Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/15632f4a-285e-477d-a932-38fd691b97de.roa
File:                     15632f4a-285e-477d-a932-38fd691b97de.roa (raw, json)
Hash identifier:          3MVAQzGVlns8uvw/Zad0GeA65kKckhBKcUHmB/uQfMU=
Subject key identifier:   14:E1:E9:E2:B1:41:7F:E5:BD:F7:43:BE:C9:1C:8D:5B:6E:17:16:FB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       4D4A1F0E8732748E5237085427104B6D57C72414
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/15632f4a-285e-477d-a932-38fd691b97de.roa
Signing time:             Sat 02 Dec 2023 00:00:00 +0000
ROA not before:           Sat 02 Dec 2023 00:00:00 +0000
ROA not after:            Sat 06 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:4a:1f:0e:87:32:74:8e:52:37:08:54:27:10:4b:6d:57:c7:24:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec  2 00:00:00 2023 GMT
            Not After : Jan  6 23:59:59 2024 GMT
        Subject: serialNumber=da6afa45e2e0c792d55c1cc2b3a8aa91e3c2305d9e57c4d0f0e3a941d6d9ecfc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9c:6e:17:32:52:9e:4f:17:3c:d5:50:a2:d4:
                    16:dd:c1:32:2d:fb:80:8b:ae:d9:c8:28:77:c3:8f:
                    dd:9d:63:a1:a2:d8:25:ca:4c:7b:a1:c4:42:c4:21:
                    69:d6:91:e8:1b:1a:d8:36:ee:e9:9e:f4:79:16:a9:
                    b9:c2:2b:27:3b:1b:72:a9:7f:0b:1d:93:16:f5:ad:
                    78:05:e9:cc:c9:1c:95:2b:94:f2:1c:1d:0b:0c:a5:
                    26:9a:64:e6:5e:35:0d:b5:68:35:d8:75:7a:43:6a:
                    ae:b8:b1:0d:aa:2c:2a:10:12:1b:c1:00:c8:b8:c3:
                    2d:fd:c5:a8:8f:93:cb:8a:a7:79:d7:cb:d6:4e:b6:
                    e3:fa:1e:19:21:02:0c:23:c4:c5:6d:36:57:81:bf:
                    20:f1:1c:1f:74:5a:5c:80:b8:01:67:b3:30:0c:95:
                    21:5c:6e:2d:94:c6:e4:de:a7:83:c2:c0:94:cd:fe:
                    76:04:0f:ee:74:4d:6b:0c:e5:cb:3a:75:8f:06:ba:
                    89:2a:3b:e1:7e:5c:67:65:eb:ed:c5:5a:56:0f:e1:
                    98:19:e2:6d:4b:57:c1:65:13:23:ab:3c:df:51:bd:
                    d2:df:7e:5e:85:12:56:68:a5:ae:74:40:14:43:31:
                    17:de:5d:c9:11:b8:8a:dc:7c:8d:80:c7:bc:ca:bc:
                    f5:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:E1:E9:E2:B1:41:7F:E5:BD:F7:43:BE:C9:1C:8D:5B:6E:17:16:FB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/15632f4a-285e-477d-a932-38fd691b97de.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:4c:ae:d2:12:b6:d7:4c:98:0d:38:5f:93:48:6d:65:1f:49:
         be:55:4f:81:1b:12:75:67:ce:3b:f9:5f:2a:a5:57:c0:fb:8b:
         82:60:ba:ab:f3:35:6d:6e:df:56:8c:b2:03:c0:02:6a:a6:8f:
         22:ff:c0:4b:1b:70:94:80:ed:47:86:3d:ae:9a:d5:ec:e6:8f:
         4e:b8:f4:2a:de:06:ab:9f:f1:41:59:8f:66:6b:2b:51:7c:f2:
         2d:38:59:37:2a:f8:ba:74:0d:ae:85:25:47:54:5c:8e:5d:16:
         5e:f3:83:da:d6:81:42:4b:5b:ec:2e:32:2b:7e:f1:29:e2:5b:
         53:2d:60:69:09:8a:8a:a4:f9:d8:b9:f7:5b:82:86:15:cd:d9:
         7f:43:bc:1d:d8:73:e9:4b:81:02:6d:bf:a9:96:b9:3a:a2:aa:
         cb:03:d0:25:da:d2:47:ed:90:cc:32:a1:bd:b4:ab:79:7b:49:
         06:86:d5:50:ff:d9:54:af:64:1b:d2:00:13:b1:15:08:76:0a:
         8c:62:78:71:49:bf:b5:1f:86:e6:76:fa:62:8c:e5:5d:88:d4:
         ea:12:4d:fe:27:81:a1:cc:41:f6:0c:42:f5:83:70:8e:18:ed:
         61:9d:11:74:f6:1c:92:fd:9e:aa:ab:99:15:53:9b:66:c2:f6:
         e2:92:07:3d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUTUofDocydI5SNwhUJxBLbVfHJBQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjAyMDAwMDAwWhcNMjQwMTA2MjM1OTU5
WjB6MUkwRwYDVQQFE0BkYTZhZmE0NWUyZTBjNzkyZDU1YzFjYzJiM2E4YWE5MWUz
YzIzMDVkOWU1N2M0ZDBmMGUzYTk0MWQ2ZDllY2ZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCZnG4XMlKeTxc81VCi1BbdwTIt+4CLrtnIKHfDj92dY6Gi
2CXKTHuhxELEIWnWkegbGtg27ume9HkWqbnCKyc7G3Kpfwsdkxb1rXgF6czJHJUr
lPIcHQsMpSaaZOZeNQ21aDXYdXpDaq64sQ2qLCoQEhvBAMi4wy39xaiPk8uKp3nX
y9ZOtuP6HhkhAgwjxMVtNleBvyDxHB90WlyAuAFnszAMlSFcbi2UxuTep4PCwJTN
/nYED+50TWsM5cs6dY8GuokqO+F+XGdl6+3FWlYP4ZgZ4m1LV8FlEyOrPN9RvdLf
fl6FElZopa50QBRDMRfeXckRuIrcfI2Ax7zKvPUxAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUFOHp4rFBf+W990O+yRyNW24XFvswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzE1NjMyZjRhLTI4NWUtNDc3ZC1hOTMyLTM4ZmQ2OTFiOTdkZS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAKtMrtISttdMmA04X5NIbWUfSb5V
T4EbEnVnzjv5XyqlV8D7i4JguqvzNW1u31aMsgPAAmqmjyL/wEsbcJSA7UeGPa6a
1ezmj0649CreBquf8UFZj2ZrK1F88i04WTcq+Lp0Da6FJUdUXI5dFl7zg9rWgUJL
W+wuMit+8SniW1MtYGkJioqk+di591uChhXN2X9DvB3Yc+lLgQJtv6mWuTqiqssD
0CXa0kftkMwyob20q3l7SQaG1VD/2VSvZBvSABOxFQh2CoxieHFJv7UfhuZ2+mKM
5V2I1OoSTf4ngaHMQfYMQvWDcI4Y7WGdEXT2HJL9nqqrmRVTm2bC9uKSBz0=
-----END CERTIFICATE-----