Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9647b8b7-4c70-41c2-a648-a885a521fe88.roa
File:                     9647b8b7-4c70-41c2-a648-a885a521fe88.roa (raw, json)
Hash identifier:          WRzHPR18eJmgeYVngBfhAqK4/E0da5A+tJ/yyn+GjDs=
Subject key identifier:   A1:FE:A0:DC:9C:04:0F:16:4C:19:51:9F:C7:2C:A6:22:1E:C5:34:C4
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       4218121307255D5235B3B3D281BAA9625624B8AE
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9647b8b7-4c70-41c2-a648-a885a521fe88.roa
Signing time:             Mon 17 Feb 2025 17:30:14 +0000
ROA not before:           Mon 17 Feb 2025 17:30:14 +0000
ROA not after:            Mon 24 Mar 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        18.96.0.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 20 Feb 2025 17:24:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:18:12:13:07:25:5d:52:35:b3:b3:d2:81:ba:a9:62:56:24:b8:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Feb 17 17:30:14 2025 GMT
            Not After : Mar 24 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:35:6c:cb:25:73:3e:20:00:68:91:17:91:78:
                    2d:d5:07:e5:b1:cd:30:52:47:63:e9:dc:36:67:9f:
                    ef:fd:1c:00:fb:e0:4a:f1:69:b3:5d:c9:f5:d0:75:
                    ba:ec:03:9a:91:6c:4a:8e:b4:05:71:ba:1c:17:05:
                    97:1d:af:c3:e6:15:ca:f5:1c:65:0e:bf:02:6e:a9:
                    6a:53:ff:b3:bc:1b:4a:89:41:d7:21:32:0c:9a:a3:
                    3b:97:26:f5:2d:21:1a:bf:c2:72:b7:f9:d3:1f:ac:
                    4e:03:3c:4c:ab:cb:7a:6e:21:4c:13:c6:7c:58:e9:
                    ce:2e:c1:0e:42:07:69:13:53:c4:aa:7c:ec:79:4f:
                    ed:2e:5e:f6:83:09:05:25:b6:cb:a0:c9:31:7d:18:
                    97:3b:73:15:90:8c:98:e9:eb:b0:f5:fc:3f:f1:7d:
                    86:91:7f:0a:59:dd:0d:b2:e8:30:9a:59:18:9d:c0:
                    49:e5:ba:d0:90:1e:07:91:79:ed:03:ad:57:b3:85:
                    ce:fc:19:25:9e:14:44:67:22:62:7f:e9:b2:dc:af:
                    84:eb:8f:d2:76:3a:50:e6:08:8f:25:83:67:19:7c:
                    a2:72:ef:ef:5d:15:bf:dd:d3:b0:d1:1e:06:20:b3:
                    1d:1b:d7:90:31:b5:66:56:f0:ce:cc:4a:c1:36:d6:
                    91:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:FE:A0:DC:9C:04:0F:16:4C:19:51:9F:C7:2C:A6:22:1E:C5:34:C4
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/9647b8b7-4c70-41c2-a648-a885a521fe88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.96.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:26:fc:dd:2d:f2:f4:4d:0b:04:28:8f:86:3c:b0:c9:34:e1:
         ca:e6:8d:35:eb:d4:68:cc:6e:43:88:41:78:94:f4:14:d7:c6:
         a4:56:55:95:60:7d:58:4a:b7:0c:01:6d:4d:90:df:02:2e:16:
         1e:43:65:57:4c:51:7b:f2:f5:5f:c7:4f:9f:46:0f:ec:2e:79:
         8a:72:25:0d:59:0b:4e:47:d4:69:52:4b:99:f6:7e:10:2d:b1:
         ea:07:1c:2c:5d:d2:c8:36:ab:8a:b1:be:14:51:6d:2e:9d:77:
         9e:02:ea:76:a2:9f:2b:99:86:44:04:ee:fc:4d:a0:a9:54:d8:
         9b:37:7d:07:f8:7a:aa:27:42:3e:d7:4b:bf:f7:5b:ce:fa:ac:
         2b:e0:e5:02:d3:86:c9:36:cf:67:bc:29:a5:0f:aa:f2:d3:4c:
         fa:cd:34:ed:84:42:86:f4:e1:2d:70:97:10:39:98:12:64:2b:
         c3:db:e2:61:6e:a9:18:9f:48:26:cd:ac:91:c0:e8:6d:8c:24:
         55:f9:ea:54:dc:f4:a0:9e:cd:3a:0b:e0:6d:8f:59:ac:b4:67:
         9a:52:3a:47:60:7a:82:09:ba:00:17:84:68:94:ad:de:35:7d:
         6e:bf:7c:54:13:f7:1f:9c:75:f5:5b:d5:37:06:bb:d6:22:6a:
         4c:55:1e:15
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQhgSEwclXVI1s7PSgbqpYlYkuK4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMjE3MTczMDE0WhcNMjUwMzI0MjM1OTU5
WjB6MUkwRwYDVQQFE0AyMTllZTMwNDRmMDVjMDc5Nzk5NGQ2MzBiYjUwYzZiODBi
YjllOTA3NDNmMjgzZjUwYjc1ZTNhMGZlZmI5ZWJiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuNWzLJXM+IABokReReC3VB+WxzTBSR2Pp3DZnn+/9HAD7
4ErxabNdyfXQdbrsA5qRbEqOtAVxuhwXBZcdr8PmFcr1HGUOvwJuqWpT/7O8G0qJ
QdchMgyaozuXJvUtIRq/wnK3+dMfrE4DPEyry3puIUwTxnxY6c4uwQ5CB2kTU8Sq
fOx5T+0uXvaDCQUltsugyTF9GJc7cxWQjJjp67D1/D/xfYaRfwpZ3Q2y6DCaWRid
wEnlutCQHgeRee0DrVezhc78GSWeFERnImJ/6bLcr4Trj9J2OlDmCI8lg2cZfKJy
7+9dFb/d07DRHgYgsx0b15AxtWZW8M7MSsE21pHlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUof6g3JwEDxZMGVGfxyymIh7FNMQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzk2NDdiOGI3LTRjNzAtNDFjMi1hNjQ4LWE4ODVhNTIxZmU4OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAASYAAwDQYJKoZIhvcNAQELBQADggEBAA0m/N0t8vRNCwQoj4Y8sMk04crm
jTXr1GjMbkOIQXiU9BTXxqRWVZVgfVhKtwwBbU2Q3wIuFh5DZVdMUXvy9V/HT59G
D+wueYpyJQ1ZC05H1GlSS5n2fhAtseoHHCxd0sg2q4qxvhRRbS6dd54C6nainyuZ
hkQE7vxNoKlU2Js3fQf4eqonQj7XS7/3W876rCvg5QLThsk2z2e8KaUPqvLTTPrN
NO2EQob04S1wlxA5mBJkK8Pb4mFuqRifSCbNrJHA6G2MJFX56lTc9KCezToL4G2P
Way0Z5pSOkdgeoIJugAXhGiUrd41fW6/fFQT9x+cdfVb1TcGu9YiakxVHhU=
-----END CERTIFICATE-----