Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/673c385c-1059-4c0e-aada-20e7985e7a5d.roa
File:                     673c385c-1059-4c0e-aada-20e7985e7a5d.roa (raw, json)
Hash identifier:          cHOmXQCXBzJXjwB0bqki5R5a2Nhpy1UUSnSwVXM+18w=
Subject key identifier:   B4:78:DE:52:C3:9E:9D:23:23:D7:81:94:BB:E5:3B:BA:A2:69:85:B8
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       0DD0AAAB7EA67119D93350FB17834BC2B6747199
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/673c385c-1059-4c0e-aada-20e7985e7a5d.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.87.0.0/16 maxlen: 24
Validation:               Failed, certificate revoked on Thu 16 Jan 2025 02:23:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:d0:aa:ab:7e:a6:71:19:d9:33:50:fb:17:83:4b:c2:b6:74:71:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d7:a2:3b:3e:be:a9:87:8e:be:b1:25:7b:49:
                    49:a7:2a:d0:0e:f3:ec:c4:54:b8:6b:e7:4d:8e:2d:
                    6c:4f:b5:dc:c3:57:66:40:c3:36:d0:16:78:94:b2:
                    ef:81:b9:5c:f4:a9:c7:fc:77:41:1f:b6:14:4c:a5:
                    6d:22:31:fe:b1:c6:c7:31:70:01:4b:ab:27:10:8b:
                    28:3c:da:94:99:5a:d1:ab:0e:fd:2e:6b:e4:d8:d1:
                    bb:37:32:03:02:c8:ea:75:6d:85:de:10:93:d5:43:
                    94:36:41:2c:e9:21:64:34:62:45:80:f5:19:85:a7:
                    ae:62:99:9c:de:da:32:7d:92:7e:07:08:44:a0:ff:
                    bb:0d:c7:c1:39:bd:38:d2:2d:fd:66:f7:9d:b9:94:
                    32:a9:81:bd:cb:60:10:4a:98:3b:8a:11:40:0e:8f:
                    21:8c:d6:5c:88:2e:5a:fe:35:84:79:af:28:24:81:
                    69:cb:b9:f2:29:7a:63:90:43:b1:4a:40:ca:0c:25:
                    f1:9c:8d:65:87:ec:cf:26:d3:2f:63:34:40:61:25:
                    14:f3:cc:d3:cf:06:44:a5:a1:bf:12:c5:72:72:c8:
                    66:24:fc:f0:99:51:13:b4:2a:2e:1c:9e:2f:96:e3:
                    46:a8:ea:8a:13:0a:f8:44:7c:d6:11:93:ee:88:1d:
                    be:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:78:DE:52:C3:9E:9D:23:23:D7:81:94:BB:E5:3B:BA:A2:69:85:B8
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/673c385c-1059-4c0e-aada-20e7985e7a5d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.87.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         09:83:8b:1b:89:00:29:44:42:2d:f0:d8:39:20:4d:82:7a:27:
         78:02:fc:7b:6e:b7:93:4b:17:04:89:9c:14:85:11:fe:20:7a:
         44:77:99:34:3d:84:a9:3b:a0:f6:fd:9f:f4:ab:df:f8:04:ff:
         dd:d8:a6:22:dc:66:4b:f3:b3:0e:61:00:f1:c7:b4:d0:54:80:
         86:97:c4:e5:9e:0b:8a:0f:fa:be:7b:0b:22:41:ea:e9:4a:ac:
         d9:60:7d:12:07:7c:77:ca:28:a0:3c:82:3b:c8:19:e9:1a:b2:
         8a:93:95:f1:af:8e:cf:c7:b6:c0:16:97:39:6e:5a:11:58:22:
         78:df:85:81:1d:92:e6:14:f2:ba:11:60:45:1d:2b:b0:26:29:
         74:8a:f2:ec:e0:bd:09:18:9f:dd:71:e8:45:90:01:28:52:39:
         75:2e:e0:58:2c:02:58:86:b8:f9:f0:1b:bb:c8:e4:e8:81:b0:
         f6:bf:e4:77:6e:d7:9a:1c:a3:fd:79:01:53:2b:f2:45:e2:e0:
         cd:6e:6a:a2:2a:d4:6d:31:51:d3:e9:75:88:59:18:de:09:fa:
         a2:43:82:11:fd:dc:6b:c7:6a:65:aa:23:ac:66:37:8e:8c:6e:
         94:b6:7b:df:c4:b3:98:68:4b:40:e8:8e:5a:85:c2:f0:ce:6e:
         7f:4d:a1:69
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUDdCqq36mcRnZM1D7F4NLwrZ0cZkwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNGM5Y2Y4ZmEzNzJlZDNhYmZkNDQ1MGQwYTkzOGVmMDA5
NzdkMDc3ZmY1YjA4MmQ3MDEwOWZhYmY3ZDA0Nzc5MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDb16I7Pr6ph46+sSV7SUmnKtAO8+zEVLhr502OLWxPtdzD
V2ZAwzbQFniUsu+BuVz0qcf8d0EfthRMpW0iMf6xxscxcAFLqycQiyg82pSZWtGr
Dv0ua+TY0bs3MgMCyOp1bYXeEJPVQ5Q2QSzpIWQ0YkWA9RmFp65imZze2jJ9kn4H
CESg/7sNx8E5vTjSLf1m9525lDKpgb3LYBBKmDuKEUAOjyGM1lyILlr+NYR5rygk
gWnLufIpemOQQ7FKQMoMJfGcjWWH7M8m0y9jNEBhJRTzzNPPBkSlob8SxXJyyGYk
/PCZURO0Ki4cni+W40ao6ooTCvhEfNYRk+6IHb6/AgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUtHjeUsOenSMj14GUu+U7uqJphbgwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzY3M2MzODVjLTEwNTktNGMwZS1hYWRhLTIwZTc5ODVlN2E1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwASVzANBgkqhkiG9w0BAQsFAAOCAQEACYOLG4kAKURCLfDYOSBNgnoneAL8
e263k0sXBImcFIUR/iB6RHeZND2EqTug9v2f9Kvf+AT/3dimItxmS/OzDmEA8ce0
0FSAhpfE5Z4Lig/6vnsLIkHq6Uqs2WB9Egd8d8oooDyCO8gZ6RqyipOV8a+Oz8e2
wBaXOW5aEVgieN+FgR2S5hTyuhFgRR0rsCYpdIry7OC9CRif3XHoRZABKFI5dS7g
WCwCWIa4+fAbu8jk6IGw9r/kd27Xmhyj/XkBUyvyReLgzW5qoirUbTFR0+l1iFkY
3gn6okOCEf3ca8dqZaojrGY3joxulLZ738SzmGhLQOiOWoXC8M5uf02haQ==
-----END CERTIFICATE-----