Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/30b526fc-2327-476a-a3ba-a3c2627c9dc4.roa
File:                     30b526fc-2327-476a-a3ba-a3c2627c9dc4.roa (raw, json)
Hash identifier:          8pAGAydudgG48n4nF2/PgGQkkfk3NG295/0WH/czyms=
Subject key identifier:   55:C3:EE:BF:2F:D1:8D:41:BA:E7:60:2F:13:2B:44:A8:AA:1E:0A:91
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       592F3900B5E6ADC32730886799E26B03FEB2203C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/30b526fc-2327-476a-a3ba-a3c2627c9dc4.roa
Signing time:             Mon 25 Mar 2024 00:00:00 +0000
ROA not before:           Mon 25 Mar 2024 00:00:00 +0000
ROA not after:            Mon 29 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 06:05:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:2f:39:00:b5:e6:ad:c3:27:30:88:67:99:e2:6b:03:fe:b2:20:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 25 00:00:00 2024 GMT
            Not After : Apr 29 23:59:59 2024 GMT
        Subject: serialNumber=8feea8878b42989ec63f5facd7fe6474e5a5aeb47b5768a0354691e451207126, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:0b:a6:33:98:54:04:e9:4f:92:fd:44:25:5c:
                    f4:a1:d8:17:ec:13:57:b2:44:f8:88:2d:93:6c:63:
                    07:b9:f0:1b:c1:d1:ec:64:76:aa:c9:0c:20:9e:92:
                    75:59:7c:a4:84:d2:56:99:bc:29:df:a8:38:b7:52:
                    ea:f3:9a:18:8a:42:78:a2:e4:a9:4d:82:84:a0:7d:
                    59:e6:9c:44:f7:1f:5c:61:e5:2a:ab:7d:34:e7:0c:
                    cb:f9:4c:a6:74:43:e8:a7:cc:26:da:8c:0d:cd:fd:
                    68:68:b4:2d:a9:93:46:0f:8f:89:07:b0:cd:af:79:
                    f5:ee:71:6d:9e:52:8e:e8:f5:bd:ba:1b:34:5b:28:
                    37:37:4f:c4:60:5b:f3:3b:2c:c0:bd:f2:80:a7:3e:
                    57:a0:cb:7e:41:14:d9:b9:62:d4:f8:db:fa:75:62:
                    af:8c:f2:54:4e:7e:72:9e:0c:ba:47:dc:c2:1b:79:
                    20:18:bc:8c:4e:f7:34:34:06:1d:41:96:af:96:de:
                    ca:2e:b7:a7:96:ba:56:e0:10:75:ad:1b:b2:1f:f6:
                    7b:58:a3:97:88:d3:fc:83:ef:8b:a6:a0:92:a9:2f:
                    1c:b6:c9:e9:0e:c2:66:ac:44:4f:7c:fd:e8:ad:0e:
                    89:c4:84:d3:62:f4:57:5e:9b:db:77:95:80:81:4b:
                    87:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:C3:EE:BF:2F:D1:8D:41:BA:E7:60:2F:13:2B:44:A8:AA:1E:0A:91
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/30b526fc-2327-476a-a3ba-a3c2627c9dc4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:e2:2f:71:81:ac:06:7c:db:78:ab:93:39:de:cb:4d:1e:54:
         15:3a:14:11:f7:58:b4:02:d5:59:35:f2:66:8b:2f:69:e3:9d:
         73:0d:4c:da:fd:69:75:89:9c:ff:7e:d3:95:94:61:42:bb:0c:
         a2:19:a7:5f:c0:69:30:84:4e:96:e8:26:be:da:f1:e6:a1:ca:
         e3:0f:77:55:6c:71:42:a5:67:5d:e9:4c:fb:bd:5e:2b:7f:ec:
         d5:7e:93:52:ec:6e:cc:94:7e:b2:1a:73:23:c3:3e:30:97:df:
         ac:10:69:90:32:56:f7:15:a3:e7:55:1c:a4:90:52:c1:b3:96:
         3a:04:60:9b:71:0c:df:e8:7d:85:82:6c:eb:e5:83:d5:e1:0a:
         b1:86:b1:d5:2a:eb:36:c6:39:2c:73:2a:ab:e4:2a:25:26:a8:
         fd:44:e5:95:fe:b3:46:5d:7d:88:67:57:59:15:a0:ba:b0:f2:
         f8:07:03:4b:c5:27:32:b1:e1:be:a1:71:c9:fb:f1:b7:0b:e6:
         0e:15:2c:b9:91:da:d8:2b:b4:38:99:f4:db:c2:9a:b3:fc:c8:
         72:fe:15:d6:7b:6b:87:af:cb:09:0c:64:ee:2b:f0:46:5b:28:
         97:78:c2:29:c9:42:8c:4a:1f:19:28:5a:ea:92:d1:1e:d5:05:
         a2:17:58:8e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUWS85ALXmrcMnMIhnmeJrA/6yIDwwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzI1MDAwMDAwWhcNMjQwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZmVlYTg4NzhiNDI5ODllYzYzZjVmYWNkN2ZlNjQ3NGU1
YTVhZWI0N2I1NzY4YTAzNTQ2OTFlNDUxMjA3MTI2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCTC6YzmFQE6U+S/UQlXPSh2BfsE1eyRPiILZNsYwe58BvB
0exkdqrJDCCeknVZfKSE0laZvCnfqDi3UurzmhiKQnii5KlNgoSgfVnmnET3H1xh
5SqrfTTnDMv5TKZ0Q+inzCbajA3N/WhotC2pk0YPj4kHsM2vefXucW2eUo7o9b26
GzRbKDc3T8RgW/M7LMC98oCnPlegy35BFNm5YtT42/p1Yq+M8lROfnKeDLpH3MIb
eSAYvIxO9zQ0Bh1Blq+W3sout6eWulbgEHWtG7If9ntYo5eI0/yD74umoJKpLxy2
yekOwmasRE98/eitDonEhNNi9Fdem9t3lYCBS4f7AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUVcPuvy/RjUG652AvEytEqKoeCpEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzMwYjUyNmZjLTIzMjctNDc2YS1hM2JhLWEzYzI2MjdjOWRjNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBABviL3GBrAZ823irkzney00eVBU6
FBH3WLQC1Vk18maLL2njnXMNTNr9aXWJnP9+05WUYUK7DKIZp1/AaTCETpboJr7a
8eahyuMPd1VscUKlZ13pTPu9Xit/7NV+k1LsbsyUfrIacyPDPjCX36wQaZAyVvcV
o+dVHKSQUsGzljoEYJtxDN/ofYWCbOvlg9XhCrGGsdUq6zbGOSxzKqvkKiUmqP1E
5ZX+s0ZdfYhnV1kVoLqw8vgHA0vFJzKx4b6hccn78bcL5g4VLLmR2tgrtDiZ9NvC
mrP8yHL+FdZ7a4evywkMZO4r8EZbKJd4winJQoxKHxkoWuqS0R7VBaIXWI4=
-----END CERTIFICATE-----