Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ed5fae1-c958-4600-a7cf-149c315b2d49.roa
File:                     0ed5fae1-c958-4600-a7cf-149c315b2d49.roa (raw, json)
Hash identifier:          Ve5sZH5zVzFwnBz+B8J8witk5VURENoQjxdm+b9AbkQ=
Subject key identifier:   33:1B:7D:0E:11:A0:3E:55:41:CA:BE:5E:B4:ED:4C:4D:08:89:AB:4E
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       42D5DCDD0A9D3BB00B4F3151B8523712364B6E4A
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ed5fae1-c958-4600-a7cf-149c315b2d49.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.202.0.0/15 maxlen: 15
Validation:               Failed, certificate revoked on Fri 31 Jan 2025 18:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:d5:dc:dd:0a:9d:3b:b0:0b:4f:31:51:b8:52:37:12:36:4b:6e:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f9:6b:a0:cf:d2:96:51:88:15:40:2b:91:e6:
                    a3:34:42:89:25:6d:e3:d2:70:da:2f:1f:8c:e5:77:
                    63:89:70:16:bf:b1:23:66:c7:08:b4:97:5c:e3:da:
                    dd:46:4a:67:85:08:66:bb:81:cb:40:dc:7a:1d:04:
                    19:b3:69:34:49:ad:2d:e1:dc:53:a5:97:be:f5:ac:
                    56:74:f2:1e:31:6b:d5:70:80:d0:19:e4:da:01:07:
                    36:37:4d:bc:25:4c:78:d4:7b:24:53:8d:ec:49:f0:
                    53:b9:8b:08:0d:9a:5c:8f:db:0e:54:b5:ba:15:2f:
                    f3:c9:27:95:22:17:c2:8d:25:d7:38:af:f5:68:ec:
                    d5:fb:fb:db:d5:65:50:1a:ba:4d:bb:22:d7:44:f4:
                    84:4d:99:8c:fa:ad:58:bf:d3:9e:e8:e1:41:71:27:
                    7f:e9:a3:ab:ac:f6:cd:56:ec:8b:84:5c:95:af:7c:
                    09:55:e6:e1:0e:2f:73:ef:6b:4f:e7:59:0a:df:4e:
                    ee:d0:df:78:7e:c2:fe:4f:23:df:d8:f3:e5:ab:9a:
                    04:51:f4:9a:3a:28:5a:b6:0e:38:c5:5e:0a:26:6c:
                    06:9e:82:9e:b6:9f:c0:76:44:a9:a3:1f:c8:5f:b3:
                    7f:a2:83:59:f5:bc:d9:9d:1c:af:d2:b9:cf:a3:7d:
                    f3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:1B:7D:0E:11:A0:3E:55:41:CA:BE:5E:B4:ED:4C:4D:08:89:AB:4E
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/0ed5fae1-c958-4600-a7cf-149c315b2d49.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.202.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         9f:a7:fa:f8:02:4a:ac:09:ce:4e:e5:57:dd:a5:2a:35:69:67:
         32:8c:ae:a5:21:de:36:53:d9:09:2b:69:5b:ee:f8:6f:16:06:
         9d:e1:9c:4e:54:26:70:95:97:09:30:c3:7b:76:f5:8f:95:9e:
         d5:08:ab:b1:35:57:36:4a:77:90:a3:af:96:25:55:6f:b0:04:
         37:ca:86:c7:0e:4e:e7:32:18:6d:ca:f8:3a:77:57:30:f4:ef:
         39:dc:f4:92:fd:33:23:04:66:49:0b:82:9e:4e:97:73:32:62:
         59:55:51:14:38:54:7b:81:ba:c7:69:bc:75:95:0a:ff:26:c6:
         a1:4d:26:7d:d6:66:f6:69:eb:7a:47:7c:26:8c:9d:ca:76:da:
         13:3c:e8:97:b9:f5:67:aa:70:f9:e0:e8:fb:ca:6c:2e:44:07:
         e2:f3:2f:78:ab:3d:94:10:01:b9:c1:db:1c:69:3d:16:13:cf:
         74:f7:11:5b:00:8a:ef:49:b5:d8:2c:e6:f3:88:50:36:43:45:
         c6:7c:17:b5:19:5c:31:6d:9d:5f:09:84:88:4f:8f:d5:13:56:
         bd:5c:08:22:b6:14:6c:92:20:8d:35:3c:21:36:3b:b1:1d:a9:
         b7:55:74:6b:af:76:89:ca:eb:54:ff:3e:11:bb:e2:e7:55:96:
         03:82:93:f2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUQtXc3QqdO7ALTzFRuFI3EjZLbkowDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYTNhMzdlM2RmNzFjYTFmMGM3MGNhMjRjZmI5ZTI2MmUw
ZGQ3YTBhM2IwMzRlYzE1YWVkMzZkYmQyNDEwOWMzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCt+Wugz9KWUYgVQCuR5qM0QoklbePScNovH4zld2OJcBa/
sSNmxwi0l1zj2t1GSmeFCGa7gctA3HodBBmzaTRJrS3h3FOll771rFZ08h4xa9Vw
gNAZ5NoBBzY3TbwlTHjUeyRTjexJ8FO5iwgNmlyP2w5UtboVL/PJJ5UiF8KNJdc4
r/Vo7NX7+9vVZVAauk27ItdE9IRNmYz6rVi/057o4UFxJ3/po6us9s1W7IuEXJWv
fAlV5uEOL3Pva0/nWQrfTu7Q33h+wv5PI9/Y8+WrmgRR9Jo6KFq2DjjFXgombAae
gp62n8B2RKmjH8hfs3+ig1n1vNmdHK/Suc+jffM3AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUMxt9DhGgPlVByr5etO1MTQiJq04wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzBlZDVmYWUxLWM5NTgtNDYwMC1hN2NmLTE0OWMzMTViMmQ0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwE2yjANBgkqhkiG9w0BAQsFAAOCAQEAn6f6+AJKrAnOTuVX3aUqNWlnMoyu
pSHeNlPZCStpW+74bxYGneGcTlQmcJWXCTDDe3b1j5We1QirsTVXNkp3kKOvliVV
b7AEN8qGxw5O5zIYbcr4OndXMPTvOdz0kv0zIwRmSQuCnk6XczJiWVVRFDhUe4G6
x2m8dZUK/ybGoU0mfdZm9mnrekd8JoydynbaEzzol7n1Z6pw+eDo+8psLkQH4vMv
eKs9lBABucHbHGk9FhPPdPcRWwCK70m12Czm84hQNkNFxnwXtRlcMW2dXwmEiE+P
1RNWvVwIIrYUbJIgjTU8ITY7sR2pt1V0a692icrrVP8+Ebvi51WWA4KT8g==
-----END CERTIFICATE-----