Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c804-70a5-4e3b-aaad-9f4782e3cf3b.roa
File:                     b2c3c804-70a5-4e3b-aaad-9f4782e3cf3b.roa (raw, json)
Hash identifier:          mp8GuqFFrNqXlG8hEoWX+wSNv4xASBnqI35pSPxJ7Tw=
Subject key identifier:   4D:0A:35:3D:5D:53:89:B7:9E:7E:D0:0D:CF:68:BC:5A:D2:FB:18:26
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       6C343C3AB399900BBE7FF44B7F52550131ADF6DB
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c804-70a5-4e3b-aaad-9f4782e3cf3b.roa
Signing time:             Tue 21 Jan 2025 00:00:00 +0000
ROA not before:           Tue 21 Jan 2025 00:00:00 +0000
ROA not after:            Tue 25 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        209.54.176.0/21 maxlen: 24
Validation:               Failed, certificate revoked on Wed 22 Jan 2025 14:38:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:34:3c:3a:b3:99:90:0b:be:7f:f4:4b:7f:52:55:01:31:ad:f6:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 21 00:00:00 2025 GMT
            Not After : Feb 25 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:79:7f:f5:e7:8a:14:3a:25:98:d2:30:cf:7e:
                    4c:7f:a4:31:93:8f:6e:08:25:d0:13:f4:6c:fd:35:
                    4d:0d:2e:8b:c5:85:c6:0d:2c:b7:85:30:ed:f2:3b:
                    c4:fa:03:87:01:e9:91:ff:e9:ef:d5:44:24:f9:63:
                    46:2d:a2:99:11:fa:b6:a6:55:a4:bb:27:2e:93:66:
                    0a:95:80:0a:0e:bc:80:98:6d:d3:43:5e:b2:99:75:
                    6c:82:eb:f8:2f:8c:3d:a8:64:d3:f6:63:84:0e:eb:
                    92:ac:3c:f1:3c:d5:4a:c9:9e:73:5c:8d:13:41:dc:
                    a1:80:03:a1:9d:72:6b:69:a9:30:54:d8:63:15:03:
                    7d:93:32:11:45:f0:6b:af:88:ec:c3:a6:a2:da:f0:
                    52:44:0a:8f:4b:a0:8b:30:dd:c9:9a:d5:c3:26:5b:
                    5d:6f:f3:4e:ca:22:ec:92:17:b0:19:b9:af:a3:1b:
                    6a:00:be:bf:51:ec:fe:a7:85:c2:a8:34:63:81:09:
                    60:86:72:b1:42:f8:49:1c:44:7a:c0:b1:c8:c3:86:
                    3c:3e:93:e4:04:9f:a5:cf:c5:78:27:08:d9:da:7e:
                    0a:54:9c:e9:3c:bc:44:0a:4d:8b:43:76:1a:6e:98:
                    e0:b9:34:98:14:2e:ab:4a:a0:a0:c1:bd:78:59:79:
                    0a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:0A:35:3D:5D:53:89:B7:9E:7E:D0:0D:CF:68:BC:5A:D2:FB:18:26
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b2c3c804-70a5-4e3b-aaad-9f4782e3cf3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.54.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         47:83:10:c6:22:ac:ee:32:70:02:27:c1:67:28:32:56:6e:c4:
         4a:2d:e7:63:d6:c5:e4:f5:15:0a:3f:f3:a9:9c:8a:de:31:8b:
         7a:e7:08:50:01:c7:9e:ec:e4:e9:15:51:92:61:c4:2c:12:c1:
         5d:28:f3:b6:30:7b:bd:d3:95:24:b5:aa:4b:2c:0e:b4:ef:aa:
         de:7c:70:08:0a:c9:66:03:0c:ae:36:c8:aa:a9:0d:91:f3:90:
         54:c5:7a:9b:1c:86:d9:46:7f:f7:e6:90:8f:8b:01:38:7e:57:
         73:b1:7c:12:cc:0b:13:e7:fa:74:a8:3e:7f:93:90:bc:5e:77:
         09:f2:d6:03:1c:70:9f:69:dc:d4:de:fc:a0:eb:49:7d:d5:d6:
         fb:96:1a:df:b4:4e:38:bd:36:a6:b5:31:d3:5d:e1:ad:84:66:
         67:a5:17:22:1f:e8:0a:54:50:d7:35:40:53:be:c1:dc:96:5a:
         89:7e:45:5a:6a:99:67:43:14:05:0d:68:17:b1:4e:ff:54:7f:
         8d:a0:27:bd:8a:b7:2f:da:72:bf:8a:fe:09:ec:5d:bc:8c:fa:
         c3:4a:a0:15:75:f7:e4:9e:f3:2e:d4:e1:9e:be:c0:53:cb:43:
         5e:1d:ae:11:ef:e5:09:42:53:1b:bf:de:d3:b7:d1:3e:10:30:
         54:ba:6e:e2
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbDQ8OrOZkAu+f/RLf1JVATGt9tswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTIxMDAwMDAwWhcNMjUwMjI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AxMjQ4MzJjNDZkNGUxNjNjMzNiYmMxNDQxNGNhNjgxZjEx
NzFlYTYyMTUzODI5MmM3MWYxODk5YmRkYzE5ODNmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCteX/154oUOiWY0jDPfkx/pDGTj24IJdAT9Gz9NU0NLovF
hcYNLLeFMO3yO8T6A4cB6ZH/6e/VRCT5Y0YtopkR+ramVaS7Jy6TZgqVgAoOvICY
bdNDXrKZdWyC6/gvjD2oZNP2Y4QO65KsPPE81UrJnnNcjRNB3KGAA6GdcmtpqTBU
2GMVA32TMhFF8GuviOzDpqLa8FJECo9LoIsw3cma1cMmW11v807KIuySF7AZua+j
G2oAvr9R7P6nhcKoNGOBCWCGcrFC+EkcRHrAscjDhjw+k+QEn6XPxXgnCNnafgpU
nOk8vEQKTYtDdhpumOC5NJgULqtKoKDBvXhZeQrDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUTQo1PV1TibeeftANz2i8WtL7GCYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2IyYzNjODA0LTcwYTUtNGUzYi1hYWFkLTlmNDc4MmUzY2YzYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAPRNrAwDQYJKoZIhvcNAQELBQADggEBAEeDEMYirO4ycAInwWcoMlZuxEot
52PWxeT1FQo/86mcit4xi3rnCFABx57s5OkVUZJhxCwSwV0o87Ywe73TlSS1qkss
DrTvqt58cAgKyWYDDK42yKqpDZHzkFTFepschtlGf/fmkI+LATh+V3OxfBLMCxPn
+nSoPn+TkLxedwny1gMccJ9p3NTe/KDrSX3V1vuWGt+0Tji9Nqa1MdNd4a2EZmel
FyIf6ApUUNc1QFO+wdyWWol+RVpqmWdDFAUNaBexTv9Uf42gJ72Kty/acr+K/gns
XbyM+sNKoBV19+Se8y7U4Z6+wFPLQ14drhHv5QlCUxu/3tO30T4QMFS6buI=
-----END CERTIFICATE-----