc:2f:07:ba:2f:bc:6d:a1:
                    e5:53:4e:79:43:fa:17:a6:25:c0:c0:54:42:3e:db:
                    f2:e2:23:d6:2c:98:ed:f8:d7:43:70:b0:cc:dd:40:
                    ef:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:80:A7:95:6A:21:8D:62:18:6A:78:6F:19:AC:5C:B4:AF:6D:3E:CF
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/40048411-9f25-4c2b-ac1f-54231589d13a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.89.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         d5:65:99:2f:58:04:1c:1b:88:ce:b8:0f:d3:ba:8d:64:2a:4b:
         26:46:53:80:eb:11:f2:25:93:c9:ac:8f:bb:3b:82:72:88:e0:
         0a:23:a5:61:2a:fb:79:2a:24:6b:45:51:08:1c:74:54:fa:bd:
         e8:2d:51:93:60:c9:4a:91:8f:14:39:4c:c7:fd:80:0b:42:50:
         96:ff:d8:d9:30:da:66:b1:61:ce:cc:d3:f6:0b:3a:8d:1e:43:
         41:84:2b:30:e7:a0:62:27:7b:c4:a2:da:36:76:58:69:cc:05:
         8a:2b:f4:62:80:10:2d:4f:65:15:b1:05:83:47:f6:9b:1c:3e:
         5d:d0:58:ac:9c:04:46:ea:76:9a:f8:9f:0c:90:8c:c8:b1:0d:
         e2:9b:65:55:58:ec:ff:25:16:1c:c6:6c:6f:25:f1:48:9c:51:
         67:47:22:5b:5c:6d:d8:f2:54:88:11:d8:9f:0a:45:a4:5c:c7:
         ac:1f:a0:35:3a:4c:d2:15:ef:8f:49:71:87:b1:26:fe:d1:d9:
         3f:f9:ef:1f:f0:b8:98:76:5c:9c:aa:e6:bc:a2:ef:6e:6c:78:
         dd:d9:ae:6a:99:66:ba:14:90:bf:fd:c0:01:58:5e:1d:fd:ae:
         a9:43:8d:38:31:83:41:2e:5f:8f:10:87:50:a1:f3:e2:58:66:
         bc:f8:3c:7e
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUg1nAhjJlSHsZ30x1ijFlxHf5okwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MzMzNDBkZDZjMzYyMDE3M2ExM2RjMzZkNjI4ZTY5NWNl
NTVkMWYzMzJmNTEwNTI5OTEzMjZlZDJlYmFkOWJiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8ig6hIxqhILv9t0OBfbJXWUyC0utTVNMOiGO1NOBD4UwT
bUdWQr6kTl/t+g37p4Q9c5XzsIl3Zc9moaKJgNc9Qz+zwMhU9Ru2h4wQlPx+KDhy
fkPWB2tynoaBlCUx1eUKvQGarEJ1/FgwByxvgKmcDEYwUmq1m8pd2/zA2pHJn2Uz
j3Cd5jKTMP6mWA9dL2OAvQpHDwXr/8XF2JVCLyOPqgGjZvW5g6izZvvuLyPWmWEO
CrbFTp2IPJrPkX4Uk2AZMpDSF+1ONjsaaGh8/ignKRag/Iubvku8Lwe6L7xtoeVT
TnlD+hemJcDAVEI+2/LiI9YsmO3410NwsMzdQO8XAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUfoCnlWohjWIYanhvGaxctK9tPs8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzQwMDQ4NDExLTlmMjUtNGMyYi1hYzFmLTU0MjMxNTg5ZDEzYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCLWTANBgkqhkiG9w0BAQsFAAOCAQEA1WWZL1gEHBuIzrgP07qNZCpLJkZT
gOsR8iWTyayPuzuCcojgCiOlYSr7eSoka0VRCBx0VPq96C1Rk2DJSpGPFDlMx/2A
C0JQlv/Y2TDaZrFhzszT9gs6jR5DQYQrMOegYid7xKLaNnZYacwFiiv0YoAQLU9l
FbEFg0f2mxw+XdBYrJwERup2mvifDJCMyLEN4ptlVVjs/yUWHMZsbyXxSJxRZ0ci
W1xt2PJUiBHYnwpFpFzHrB+gNTpM0hXvj0lxh7Em/tHZP/nvH/C4mHZcnKrmvKLv
bmx43dmuaplmuhSQv/3AAVheHf2uqUONODGDQS5fjxCHUKHz4lhmvPg8fg==
-----END CERTIFICATE-----