Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25bba307-7d0c-4072-9571-fcfab0c857b9.roa
File:                     25bba307-7d0c-4072-9571-fcfab0c857b9.roa (raw, json)
Hash identifier:          MtFD5othTwpMD5HValjIEAcslJU0+AEmVadrzL3SM7M=
Subject key identifier:   9A:09:F5:34:4A:45:D8:88:DD:A1:F5:F7:A3:21:A2:78:17:85:04:85
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6F09A5DD73DAF0A4D3782A20C4A0A128BC1625C9
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25bba307-7d0c-4072-9571-fcfab0c857b9.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        52.56.0.0/19 maxlen: 19
Validation:               Failed, certificate revoked on Fri 31 Jan 2025 17:11:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:09:a5:dd:73:da:f0:a4:d3:78:2a:20:c4:a0:a1:28:bc:16:25:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ba:3a:85:52:7e:1f:56:15:db:8c:bf:bc:39:
                    73:16:d7:3d:4c:f0:d8:ef:5b:7c:62:6b:6a:29:eb:
                    62:c8:d9:b5:91:6e:07:e3:07:10:9d:3b:a7:ae:6c:
                    6d:18:87:de:0a:e1:69:36:90:e2:fc:a6:bf:33:14:
                    9a:6e:36:00:f5:4e:c6:e6:81:e2:15:42:ee:34:72:
                    8b:6b:42:3b:dc:ed:e5:34:cb:e3:8f:9f:dd:d3:bc:
                    da:4d:a9:12:ad:b2:72:e8:a0:72:7b:e9:6b:ab:3f:
                    c1:98:77:ad:2c:19:e1:a6:8f:2e:42:83:b7:2f:d9:
                    f3:2a:0a:fb:df:2c:cf:9f:69:51:a4:78:3f:56:a8:
                    57:4c:12:11:5b:34:ca:72:32:4d:f2:e6:60:51:e8:
                    88:69:80:8c:a9:03:15:e3:8a:7a:b4:09:09:62:61:
                    31:5e:89:34:60:a7:b5:5d:0e:86:4f:89:bb:17:80:
                    84:23:72:a2:08:b3:44:03:b4:cc:64:a4:84:28:97:
                    2e:45:82:db:01:3a:f7:1f:a0:26:ab:ee:8f:59:5e:
                    99:c1:9c:ff:95:b2:58:50:13:a0:94:17:a5:fc:63:
                    4e:26:44:23:9c:12:c7:e2:fb:d6:90:7b:09:08:11:
                    04:90:d3:a8:22:48:17:4d:f5:b1:ea:d2:39:0b:de:
                    ed:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:09:F5:34:4A:45:D8:88:DD:A1:F5:F7:A3:21:A2:78:17:85:04:85
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/25bba307-7d0c-4072-9571-fcfab0c857b9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  52.56.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         14:2d:79:01:7c:ac:af:3b:16:27:de:52:37:04:04:d3:0d:4a:
         e8:d0:b1:3a:cc:ec:a0:1f:99:a2:2c:c7:c9:1b:6d:c0:46:07:
         28:97:bc:c9:12:54:2c:bb:bc:2a:99:ab:55:25:76:a9:b6:07:
         ce:57:3f:f0:f4:cd:e8:45:0a:bc:0d:fc:f6:2c:db:e8:86:85:
         ec:56:06:dd:10:97:3e:72:1a:3d:77:4d:d7:1d:16:e0:ee:bd:
         a5:cf:2c:77:6d:24:87:47:62:6b:5b:1d:f8:c5:1b:b5:fb:f9:
         8f:6f:a1:0c:76:a6:af:38:59:c0:14:46:2b:10:73:f7:52:b0:
         18:fb:4b:ab:e9:85:f8:f8:e3:91:ed:29:42:a8:f5:44:66:fd:
         6b:59:0b:75:1b:2e:c4:4b:41:ff:e5:c7:23:d2:f4:f4:28:b8:
         d2:16:06:b0:7e:0f:38:4f:c2:68:ff:37:35:5f:8a:e3:68:82:
         45:27:67:3a:d1:80:11:e9:0f:bf:97:70:57:a8:14:cb:35:ff:
         45:27:18:24:3b:2a:cd:d7:37:2c:cb:29:c4:f1:ea:f3:1b:0c:
         11:e8:51:66:45:85:13:d3:f9:d3:10:61:c6:6b:da:4a:31:36:
         04:9c:3e:d6:88:95:0e:5d:32:24:12:de:0b:0b:4e:f2:b6:b2:
         80:74:8b:9c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbwml3XPa8KTTeCogxKChKLwWJckwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzZTJiNTUxNTk4MjM0NWU0NmVjMjA3NjEzYzU1NTU3YmZm
NWY4OTI2MmFiY2U5MWExYWNjNjhjNmNlMDAyMDhiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCcujqFUn4fVhXbjL+8OXMW1z1M8NjvW3xia2op62LI2bWR
bgfjBxCdO6eubG0Yh94K4Wk2kOL8pr8zFJpuNgD1TsbmgeIVQu40cotrQjvc7eU0
y+OPn93TvNpNqRKtsnLooHJ76WurP8GYd60sGeGmjy5Cg7cv2fMqCvvfLM+faVGk
eD9WqFdMEhFbNMpyMk3y5mBR6IhpgIypAxXjinq0CQliYTFeiTRgp7VdDoZPibsX
gIQjcqIIs0QDtMxkpIQoly5FgtsBOvcfoCar7o9ZXpnBnP+VslhQE6CUF6X8Y04m
RCOcEsfi+9aQewkIEQSQ06giSBdN9bHq0jkL3u3xAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUmgn1NEpF2IjdofX3oyGieBeFBIUwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzI1YmJhMzA3LTdkMGMtNDA3Mi05NTcxLWZjZmFiMGM4NTdiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU0OAAwDQYJKoZIhvcNAQELBQADggEBABQteQF8rK87FifeUjcEBNMNSujQ
sTrM7KAfmaIsx8kbbcBGByiXvMkSVCy7vCqZq1Uldqm2B85XP/D0zehFCrwN/PYs
2+iGhexWBt0Qlz5yGj13TdcdFuDuvaXPLHdtJIdHYmtbHfjFG7X7+Y9voQx2pq84
WcAURisQc/dSsBj7S6vphfj445HtKUKo9URm/WtZC3UbLsRLQf/lxyPS9PQouNIW
BrB+DzhPwmj/NzVfiuNogkUnZzrRgBHpD7+XcFeoFMs1/0UnGCQ7Ks3XNyzLKcTx
6vMbDBHoUWZFhRPT+dMQYcZr2koxNgScPtaIlQ5dMiQS3gsLTvK2soB0i5w=
-----END CERTIFICATE-----