Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1a04def6-3b6a-4ae5-8435-5451577467c7.roa
File:                     1a04def6-3b6a-4ae5-8435-5451577467c7.roa (raw, json)
Hash identifier:          DxgXFbang7p/tD5ba6lk8rvKn4epCDLaLrrhh527Jk8=
Subject key identifier:   DD:A8:92:6D:81:09:A2:7B:E6:6E:03:08:9A:0C:FC:93:85:32:FE:26
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       3EDBE6D280D141E52AA0F3ED84D9341F1C8D2048
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1a04def6-3b6a-4ae5-8435-5451577467c7.roa
Signing time:             Sun 10 Dec 2023 00:00:00 +0000
ROA not before:           Sun 10 Dec 2023 00:00:00 +0000
ROA not after:            Sun 14 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:db:e6:d2:80:d1:41:e5:2a:a0:f3:ed:84:d9:34:1f:1c:8d:20:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 10 00:00:00 2023 GMT
            Not After : Jan 14 23:59:59 2024 GMT
        Subject: serialNumber=36b504c5bf85647c910b8a7e503fad651839089b9d6fe915fd850fc5901fe22d, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f9:24:ec:08:8d:a1:a9:29:ba:e5:65:61:f6:
                    05:d5:d6:9f:b9:c7:21:74:f7:c0:77:76:fc:af:91:
                    d9:86:53:46:0c:56:ca:63:c4:01:59:75:5f:2e:0f:
                    2f:5d:31:24:25:09:cd:01:16:36:de:43:52:10:a6:
                    15:2c:26:61:e0:77:08:6f:d4:f3:c2:7e:65:d0:1c:
                    32:ce:6c:68:e6:df:5e:bb:16:dc:6e:a2:f0:a5:ba:
                    7e:5d:39:8e:d8:2b:2b:90:95:ad:92:06:9b:d6:f2:
                    a2:9a:a8:c0:35:c0:5b:6b:dc:f9:94:db:39:b9:25:
                    25:3c:25:d4:b1:71:ef:6b:05:2e:db:6f:07:e3:1e:
                    ad:3f:40:49:12:74:50:80:6c:55:46:3f:b5:d9:86:
                    e0:4d:a0:df:85:17:40:c6:10:c5:f1:07:9e:d4:94:
                    01:bb:07:22:d5:f6:a9:01:ac:09:71:dd:73:44:38:
                    36:62:c0:44:a8:db:07:ea:06:42:af:b6:09:36:44:
                    af:5a:35:77:51:6a:3c:f9:dd:d3:ee:b0:a6:28:40:
                    ff:74:f8:f0:21:1e:bd:db:30:02:51:e8:d9:56:54:
                    13:44:96:8b:76:bc:ab:d9:d2:ec:a2:d7:64:9f:fa:
                    9c:43:b8:bc:1e:62:f5:64:07:85:1f:cb:f9:8c:0f:
                    32:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:A8:92:6D:81:09:A2:7B:E6:6E:03:08:9A:0C:FC:93:85:32:FE:26
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/1a04def6-3b6a-4ae5-8435-5451577467c7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:40:e1:7d:0e:a5:46:79:71:b7:b1:93:ba:ea:b5:be:93:a1:
         90:3e:f6:3b:e5:5d:34:20:f6:82:aa:41:de:12:e6:dc:3c:ec:
         56:a1:43:5c:ad:48:b6:e6:b2:e3:04:70:b0:ef:21:ed:ce:c2:
         8a:a6:a9:2f:75:ef:87:d9:b3:d6:07:b2:53:f0:06:8b:97:4c:
         a5:06:ec:2a:9d:ba:9b:b4:ba:d3:a7:26:51:e1:f1:d8:4c:be:
         21:a1:09:52:20:25:7a:52:56:2c:d9:fd:21:a7:81:f4:3e:d9:
         8e:73:d2:d7:50:d5:d0:bd:aa:3b:e0:10:7e:5d:d8:6f:f4:86:
         41:44:5c:f1:c7:48:4f:4f:87:9c:56:52:8c:c9:5a:19:99:23:
         9c:ff:8c:cc:89:da:6e:e1:51:a0:a0:1c:81:dd:17:75:43:77:
         16:81:81:77:3b:92:51:70:3f:43:ea:b7:c8:4d:37:82:8d:e1:
         1b:dd:91:f8:2f:f0:5b:f4:f1:2e:73:8b:da:66:17:02:ec:d3:
         61:d4:b1:03:f4:db:e8:bc:39:5c:f2:7b:72:4c:7e:01:8b:29:
         10:25:ef:9b:cc:f1:24:4b:52:27:3e:4c:8c:0a:02:3c:1c:f7:
         a4:bf:a7:69:b1:f2:88:62:8e:4e:fb:eb:d6:3c:f6:6f:97:d9:
         18:ab:8e:e9
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUPtvm0oDRQeUqoPPthNk0HxyNIEgwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjEwMDAwMDAwWhcNMjQwMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AzNmI1MDRjNWJmODU2NDdjOTEwYjhhN2U1MDNmYWQ2NTE4
MzkwODliOWQ2ZmU5MTVmZDg1MGZjNTkwMWZlMjJkMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCr+STsCI2hqSm65WVh9gXV1p+5xyF098B3dvyvkdmGU0YM
VspjxAFZdV8uDy9dMSQlCc0BFjbeQ1IQphUsJmHgdwhv1PPCfmXQHDLObGjm3167
FtxuovClun5dOY7YKyuQla2SBpvW8qKaqMA1wFtr3PmU2zm5JSU8JdSxce9rBS7b
bwfjHq0/QEkSdFCAbFVGP7XZhuBNoN+FF0DGEMXxB57UlAG7ByLV9qkBrAlx3XNE
ODZiwESo2wfqBkKvtgk2RK9aNXdRajz53dPusKYoQP90+PAhHr3bMAJR6NlWVBNE
lot2vKvZ0uyi12Sf+pxDuLweYvVkB4Ufy/mMDzJlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU3aiSbYEJonvmbgMImgz8k4Uy/iYwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzFhMDRkZWY2LTNiNmEtNGFlNS04NDM1LTU0NTE1Nzc0NjdjNy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAIRA4X0OpUZ5cbexk7rqtb6ToZA+
9jvlXTQg9oKqQd4S5tw87FahQ1ytSLbmsuMEcLDvIe3OwoqmqS9174fZs9YHslPw
BouXTKUG7Cqdupu0utOnJlHh8dhMviGhCVIgJXpSVizZ/SGngfQ+2Y5z0tdQ1dC9
qjvgEH5d2G/0hkFEXPHHSE9Ph5xWUozJWhmZI5z/jMyJ2m7hUaCgHIHdF3VDdxaB
gXc7klFwP0Pqt8hNN4KN4Rvdkfgv8Fv08S5zi9pmFwLs02HUsQP02+i8OVzye3JM
fgGLKRAl75vM8SRLUic+TIwKAjwc96S/p2mx8ohijk7769Y89m+X2Rirjuk=
-----END CERTIFICATE-----