Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/3d36e036-75d2-4ea4-9792-7752ad55e2bb.roa
File:                     3d36e036-75d2-4ea4-9792-7752ad55e2bb.roa (raw, json)
Hash identifier:          rPOdx5wlPLdGZjM/KI/o4citcxN46leAfZ9waVCfszo=
Subject key identifier:   D9:25:49:58:89:99:6A:A1:83:29:1B:D0:DE:7F:46:C3:03:6E:F3:68
Certificate issuer:       /CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
Certificate serial:       539E74F9A8EE2ACB7122123E875D65AB1512844B
Authority key identifier: BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/3d36e036-75d2-4ea4-9792-7752ad55e2bb.roa
Signing time:             Fri 19 Apr 2024 00:00:00 +0000
ROA not before:           Fri 19 Apr 2024 00:00:00 +0000
ROA not after:            Fri 24 May 2024 23:59:59 +0000
asID:                     16509
IP address blocks:        2605:9cc0:f023::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 19 Apr 2024 14:11:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:9e:74:f9:a8:ee:2a:cb:71:22:12:3e:87:5d:65:ab:15:12:84:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424
        Validity
            Not Before: Apr 19 00:00:00 2024 GMT
            Not After : May 24 23:59:59 2024 GMT
        Subject: serialNumber=224e9f257f1c8bbe7d0895b947ce6b5cada8c3e520829325aa7356412ae0411c, CN=f7243785-46de-414b-9b8f-7a9699e979e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d0:7b:60:17:5d:1f:32:b4:bd:1c:9d:35:d1:
                    56:2b:b2:9c:fa:25:43:0b:e1:dd:c4:36:c0:05:84:
                    7d:3b:2e:7c:4b:d9:41:56:50:8b:80:04:a5:9e:7e:
                    e7:8b:6f:ac:fd:7e:31:bc:49:6e:c8:f7:c4:d3:24:
                    7c:19:92:47:41:82:15:24:6f:93:70:dd:7d:be:5d:
                    9e:08:76:1f:ee:73:90:4b:88:2b:51:11:55:26:43:
                    e1:2d:4b:03:dd:17:07:f1:c0:d3:14:f0:0b:63:30:
                    fb:16:04:66:e8:9f:db:0a:1d:82:bc:9d:df:37:92:
                    63:ea:f8:b5:bc:d5:4f:33:50:0c:3e:54:42:be:ea:
                    c2:a1:b3:cc:f0:8a:ad:57:ed:7c:13:42:c5:33:37:
                    1f:f2:0a:2e:df:7c:8e:fb:05:f5:4f:4f:a7:ea:8a:
                    79:b1:2c:1c:98:7e:0c:34:ba:f3:55:bf:67:56:78:
                    37:8e:15:68:5d:2b:41:a2:f3:50:b8:34:2d:ef:58:
                    9c:5c:0a:d6:a4:1a:d1:bd:c0:47:63:b5:2f:c5:2c:
                    f9:4f:d1:f0:24:f4:68:c0:9a:9c:17:df:f5:68:c9:
                    5f:d4:06:21:eb:9d:83:31:01:17:c4:f6:9a:47:70:
                    46:37:4f:6a:15:34:e3:10:62:20:57:95:cf:df:32:
                    89:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:25:49:58:89:99:6A:A1:83:29:1B:D0:DE:7F:46:C3:03:6E:F3:68
            X509v3 Authority Key Identifier:
                keyid:BA:0C:E1:7E:23:3F:BC:71:D4:30:AB:DA:C2:C3:0C:79:04:B6:A0:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/d3ea6eab-f41f-4e46-a8f6-3da4a128d78c/97ac0028d6efbddafb7d9c71e29eb71c005e34fc19f1f7c424.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/3d36e036-75d2-4ea4-9792-7752ad55e2bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/54602fb0-a9d4-4f9f-b0ca-be2a139ea92b/773a-32cceKetxwAXjT8GfH3xCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2605:9cc0:f023::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:71:b3:d4:b7:95:e8:43:20:60:d5:f0:2f:a3:36:aa:83:a1:
