Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b15f49e8-22b3-44f6-ab22-8f401dbf38c3.roa
File:                     b15f49e8-22b3-44f6-ab22-8f401dbf38c3.roa (raw, json)
Hash identifier:          N4FGoTjD3N7xyib2Q79TjgUjRoAw58C8BYNgZPjoxns=
Subject key identifier:   4C:B2:88:57:AB:92:0D:40:8B:0D:CB:AB:58:8D:01:1A:F4:1B:AD:A9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       0AFDB916C54B9F862E3D05BE137B72D156DDEDB1
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b15f49e8-22b3-44f6-ab22-8f401dbf38c3.roa
Signing time:             Tue 04 Feb 2025 00:00:00 +0000
ROA not before:           Tue 04 Feb 2025 00:00:00 +0000
ROA not after:            Tue 11 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1f1d:4000::/36 maxlen: 36
Validation:               Failed, certificate revoked on Tue 04 Feb 2025 21:11:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:fd:b9:16:c5:4b:9f:86:2e:3d:05:be:13:7b:72:d1:56:dd:ed:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Feb  4 00:00:00 2025 GMT
            Not After : Mar 11 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f8:36:3a:35:2c:22:a2:b8:40:23:e4:81:cc:
                    85:ba:37:42:3b:11:aa:6b:17:4c:6d:fd:cc:66:20:
                    92:1e:f7:91:27:d4:8d:95:0c:d6:df:61:b1:e0:b5:
                    df:a6:41:06:ec:eb:54:5b:20:ac:c1:c8:11:29:1f:
                    3f:36:35:e4:0c:d4:9f:0c:d7:ef:a6:5e:06:c2:f4:
                    bc:c0:96:0d:b0:3f:82:6f:66:e3:6e:6a:74:70:aa:
                    70:41:e5:ba:3e:2e:68:dd:fa:89:48:7f:d8:5f:c0:
                    6e:50:7a:62:09:78:b1:7c:5a:7b:2e:0d:22:79:d8:
                    c1:63:0d:d4:38:4b:45:85:71:fd:a3:a5:81:b7:c5:
                    74:c6:26:88:5c:62:85:bb:3e:c6:b9:b7:f8:a2:61:
                    e4:6f:fc:42:5f:8c:cb:69:ce:6d:b5:82:88:bd:f0:
                    26:5d:fa:d0:c5:8d:12:c4:23:aa:0f:a2:69:29:d6:
                    89:f7:d1:d9:35:1e:b0:a2:7f:42:7e:ac:c7:be:55:
                    64:6e:a9:ae:64:03:2f:c6:5a:60:c4:be:9a:21:54:
                    25:91:d7:f9:a5:94:a6:fe:29:77:ed:6e:aa:13:93:
                    71:46:c1:17:48:0d:d7:ad:ac:a1:4c:1b:7c:a7:bd:
                    43:1c:d4:45:0a:75:6f:dc:a6:6d:b7:0a:b7:c5:35:
                    90:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B2:88:57:AB:92:0D:40:8B:0D:CB:AB:58:8D:01:1A:F4:1B:AD:A9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b15f49e8-22b3-44f6-ab22-8f401dbf38c3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1f1d:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         55:e0:42:03:38:23:27:9e:df:7a:9a:52:ef:4a:00:7e:70:81:
         66:e5:a9:6e:5c:94:35:19:5e:1a:f8:ee:a3:4d:b2:df:fc:49:
         4c:b1:aa:8b:a6:9c:b5:7b:1e:67:44:47:b3:11:0a:15:96:79:
         e0:b0:5b:ae:09:74:8b:8b:25:14:b6:2a:af:25:29:73:89:4f:
         29:f7:26:cb:9a:1b:62:82:9d:79:12:b1:ff:4e:bb:e8:01:8e:
         fb:9f:70:53:b0:63:ea:63:91:b7:30:bc:58:98:54:44:5c:9b:
         e3:f4:52:fc:57:62:bc:3b:3c:7b:5f:0a:41:1e:f8:31:fa:d3:
         0e:25:c0:84:b7:80:6f:48:75:16:c2:ae:51:4f:7d:65:06:53:
         6a:ad:d1:0c:e0:9e:f2:7e:42:fd:67:f1:84:24:41:7f:47:ce:
         37:fe:52:5d:ee:b6:a4:1a:b9:88:d8:1f:ff:af:c3:e5:44:e0:
         88:9f:0f:a8:47:97:3b:70:c5:4d:85:f8:05:ab:f8:d1:88:8f:
         b2:77:f9:24:4e:f2:3c:98:ab:e1:5e:7a:d6:76:3c:6b:82:81:
         bb:48:af:06:4a:68:e6:56:fb:db:02:d4:1d:f2:73:e0:97:1a:
         21:f7:ef:14:86:19:6d:18:fc:b6:50:53:b8:cd:50:b2:15:d6:
         82:da:e7:ff
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUCv25FsVLn4YuPQW+E3ty0Vbd7bEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMjA0MDAwMDAwWhcNMjUwMzExMjM1OTU5
WjB6MUkwRwYDVQQFE0AyZDRmNDNiMTE4NTVjZTRlZTVmZjQwYWEzMzNkMzQ3NDYz
MWU0MzA2NTExODIxNmJjZGFmMzI5YjcxOGY1YmYyMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9+DY6NSwiorhAI+SBzIW6N0I7EaprF0xt/cxmIJIe95En
1I2VDNbfYbHgtd+mQQbs61RbIKzByBEpHz82NeQM1J8M1++mXgbC9LzAlg2wP4Jv
ZuNuanRwqnBB5bo+Lmjd+olIf9hfwG5QemIJeLF8WnsuDSJ52MFjDdQ4S0WFcf2j
pYG3xXTGJohcYoW7Psa5t/iiYeRv/EJfjMtpzm21goi98CZd+tDFjRLEI6oPomkp
1on30dk1HrCif0J+rMe+VWRuqa5kAy/GWmDEvpohVCWR1/mllKb+KXftbqoTk3FG
wRdIDdetrKFMG3ynvUMc1EUKdW/cpm23CrfFNZCnAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUTLKIV6uSDUCLDcurWI0BGvQbrakwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IxNWY0OWU4LTIyYjMtNDRmNi1hYjIyLThmNDAxZGJmMzhjMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgQmAB8dQDANBgkqhkiG9w0BAQsFAAOCAQEAVeBCAzgjJ57feppS70oAfnCB
ZuWpblyUNRleGvjuo02y3/xJTLGqi6actXseZ0RHsxEKFZZ54LBbrgl0i4slFLYq
ryUpc4lPKfcmy5obYoKdeRKx/0676AGO+59wU7Bj6mORtzC8WJhURFyb4/RS/Fdi
vDs8e18KQR74MfrTDiXAhLeAb0h1FsKuUU99ZQZTaq3RDOCe8n5C/WfxhCRBf0fO
N/5SXe62pBq5iNgf/6/D5UTgiJ8PqEeXO3DFTYX4Bav40YiPsnf5JE7yPJir4V56
1nY8a4KBu0ivBkpo5lb72wLUHfJz4JcaIffvFIYZbRj8tlBTuM1QshXWgtrn/w==
-----END CERTIFICATE-----