Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4c2b9c4c-9a01-4c70-bf3d-c3b9ace5cdc2.roa
File:                     4c2b9c4c-9a01-4c70-bf3d-c3b9ace5cdc2.roa (raw, json)
Hash identifier:          cBBur/hlSQXU3bfXDoCXOge7jeuJeEaSn2MIhAO9/Dg=
Subject key identifier:   85:41:35:35:12:AB:E0:C8:A0:7E:9C:4F:CC:B3:5D:EE:02:32:B0:0B
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       04A49A07A0838BCD1F4372EE15671AFCA3D274CB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4c2b9c4c-9a01-4c70-bf3d-c3b9ace5cdc2.roa
Signing time:             Tue 12 Mar 2024 00:00:00 +0000
ROA not before:           Tue 12 Mar 2024 00:00:00 +0000
ROA not after:            Tue 16 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 12 Mar 2024 12:05:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:a4:9a:07:a0:83:8b:cd:1f:43:72:ee:15:67:1a:fc:a3:d2:74:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 12 00:00:00 2024 GMT
            Not After : Apr 16 23:59:59 2024 GMT
        Subject: serialNumber=88ce3730284ec198528ef9c1df82bf9dcee4adfdf085969c02fe1f469b7ed94c, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d8:55:66:3d:5b:d5:9d:32:19:9a:ce:be:93:
                    46:0b:42:2c:44:52:0d:38:34:31:1b:ea:0e:54:a7:
                    bd:c7:79:3c:34:ba:11:50:bc:14:96:40:7b:8c:9e:
                    e0:b1:ba:1c:83:8d:be:be:4f:50:47:22:e2:5b:b7:
                    6b:37:57:fc:e2:b2:fe:f7:2d:6d:6e:d7:87:55:0c:
                    93:51:72:de:fa:08:b0:bb:0d:58:5d:2a:2a:91:3d:
                    d2:e3:ef:8f:e5:7f:ab:51:df:69:b7:c4:2e:90:9e:
                    53:e6:a1:20:8d:f6:9e:4a:96:ee:8f:00:5b:dc:be:
                    fd:69:de:84:7f:0c:33:a8:c0:b8:89:62:3a:07:26:
                    3f:c4:d2:3f:14:79:d4:a9:5c:66:f2:6e:c1:51:2f:
                    87:75:6f:2f:fb:ff:d1:79:98:b7:6f:eb:b3:b9:3b:
                    b9:d8:a6:ca:2e:24:6e:7f:2f:6d:c4:e6:e8:a1:99:
                    3a:c5:4b:53:3d:3d:ce:2d:27:68:76:b6:81:55:6a:
                    95:37:6a:a5:3c:31:d1:3d:90:c1:65:53:ed:a4:44:
                    7c:73:80:d2:1a:b7:fe:ba:4e:a2:9b:dd:d5:e9:73:
                    d6:77:c9:e7:9c:81:dc:7e:79:49:0b:e5:60:be:4f:
                    8b:4d:eb:30:d2:6a:11:e4:f6:dc:49:ed:90:f4:7a:
                    3e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:41:35:35:12:AB:E0:C8:A0:7E:9C:4F:CC:B3:5D:EE:02:32:B0:0B
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/4c2b9c4c-9a01-4c70-bf3d-c3b9ace5cdc2.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:bf:35:66:8f:f6:e9:a6:ad:46:af:ab:5d:9f:54:1e:51:ed:
         be:6a:e9:1d:26:87:79:9d:df:b7:8e:db:31:48:aa:e7:0a:94:
         c1:d1:7b:74:e9:5d:0f:07:8a:8b:07:be:fd:56:be:6a:1d:0f:
         d0:e4:eb:e5:18:7e:5b:c3:ec:91:5a:ee:ad:89:1d:1f:69:1c:
         c6:2d:0a:3e:74:f8:c7:fa:26:bb:28:06:50:7f:2e:04:b7:bf:
         d1:82:26:27:25:44:c0:f1:fb:1f:21:eb:97:c9:3a:13:94:ce:
         da:d2:7e:7e:d1:15:cc:bb:84:2f:ef:17:e5:63:87:52:f2:dd:
         1b:dd:a0:e6:e9:75:ce:bd:e0:d2:53:f9:9a:1c:c3:d4:a9:ed:
         9e:c2:ed:ff:bd:3e:09:1c:84:a0:74:3b:ae:fc:39:b9:0f:5e:
         33:72:50:48:b4:45:59:5b:bf:9a:2d:a9:5c:f2:05:63:e0:24:
         ba:f4:fb:a6:31:f1:50:b6:97:ff:2a:d2:ca:99:ee:c8:6a:99:
         08:b0:40:4e:78:88:a0:ff:57:6a:09:ec:09:3b:e1:0b:40:1b:
         75:f5:79:6b:23:97:e3:35:32:60:29:9f:19:d5:92:dc:6b:92:
         f4:82:ce:eb:59:92:a2:fe:19:09:5b:6f:26:28:cb:2a:8a:f9:
         5e:a1:06:30
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBKSaB6CDi80fQ3LuFWca/KPSdMswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzEyMDAwMDAwWhcNMjQwNDE2MjM1OTU5
WjB6MUkwRwYDVQQFE0A4OGNlMzczMDI4NGVjMTk4NTI4ZWY5YzFkZjgyYmY5ZGNl
ZTRhZGZkZjA4NTk2OWMwMmZlMWY0NjliN2VkOTRjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDK2FVmPVvVnTIZms6+k0YLQixEUg04NDEb6g5Up73HeTw0
uhFQvBSWQHuMnuCxuhyDjb6+T1BHIuJbt2s3V/zisv73LW1u14dVDJNRct76CLC7
DVhdKiqRPdLj74/lf6tR32m3xC6QnlPmoSCN9p5Klu6PAFvcvv1p3oR/DDOowLiJ
YjoHJj/E0j8UedSpXGbybsFRL4d1by/7/9F5mLdv67O5O7nYpsouJG5/L23E5uih
mTrFS1M9Pc4tJ2h2toFVapU3aqU8MdE9kMFlU+2kRHxzgNIat/66TqKb3dXpc9Z3
yeecgdx+eUkL5WC+T4tN6zDSahHk9txJ7ZD0ej5dAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhUE1NRKr4MigfpxPzLNd7gIysAswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzRjMmI5YzRjLTlhMDEtNGM3MC1iZjNkLWMzYjlhY2U1Y2RjMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAD2/NWaP9ummrUavq12fVB5R7b5q
6R0mh3md37eO2zFIqucKlMHRe3TpXQ8HiosHvv1WvmodD9Dk6+UYflvD7JFa7q2J
HR9pHMYtCj50+Mf6JrsoBlB/LgS3v9GCJiclRMDx+x8h65fJOhOUztrSfn7RFcy7
hC/vF+Vjh1Ly3RvdoObpdc694NJT+Zocw9Sp7Z7C7f+9PgkchKB0O678ObkPXjNy
UEi0RVlbv5otqVzyBWPgJLr0+6Yx8VC2l/8q0sqZ7shqmQiwQE54iKD/V2oJ7Ak7
4QtAG3X1eWsjl+M1MmApnxnVktxrkvSCzutZkqL+GQlbbyYoyyqK+V6hBjA=
-----END CERTIFICATE-----