Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5ab783f-cec5-4f3c-a631-8008aa574fd0.roa
File:                     b5ab783f-cec5-4f3c-a631-8008aa574fd0.roa (raw, json)
Hash identifier:          wGO2Nx4doneF3sEYmoGKb5WXsLjyuXvih2k9JxgW0Vo=
Subject key identifier:   41:F2:E3:82:F4:D7:B0:5C:C9:C2:48:C7:10:77:FF:2F:36:20:EF:54
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       2F609B964FEC96FE213AB1751E6D0DAB4F348C6F
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5ab783f-cec5-4f3c-a631-8008aa574fd0.roa
Signing time:             Wed 12 Mar 2025 00:21:34 +0000
ROA not before:           Wed 12 Mar 2025 00:21:34 +0000
ROA not after:            Wed 16 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        168.185.4.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Tue 18 Mar 2025 16:37:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:60:9b:96:4f:ec:96:fe:21:3a:b1:75:1e:6d:0d:ab:4f:34:8c:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 12 00:21:34 2025 GMT
            Not After : Apr 16 23:59:59 2025 GMT
        Subject: serialNumber=eb69713027128800f0ccca397c3ddd59f3bfbb0fbd12a73197a0938d65da5544, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:4f:3e:31:26:01:f9:8f:d3:4b:73:6f:51:4f:
                    94:9a:b0:63:28:d0:71:1f:4c:e6:57:1b:79:af:a7:
                    02:33:d4:17:df:ff:ff:32:4d:65:c5:69:98:28:66:
                    43:83:5e:d5:76:be:9c:f8:99:a4:01:12:6e:23:23:
                    b9:3c:59:a1:a9:97:6a:48:fc:1b:43:08:bd:c6:71:
                    b8:4a:96:ab:1f:92:6a:54:53:72:35:83:1a:6a:9f:
                    bb:4f:e6:20:db:63:05:45:9d:f7:1d:b5:10:c4:9e:
                    e9:be:d7:63:90:77:52:27:bb:17:fd:14:db:6a:59:
                    31:34:04:71:65:55:5f:3b:27:5d:c2:6f:f0:c2:d7:
                    21:14:6f:dc:0c:3d:7b:e3:10:d6:f6:00:8e:1c:ab:
                    a8:b3:7b:0f:67:d9:2f:da:96:d0:89:cb:5f:a2:62:
                    42:54:a0:b0:01:e9:00:8d:bc:af:60:d3:26:71:a6:
                    80:e4:25:8e:ac:05:52:1f:b5:61:16:3c:d6:64:18:
                    35:84:0f:f2:c6:40:94:ce:67:35:3a:4d:4f:37:a1:
                    82:09:12:47:18:c1:31:78:09:4a:18:1f:89:ba:90:
                    b4:e6:9b:8c:b3:95:79:3f:0a:e0:f8:77:ef:db:27:
                    0d:63:60:58:93:70:95:ed:71:29:1f:ad:b4:bf:7b:
                    b4:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:F2:E3:82:F4:D7:B0:5C:C9:C2:48:C7:10:77:FF:2F:36:20:EF:54
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/b5ab783f-cec5-4f3c-a631-8008aa574fd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.185.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:ba:73:cf:bb:f6:89:95:f2:ff:9a:6f:2a:a3:1c:fd:10:e8:
         fe:eb:37:ed:01:c5:e5:36:a7:4b:ea:2d:dc:e7:34:cc:5a:3e:
         d0:9a:26:70:9e:4b:c0:63:1b:b8:bc:d5:8e:b9:f2:fe:2c:cb:
         ab:52:4c:d6:fa:20:42:68:dd:81:1b:92:c1:5a:d5:e2:1f:9b:
         41:b1:6b:89:85:6b:6f:6d:12:ad:a3:24:87:48:2f:9a:48:c7:
         e9:72:7b:dc:cf:aa:d7:d1:ae:5f:61:f8:ca:fa:1d:7c:44:e5:
         51:59:a4:a5:85:c0:8f:ef:0d:20:85:dd:f5:54:41:54:23:9e:
         7c:15:81:f5:2d:60:96:1b:54:e5:3c:6d:63:11:56:65:4d:7e:
         e2:73:f7:df:76:71:72:42:54:59:05:ac:10:f0:fa:00:e5:75:
         3e:9b:a1:39:b7:ca:67:5e:30:cd:ec:d2:fe:85:da:24:23:eb:
         e8:97:53:64:69:4d:ea:88:96:75:67:27:70:82:29:29:ab:e9:
         2a:65:0c:f4:61:9d:5e:d0:c2:83:ab:09:20:44:ce:b6:8f:55:
         5d:78:0e:38:e1:f9:d2:32:79:e4:41:94:ff:92:38:e8:10:65:
         e1:1e:f6:fb:2c:b4:e8:d0:f0:af:d8:84:89:5e:a4:63:0c:45:
         a8:c7:b1:f0
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL2Cblk/slv4hOrF1Hm0Nq080jG8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzEyMDAyMTM0WhcNMjUwNDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYjY5NzEzMDI3MTI4ODAwZjBjY2NhMzk3YzNkZGQ1OWYz
YmZiYjBmYmQxMmE3MzE5N2EwOTM4ZDY1ZGE1NTQ0MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+Tz4xJgH5j9NLc29RT5SasGMo0HEfTOZXG3mvpwIz1Bff
//8yTWXFaZgoZkODXtV2vpz4maQBEm4jI7k8WaGpl2pI/BtDCL3GcbhKlqsfkmpU
U3I1gxpqn7tP5iDbYwVFnfcdtRDEnum+12OQd1Inuxf9FNtqWTE0BHFlVV87J13C
b/DC1yEUb9wMPXvjENb2AI4cq6izew9n2S/altCJy1+iYkJUoLAB6QCNvK9g0yZx
poDkJY6sBVIftWEWPNZkGDWED/LGQJTOZzU6TU83oYIJEkcYwTF4CUoYH4m6kLTm
m4yzlXk/CuD4d+/bJw1jYFiTcJXtcSkfrbS/e7RPAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUQfLjgvTXsFzJwkjHEHf/LzYg71QwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2I1YWI3ODNmLWNlYzUtNGYzYy1hNjMxLTgwMDhhYTU3NGZkMC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAKouQQwDQYJKoZIhvcNAQELBQADggEBACm6c8+79omV8v+abyqjHP0Q6P7r
N+0BxeU2p0vqLdznNMxaPtCaJnCeS8BjG7i81Y658v4sy6tSTNb6IEJo3YEbksFa
1eIfm0Gxa4mFa29tEq2jJIdIL5pIx+lye9zPqtfRrl9h+Mr6HXxE5VFZpKWFwI/v
DSCF3fVUQVQjnnwVgfUtYJYbVOU8bWMRVmVNfuJz9992cXJCVFkFrBDw+gDldT6b
oTm3ymdeMM3s0v6F2iQj6+iXU2RpTeqIlnVnJ3CCKSmr6SplDPRhnV7QwoOrCSBE
zraPVV14Djjh+dIyeeRBlP+SOOgQZeEe9vsstOjQ8K/YhIlepGMMRajHsfA=
-----END CERTIFICATE-----