Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/153c682b-c232-4844-9ac8-0898cf0f0f2f.roa
File:                     153c682b-c232-4844-9ac8-0898cf0f0f2f.roa (raw, json)
Hash identifier:          mtS5HCMgNPxa89JpXy4HV66de1AlYKYKscA43hsJiaI=
Subject key identifier:   27:5C:34:C8:18:43:C3:61:A3:37:04:AA:90:7E:29:D4:86:A6:62:C4
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       06081DC79B287D92C86A2D594E98E3053E5A9BBA
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/153c682b-c232-4844-9ac8-0898cf0f0f2f.roa
Signing time:             Fri 22 Nov 2024 00:00:00 +0000
ROA not before:           Fri 22 Nov 2024 00:00:00 +0000
ROA not after:            Fri 27 Dec 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2605:9cc0:d00::/40 maxlen: 48

Validation:               Failed, certificate revoked on Fri 22 Nov 2024 07:33:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:08:1d:c7:9b:28:7d:92:c8:6a:2d:59:4e:98:e3:05:3e:5a:9b:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Nov 22 00:00:00 2024 GMT
            Not After : Dec 27 23:59:59 2024 GMT
        Subject: serialNumber=7ff71689dc92332b98d59e19520f74ecd92da6bf99ab57547c8a08904f9c6e92, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:98:b9:0a:4e:38:f9:78:08:26:6b:9a:8c:49:
                    01:76:db:a4:e2:be:3c:48:5c:4e:af:60:3d:d1:0d:
                    a1:e9:f6:e2:d2:11:41:73:7f:ba:d8:a2:a4:91:83:
                    cf:8f:03:c2:5d:59:c1:96:22:22:86:42:b6:6d:9d:
                    d4:4f:30:01:60:ac:18:4a:e5:0d:23:15:64:85:71:
                    53:9b:e7:dc:e3:ce:9e:8e:a8:20:f5:6e:f9:b9:44:
                    68:6c:e1:be:d8:bf:fe:50:e3:6c:66:80:cf:13:f1:
                    cb:4d:3b:dd:f7:59:97:c5:2f:fd:63:2d:d2:03:d9:
                    cb:91:29:20:16:d2:21:7e:92:7a:bb:ab:ee:54:c4:
                    ee:ac:56:88:73:56:ae:3d:66:9b:96:97:cb:04:1f:
                    ad:24:3c:24:a8:6d:3c:ad:70:d9:96:49:98:2c:90:
                    c5:78:52:56:e1:75:6f:a0:78:56:a7:86:58:74:6d:
                    1f:5d:f8:11:50:d5:3b:7d:4b:d3:bb:b0:89:94:c2:
                    3b:02:78:2b:54:a6:cd:78:59:b7:c4:bc:15:a0:df:
                    bf:5e:ef:36:05:70:29:85:40:3f:a2:58:47:e3:dd:
                    fa:7f:98:c7:b4:1d:f4:43:60:9e:ce:3e:51:17:78:
                    4f:ea:18:21:49:21:dc:5a:19:ce:bc:32:d5:e7:d9:
                    0f:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:5C:34:C8:18:43:C3:61:A3:37:04:AA:90:7E:29:D4:86:A6:62:C4
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/153c682b-c232-4844-9ac8-0898cf0f0f2f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:d00::/40

    Signature Algorithm: sha256WithRSAEncryption
         43:d8:9e:9d:9e:96:9d:cc:bd:d8:1c:0f:72:27:5c:7a:7b:ce:
         f8:bd:c0:57:a2:8d:80:95:16:6d:03:d6:17:34:4f:9b:19:52:
         f8:ed:f0:97:9c:f2:0a:0b:a7:a5:8c:ce:37:78:62:06:a3:0e:
         ed:35:a3:fd:0f:8f:80:a9:d1:25:71:b5:a8:85:80:b2:d6:15:
         38:3d:4f:f7:ec:03:48:61:65:95:2a:28:e2:64:3d:42:58:0a:
         08:9c:70:a3:5c:28:eb:16:39:b0:7e:73:f2:b2:8f:28:3d:ce:
         24:34:1c:cf:bf:a2:32:e2:b0:30:10:a4:8e:e7:3d:4b:90:a8:
         73:90:2b:dc:8a:0c:c7:c6:ae:ef:b9:9e:a6:fa:7d:d9:c2:26:
         57:d1:a0:ba:23:16:19:b6:6a:6b:cf:6f:0c:7f:7d:47:d3:e2:
         79:7c:27:03:45:be:9c:41:4a:f1:57:cc:08:0a:49:77:ff:e4:
         db:b3:cd:5f:3c:a9:0d:c7:ed:44:13:b0:da:c7:48:0b:6b:b1:
         85:04:95:b4:f3:78:60:12:68:0f:2d:ce:2a:f2:46:f8:a5:3a:
         8b:d2:7b:88:ae:9e:c2:a0:c8:42:dc:66:e8:cd:38:40:19:5b:
         cd:16:1a:2f:e0:91:20:46:ac:4d:52:3b:71:21:e2:56:92:a7:
         8a:c9:ef:ae
-----BEGIN CERTIFICATE-----
MIIF+jCCBOKgAwIBAgIUBggdx5sofZLIai1ZTpjjBT5am7owDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjQxMTIyMDAwMDAwWhcNMjQxMjI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3ZmY3MTY4OWRjOTIzMzJiOThkNTllMTk1MjBmNzRlY2Q5
MmRhNmJmOTlhYjU3NTQ3YzhhMDg5MDRmOWM2ZTkyMS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCdmLkKTjj5eAgma5qMSQF226TivjxIXE6vYD3RDaHp9uLS
EUFzf7rYoqSRg8+PA8JdWcGWIiKGQrZtndRPMAFgrBhK5Q0jFWSFcVOb59zjzp6O
qCD1bvm5RGhs4b7Yv/5Q42xmgM8T8ctNO933WZfFL/1jLdID2cuRKSAW0iF+knq7
q+5UxO6sVohzVq49ZpuWl8sEH60kPCSobTytcNmWSZgskMV4UlbhdW+geFanhlh0
bR9d+BFQ1Tt9S9O7sImUwjsCeCtUps14WbfEvBWg379e7zYFcCmFQD+iWEfj3fp/
mMe0HfRDYJ7OPlEXeE/qGCFJIdxaGc68MtXn2Q/zAgMBAAGjggKzMIICrzAdBgNV
HQ4EFgQUJ1w0yBhDw2GjNwSqkH4p1IamYsQwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzE1M2M2ODJiLWMyMzItNDg0NC05YWM4LTA4OThjZjBmMGYyZi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgAC
MAgDBgAmBZzADTANBgkqhkiG9w0BAQsFAAOCAQEAQ9ienZ6Wncy92BwPcidcenvO
+L3AV6KNgJUWbQPWFzRPmxlS+O3wl5zyCgunpYzON3hiBqMO7TWj/Q+PgKnRJXG1
qIWAstYVOD1P9+wDSGFllSoo4mQ9QlgKCJxwo1wo6xY5sH5z8rKPKD3OJDQcz7+i
MuKwMBCkjuc9S5Coc5Ar3IoMx8au77mepvp92cImV9GguiMWGbZqa89vDH99R9Pi
eXwnA0W+nEFK8VfMCApJd//k27PNXzypDcftRBOw2sdIC2uxhQSVtPN4YBJoDy3O
KvJG+KU6i9J7iK6ewqDIQtxm6M04QBlbzRYaL+CRIEasTVI7cSHiVpKnisnvrg==
-----END CERTIFICATE-----