Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efad280b-dd5d-43b7-9c00-238a5958f6f8.roa
File:                     efad280b-dd5d-43b7-9c00-238a5958f6f8.roa (raw, json)
Hash identifier:          A42wBDcCN6WUVMm2X/ApOs2sV9rQYF59mY3NgBTwfXo=
Subject key identifier:   D0:9F:8C:C3:7F:46:5E:8C:51:65:26:83:72:A7:0D:A2:B2:0D:9E:90
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       3D8BA74EB052295AAFA7408F8CF97842165DF9EE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efad280b-dd5d-43b7-9c00-238a5958f6f8.roa
Signing time:             Fri 14 Mar 2025 00:10:13 +0000
ROA not before:           Fri 14 Mar 2025 00:10:13 +0000
ROA not after:            Fri 18 Apr 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        207.94.128.0/20 maxlen: 24
Validation:               Failed, certificate revoked on Tue 18 Mar 2025 17:07:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:8b:a7:4e:b0:52:29:5a:af:a7:40:8f:8c:f9:78:42:16:5d:f9:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Mar 14 00:10:13 2025 GMT
            Not After : Apr 18 23:59:59 2025 GMT
        Subject: serialNumber=29e732ec9e9ccf30c65195894c98d50109f8eb290d93222c5c7a798bd0a1e41b, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d2:08:41:22:16:a1:a6:e3:4c:b0:67:93:cb:
                    5d:cb:b9:e3:1e:7e:bc:58:01:75:74:46:fd:b8:e3:
                    75:2e:8b:6e:7e:10:ac:ec:a9:f6:54:56:a5:24:30:
                    d1:9c:1a:06:42:fb:f1:86:6b:90:ac:5a:31:68:f0:
                    70:f9:d0:5b:12:48:91:db:5b:98:82:9d:f4:35:cd:
                    3a:32:2f:85:d8:84:86:ec:ac:d6:92:d5:a3:0b:7c:
                    56:fc:d4:e7:e3:6d:71:24:e8:37:2d:f3:f8:13:8b:
                    44:a5:be:73:2f:34:ba:d6:66:ab:86:87:73:57:5d:
                    76:8f:49:01:0d:7b:40:71:f1:7f:6a:4a:35:d9:e1:
                    90:1c:02:90:ff:e8:79:9c:de:d9:e5:21:72:a2:86:
                    a7:89:04:73:75:a8:f8:c7:8d:d5:63:5a:fd:86:e9:
                    8f:6f:1f:15:61:ca:3f:71:2d:e1:32:75:b3:ab:15:
                    f7:3b:f3:4c:4a:fd:b9:6a:4e:1d:5f:bc:5e:e5:40:
                    b9:12:48:46:3b:d3:13:01:e7:0c:ee:0d:eb:4e:08:
                    64:03:b5:f3:11:69:4d:79:23:8f:47:64:11:a1:be:
                    e1:44:36:ac:85:28:e1:cd:9b:44:3e:e1:85:78:30:
                    ad:31:ea:1b:11:20:2d:5c:03:f9:95:fb:f0:70:03:
                    3d:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:9F:8C:C3:7F:46:5E:8C:51:65:26:83:72:A7:0D:A2:B2:0D:9E:90
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/efad280b-dd5d-43b7-9c00-238a5958f6f8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  207.94.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8c:39:91:88:56:fa:81:3e:31:55:07:46:f9:86:a4:b8:43:52:
         1b:b3:01:cc:27:a5:b7:aa:5c:0c:64:8b:9a:8b:5b:4d:5f:97:
         cc:e4:06:dc:95:c9:ec:78:60:66:95:ff:4f:cc:90:ad:da:8b:
         b2:e4:ea:e1:8b:95:67:94:58:7d:77:75:b9:e9:d9:b4:58:6d:
         1d:a1:58:9a:7a:96:b4:69:8c:c4:50:50:a0:1e:58:21:77:1e:
         d4:05:49:cb:fe:9c:04:49:c0:24:15:0e:c5:d1:f7:84:79:04:
         8b:a6:d2:28:b9:08:78:98:40:82:9a:dc:3c:66:67:e1:aa:19:
         75:0c:ea:64:63:96:b7:ca:b3:6b:7e:9e:05:d3:34:ea:94:41:
         6b:3e:83:6f:ba:07:77:89:fa:06:8d:1c:39:72:4b:05:e3:f2:
         dd:bf:cd:bb:c6:ee:7a:3c:b6:36:5d:81:77:38:e0:5f:be:65:
         1d:b2:89:8f:58:f8:86:c4:ee:14:78:67:5b:08:01:f6:14:53:
         b6:ef:d9:2e:b8:4e:8c:bd:75:d8:31:f1:b1:af:c0:26:5a:83:
         5b:04:b6:0d:fc:f2:3f:26:f4:db:77:71:31:5e:8f:a8:77:ff:
         e7:64:63:50:b8:d1:c7:12:a0:67:61:2a:1f:f2:00:47:bb:14:
         0d:d1:ec:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPYunTrBSKVqvp0CPjPl4QhZd+e4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMzE0MDAxMDEzWhcNMjUwNDE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AyOWU3MzJlYzllOWNjZjMwYzY1MTk1ODk0Yzk4ZDUwMTA5
ZjhlYjI5MGQ5MzIyMmM1YzdhNzk4YmQwYTFlNDFiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC30ghBIhahpuNMsGeTy13LueMefrxYAXV0Rv2443Uui25+
EKzsqfZUVqUkMNGcGgZC+/GGa5CsWjFo8HD50FsSSJHbW5iCnfQ1zToyL4XYhIbs
rNaS1aMLfFb81OfjbXEk6Dct8/gTi0SlvnMvNLrWZquGh3NXXXaPSQENe0Bx8X9q
SjXZ4ZAcApD/6Hmc3tnlIXKihqeJBHN1qPjHjdVjWv2G6Y9vHxVhyj9xLeEydbOr
Ffc780xK/blqTh1fvF7lQLkSSEY70xMB5wzuDetOCGQDtfMRaU15I49HZBGhvuFE
NqyFKOHNm0Q+4YV4MK0x6hsRIC1cA/mV+/BwAz3zAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU0J+Mw39GXoxRZSaDcqcNorINnpAwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2VmYWQyODBiLWRkNWQtNDNiNy05YzAwLTIzOGE1OTU4ZjZmOC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATPXoAwDQYJKoZIhvcNAQELBQADggEBAIw5kYhW+oE+MVUHRvmGpLhDUhuz
AcwnpbeqXAxki5qLW01fl8zkBtyVyex4YGaV/0/MkK3ai7Lk6uGLlWeUWH13dbnp
2bRYbR2hWJp6lrRpjMRQUKAeWCF3HtQFScv+nARJwCQVDsXR94R5BIum0ii5CHiY
QIKa3DxmZ+GqGXUM6mRjlrfKs2t+ngXTNOqUQWs+g2+6B3eJ+gaNHDlySwXj8t2/
zbvG7no8tjZdgXc44F++ZR2yiY9Y+IbE7hR4Z1sIAfYUU7bv2S64Toy9ddgx8bGv
wCZag1sEtg388j8m9Nt3cTFej6h3/+dkY1C40ccSoGdhKh/yAEe7FA3R7BU=
-----END CERTIFICATE-----