Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/12855485-3da1-4336-8269-196a3e936149.roa
File:                     12855485-3da1-4336-8269-196a3e936149.roa (raw, json)
Hash identifier:          ZvUPisdKmcgS0VRbkug6GTx82N7lp/qMO/iLCG4l4vc=
Subject key identifier:   B2:EA:48:DF:8C:6F:FB:81:B0:8F:BB:F0:B7:49:DC:7F:E6:C8:BE:99
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1EA67FA6A1AD1DFD8A26A154AF61072B7EEDC75B
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/12855485-3da1-4336-8269-196a3e936149.roa
Signing time:             Mon 08 Jan 2024 00:00:00 +0000
ROA not before:           Mon 08 Jan 2024 00:00:00 +0000
ROA not after:            Mon 12 Feb 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 08 Jan 2024 11:40:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:a6:7f:a6:a1:ad:1d:fd:8a:26:a1:54:af:61:07:2b:7e:ed:c7:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jan  8 00:00:00 2024 GMT
            Not After : Feb 12 23:59:59 2024 GMT
        Subject: serialNumber=0a7c240fddb15ba1a15fd73b3c2620ba6c5b62706c567695a3725b473b488fbb, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:97:f8:84:4c:85:f6:de:eb:04:05:6b:8a:c5:
                    ac:4c:d0:80:63:da:c8:46:01:3d:ff:a2:1b:18:9c:
                    8f:6b:0d:22:42:6b:ec:6a:81:68:6b:94:85:10:1e:
                    a7:77:90:5e:87:f9:ba:25:5e:10:59:8d:32:94:e6:
                    58:d5:64:22:e3:42:23:a6:8d:e5:13:0f:a8:b1:4b:
                    d1:d3:91:25:65:8a:7b:b0:31:ab:19:22:16:4e:fb:
                    23:68:cd:fd:bc:51:f1:fd:b9:2d:ea:78:dc:33:e6:
                    38:f3:25:ba:f1:f2:b0:33:49:01:e5:8e:41:d9:de:
                    14:c1:5e:03:da:8b:7c:4b:b1:02:f5:05:11:c1:76:
                    ac:f2:d3:fd:27:f8:18:0a:22:d3:7f:12:c7:3f:8c:
                    85:c8:75:b3:36:13:b3:b9:be:19:5d:01:0a:0a:c4:
                    e4:fb:52:b6:6a:80:46:46:71:0a:dd:bd:6d:24:db:
                    17:d6:c0:89:c2:db:78:bf:81:a1:97:0c:dd:4d:e0:
                    33:9a:1f:3b:73:44:ed:31:15:fb:78:a9:94:0d:3c:
                    5d:f9:bc:30:9f:dc:0f:09:b2:a1:e3:36:da:b1:f3:
                    4c:ae:a9:2b:90:60:b4:c1:1d:7d:cb:27:bf:20:77:
                    3a:12:2d:ed:e4:08:11:06:02:b6:c8:60:01:8e:bf:
                    2c:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:EA:48:DF:8C:6F:FB:81:B0:8F:BB:F0:B7:49:DC:7F:E6:C8:BE:99
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/12855485-3da1-4336-8269-196a3e936149.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:e0:12:d6:29:aa:e0:b9:1f:42:b2:93:89:36:04:b5:c7:3f:
         f7:c5:bf:33:a9:98:51:68:f9:e9:6c:c8:bc:09:3f:9a:e9:95:
         4b:47:9f:8b:52:87:f3:c7:ac:3b:55:ad:1c:59:09:c1:f9:e1:
         21:b9:31:b3:7a:bf:45:2f:55:34:b1:41:88:92:a5:eb:23:e0:
         81:70:1b:ab:29:cc:47:77:1a:44:62:a8:0b:5b:a0:5f:12:0d:
         35:10:92:36:e4:47:4e:98:99:1f:b8:2a:bd:96:6e:02:6e:f9:
         d3:da:1a:79:d0:e7:24:1e:06:0f:d9:8b:f0:d6:85:b4:cf:e6:
         5d:3f:63:85:8a:c8:68:24:92:32:02:39:b1:2c:cd:7f:4d:5b:
         d1:8f:1e:ab:27:ff:81:20:e4:80:97:4c:06:2f:fa:a1:97:91:
         dd:67:54:d5:60:50:1c:54:4e:2c:92:da:3a:d4:f4:7d:48:d8:
         2c:6e:49:5b:73:58:91:dd:26:d6:a0:29:ae:cb:7c:88:ec:21:
         b4:89:09:40:cd:1f:25:d2:dc:8d:0b:2d:eb:56:f1:e7:82:25:
         cb:70:18:2e:90:f1:3e:30:37:2c:33:c8:e0:c1:f2:ec:f2:97:
         c9:0e:74:2c:03:b8:60:96:29:1b:d9:81:2c:67:79:1a:6d:c9:
         54:5a:6a:39
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUHqZ/pqGtHf2KJqFUr2EHK37tx1swDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMTA4MDAwMDAwWhcNMjQwMjEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AwYTdjMjQwZmRkYjE1YmExYTE1ZmQ3M2IzYzI2MjBiYTZj
NWI2MjcwNmM1Njc2OTVhMzcyNWI0NzNiNDg4ZmJiMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC0l/iETIX23usEBWuKxaxM0IBj2shGAT3/ohsYnI9rDSJC
a+xqgWhrlIUQHqd3kF6H+bolXhBZjTKU5ljVZCLjQiOmjeUTD6ixS9HTkSVlinuw
MasZIhZO+yNozf28UfH9uS3qeNwz5jjzJbrx8rAzSQHljkHZ3hTBXgPai3xLsQL1
BRHBdqzy0/0n+BgKItN/Esc/jIXIdbM2E7O5vhldAQoKxOT7UrZqgEZGcQrdvW0k
2xfWwInC23i/gaGXDN1N4DOaHztzRO0xFft4qZQNPF35vDCf3A8JsqHjNtqx80yu
qSuQYLTBHX3LJ78gdzoSLe3kCBEGArbIYAGOvyxZAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUsupI34xv+4Gwj7vwt0ncf+bIvpkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzEyODU1NDg1LTNkYTEtNDMzNi04MjY5LTE5NmEzZTkzNjE0OS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBACjgEtYpquC5H0Kyk4k2BLXHP/fF
vzOpmFFo+elsyLwJP5rplUtHn4tSh/PHrDtVrRxZCcH54SG5MbN6v0UvVTSxQYiS
pesj4IFwG6spzEd3GkRiqAtboF8SDTUQkjbkR06YmR+4Kr2WbgJu+dPaGnnQ5yQe
Bg/Zi/DWhbTP5l0/Y4WKyGgkkjICObEszX9NW9GPHqsn/4Eg5ICXTAYv+qGXkd1n
VNVgUBxUTiyS2jrU9H1I2CxuSVtzWJHdJtagKa7LfIjsIbSJCUDNHyXS3I0LLetW
8eeCJctwGC6Q8T4wNywzyODB8uzyl8kOdCwDuGCWKRvZgSxneRptyVRaajk=
-----END CERTIFICATE-----