Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2d81ec1b-82e9-4021-a827-a2e5dd6f56da.roa
File:                     2d81ec1b-82e9-4021-a827-a2e5dd6f56da.roa (raw, json)
Hash identifier:          O9IbVPF8mhN5G7GwSLKKw4ZYvOdaSmp8dkemgPlWELo=
Subject key identifier:   DB:56:6A:5A:86:CE:F9:E6:F6:81:BB:6D:4B:3C:98:45:40:BA:93:95
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       56904D7D6E713FF3565FF69D792C256328DCC346
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2d81ec1b-82e9-4021-a827-a2e5dd6f56da.roa
Signing time:             Mon 11 Mar 2024 00:00:00 +0000
ROA not before:           Mon 11 Mar 2024 00:00:00 +0000
ROA not after:            Mon 15 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 11 Mar 2024 17:45:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:90:4d:7d:6e:71:3f:f3:56:5f:f6:9d:79:2c:25:63:28:dc:c3:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 11 00:00:00 2024 GMT
            Not After : Apr 15 23:59:59 2024 GMT
        Subject: serialNumber=ec29bc860baf2ff10aa69177984698a546b156a41520db692b4e11275a26bfaf, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:e9:05:e9:b4:3d:88:5d:b7:d4:42:b4:5c:fd:
                    e2:ab:9c:6f:f3:62:a7:56:d4:e4:0a:d4:f0:81:3a:
                    d3:b9:5b:bf:86:29:45:75:d7:84:ca:1a:ca:95:b5:
                    e5:32:a9:6c:a9:1a:3e:3e:cb:a9:9a:81:91:e3:fa:
                    aa:ba:34:43:af:d4:5f:d2:bf:b1:6e:9f:7e:d9:6f:
                    4f:56:41:80:f4:57:b2:91:95:81:2f:4e:86:6f:f0:
                    82:86:0f:1e:11:f3:8a:94:41:fb:0c:30:a2:5d:0c:
                    81:42:e2:54:03:38:30:6f:2a:cc:c6:c4:30:b7:ad:
                    da:22:db:60:ba:66:ac:9b:05:4b:fc:84:3b:97:82:
                    73:1b:2c:a5:ed:c1:b7:e2:91:ba:65:c4:cc:41:b6:
                    43:0f:e4:95:5b:02:d9:f9:eb:7c:a1:a5:20:6a:e5:
                    4a:fb:9e:9d:26:6c:ef:5f:92:39:e2:8c:e7:7e:50:
                    15:01:3f:3b:66:8e:ae:75:c9:fe:e3:d2:26:89:3c:
                    68:07:b4:9d:2b:74:95:e9:93:45:7b:5b:44:d5:af:
                    0d:00:39:ea:f0:6c:2a:dd:84:c5:0b:f3:ad:58:b2:
                    93:71:47:19:b2:cc:7f:8b:18:2b:10:b1:ec:58:95:
                    26:00:b4:3b:a1:ce:b2:39:0b:26:1a:f0:88:4e:e6:
                    be:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:56:6A:5A:86:CE:F9:E6:F6:81:BB:6D:4B:3C:98:45:40:BA:93:95
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/2d81ec1b-82e9-4021-a827-a2e5dd6f56da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:f3:75:6b:e6:6d:f6:8d:5c:f6:fa:0a:69:09:b7:a0:24:ab:
         ad:e2:80:88:f7:dd:f6:65:1d:af:8f:b3:93:fe:2f:5b:87:a6:
         83:86:61:2b:f6:fd:9a:8e:06:2a:fb:bb:fe:8e:f6:f6:ab:bb:
         ba:b8:3c:f3:0a:29:63:35:b2:b1:ac:dc:d7:05:46:65:82:35:
         fe:6c:c6:ff:81:d9:aa:67:88:8b:73:24:33:70:24:f2:82:54:
         91:6d:73:42:ae:68:78:59:10:45:ea:00:bf:bf:96:bc:27:58:
         03:0f:ac:51:de:d2:90:1e:80:9a:61:f1:77:0e:f9:d3:31:18:
         49:3e:c7:b8:75:2e:99:23:06:5d:df:c9:54:63:df:13:c5:ba:
         50:93:f9:88:83:d2:47:b1:6f:4b:03:4c:89:cc:b3:a4:fa:d3:
         9e:31:aa:7b:43:ba:b5:77:83:df:af:c5:6c:04:a1:30:49:3b:
         f9:55:d1:6b:42:69:c8:06:d9:60:1a:a4:7a:88:22:f8:1e:50:
         b4:8f:d0:b4:ad:c9:a5:cc:b8:3e:f4:8e:cd:05:f9:41:ff:76:
         8b:6b:52:ee:35:42:53:97:bf:62:2d:01:39:19:77:c4:85:80:
         5d:37:7d:91:4d:03:ee:e4:bb:39:1a:56:49:d0:02:ff:ae:71:
         1f:07:cb:a4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVpBNfW5xP/NWX/adeSwlYyjcw0YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzExMDAwMDAwWhcNMjQwNDE1MjM1OTU5
WjB6MUkwRwYDVQQFE0BlYzI5YmM4NjBiYWYyZmYxMGFhNjkxNzc5ODQ2OThhNTQ2
YjE1NmE0MTUyMGRiNjkyYjRlMTEyNzVhMjZiZmFmMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCU6QXptD2IXbfUQrRc/eKrnG/zYqdW1OQK1PCBOtO5W7+G
KUV114TKGsqVteUyqWypGj4+y6magZHj+qq6NEOv1F/Sv7Fun37Zb09WQYD0V7KR
lYEvToZv8IKGDx4R84qUQfsMMKJdDIFC4lQDODBvKszGxDC3rdoi22C6ZqybBUv8
hDuXgnMbLKXtwbfikbplxMxBtkMP5JVbAtn563yhpSBq5Ur7np0mbO9fkjnijOd+
UBUBPztmjq51yf7j0iaJPGgHtJ0rdJXpk0V7W0TVrw0AOerwbCrdhMUL861YspNx
RxmyzH+LGCsQsexYlSYAtDuhzrI5CyYa8IhO5r7XAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU21ZqWobO+eb2gbttSzyYRUC6k5UwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzJkODFlYzFiLTgyZTktNDAyMS1hODI3LWEyZTVkZDZmNTZkYS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHrzdWvmbfaNXPb6CmkJt6Akq63i
gIj33fZlHa+Ps5P+L1uHpoOGYSv2/ZqOBir7u/6O9varu7q4PPMKKWM1srGs3NcF
RmWCNf5sxv+B2apniItzJDNwJPKCVJFtc0KuaHhZEEXqAL+/lrwnWAMPrFHe0pAe
gJph8XcO+dMxGEk+x7h1LpkjBl3fyVRj3xPFulCT+YiD0kexb0sDTInMs6T6054x
qntDurV3g9+vxWwEoTBJO/lV0WtCacgG2WAapHqIIvgeULSP0LStyaXMuD70js0F
+UH/dotrUu41QlOXv2ItATkZd8SFgF03fZFNA+7kuzkaVknQAv+ucR8Hy6Q=
-----END CERTIFICATE-----