Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a2fa40dc-a59d-4392-9b20-a75691696079.roa
File:                     a2fa40dc-a59d-4392-9b20-a75691696079.roa (raw, json)
Hash identifier:          R4f3DsoKpQapQNMU7SkbeX2IWamQvvKvBWmRU9CAIWk=
Subject key identifier:   36:A3:28:82:22:81:02:B8:99:FE:06:30:A3:9B:74:68:D6:AA:9D:B3
Certificate issuer:       /CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
Certificate serial:       7D586864A809150341D80FB3046D74FE63B1B919
Authority key identifier: 2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a2fa40dc-a59d-4392-9b20-a75691696079.roa
Signing time:             Fri 03 Jan 2025 00:00:00 +0000
ROA not before:           Fri 03 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2600:f0fb:e300::/40 maxlen: 48

Validation:               Failed, certificate revoked on Mon 06 Jan 2025 23:40:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:58:68:64:a8:09:15:03:41:d8:0f:b3:04:6d:74:fe:63:b1:b9:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08
        Validity
            Not Before: Jan  3 00:00:00 2025 GMT
            Not After : Feb  7 23:59:59 2025 GMT
        Subject: serialNumber=99c8c8297da74dfeebe9786d932e01b91a729cc6907a464eab53924d72bc6b66, CN=fbb27576-cac2-4381-9a53-6c15e0dc26ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0a:76:cc:54:01:bb:0b:c5:a1:5b:36:f1:e9:
                    c5:ff:4a:9a:f9:13:ff:a5:36:02:65:f5:2a:c6:b8:
                    a9:85:97:08:5b:34:6f:ea:9b:89:5c:58:10:ca:93:
                    b7:b7:ef:6a:0f:b6:1b:a1:ec:ee:05:c5:c6:60:1a:
                    a6:f7:2e:13:9f:e7:4c:b5:41:67:20:82:f8:35:f3:
                    f3:b4:09:5e:1a:0e:c7:40:7c:fd:b0:6d:97:08:17:
                    98:80:61:72:7f:c3:66:27:fe:b6:07:2b:ce:ff:fc:
                    b7:e3:e4:c2:d3:a5:35:0d:f0:8f:d4:ce:55:e8:1e:
                    5b:8e:4b:35:2c:b5:aa:05:b7:cb:83:7a:fa:ef:ba:
                    fd:39:ef:51:7f:3e:62:b7:00:75:23:89:d9:0a:41:
                    8c:1b:25:2f:d8:ff:a4:c5:d8:a1:e1:05:47:d2:4a:
                    fc:33:37:5b:25:92:3d:63:69:bf:93:9d:27:9e:51:
                    24:33:1a:1d:9d:cb:82:39:d8:ff:81:2f:fc:40:0e:
                    69:1e:45:91:43:e4:0a:1c:18:0a:1f:52:d8:4a:73:
                    e0:14:8f:9e:8a:3b:9b:ff:1b:b5:d7:39:c6:85:40:
                    75:95:87:69:05:73:43:1c:28:b4:98:0e:40:72:5a:
                    3d:b3:f4:cb:b6:63:f0:a6:2c:76:66:dd:41:47:99:
                    06:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A3:28:82:22:81:02:B8:99:FE:06:30:A3:9B:74:68:D6:AA:9D:B3
            X509v3 Authority Key Identifier:
                keyid:2E:18:E2:08:A1:82:57:1B:09:7D:D2:23:A7:16:9E:40:EB:E9:89:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/521eb33f-9672-4cd9-acce-137227e971ac/6a9537a8-a685-4b48-9fa8-8362e4fc47ae/b5845c307d0bf61b134b8ab711545826b1707fd5f0af84da08.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/a2fa40dc-a59d-4392-9b20-a75691696079.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/517f3ed7-58b5-4796-be37-14d62e48f056/C_YbE0uKtxFUWCaxcH_V8K-E2gg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:f0fb:e300::/40

