Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4bccbe4d-9599-4772-81d2-d4e8f688ed5f.roa
File:                     4bccbe4d-9599-4772-81d2-d4e8f688ed5f.roa (raw, json)
Hash identifier:          lxmy1zHXfFtJRRqJav5HPsz6EtlW2z2fydkT5/E2V9s=
Subject key identifier:   AD:EB:BD:4B:D0:A2:E9:4D:C6:FE:D2:56:CC:5D:2D:7D:99:49:83:58
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       16492F8B4EDA9CE3F8096363CAEF42592844F4B0
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4bccbe4d-9599-4772-81d2-d4e8f688ed5f.roa
Signing time:             Tue 14 Jan 2025 00:00:00 +0000
ROA not before:           Tue 14 Jan 2025 00:00:00 +0000
ROA not after:            Tue 18 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        15.244.0.0/16 maxlen: 24
Validation:               Failed, certificate revoked on Tue 14 Jan 2025 19:07:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:49:2f:8b:4e:da:9c:e3:f8:09:63:63:ca:ef:42:59:28:44:f4:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 14 00:00:00 2025 GMT
            Not After : Feb 18 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1b:be:16:06:c9:c4:89:71:fb:7f:88:3e:ff:
                    8e:81:04:ac:d6:7a:f2:3c:7b:34:ac:7f:c7:58:ef:
                    c6:1d:d1:88:2b:9f:7e:00:93:d9:11:77:87:c2:f5:
                    4d:10:ff:23:11:6d:e1:5e:8b:a3:55:8a:1b:43:c5:
                    d2:2d:71:32:22:bd:9a:b6:60:fb:73:5d:d9:9f:8b:
                    e6:18:c6:dd:bf:82:af:b2:43:9f:9e:66:7b:88:42:
                    66:10:20:7e:0b:be:46:75:bb:84:fe:ca:2a:63:3f:
                    2a:ef:01:1a:5b:2e:71:c0:cc:23:0a:33:ee:85:26:
                    ba:cd:ea:46:9c:40:5a:46:13:a2:b3:08:06:76:fd:
                    7d:5f:b5:fe:00:ad:f6:fb:41:70:1f:02:25:80:d6:
                    89:92:24:a5:b4:77:3b:d2:e8:53:04:af:46:5a:50:
                    4a:e3:47:bb:26:6c:ee:a8:cb:b7:9f:7d:2c:a5:96:
                    d8:e9:01:1d:5a:6a:cc:34:5b:ee:1a:7f:8a:62:02:
                    b1:3f:d7:47:c3:7d:f7:c6:d4:d3:45:4e:fe:97:c9:
                    44:f3:e9:b0:d7:11:c1:3c:a7:b2:ee:60:11:cf:90:
                    70:00:bc:64:86:d9:7d:a2:4e:45:04:a7:fc:5a:f3:
                    13:10:b4:c9:b2:94:86:f3:1d:8d:4c:37:39:8f:57:
                    fe:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:EB:BD:4B:D0:A2:E9:4D:C6:FE:D2:56:CC:5D:2D:7D:99:49:83:58
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/4bccbe4d-9599-4772-81d2-d4e8f688ed5f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  15.244.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6a:44:41:2d:86:56:34:b7:ec:78:68:15:94:f6:a9:71:84:9c:
         f1:de:97:2a:1d:5e:d2:32:f7:2f:0d:03:27:b1:ce:cc:4b:cf:
         c4:cb:14:70:e8:c1:ef:c0:0f:62:33:3f:91:64:14:ca:bc:68:
         8a:82:f6:9f:2e:cd:6d:72:2b:f4:f0:41:2b:93:d0:aa:c6:76:
         a1:44:bb:9b:d3:de:9e:72:14:64:75:60:75:aa:68:16:f0:e8:
         8d:84:b3:2d:b9:73:43:d5:dd:00:45:14:08:ab:7f:ce:58:b2:
         34:41:9f:36:ef:9f:b8:8d:ca:98:a8:bc:10:74:21:50:f8:59:
         65:df:93:a6:14:01:4b:30:65:92:3b:27:a3:d6:98:24:b9:01:
         22:1d:c6:2e:43:e0:08:ad:a0:21:fe:c2:ca:43:bb:c9:90:71:
         bf:ad:5b:eb:0c:72:ba:6d:7b:ba:d9:1e:bc:e5:76:ca:d1:bc:
         1d:db:60:dc:95:13:6b:6c:5e:a3:14:28:9c:07:10:b7:c1:64:
         5e:f0:27:f8:fb:23:25:82:a0:36:e9:17:dc:91:e3:df:8e:e0:
         2f:ff:f8:01:12:de:55:25:92:0c:b9:63:06:fd:f2:d5:13:eb:
         1b:f2:4e:1f:66:7a:c6:7e:54:5f:15:bf:20:41:73:a3:a2:fe:
         4e:fc:16:86
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUFkkvi07anOP4CWNjyu9CWShE9LAwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTE0MDAwMDAwWhcNMjUwMjE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BjZmE4ZTRiN2U0OTVmZjI3ZWY1ODc2NzM4NTIyNjRmZWEy
YjRiN2YzNjdmMjA0NmNjMTA3NTMzODA3NzIxM2YzMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAG74WBsnEiXH7f4g+/46BBKzWevI8ezSsf8dY78Yd0Ygr
n34Ak9kRd4fC9U0Q/yMRbeFei6NVihtDxdItcTIivZq2YPtzXdmfi+YYxt2/gq+y
Q5+eZnuIQmYQIH4LvkZ1u4T+yipjPyrvARpbLnHAzCMKM+6FJrrN6kacQFpGE6Kz
CAZ2/X1ftf4Arfb7QXAfAiWA1omSJKW0dzvS6FMEr0ZaUErjR7smbO6oy7effSyl
ltjpAR1aasw0W+4af4piArE/10fDfffG1NNFTv6XyUTz6bDXEcE8p7LuYBHPkHAA
vGSG2X2iTkUEp/xa8xMQtMmylIbzHY1MNzmPV/7DAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUreu9S9Ci6U3G/tJWzF0tfZlJg1gwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzRiY2NiZTRkLTk1OTktNDc3Mi04MWQyLWQ0ZThmNjg4ZWQ1Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwAP9DANBgkqhkiG9w0BAQsFAAOCAQEAakRBLYZWNLfseGgVlPapcYSc8d6X
Kh1e0jL3Lw0DJ7HOzEvPxMsUcOjB78APYjM/kWQUyrxoioL2ny7NbXIr9PBBK5PQ
qsZ2oUS7m9PennIUZHVgdapoFvDojYSzLblzQ9XdAEUUCKt/zliyNEGfNu+fuI3K
mKi8EHQhUPhZZd+TphQBSzBlkjsno9aYJLkBIh3GLkPgCK2gIf7CykO7yZBxv61b
6wxyum17utkevOV2ytG8Hdtg3JUTa2xeoxQonAcQt8FkXvAn+PsjJYKgNukX3JHj
347gL//4ARLeVSWSDLljBv3y1RPrG/JOH2Z6xn5UXxW/IEFzo6L+TvwWhg==
-----END CERTIFICATE-----