Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/84ab9bdd-b32d-4ae7-9533-457290f7951e.roa
File:                     84ab9bdd-b32d-4ae7-9533-457290f7951e.roa (raw, json)
Hash identifier:          tE8ITAvx0uFxbJblesNwj3y4AHWGUIblFBW3jCsCZiE=
Subject key identifier:   9C:DE:2B:F8:9A:39:58:38:E7:25:D6:11:4B:BB:BE:76:AC:E8:CA:91
Certificate issuer:       /CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
Certificate serial:       5153EF99E7953C734F80E53EB5CEF5CB5BCBC417
Authority key identifier: 15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/84ab9bdd-b32d-4ae7-9533-457290f7951e.roa
Signing time:             Mon 22 Apr 2024 00:00:00 +0000
ROA not before:           Mon 22 Apr 2024 00:00:00 +0000
ROA not after:            Mon 27 May 2024 23:59:59 +0000
asID:                     35916
IP address blocks:        173.82.0.0/16 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 Apr 2024 16:11:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:53:ef:99:e7:95:3c:73:4f:80:e5:3e:b5:ce:f5:cb:5b:cb:c4:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107
        Validity
            Not Before: Apr 22 00:00:00 2024 GMT
            Not After : May 27 23:59:59 2024 GMT
        Subject: serialNumber=ac961ccd2a7d088fa7a227baed00f88ce56d2ff57f8b7d6b15d00f9ec684715e, CN=35095e3e-84cb-4ad0-bda1-6c6f8da69f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:8b:b8:77:3f:b4:59:c4:f3:ae:76:19:e3:53:
                    ee:28:76:20:52:7d:d8:c3:c7:38:35:19:06:58:fa:
                    6f:88:2d:39:3c:42:95:d4:d0:d1:fd:1c:c8:f1:01:
                    40:de:79:bd:09:c6:35:d0:d3:92:50:6c:35:0b:7b:
                    73:a2:75:b2:5d:92:5f:51:e7:b4:cd:62:e9:d4:8b:
                    a0:47:3d:c9:e0:8c:a6:b9:00:72:e3:a5:24:2a:77:
                    37:55:e1:e9:75:3e:b8:aa:ae:8c:0c:6f:ac:9a:96:
                    93:0c:cc:0d:5e:7b:75:d0:11:57:43:bf:33:78:03:
                    d1:f4:be:2d:e9:ab:fc:40:ed:81:0e:18:4f:5e:0a:
                    f7:22:cd:50:97:c1:36:a6:d0:43:1f:c8:f5:e3:b1:
                    4d:5d:f2:79:f7:3e:6e:77:f3:62:4b:94:a2:bb:d9:
                    f2:9a:5b:87:08:de:9f:52:67:b1:fa:5e:f0:d6:0a:
                    a7:ef:a4:d3:73:a3:dd:36:2a:30:4c:85:4e:c7:2c:
                    ea:7e:97:3d:46:75:a6:e9:65:2e:07:b7:c9:87:0f:
                    88:23:4b:8b:a7:4b:a9:44:a2:98:81:c2:7d:0c:1e:
                    b1:c7:3d:e6:47:71:b4:5a:f0:19:18:9c:7a:a9:de:
                    87:00:61:58:ce:56:6c:99:36:d4:45:71:09:f6:f7:
                    d8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:DE:2B:F8:9A:39:58:38:E7:25:D6:11:4B:BB:BE:76:AC:E8:CA:91
            X509v3 Authority Key Identifier:
                keyid:15:F4:EF:04:F5:AF:23:96:C9:5F:16:42:E3:79:07:8B:48:8C:16:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/aaa76394-48fc-4ff3-b6aa-0693c55d758f/1b1fe67321cf669f9c2b75369cc0fdd38c163c58b1d42d0107.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/84ab9bdd-b32d-4ae7-9533-457290f7951e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/ff9fa84e-9783-4a0b-a58d-6dc8e2433d33/z2afnCt1NpzA_dOMFjxYsdQtAQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  173.82.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         21:da:1b:3f:35:67:84:7e:39:c1:9b:a1:7f:2e:57:8b:8c:2f:
