Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a8fce6fe-57af-4728-b2de-53375f2764ab.roa
File:                     a8fce6fe-57af-4728-b2de-53375f2764ab.roa (raw, json)
Hash identifier:          CvtDjoQplsUEprtvbPTH3KK3jhuUc6hbPeYO0awrk/0=
Subject key identifier:   EE:EB:88:1D:0E:8B:A6:BE:B2:98:D1:F8:60:05:81:2F:E8:C8:5A:4F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3CD543BE4021F5A6AC67702C9D6AA5AFEDDAB99E
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a8fce6fe-57af-4728-b2de-53375f2764ab.roa
Signing time:             Tue 15 Oct 2024 00:00:00 +0000
ROA not before:           Tue 15 Oct 2024 00:00:00 +0000
ROA not after:            Tue 19 Nov 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:1f32:8000::/39 maxlen: 48

Validation:               Failed, certificate revoked on Mon 21 Oct 2024 16:10:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:d5:43:be:40:21:f5:a6:ac:67:70:2c:9d:6a:a5:af:ed:da:b9:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 15 00:00:00 2024 GMT
            Not After : Nov 19 23:59:59 2024 GMT
        Subject: serialNumber=11d876d48b0e756f3be0a691c1e8b1111b4f55833a60f46ce27fdd0750e35eee, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a4:dd:ce:51:b5:b1:92:7e:79:fb:0e:a2:77:
                    0e:32:c6:f2:1f:a8:8f:b4:1e:1d:05:d1:54:a7:b6:
                    bb:03:a1:84:6a:8b:ad:7d:6f:a4:90:c4:98:8a:7e:
                    2e:f2:6f:10:5f:cd:2a:5b:25:03:05:01:28:27:1e:
                    44:b5:b7:77:be:22:6a:a8:81:80:87:ca:76:01:a0:
                    7f:c7:7b:ec:9b:cb:bb:47:17:a9:81:4c:36:8d:44:
                    94:53:19:ef:3f:67:1c:7e:da:8a:dd:a5:90:bc:05:
                    00:8c:b2:f6:c6:46:b3:b2:a1:1e:cc:01:e3:39:ba:
                    52:03:e5:aa:6c:99:30:bf:41:86:ba:5b:6d:28:ff:
                    7d:d1:c9:08:f3:35:7d:c8:4e:a2:ac:8a:71:4d:85:
                    e7:cd:d6:8c:e4:bb:06:3a:6d:33:6c:8e:2c:f2:54:
                    20:4c:ab:20:ae:82:a8:24:df:a5:22:f7:54:b7:30:
                    e6:48:a8:01:e2:b0:9b:93:15:3d:6d:d8:d0:aa:44:
                    15:c2:65:56:3e:9c:1b:ff:b1:72:a3:75:e1:62:0b:
                    8c:b1:0e:66:de:78:46:ac:7c:42:43:5e:ce:3f:7f:
                    52:fd:f4:0d:dc:e5:9e:e5:66:26:0f:0b:eb:32:34:
                    61:67:38:05:8f:66:d3:8b:6a:60:ad:ff:b0:e2:0c:
                    fe:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:EB:88:1D:0E:8B:A6:BE:B2:98:D1:F8:60:05:81:2F:E8:C8:5A:4F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/a8fce6fe-57af-4728-b2de-53375f2764ab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f32:8000::/39

    Signature Algorithm: sha256WithRSAEncryption
         74:cf:29:44:f7:5d:ec:97:c4:e3:cc:3c:16:09:3a:3a:e7:63:
         12:e6:ac:3e:03:6e:37:4b:5e:db:33:bf:bc:09:ad:81:75:04:
         0e:34:4e:54:95:0f:ea:51:c6:64:f4:50:f1:99:00:af:c7:a9:
         97:db:10:f8:0d:58:05:e9:b1:68:4f:72:52:26:0d:b1:98:13:
         94:b5:47:f8:e2:61:da:72:e9:9d:f1:14:a1:50:60:71:06:93:
         81:4b:09:88:fb:7e:0e:6d:c8:f8:4c:a5:9f:fb:95:08:bb:b8:
         19:1a:3a:77:16:5b:31:6a:03:1d:61:d2:98:f8:28:65:4c:52:
         b7:e2:b8:ea:6f:58:4c:49:7b:3c:86:4e:17:a4:1b:52:66:10:
         02:fa:70:34:d3:6a:37:68:6c:c0:98:01:d6:5b:e3:4e:38:2e:
         87:d7:d0:7e:66:7a:b6:59:44:ef:7f:52:d0:92:9e:70:ff:b1:
         33:96:56:8b:16:15:5e:3f:8e:7a:4f:fa:ba:3e:ba:00:b8:43:
         61:3e:81:a6:73:fe:d2:0f:02:7f:99:4a:fc:18:d8:7d:4a:47:
         9c:c5:c2:2a:fc:f9:02:61:a8:2c:51:6e:83:6b:3f:cf:0c:20:
         07:36:ed:aa:e9:25:7c:a5:7c:20:12:e7:b4:b3:58:d3:61:a1:
         7c:d9:29:41
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUPNVDvkAh9aasZ3AsnWqlr+3auZ4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMDE1MDAwMDAwWhcNMjQxMTE5MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMWQ4NzZkNDhiMGU3NTZmM2JlMGE2OTFjMWU4YjExMTFi
NGY1NTgzM2E2MGY0NmNlMjdmZGQwNzUwZTM1ZWVlMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8pN3OUbWxkn55+w6idw4yxvIfqI+0Hh0F0VSntrsDoYRq
i619b6SQxJiKfi7ybxBfzSpbJQMFASgnHkS1t3e+ImqogYCHynYBoH/He+yby7tH
F6mBTDaNRJRTGe8/Zxx+2ordpZC8BQCMsvbGRrOyoR7MAeM5ulID5apsmTC/QYa6
W20o/33RyQjzNX3ITqKsinFNhefN1ozkuwY6bTNsjizyVCBMqyCugqgk36Ui91S3
MOZIqAHisJuTFT1t2NCqRBXCZVY+nBv/sXKjdeFiC4yxDmbeeEasfEJDXs4/f1L9
9A3c5Z7lZiYPC+syNGFnOAWPZtOLamCt/7DiDP6vAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQU7uuIHQ6Lpr6ymNH4YAWBL+jIWk8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2E4ZmNlNmZlLTU3YWYtNDcyOC1iMmRlLTUzMzc1ZjI3NjRhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgEmAB8ygDANBgkqhkiG9w0BAQsFAAOCAQEAdM8pRPdd7JfE48w8Fgk6Oudj
EuasPgNuN0te2zO/vAmtgXUEDjROVJUP6lHGZPRQ8ZkAr8epl9sQ+A1YBemxaE9y
UiYNsZgTlLVH+OJh2nLpnfEUoVBgcQaTgUsJiPt+Dm3I+Eyln/uVCLu4GRo6dxZb
MWoDHWHSmPgoZUxSt+K46m9YTEl7PIZOF6QbUmYQAvpwNNNqN2hswJgB1lvjTjgu
h9fQfmZ6tllE739S0JKecP+xM5ZWixYVXj+Oek/6uj66ALhDYT6BpnP+0g8Cf5lK
/BjYfUpHnMXCKvz5AmGoLFFug2s/zwwgBzbtquklfKV8IBLntLNY02GhfNkpQQ==
-----END CERTIFICATE-----