         a5:dc:3a:cd:3f:59:06:4b:fa:03:5c:4b:d4:95:fe:ca:86:1a:
         b9:73:12:86:36:5d:b2:24:09:46:68:89:4e:14:05:43:86:4c:
         17:91:6a:b6:d2:39:33:63:bd:f7:92:06:2b:4f:e7:b6:3e:b0:
         99:f1:ab:74:ff:ea:ad:9b:3d:fe:91:fb:55:83:a0:8e:a6:8d:
         03:97:0f:95:9d:bd:75:98:d5:f7:b3:6b:c4:a5:21:cc:26:f8:
         5d:30:9f:b8:18:c1:6e:a1:8d:0b:90:d4:bf:c8:19:12:9a:56:
         91:d0:62:27:1c:9b:f7:0d:c4:3b:47:15:2c:d3:8b:8b:f7:5e:
         cc:6f:2a:c4:27:c9:11:ee:db:4e:c2:f3:02:06:e1:3c:b6:93:
         21:b8:5d:5e:8a:37:c5:f1:42:8b:e6:f5:36:bf:dd:20:1c:64:
         0d:e0:7c:0a:ba:65:73:02:2e:e2:bc:8d:38:4e:50:32:ce:7a:
         8e:48:9d:28:9f:22:09:e5:87:4d:78:95:2e:79:b9:87:cf:c6:
         39:b4:f6:db:63:8b:85:21:cd:f5:d8:12:b4:e9:e0:ca:b8:81:
         38:af:4e:a1:93:e2:2f:e7:34:6b:41:cd:20:48:1c:d7:72:6c:
         89:6d:c4:ff
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUU550+ajuKstxIhI+h11lqxUShEswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOTdhYzAwMjhkNmVmYmRkYWZiN2Q5YzcxZTI5ZWI3MWMw
MDVlMzRmYzE5ZjFmN2M0MjQwHhcNMjQwNDE5MDAwMDAwWhcNMjQwNTI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMjRlOWYyNTdmMWM4YmJlN2QwODk1Yjk0N2NlNmI1Y2Fk
YThjM2U1MjA4MjkzMjVhYTczNTY0MTJhZTA0MTFjMS0wKwYDVQQDEyRmNzI0Mzc4
NS00NmRlLTQxNGItOWI4Zi03YTk2OTllOTc5ZTIwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC90HtgF10fMrS9HJ010VYrspz6JUML4d3ENsAFhH07LnxL
2UFWUIuABKWefueLb6z9fjG8SW7I98TTJHwZkkdBghUkb5Nw3X2+XZ4Idh/uc5BL
iCtREVUmQ+EtSwPdFwfxwNMU8AtjMPsWBGbon9sKHYK8nd83kmPq+LW81U8zUAw+
VEK+6sKhs8zwiq1X7XwTQsUzNx/yCi7ffI77BfVPT6fqinmxLByYfgw0uvNVv2dW
eDeOFWhdK0Gi81C4NC3vWJxcCtakGtG9wEdjtS/FLPlP0fAk9GjAmpwX3/VoyV/U
BiHrnYMxARfE9ppHcEY3T2oVNOMQYiBXlc/fMonLAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQU2SVJWImZaqGDKRvQ3n9GwwNu82gwHwYDVR0jBBgwFoAUugzhfiM/vHHU
MKvawsMMeQS2oOcwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy9kM2VhNmVhYi1m
NDFmLTRlNDYtYThmNi0zZGE0YTEyOGQ3OGMvOTdhYzAwMjhkNmVmYmRkYWZiN2Q5
YzcxZTI5ZWI3MWMwMDVlMzRmYzE5ZjFmN2M0MjQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvNTQ2MDJmYjAtYTlkNC00ZjlmLWIwY2EtYmUy
YTEzOWVhOTJiLzNkMzZlMDM2LTc1ZDItNGVhNC05NzkyLTc3NTJhZDU1ZTJiYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzU0NjAyZmIwLWE5ZDQtNGY5Zi1iMGNh
LWJlMmExMzllYTkyYi83NzNhLTMyY2NlS2V0eHdBWGpUOEdmSDN4Q1EuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwAmBZzA8CMwDQYJKoZIhvcNAQELBQADggEBAG9xs9S3lehDIGDV8C+jNqqD
oaXcOs0/WQZL+gNcS9SV/sqGGrlzEoY2XbIkCUZoiU4UBUOGTBeRarbSOTNjvfeS
BitP57Y+sJnxq3T/6q2bPf6R+1WDoI6mjQOXD5WdvXWY1feza8SlIcwm+F0wn7gY
wW6hjQuQ1L/IGRKaVpHQYiccm/cNxDtHFSzTi4v3XsxvKsQnyRHu207C8wIG4Ty2
kyG4XV6KN8XxQovm9Ta/3SAcZA3gfAq6ZXMCLuK8jThOUDLOeo5InSifIgnlh014
lS55uYfPxjm09ttji4UhzfXYErTp4Mq4gTivTqGT4i/nNGtBzSBIHNdybIltxP8=
-----END CERTIFICATE-----