Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/df9639fd-2107-4dea-b717-22f6fdbc393c.roa
File:                     df9639fd-2107-4dea-b717-22f6fdbc393c.roa (raw, json)
Hash identifier:          sfE0O1lwdMILqYZC1TsfJstGLE38LVwWaFRYqVzF2jU=
Subject key identifier:   80:4C:F7:A4:44:25:B9:EB:DB:1B:76:51:32:2C:82:E7:8C:71:5A:A6
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       7805C8DD2097C0E21EC93783AF36EE2D446DEFFE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/df9639fd-2107-4dea-b717-22f6fdbc393c.roa
Signing time:             Fri 11 Oct 2024 00:00:00 +0000
ROA not before:           Fri 11 Oct 2024 00:00:00 +0000
ROA not after:            Fri 15 Nov 2024 23:59:59 +0000
asID:                     14618
IP address blocks:        204.31.80.0/20 maxlen: 24

Validation:               Failed, certificate revoked on Thu 24 Oct 2024 15:11:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:05:c8:dd:20:97:c0:e2:1e:c9:37:83:af:36:ee:2d:44:6d:ef:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Oct 11 00:00:00 2024 GMT
            Not After : Nov 15 23:59:59 2024 GMT
        Subject: serialNumber=893fb9c5f645a83f8ced4d48791d96c969645ca87603abef87865e5e415aebd7, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a6:0f:b5:f6:84:90:2c:24:ef:fb:5f:a5:27:
                    d6:02:e2:ab:1e:be:2e:b9:09:df:5c:c1:84:70:e8:
                    70:dd:16:4b:c9:bc:87:a9:ba:57:e7:f1:26:16:09:
                    d5:2c:63:96:a9:40:e7:4d:8d:29:29:68:c2:74:96:
                    e2:3c:9d:69:95:fb:2a:6f:44:96:b9:ea:d8:26:ec:
                    13:bc:43:1a:50:4e:18:59:49:d4:bb:e3:92:ba:d3:
                    2b:98:59:46:55:d8:36:3c:71:03:4c:d7:00:28:7c:
                    5e:75:ea:85:88:5f:1a:18:e6:9b:69:f7:5e:c6:72:
                    57:10:1c:c4:c6:5e:3b:c0:f6:86:37:db:59:d2:00:
                    08:75:fc:1e:fb:86:6d:bd:7c:35:a9:bf:9b:ba:9c:
                    e9:81:70:ea:1a:cc:b3:ef:f1:b8:19:0f:41:44:95:
                    e9:69:85:4d:4f:06:97:24:ac:74:44:18:a9:3e:72:
                    e8:90:cb:c3:e5:cd:b1:cf:5a:d9:d2:88:b4:36:a8:
                    44:b8:03:4b:9b:b0:e6:a4:1e:89:39:be:eb:24:bc:
                    02:9f:2e:d7:03:ef:de:69:d4:22:15:f7:00:33:35:
                    b0:86:0a:8e:e4:b7:2e:82:a0:fe:78:a9:13:ab:f9:
                    7e:3b:e2:f9:06:fc:02:f6:54:30:a8:29:74:24:71:
                    3c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:4C:F7:A4:44:25:B9:EB:DB:1B:76:51:32:2C:82:E7:8C:71:5A:A6
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/df9639fd-2107-4dea-b717-22f6fdbc393c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.31.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         d8:dc:09:ca:c9:bc:6f:47:5d:cf:9a:5f:0a:99:41:f5:32:ba:
         8a:ab:af:ae:dd:e9:55:a6:23:1c:69:91:63:e6:9c:a0:ea:4b:
         d5:23:6e:7d:3b:eb:9c:46:e1:eb:d4:59:f7:c7:84:00:a1:18:
         a5:e1:f4:90:47:53:41:87:d8:bb:cc:1a:34:ac:6a:53:eb:2c:
         4b:9c:69:40:a6:f6:78:57:cf:59:f5:f4:ba:39:e6:82:22:bd:
         40:69:ca:1b:f9:bc:af:fd:ba:05:a8:a0:ef:7c:53:1f:97:eb:
         25:41:3a:dc:4b:d3:85:30:2d:7a:7b:86:8b:d6:95:89:19:0a:
         cd:ed:bf:c1:32:7f:86:e5:53:a7:b3:8b:48:84:59:9b:11:69:
         01:4f:b6:a9:67:98:31:25:e1:7a:13:2b:99:da:64:90:9c:11:
         81:b9:2a:cb:d2:e2:14:dc:04:b3:8b:a7:62:68:20:ad:1d:cb:
         5f:59:8c:8d:36:20:89:cd:97:74:c7:15:b5:78:d1:6a:51:40:
         f3:14:36:68:3f:f5:e2:f2:05:1c:9c:ab:3d:4d:1c:5a:96:f4:
         ef:f9:04:2f:78:76:a9:af:24:a8:09:bb:c5:dc:1b:95:4a:b9:
         30:bd:e5:57:62:08:0b:d3:7b:4c:32:50:23:9e:08:ea:f2:8f:
         95:09:04:2b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUeAXI3SCXwOIeyTeDrzbuLURt7/4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMDExMDAwMDAwWhcNMjQxMTE1MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OTNmYjljNWY2NDVhODNmOGNlZDRkNDg3OTFkOTZjOTY5
NjQ1Y2E4NzYwM2FiZWY4Nzg2NWU1ZTQxNWFlYmQ3MS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCtpg+19oSQLCTv+1+lJ9YC4qsevi65Cd9cwYRw6HDdFkvJ
vIepulfn8SYWCdUsY5apQOdNjSkpaMJ0luI8nWmV+ypvRJa56tgm7BO8QxpQThhZ
SdS745K60yuYWUZV2DY8cQNM1wAofF516oWIXxoY5ptp917GclcQHMTGXjvA9oY3
21nSAAh1/B77hm29fDWpv5u6nOmBcOoazLPv8bgZD0FElelphU1PBpckrHREGKk+
cuiQy8PlzbHPWtnSiLQ2qES4A0ubsOakHok5vuskvAKfLtcD795p1CIV9wAzNbCG
Co7kty6CoP54qROr+X474vkG/AL2VDCoKXQkcTwDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUgEz3pEQluevbG3ZRMiyC54xxWqYwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2RmOTYzOWZkLTIxMDctNGRlYS1iNzE3LTIyZjZmZGJjMzkzYy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATMH1AwDQYJKoZIhvcNAQELBQADggEBANjcCcrJvG9HXc+aXwqZQfUyuoqr
r67d6VWmIxxpkWPmnKDqS9Ujbn0765xG4evUWffHhAChGKXh9JBHU0GH2LvMGjSs
alPrLEucaUCm9nhXz1n19Lo55oIivUBpyhv5vK/9ugWooO98Ux+X6yVBOtxL04Uw
LXp7hovWlYkZCs3tv8Eyf4blU6ezi0iEWZsRaQFPtqlnmDEl4XoTK5naZJCcEYG5
KsvS4hTcBLOLp2JoIK0dy19ZjI02IInNl3THFbV40WpRQPMUNmg/9eLyBRycqz1N
HFqW9O/5BC94dqmvJKgJu8XcG5VKuTC95VdiCAvTe0wyUCOeCOryj5UJBCs=
-----END CERTIFICATE-----