Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5059f3ed-2137-407e-8f00-caf6cd702df3.roa
File:                     5059f3ed-2137-407e-8f00-caf6cd702df3.roa (raw, json)
Hash identifier:          kH1BZ06SAtS8rwPTim/3USD8CshlJoeBtLZH42kO9KM=
Subject key identifier:   22:1A:4E:C1:3E:B6:4D:AF:A0:EB:63:4E:54:A5:1B:AC:67:E0:6B:D1
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       65A3589797F1644709D400908BDFA587F8678F87
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5059f3ed-2137-407e-8f00-caf6cd702df3.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:f0fb:e800::/40 maxlen: 48

Validation:               Failed, certificate revoked on Mon 06 Jan 2025 23:40:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:a3:58:97:97:f1:64:47:09:d4:00:90:8b:df:a5:87:f8:67:8f:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=5cc490e5979f37d763044625220e227b71c8de98d58f6abb9392b7f2c8996f31, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:66:b5:62:9e:29:3c:c8:44:ff:8d:2d:77:e2:
                    b0:86:5b:d9:56:c4:2b:d5:e0:ad:ce:42:bd:50:3b:
                    54:b5:1b:49:e5:4c:df:c0:66:4a:56:14:90:67:4e:
                    52:60:06:6d:c6:6e:8b:9c:06:57:cc:fd:ee:a7:1f:
                    d6:f2:86:d3:1f:45:e0:e7:13:c0:89:16:a3:56:56:
                    68:51:42:8b:86:25:37:a6:31:ca:b0:a7:7a:93:8d:
                    07:48:4e:80:70:74:19:ad:2c:e9:c4:d0:99:e7:d5:
                    da:56:cb:5d:ea:c4:fe:21:58:75:1a:1d:86:e2:44:
                    5f:d8:f3:97:14:02:14:b0:73:5f:06:7e:fe:96:33:
                    64:b8:e5:b8:07:45:08:5f:6a:bc:7d:11:24:4d:71:
                    c9:1f:8b:37:36:08:79:ba:2b:69:f5:ec:1d:a2:05:
                    8d:3b:03:6e:81:66:66:71:89:27:01:3b:31:d2:80:
                    21:94:7c:1b:4c:ba:91:d7:c7:72:b6:6f:98:cb:60:
                    d0:71:6b:78:55:b1:b7:9d:30:0f:df:3b:45:fd:8b:
                    f8:11:a8:e4:83:1f:f7:e9:42:23:ec:bc:26:6b:44:
                    5e:f0:ff:e6:51:42:f6:5a:1d:2d:bc:d6:72:69:ce:
                    fc:68:16:4b:94:f8:95:7a:c8:7b:6f:ac:b1:25:5d:
                    b4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:1A:4E:C1:3E:B6:4D:AF:A0:EB:63:4E:54:A5:1B:AC:67:E0:6B:D1
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/5059f3ed-2137-407e-8f00-caf6cd702df3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e800::/40

    Signature Algorithm: sha256WithRSAEncryption
         1d:18:b1:37:88:e5:aa:fe:64:d4:23:67:62:6f:4d:97:ff:66:
         fb:69:d8:58:7d:f7:21:7f:e7:4b:a6:bf:da:3c:6d:d8:b1:4b:
         b7:5e:70:3d:dc:01:b8:87:97:05:a2:37:ff:bd:c0:1e:2e:26:
         d5:b6:3d:6e:e0:0e:53:9d:e3:58:20:52:c4:9d:12:1e:ad:9b:
         38:18:69:b6:92:c2:99:db:9d:0e:92:09:1f:93:c7:0f:c6:2b:
         d7:37:69:f1:a9:45:01:13:68:d8:a1:42:1f:66:58:c6:5e:8e:
         44:93:a1:45:74:fe:0c:37:86:82:aa:cc:4c:f7:8d:95:63:ad:
         03:ae:f7:53:d0:d6:23:0f:15:57:82:0a:4c:6e:d3:f1:4b:fd:
         45:0f:fa:d3:5d:98:5d:94:cf:41:29:8a:26:7a:15:b6:4e:7b:
         f2:fb:9c:9f:50:04:02:c3:56:33:09:26:bd:be:f2:3c:bf:de:
         6d:1c:8d:9c:0d:3f:d6:7e:c7:60:70:e4:0b:c3:f2:94:74:d6:
         bd:5f:15:d8:57:2f:33:d0:8c:0a:09:fc:ba:c6:79:91:b7:d7:
         19:b4:8e:c8:a2:b2:04:53:49:77:e8:0b:00:f3:c5:a2:10:26:
         ae:9f:be:de:08:81:60:33:b2:fd:43:c3:bb:a8:b0:c9:3b:c3:
         3d:cc:69:e7
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUZaNYl5fxZEcJ1ACQi9+lh/hnj4cwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1Y2M0OTBlNTk3OWYzN2Q3NjMwNDQ2MjUyMjBlMjI3Yjcx
YzhkZTk4ZDU4ZjZhYmI5MzkyYjdmMmM4OTk2ZjMxMS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1ZrVinik8yET/jS134rCGW9lWxCvV4K3OQr1QO1S1G0nl
TN/AZkpWFJBnTlJgBm3GboucBlfM/e6nH9byhtMfReDnE8CJFqNWVmhRQouGJTem
Mcqwp3qTjQdIToBwdBmtLOnE0Jnn1dpWy13qxP4hWHUaHYbiRF/Y85cUAhSwc18G
fv6WM2S45bgHRQhfarx9ESRNcckfizc2CHm6K2n17B2iBY07A26BZmZxiScBOzHS
gCGUfBtMupHXx3K2b5jLYNBxa3hVsbedMA/fO0X9i/gRqOSDH/fpQiPsvCZrRF7w
/+ZRQvZaHS281nJpzvxoFkuU+JV6yHtvrLElXbS7AgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUIhpOwT62Ta+g62NOVKUbrGfga9EwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2LzUwNTlmM2VkLTIxMzctNDA3ZS04ZjAwLWNhZjZjZDcwMmRmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD76DANBgkqhkiG9w0BAQsFAAOCAQEAHRixN4jlqv5k1CNnYm9Nl/9m
+2nYWH33IX/nS6a/2jxt2LFLt15wPdwBuIeXBaI3/73AHi4m1bY9buAOU53jWCBS
xJ0SHq2bOBhptpLCmdudDpIJH5PHD8Yr1zdp8alFARNo2KFCH2ZYxl6ORJOhRXT+
DDeGgqrMTPeNlWOtA673U9DWIw8VV4IKTG7T8Uv9RQ/6012YXZTPQSmKJnoVtk57
8vucn1AEAsNWMwkmvb7yPL/ebRyNnA0/1n7HYHDkC8PylHTWvV8V2FcvM9CMCgn8
usZ5kbfXGbSOyKKyBFNJd+gLAPPFohAmrp++3giBYDOy/UPDu6iwyTvDPcxp5w==
-----END CERTIFICATE-----
Generated at Tue Jan 7 05:36:24 2025 by rpki-client on console-fra.rpki-client.org