Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/43d007ab-5ae3-4569-ab97-077edb276edb.roa
File:                     43d007ab-5ae3-4569-ab97-077edb276edb.roa (raw, json)
Hash identifier:          sNx1o22z6uSp7zZ8+It+yERyeq+sm6dngRI/RXJZMlA=
Subject key identifier:   8E:47:04:E2:2B:35:21:CE:95:0A:BA:7C:A6:03:65:BD:C3:D8:41:45
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       78EDC8B1A7DC82665FB00C444F7FF2F7D52164F7
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/43d007ab-5ae3-4569-ab97-077edb276edb.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     8987
IP address blocks:        173.82.0.0/16 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 Apr 2024 16:11:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:ed:c8:b1:a7:dc:82:66:5f:b0:0c:44:4f:7f:f2:f7:d5:21:64:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=cca7ed2397f765a080af54183f406b49c0b4c060d3680c83109b0017f95da2ed, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b6:3e:9b:9a:d6:b6:c2:58:bb:4c:89:19:a5:
                    fa:cc:82:b9:3f:5d:64:ba:22:33:ef:48:fa:29:74:
                    58:b3:99:16:eb:72:22:95:26:90:02:b1:8f:77:73:
                    04:0f:3b:b5:47:37:22:7c:bf:63:d7:8a:46:1a:12:
                    6a:a9:e6:e4:3c:ea:a1:ca:a9:f6:83:f5:57:c1:45:
                    d7:18:45:65:77:91:bd:4f:ad:82:6b:a7:2d:e9:a4:
                    11:91:2c:5d:78:d6:91:38:b8:8f:c4:19:d3:c2:f6:
                    bc:ee:45:0f:c2:3f:5f:d7:ef:d5:3a:1e:39:00:dc:
                    67:4c:c6:f9:34:2d:37:a7:da:58:ec:aa:17:13:da:
                    46:8f:23:47:f9:8a:6d:56:d8:10:c5:16:df:1a:02:
                    d1:43:01:eb:20:7b:d7:fe:d5:4c:c4:65:81:c1:c0:
                    26:d1:05:57:df:54:61:d9:61:11:3b:2e:64:1f:03:
                    41:c0:12:52:a4:ed:63:64:8b:0e:43:20:da:55:82:
                    48:fe:43:e5:53:a0:00:f7:c8:a0:93:50:6a:63:8c:
                    c3:2c:d5:26:50:46:82:b0:53:5e:ed:86:fc:fa:fd:
                    ab:8a:9a:38:33:1a:1b:ac:50:23:0a:f4:2d:c4:58:
                    fd:3e:05:15:40:bb:8f:85:cf:a7:ce:07:aa:c0:2b:
                    6a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:47:04:E2:2B:35:21:CE:95:0A:BA:7C:A6:03:65:BD:C3:D8:41:45
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/43d007ab-5ae3-4569-ab97-077edb276edb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1d:0b:c1:26:a7:2b:67:f8:1a:67:06:0d:a0:59:b5:93:7d:3a:
         6a:16:c9:94:2a:75:58:4e:db:0c:31:6e:23:ef:fb:8f:ec:27:
         a8:00:2f:89:59:62:80:a9:1c:bc:ce:33:a5:ce:72:8b:fd:a9:
         0a:c0:2f:bc:55:1c:bf:6d:a4:ba:ab:4f:50:c2:fd:7a:c1:46:
         4f:d8:61:17:0f:c9:5c:9a:b6:14:8a:d0:af:32:46:e5:c4:cf:
         85:b7:e5:2f:a5:90:dc:5a:d1:a4:98:c9:70:a0:2d:fd:a7:c3:
         cf:61:99:c3:c8:54:ec:fa:d7:88:fc:b6:19:8e:df:34:c9:a9:
         53:7f:4d:b7:87:64:d4:1a:59:d2:95:fa:bf:b9:bf:64:66:fd:
         71:e7:93:bc:d6:2a:e5:f8:da:84:ac:21:fc:f4:b5:6b:57:6a:
         e3:76:a8:3c:31:82:e9:bc:cb:c6:ab:ea:da:87:82:80:4f:d2:
         2e:9e:98:0f:60:a3:02:0b:b5:ac:b6:a3:01:32:0f:ff:02:88:
         16:a5:77:c5:66:e8:f5:ed:11:5b:af:e2:68:91:65:9b:2e:e2:
         95:4c:84:e3:2e:3c:bc:92:01:de:de:1e:38:03:a4:3b:0f:62:
         7c:c4:ce:2d:14:58:5f:27:19:db:d7:32:8c:4f:97:de:32:d7:
         d4:40:59:71
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUeO3IsafcgmZfsAxET3/y99UhZPcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BjY2E3ZWQyMzk3Zjc2NWEwODBhZjU0MTgzZjQwNmI0OWMw
YjRjMDYwZDM2ODBjODMxMDliMDAxN2Y5NWRhMmVkMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCotj6bmta2wli7TIkZpfrMgrk/XWS6IjPvSPopdFizmRbr
ciKVJpACsY93cwQPO7VHNyJ8v2PXikYaEmqp5uQ86qHKqfaD9VfBRdcYRWV3kb1P
rYJrpy3ppBGRLF141pE4uI/EGdPC9rzuRQ/CP1/X79U6HjkA3GdMxvk0LTen2ljs
qhcT2kaPI0f5im1W2BDFFt8aAtFDAesge9f+1UzEZYHBwCbRBVffVGHZYRE7LmQf
A0HAElKk7WNkiw5DINpVgkj+Q+VToAD3yKCTUGpjjMMs1SZQRoKwU17thvz6/auK
mjgzGhusUCMK9C3EWP0+BRVAu4+Fz6fOB6rAK2ozAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUjkcE4is1Ic6VCrp8pgNlvcPYQUUwHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzQzZDAwN2FiLTVhZTMtNDU2OS1hYjk3LTA3N2VkYjI3NmVkYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCtUjANBgkqhkiG9w0BAQsFAAOCAQEAHQvBJqcrZ/gaZwYNoFm1k306ahbJ
lCp1WE7bDDFuI+/7j+wnqAAviVligKkcvM4zpc5yi/2pCsAvvFUcv22kuqtPUML9
esFGT9hhFw/JXJq2FIrQrzJG5cTPhbflL6WQ3FrRpJjJcKAt/afDz2GZw8hU7PrX
iPy2GY7fNMmpU39Nt4dk1BpZ0pX6v7m/ZGb9ceeTvNYq5fjahKwh/PS1a1dq43ao
PDGC6bzLxqvq2oeCgE/SLp6YD2CjAgu1rLajATIP/wKIFqV3xWbo9e0RW6/iaJFl
my7ilUyE4y48vJIB3t4eOAOkOw9ifMTOLRRYXycZ29cyjE+X3jLX1EBZcQ==
-----END CERTIFICATE-----