    Signature Algorithm: sha256WithRSAEncryption
         40:00:44:5d:6c:2e:cb:65:20:a0:34:e7:d2:fe:f6:fe:86:e2:
         bd:21:49:2d:ed:6f:1c:7b:e6:d6:57:fd:97:30:fd:68:21:8f:
         b5:94:82:45:bd:07:88:aa:bf:6c:80:94:2b:e0:6a:cc:43:e9:
         23:de:8a:28:5c:89:00:64:49:a2:4b:33:3a:d1:b0:c1:76:93:
         f4:00:3b:1c:8e:5b:32:87:56:ef:cc:4d:a1:98:e2:7e:71:f5:
         af:e1:3e:d6:08:c3:f0:97:65:b6:79:5d:16:f4:67:55:78:93:
         2e:2d:41:c4:4f:b2:ad:8e:e1:05:de:6d:9f:1c:10:20:22:8c:
         ca:bf:d6:77:ae:e4:00:2d:ce:b9:12:36:c5:28:ca:70:0e:e0:
         e4:bc:f4:3b:4b:3f:32:69:16:cc:61:30:22:40:65:d3:0a:6d:
         d9:94:fb:27:b1:f6:a2:21:ba:aa:ac:2b:6f:26:53:98:7c:f1:
         8c:1b:39:09:c0:d3:ed:d8:6a:de:09:7c:a3:be:ad:ee:7e:fc:
         bf:13:99:99:4d:0e:9f:9e:43:49:0b:06:24:94:41:1a:2a:3d:
         e6:f6:80:42:a7:32:34:a7:21:0d:41:af:9c:f5:fa:57:36:9a:
         c0:29:aa:9a:5c:cf:1b:56:bc:82:24:9e:9c:47:9b:7b:60:cf:
         66:fe:89:8f
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUfVhoZKgJFQNB2A+zBG10/mOxuRkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyYjU4NDVjMzA3ZDBiZjYxYjEzNGI4YWI3MTE1NDU4MjZi
MTcwN2ZkNWYwYWY4NGRhMDgwHhcNMjUwMTAzMDAwMDAwWhcNMjUwMjA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A5OWM4YzgyOTdkYTc0ZGZlZWJlOTc4NmQ5MzJlMDFiOTFh
NzI5Y2M2OTA3YTQ2NGVhYjUzOTI0ZDcyYmM2YjY2MS0wKwYDVQQDEyRmYmIyNzU3
Ni1jYWMyLTQzODEtOWE1My02YzE1ZTBkYzI2ZmYwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmCnbMVAG7C8WhWzbx6cX/Spr5E/+lNgJl9SrGuKmFlwhb
NG/qm4lcWBDKk7e372oPthuh7O4FxcZgGqb3LhOf50y1QWcggvg18/O0CV4aDsdA
fP2wbZcIF5iAYXJ/w2Yn/rYHK87//Lfj5MLTpTUN8I/UzlXoHluOSzUstaoFt8uD
evrvuv0571F/PmK3AHUjidkKQYwbJS/Y/6TF2KHhBUfSSvwzN1slkj1jab+TnSee
USQzGh2dy4I52P+BL/xADmkeRZFD5AocGAofUthKc+AUj56KO5v/G7XXOcaFQHWV
h2kFc0McKLSYDkByWj2z9Mu2Y/CmLHZm3UFHmQYrAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUNqMogiKBAriZ/gYwo5t0aNaqnbMwHwYDVR0jBBgwFoAULhjiCKGCVxsJ
fdIjpxaeQOvpiT0wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzUyMWViMzNmLTk2NzItNGNkOS1hY2NlLTEzNzIyN2U5NzFhYy82YTk1MzdhOC1h
Njg1LTRiNDgtOWZhOC04MzYyZTRmYzQ3YWUvYjU4NDVjMzA3ZDBiZjYxYjEzNGI4
YWI3MTE1NDU4MjZiMTcwN2ZkNWYwYWY4NGRhMDguY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTE3ZjNlZDctNThiNS00Nzk2LWJlMzctMTRk
NjJlNDhmMDU2L2EyZmE0MGRjLWE1OWQtNDM5Mi05YjIwLWE3NTY5MTY5NjA3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzUxN2YzZWQ3LTU4YjUtNDc5Ni1iZTM3
LTE0ZDYyZTQ4ZjA1Ni9DX1liRTB1S3R4RlVXQ2F4Y0hfVjhLLUUyZ2cuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmAPD74zANBgkqhkiG9w0BAQsFAAOCAQEAQABEXWwuy2UgoDTn0v72/obi
vSFJLe1vHHvm1lf9lzD9aCGPtZSCRb0HiKq/bICUK+BqzEPpI96KKFyJAGRJoksz
OtGwwXaT9AA7HI5bModW78xNoZjifnH1r+E+1gjD8JdltnldFvRnVXiTLi1BxE+y
rY7hBd5tnxwQICKMyr/Wd67kAC3OuRI2xSjKcA7g5Lz0O0s/MmkWzGEwIkBl0wpt
2ZT7J7H2oiG6qqwrbyZTmHzxjBs5CcDT7dhq3gl8o76t7n78vxOZmU0On55DSQsG
JJRBGio95vaAQqcyNKchDUGvnPX6VzaawCmqmlzPG1a8giSenEebe2DPZv6Jjw==
-----END CERTIFICATE-----
Generated at Tue Jan 7 05:36:24 2025 by rpki-client on console-fra.rpki-client.org