Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2323821-12d3-4619-be7b-ed8dff8d295d.roa
File:                     c2323821-12d3-4619-be7b-ed8dff8d295d.roa (raw, json)
Hash identifier:          YNQvublwUUVrv/bNG31j+JyM3eAYPl1l3nz4p81TG6o=
Subject key identifier:   AB:08:42:15:03:E4:3C:B6:E8:18:95:63:35:46:28:87:81:7A:E6:F9
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       12935C856D2E7B0B42313D4AE2DB3D4FC9EC08D7
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2323821-12d3-4619-be7b-ed8dff8d295d.roa
Signing time:             Tue 18 Mar 2025 00:00:32 +0000
ROA not before:           Tue 18 Mar 2025 00:00:32 +0000
ROA not after:            Tue 22 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        31.220.220.0/22 maxlen: 24
Validation:               Failed, certificate revoked on Thu 20 Mar 2025 22:52:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:93:5c:85:6d:2e:7b:0b:42:31:3d:4a:e2:db:3d:4f:c9:ec:08:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 18 00:00:32 2025 GMT
            Not After : Apr 22 23:59:59 2025 GMT
        Subject: serialNumber=78bb5b636e29bf2a09ea8b592e9cc4fc445c3db53fd92cd092daeb50ddd67c08, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:16:ff:7d:b4:cd:80:04:1e:15:d5:1c:4e:9b:
                    e2:d6:9a:dc:9b:c2:d3:05:44:71:87:27:e6:bd:9c:
                    c4:03:93:84:0d:23:83:e5:a7:4d:11:33:9f:5c:34:
                    3f:32:5e:a2:7e:c8:7a:91:32:4f:17:63:64:94:69:
                    06:c2:3d:23:cd:23:2d:35:73:81:01:96:13:bf:f3:
                    25:43:27:87:ea:1f:f4:ed:e0:58:ab:4a:1b:27:8f:
                    b3:89:6c:75:37:8c:0d:db:d4:60:5b:d6:23:3b:cf:
                    98:74:7d:19:05:ad:d6:77:f9:73:4e:b3:88:62:29:
                    5c:38:72:9e:d3:e3:c7:46:f3:37:61:88:83:c1:42:
                    da:93:2d:0d:e4:19:74:72:af:fa:fe:29:ad:6e:86:
                    06:89:11:5f:8c:fd:f2:92:db:dd:da:34:2d:01:a5:
                    28:dc:4a:bf:1f:93:a6:c9:26:2d:11:47:19:44:8e:
                    98:04:d6:de:d5:5d:b9:df:0a:da:fa:77:fc:82:75:
                    b1:11:4c:6b:d2:13:74:4c:72:8f:6d:e3:be:99:96:
                    46:f1:b8:8b:5c:08:dd:c0:f7:b0:3b:1e:9d:b7:2a:
                    41:79:a7:e3:55:09:f2:61:95:94:5e:c7:d9:aa:8b:
                    71:e7:e0:8b:09:36:58:d7:bc:68:68:98:62:74:3d:
                    94:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:08:42:15:03:E4:3C:B6:E8:18:95:63:35:46:28:87:81:7A:E6:F9
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/c2323821-12d3-4619-be7b-ed8dff8d295d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:96:7e:17:13:d6:b9:6d:b0:cc:36:1f:65:8c:0f:61:5e:80:
         a8:2a:b8:3d:f5:44:79:4c:d4:1b:18:5b:f1:f1:23:d5:1b:0c:
         c2:0b:c4:30:3d:0f:2f:0e:01:4a:40:2a:0e:f4:87:8b:5a:f9:
         c5:bb:ce:e2:56:ad:ea:8e:ab:09:2d:28:30:64:a1:6d:25:ec:
         3f:50:e5:7b:4b:2a:2b:b3:80:bf:c1:b9:8b:7c:c8:62:b8:b2:
         8e:31:03:70:a1:69:fa:1a:e3:0b:28:8c:77:c8:de:36:53:a6:
         9e:49:5e:3e:24:16:7d:87:02:24:d0:fd:0e:e1:83:b6:a9:46:
         29:68:b1:0c:ec:50:b3:ee:54:73:8e:e4:47:91:d2:1d:35:68:
         ef:e0:b0:ff:ec:fa:21:89:24:06:11:04:1c:ff:5e:89:67:e5:
         9f:22:a1:58:6c:a1:29:c9:c1:3c:0b:6b:e9:52:25:a9:6e:0b:
         d3:34:7f:a4:a0:e3:64:c6:3e:6a:6c:6d:7d:b6:00:55:41:a6:
         0e:86:69:5b:3a:68:f6:00:ed:44:b3:57:7f:ca:49:6b:9a:34:
         28:2d:42:07:b1:11:6d:f0:97:32:d9:e3:14:65:03:f5:3e:4b:
         61:87:03:43:3a:12:04:bc:c6:46:7a:70:03:54:ce:36:d7:8f:
         b1:69:aa:02
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUEpNchW0uewtCMT1K4ts9T8nsCNcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE4MDAwMDMyWhcNMjUwNDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A3OGJiNWI2MzZlMjliZjJhMDllYThiNTkyZTljYzRmYzQ0
NWMzZGI1M2ZkOTJjZDA5MmRhZWI1MGRkZDY3YzA4MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC8Fv99tM2ABB4V1RxOm+LWmtybwtMFRHGHJ+a9nMQDk4QN
I4Plp00RM59cND8yXqJ+yHqRMk8XY2SUaQbCPSPNIy01c4EBlhO/8yVDJ4fqH/Tt
4FirShsnj7OJbHU3jA3b1GBb1iM7z5h0fRkFrdZ3+XNOs4hiKVw4cp7T48dG8zdh
iIPBQtqTLQ3kGXRyr/r+Ka1uhgaJEV+M/fKS293aNC0BpSjcSr8fk6bJJi0RRxlE
jpgE1t7VXbnfCtr6d/yCdbERTGvSE3RMco9t476ZlkbxuItcCN3A97A7Hp23KkF5
p+NVCfJhlZRex9mqi3Hn4IsJNljXvGhomGJ0PZQtAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUqwhCFQPkPLboGJVjNUYoh4F65vkwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2MyMzIzODIxLTEyZDMtNDYxOS1iZTdiLWVkOGRmZjhkMjk1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIf3NwwDQYJKoZIhvcNAQELBQADggEBAJmWfhcT1rltsMw2H2WMD2FegKgq
uD31RHlM1BsYW/HxI9UbDMILxDA9Dy8OAUpAKg70h4ta+cW7zuJWreqOqwktKDBk
oW0l7D9Q5XtLKiuzgL/BuYt8yGK4so4xA3Chafoa4wsojHfI3jZTpp5JXj4kFn2H
AiTQ/Q7hg7apRilosQzsULPuVHOO5EeR0h01aO/gsP/s+iGJJAYRBBz/Xoln5Z8i
oVhsoSnJwTwLa+lSJaluC9M0f6Sg42TGPmpsbX22AFVBpg6GaVs6aPYA7USzV3/K
SWuaNCgtQgexEW3wlzLZ4xRlA/U+S2GHA0M6EgS8xkZ6cANUzjbXj7FpqgI=
-----END CERTIFICATE-----