         1c:84:53:00:98:e7:a3:62:e2:07:16:68:08:9c:ad:e9:58:5c:
         f5:1d:e2:94:50:64:f2:a0:80:23:a2:c8:dc:00:2b:08:31:bd:
         ae:07:80:74:05:b4:95:c9:19:71:ba:aa:21:d6:33:1a:5a:7c:
         23:0f:8e:b1:ea:38:13:ea:91:d5:31:1b:d8:98:89:ad:d5:5d:
         83:8e:e8:66:7a:92:ca:33:8a:e6:d4:fc:08:90:3f:82:95:10:
         2e:f5:d7:b2:85:13:30:77:a0:0b:e5:85:36:4d:61:d0:17:61:
         d3:e3:45:27:1b:21:23:51:58:9a:65:8d:2f:99:27:a6:e5:e6:
         37:0a:62:7b:76:55:59:c2:7e:6c:79:3a:64:a1:14:c6:9a:b7:
         65:14:26:fc:05:a0:91:dd:9c:2e:05:bf:0e:cd:39:00:89:12:
         3c:c8:81:82:8b:7e:58:98:9d:7a:6d:8e:47:ba:a7:87:69:1c:
         44:ce:8a:7d:59:9a:81:81:96:98:d7:9e:9c:11:50:84:21:d9:
         52:20:30:b7:cd:cf:59:f4:a4:47:9b:8f:b7:14:2a:09:8c:09:
         44:6d:ae:b9:45:da:21:a5:c7:24:a6:e5:59:f6:6a:34:87:32:
         a1:6c:82:40
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUUVPvmeeVPHNPgOU+tc71y1vLxBcwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMWIxZmU2NzMyMWNmNjY5ZjljMmI3NTM2OWNjMGZkZDM4
YzE2M2M1OGIxZDQyZDAxMDcwHhcNMjQwNDIyMDAwMDAwWhcNMjQwNTI3MjM1OTU5
WjB6MUkwRwYDVQQFE0BhYzk2MWNjZDJhN2QwODhmYTdhMjI3YmFlZDAwZjg4Y2U1
NmQyZmY1N2Y4YjdkNmIxNWQwMGY5ZWM2ODQ3MTVlMS0wKwYDVQQDEyQzNTA5NWUz
ZS04NGNiLTRhZDAtYmRhMS02YzZmOGRhNjlmNjEwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCxi7h3P7RZxPOudhnjU+4odiBSfdjDxzg1GQZY+m+ILTk8
QpXU0NH9HMjxAUDeeb0JxjXQ05JQbDULe3OidbJdkl9R57TNYunUi6BHPcngjKa5
AHLjpSQqdzdV4el1PriqrowMb6yalpMMzA1ee3XQEVdDvzN4A9H0vi3pq/xA7YEO
GE9eCvcizVCXwTam0EMfyPXjsU1d8nn3Pm5382JLlKK72fKaW4cI3p9SZ7H6XvDW
CqfvpNNzo902KjBMhU7HLOp+lz1GdabpZS4Ht8mHD4gjS4unS6lEopiBwn0MHrHH
PeZHcbRa8BkYnHqp3ocAYVjOVmyZNtRFcQn299gtAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUnN4r+Jo5WDjnJdYRS7u+dqzoypEwHwYDVR0jBBgwFoAUFfTvBPWvI5bJ
XxZC43kHi0iMFgswDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzViN2ZiMTIyLWRmZGYtNGMwYy1iOTBkLTNiYzdhNWZlYjgyYi9hYWE3NjM5NC00
OGZjLTRmZjMtYjZhYS0wNjkzYzU1ZDc1OGYvMWIxZmU2NzMyMWNmNjY5ZjljMmI3
NTM2OWNjMGZkZDM4YzE2M2M1OGIxZDQyZDAxMDcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZmY5ZmE4NGUtOTc4My00YTBiLWE1OGQtNmRj
OGUyNDMzZDMzLzg0YWI5YmRkLWIzMmQtNGFlNy05NTMzLTQ1NzI5MGY3OTUxZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2ZmOWZhODRlLTk3ODMtNGEwYi1hNThk
LTZkYzhlMjQzM2QzMy96MmFmbkN0MU5wekFfZE9NRmp4WXNkUXRBUWMuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwCtUjANBgkqhkiG9w0BAQsFAAOCAQEAIdobPzVnhH45wZuhfy5Xi4wvHIRT
AJjno2LiBxZoCJyt6Vhc9R3ilFBk8qCAI6LI3AArCDG9rgeAdAW0lckZcbqqIdYz
Glp8Iw+Oseo4E+qR1TEb2JiJrdVdg47oZnqSyjOK5tT8CJA/gpUQLvXXsoUTMHeg
C+WFNk1h0Bdh0+NFJxshI1FYmmWNL5knpuXmNwpie3ZVWcJ+bHk6ZKEUxpq3ZRQm
/AWgkd2cLgW/Ds05AIkSPMiBgot+WJidem2OR7qnh2kcRM6KfVmagYGWmNeenBFQ
hCHZUiAwt83PWfSkR5uPtxQqCYwJRG2uuUXaIaXHJKblWfZqNIcyoWyCQA==
-----END CERTIFICATE-----