Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/22bae095-040a-4294-a31c-896e3e320a97.roa
File:                     22bae095-040a-4294-a31c-896e3e320a97.roa (raw, json)
Hash identifier:          kud/vyaqi/iyhw4p8vz7V6xifsyd9/cE6cOl/T15XpE=
Subject key identifier:   FB:29:62:5E:06:C6:25:4C:6E:FD:BA:AE:DC:2E:FB:F6:A8:46:72:CF
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       067CCF7BBCB2B85FEB10AC36CCCE362AF43350CE
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/22bae095-040a-4294-a31c-896e3e320a97.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     393929
IP address blocks:        173.82.0.0/16 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 Apr 2024 16:11:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:7c:cf:7b:bc:b2:b8:5f:eb:10:ac:36:cc:ce:36:2a:f4:33:50:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=2e0d4274538aa0ec8339497ca4982cad5f86352ad0070b852a7c1219d269ce87, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8b:de:78:98:49:b8:3a:08:0a:2a:70:8e:97:
                    e2:7c:93:fc:6f:ec:61:e0:cb:ca:00:c3:f2:fe:c4:
                    82:6b:6f:07:4e:75:0b:83:3e:1b:a9:7c:ff:04:76:
                    6e:c0:3b:db:d6:5b:a3:ec:b3:54:75:10:d9:fe:5a:
                    0d:be:59:27:a5:ad:0d:46:07:3e:e7:21:24:dd:e0:
                    8e:b3:0e:bc:03:ac:9f:28:88:40:9d:4f:f9:71:97:
                    76:47:85:1b:74:d6:88:fc:34:c6:ba:26:f6:6f:10:
                    26:be:af:f3:03:e1:3d:60:c9:31:2e:72:4e:6d:e1:
                    85:19:ae:9f:68:03:6e:28:4b:a7:55:bd:a0:63:a1:
                    2d:f3:b7:eb:cf:76:7c:27:d3:29:8d:49:50:da:c3:
                    ce:4c:4b:7e:7e:a0:d6:4b:c6:2e:6c:37:2f:15:5f:
                    01:48:ed:05:38:cb:df:c0:8e:62:a6:f4:06:f7:04:
                    92:02:3b:0b:51:03:8b:c6:15:07:96:43:65:ff:93:
                    7c:28:35:d9:32:9d:ac:ab:95:1b:43:ce:27:c4:cf:
                    10:9e:a1:ec:e3:34:69:46:5f:0c:5e:b2:6b:a1:bc:
                    7f:34:48:cd:f9:d5:da:5d:0b:13:81:e8:99:79:31:
                    a5:22:f5:20:ca:4c:1a:c6:59:51:a7:d6:1a:f9:53:
                    65:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:29:62:5E:06:C6:25:4C:6E:FD:BA:AE:DC:2E:FB:F6:A8:46:72:CF
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/22bae095-040a-4294-a31c-896e3e320a97.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         27:5a:26:70:2c:7b:aa:46:67:63:0f:ca:c9:59:4c:ea:43:6d:
         1e:e7:25:1c:b7:29:20:96:11:0a:a8:0c:01:08:24:b5:4a:9e:
         d5:65:84:51:f2:f1:28:eb:c2:ab:94:58:39:3c:da:3d:6a:71:
         68:bd:d4:5f:53:e1:97:d5:09:4d:bf:1c:18:6f:31:b0:37:d1:
         c9:c4:ee:3e:b3:28:32:1f:72:fb:51:28:bf:63:ab:50:5a:12:
         95:cd:9c:c2:c3:74:26:d8:a6:34:f0:85:17:84:6f:35:da:1a:
         83:99:eb:18:69:68:03:a4:3d:ae:d9:c5:f6:3c:ff:ac:98:45:
         70:f2:e6:54:b6:d9:77:4a:86:28:15:22:d1:79:24:9a:47:16:
         61:78:f4:55:19:79:b8:f8:a4:94:56:e8:3d:05:1b:9b:dc:3d:
         ed:1a:10:8f:8a:de:fe:1e:7b:bf:3c:cc:9e:0a:df:2e:70:ff:
         4a:30:4e:46:a0:4e:aa:aa:72:6f:64:69:1e:1a:a5:b4:6f:e8:
         64:e5:29:00:ea:3b:31:63:99:43:fa:02:fb:9e:51:e8:48:87:
         02:c0:8d:cb:23:61:5d:73:70:96:a6:f8:36:4b:85:5a:54:6f:
         ed:cf:6d:db:2b:47:ae:81:24:46:62:3a:0f:d2:9c:24:28:84:
         0d:e6:b8:57
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUBnzPe7yyuF/rEKw2zM42KvQzUM4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0AyZTBkNDI3NDUzOGFhMGVjODMzOTQ5N2NhNDk4MmNhZDVm
ODYzNTJhZDAwNzBiODUyYTdjMTIxOWQyNjljZTg3MS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCji954mEm4OggKKnCOl+J8k/xv7GHgy8oAw/L+xIJrbwdO
dQuDPhupfP8Edm7AO9vWW6Pss1R1ENn+Wg2+WSelrQ1GBz7nISTd4I6zDrwDrJ8o
iECdT/lxl3ZHhRt01oj8NMa6JvZvECa+r/MD4T1gyTEuck5t4YUZrp9oA24oS6dV
vaBjoS3zt+vPdnwn0ymNSVDaw85MS35+oNZLxi5sNy8VXwFI7QU4y9/AjmKm9Ab3
BJICOwtRA4vGFQeWQ2X/k3woNdkynayrlRtDzifEzxCeoezjNGlGXwxesmuhvH80
SM351dpdCxOB6Jl5MaUi9SDKTBrGWVGn1hr5U2WjAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQU+yliXgbGJUxu/bqu3C779qhGcs8wHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzIyYmFlMDk1LTA0MGEtNDI5NC1hMzFjLTg5NmUzZTMyMGE5Ny5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCtUjANBgkqhkiG9w0BAQsFAAOCAQEAJ1omcCx7qkZnYw/KyVlM6kNtHucl
HLcpIJYRCqgMAQgktUqe1WWEUfLxKOvCq5RYOTzaPWpxaL3UX1Phl9UJTb8cGG8x
sDfRycTuPrMoMh9y+1Eov2OrUFoSlc2cwsN0JtimNPCFF4RvNdoag5nrGGloA6Q9
rtnF9jz/rJhFcPLmVLbZd0qGKBUi0XkkmkcWYXj0VRl5uPiklFboPQUbm9w97RoQ
j4re/h57vzzMngrfLnD/SjBORqBOqqpyb2RpHhqltG/oZOUpAOo7MWOZQ/oC+55R
6EiHAsCNyyNhXXNwlqb4NkuFWlRv7c9t2ytHroEkRmI6D9KcJCiEDea4Vw==
-----END CERTIFICATE-----