Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24c0fbb0-0e93-4198-b812-7bf705255f70.roa
File:                     24c0fbb0-0e93-4198-b812-7bf705255f70.roa (raw, json)
Hash identifier:          uWNwSer5/M5laKC/ptgiembGpBJQZoOdEItH3riqUTs=
Subject key identifier:   95:11:99:C3:3D:B2:E8:AE:88:82:B7:D4:B4:4D:4A:49:6F:94:5C:19
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       2F51105B6C57EBFB1015900FACB515CB7D97419C
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24c0fbb0-0e93-4198-b812-7bf705255f70.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        146.65.0.0/16 maxlen: 24
Validation:               Failed, certificate revoked on Wed 15 Jan 2025 06:06:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:51:10:5b:6c:57:eb:fb:10:15:90:0f:ac:b5:15:cb:7d:97:41:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2a:37:aa:6d:df:11:e4:f4:20:68:b7:90:30:
                    f5:64:f4:01:a1:99:d2:2c:dd:2d:f1:fa:16:d3:d4:
                    70:c5:ea:29:fa:99:ce:28:71:3e:1c:ea:c3:c7:57:
                    c9:a7:d9:11:a5:2a:54:ab:57:54:46:57:16:f5:31:
                    98:27:8c:0c:7e:35:df:aa:4a:14:60:79:e5:e0:83:
                    28:6a:74:09:58:82:9e:75:fb:b5:a6:5e:b5:03:24:
                    c8:fa:f3:1b:e7:c9:f1:70:17:9a:ec:c3:81:8d:5c:
                    63:74:8e:d9:bb:b4:18:c9:0d:aa:45:07:b4:04:d0:
                    7a:84:98:9c:23:90:f8:f9:51:ab:72:f5:0c:70:94:
                    2b:8a:a6:1e:ff:d4:5d:3f:c7:6c:1e:86:5e:86:26:
                    f3:b6:1d:c4:55:3e:d1:88:52:c9:95:b7:6c:9e:65:
                    22:ca:27:d7:ed:9a:1e:2e:bd:28:b5:40:3c:17:ca:
                    a4:cf:fc:de:fd:3e:17:17:a0:82:17:ec:f7:d1:66:
                    8a:f6:80:7e:6b:70:71:86:6b:a8:e3:f4:8f:0f:f0:
                    2d:a7:56:f4:89:66:4a:1b:7a:56:b7:8e:a5:59:c9:
                    bf:4a:25:67:cb:bb:ae:4e:ea:02:3d:6a:72:5e:76:
                    34:63:c9:19:58:dc:84:32:78:b4:d8:66:e5:b6:0f:
                    ec:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:11:99:C3:3D:B2:E8:AE:88:82:B7:D4:B4:4D:4A:49:6F:94:5C:19
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/24c0fbb0-0e93-4198-b812-7bf705255f70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.65.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         01:8e:77:cd:8c:d3:e4:1d:c1:02:b8:47:bb:61:9e:87:60:29:
         53:7a:d8:69:94:3b:0b:b7:4b:da:09:99:8b:b5:cd:1a:ad:b7:
         a8:74:90:5f:1c:dc:d8:4a:79:2c:5c:e9:4d:b2:b7:91:bd:ba:
         e4:4a:b9:6b:4c:5b:25:4a:15:39:21:8d:9d:f7:4d:0a:f3:90:
         fd:0b:af:dd:5c:15:a8:c1:fb:06:2f:c1:6a:84:65:ce:ea:93:
         57:bb:84:3b:3f:bf:c5:f9:39:91:e4:e6:80:58:b6:7e:4c:3d:
         20:fb:27:61:f3:9f:06:51:d3:6e:5d:cd:88:27:4d:1e:d5:08:
         6b:5c:52:5c:f2:7c:6e:96:6d:87:85:0c:e1:5a:83:a7:fd:7c:
         92:54:bf:61:63:4b:58:e5:e9:57:9b:3c:24:c8:0b:6d:44:14:
         46:2f:ba:34:55:78:ad:53:f6:57:7f:61:0a:6a:c3:65:36:bb:
         94:0b:b2:e5:b3:ac:5d:82:81:9a:43:90:78:41:0d:c2:93:53:
         d0:e0:8e:07:01:55:8e:a3:a2:5b:ad:20:81:99:fd:23:6e:19:
         2c:3e:3b:5a:c7:62:e9:2b:00:32:f9:17:ec:67:6b:6a:50:88:
         95:b4:1a:9e:03:db:27:85:75:21:a2:83:4b:50:8e:9d:d8:6f:
         b4:1e:0c:bf
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUL1EQW2xX6/sQFZAPrLUVy32XQZwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A0MTYzODM1NGY2MzJiMmM5NzA3MDQ5NjAxYTE2NGVlNDE1
N2E0NzJiYjg5ZTlmMTRjZjU3ZWMyNGM2ZDhjOGVjMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIKjeqbd8R5PQgaLeQMPVk9AGhmdIs3S3x+hbT1HDF6in6
mc4ocT4c6sPHV8mn2RGlKlSrV1RGVxb1MZgnjAx+Nd+qShRgeeXggyhqdAlYgp51
+7WmXrUDJMj68xvnyfFwF5rsw4GNXGN0jtm7tBjJDapFB7QE0HqEmJwjkPj5Uaty
9QxwlCuKph7/1F0/x2wehl6GJvO2HcRVPtGIUsmVt2yeZSLKJ9ftmh4uvSi1QDwX
yqTP/N79PhcXoIIX7PfRZor2gH5rcHGGa6jj9I8P8C2nVvSJZkobela3jqVZyb9K
JWfLu65O6gI9anJedjRjyRlY3IQyeLTYZuW2D+z1AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUlRGZwz2y6K6IgrfUtE1KSW+UXBkwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI0YzBmYmIwLTBlOTMtNDE5OC1iODEyLTdiZjcwNTI1NWY3MC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCSQTANBgkqhkiG9w0BAQsFAAOCAQEAAY53zYzT5B3BArhHu2Geh2ApU3rY
aZQ7C7dL2gmZi7XNGq23qHSQXxzc2Ep5LFzpTbK3kb265Eq5a0xbJUoVOSGNnfdN
CvOQ/Quv3VwVqMH7Bi/BaoRlzuqTV7uEOz+/xfk5keTmgFi2fkw9IPsnYfOfBlHT
bl3NiCdNHtUIa1xSXPJ8bpZth4UM4VqDp/18klS/YWNLWOXpV5s8JMgLbUQURi+6
NFV4rVP2V39hCmrDZTa7lAuy5bOsXYKBmkOQeEENwpNT0OCOBwFVjqOiW60ggZn9
I24ZLD47Wsdi6SsAMvkX7GdralCIlbQangPbJ4V1IaKDS1COndhvtB4Mvw==
-----END CERTIFICATE-----