Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d0591a6e-6027-4086-8a15-b3726a145079.roa
File:                     d0591a6e-6027-4086-8a15-b3726a145079.roa (raw, json)
Hash identifier:          xxLtNeW1blJl5j5QWXGSzgsXCSem42nVBGtTV6l/0UA=
Subject key identifier:   C1:52:E2:3F:72:F8:15:33:3E:90:B7:F4:92:D5:88:44:BE:FB:34:C7
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       40F920B4DE8E9CAAA17A0849B4F81CD869774A8B
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d0591a6e-6027-4086-8a15-b3726a145079.roa
Signing time:             Fri 31 Jan 2025 00:00:00 +0000
ROA not before:           Fri 31 Jan 2025 00:00:00 +0000
ROA not after:            Fri 07 Mar 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.232.0.0/17 maxlen: 17
Validation:               Failed, certificate revoked on Fri 31 Jan 2025 20:11:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:f9:20:b4:de:8e:9c:aa:a1:7a:08:49:b4:f8:1c:d8:69:77:4a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Jan 31 00:00:00 2025 GMT
            Not After : Mar  7 23:59:59 2025 GMT
        Subject: CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ea:37:d1:54:3f:80:9e:d9:be:fb:ae:af:8e:
                    95:3e:8c:72:0b:ef:2d:69:88:65:93:a4:51:5b:70:
                    08:36:6a:17:60:ea:bf:6b:5e:8b:50:9a:45:05:42:
                    cf:a7:54:a9:96:ef:ba:ed:f4:66:cc:b0:ac:7b:be:
                    88:0e:3b:3a:4e:68:29:d9:11:57:23:07:8c:be:c6:
                    14:a8:77:5b:4e:7f:55:34:d9:5d:89:fd:82:0d:18:
                    b1:7c:cb:13:d4:f7:d2:55:57:31:e2:26:e2:14:74:
                    bf:c5:69:98:92:0b:cf:49:39:06:76:67:24:ed:42:
                    27:c2:a3:34:c9:af:bf:e2:37:60:ae:df:9d:eb:40:
                    61:55:27:aa:98:33:b0:5d:5f:2d:49:9c:c8:05:90:
                    d0:90:47:fc:b9:c0:0e:8b:3a:0c:a7:e4:f2:d9:7d:
                    cf:b2:9e:1a:7a:71:0a:7e:36:f8:95:fa:a0:47:a8:
                    02:1e:67:ac:6d:80:93:6a:d2:74:81:6c:b7:f0:18:
                    42:be:85:1b:5a:fd:54:0c:c7:b5:b7:28:a6:2d:1e:
                    7e:a2:fe:a9:dc:50:cd:cd:26:bf:7f:45:36:a1:25:
                    97:46:dc:7d:a8:99:a0:f4:5d:5d:07:5c:64:e7:92:
                    49:2e:a0:1d:b7:53:b8:38:97:df:b8:b9:43:35:2f:
                    3b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:52:E2:3F:72:F8:15:33:3E:90:B7:F4:92:D5:88:44:BE:FB:34:C7
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/d0591a6e-6027-4086-8a15-b3726a145079.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.232.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         05:16:85:3c:4b:78:99:41:f6:e3:21:cb:b7:8d:a6:bb:2a:ab:
         44:ed:ac:05:9a:43:8d:ce:7c:2a:55:a0:b2:1e:41:ad:5b:0b:
         12:37:e5:07:18:b0:24:00:8c:4a:dc:5d:55:dc:1d:3e:9d:db:
         5c:43:be:40:9f:20:f1:88:02:7d:75:5f:10:b8:6f:65:19:36:
         a0:9e:7c:c8:a0:5d:15:01:9c:d1:45:18:4a:01:72:26:2c:6c:
         ab:75:6a:a3:5d:22:13:70:9b:5b:a0:ba:fe:5a:df:14:41:18:
         36:1b:10:89:06:3d:9b:cf:0d:5e:af:a5:41:40:ef:24:78:99:
         c9:e1:31:ec:00:e6:2f:2d:ce:bf:95:95:f4:67:cb:f4:af:ba:
         7f:bc:df:6a:7f:45:e6:d0:d2:82:93:f6:0e:8e:73:61:8f:25:
         3c:d6:2f:ab:1b:e0:c4:73:45:89:fa:e7:9b:5f:f9:06:d1:01:
         b4:4c:23:ce:c0:f9:54:c6:c6:b8:7a:05:b3:fb:8f:50:86:3b:
         66:46:22:36:f2:27:cc:81:99:dd:c8:6d:ef:96:a4:7f:07:93:
         91:09:ff:94:fd:49:10:c8:57:38:8c:87:b0:8d:a2:51:0e:e4:
         b2:73:98:55:e2:72:f3:1f:65:54:27:fc:71:a7:65:01:b2:0e:
         1b:a7:66:1e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUQPkgtN6OnKqheghJtPgc2Gl3SoswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwMTMxMDAwMDAwWhcNMjUwMzA3MjM1OTU5
WjB6MUkwRwYDVQQFE0A4MmNjMDg4Yjk5NjczOTY0OGY4N2ZjYWVhYTVmMWJlZDVj
YWQxNmFmODQ0NTIwZDJiMDkyN2FmMDczNGQzZDE1MS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCG6jfRVD+Antm++66vjpU+jHIL7y1piGWTpFFbcAg2ahdg
6r9rXotQmkUFQs+nVKmW77rt9GbMsKx7vogOOzpOaCnZEVcjB4y+xhSod1tOf1U0
2V2J/YINGLF8yxPU99JVVzHiJuIUdL/FaZiSC89JOQZ2ZyTtQifCozTJr7/iN2Cu
353rQGFVJ6qYM7BdXy1JnMgFkNCQR/y5wA6LOgyn5PLZfc+ynhp6cQp+NviV+qBH
qAIeZ6xtgJNq0nSBbLfwGEK+hRta/VQMx7W3KKYtHn6i/qncUM3NJr9/RTahJZdG
3H2omaD0XV0HXGTnkkkuoB23U7g4l9+4uUM1LzuBAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwVLiP3L4FTM+kLf0ktWIRL77NMcwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyL2QwNTkxYTZlLTYwMjctNDA4Ni04YTE1LWIzNzI2YTE0NTA3OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAc26AAwDQYJKoZIhvcNAQELBQADggEBAAUWhTxLeJlB9uMhy7eNprsqq0Tt
rAWaQ43OfCpVoLIeQa1bCxI35QcYsCQAjErcXVXcHT6d21xDvkCfIPGIAn11XxC4
b2UZNqCefMigXRUBnNFFGEoBciYsbKt1aqNdIhNwm1uguv5a3xRBGDYbEIkGPZvP
DV6vpUFA7yR4mcnhMewA5i8tzr+VlfRny/Svun+832p/RebQ0oKT9g6Oc2GPJTzW
L6sb4MRzRYn655tf+QbRAbRMI87A+VTGxrh6BbP7j1CGO2ZGIjbyJ8yBmd3Ibe+W
pH8Hk5EJ/5T9SRDIVziMh7CNolEO5LJzmFXicvMfZVQn/HGnZQGyDhunZh4=
-----END CERTIFICATE-----