Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/59074e33-1e11-4c91-9132-054f42c4e041.roa
File:                     59074e33-1e11-4c91-9132-054f42c4e041.roa (raw, json)
Hash identifier:          RzONaZeL2FAOYOhTcy2cQcAEYpfD+zTIZcxrReJWCc8=
Subject key identifier:   BA:DC:D4:86:77:C4:61:0C:93:A1:6E:2B:9A:01:F6:1A:24:74:A0:37
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       053DB16BA44997A7C3605A0212C7CE2C8B119FD5
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/59074e33-1e11-4c91-9132-054f42c4e041.roa
Signing time:             Fri 15 Mar 2024 00:00:00 +0000
ROA not before:           Fri 15 Mar 2024 00:00:00 +0000
ROA not after:            Fri 19 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 16 Mar 2024 04:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:3d:b1:6b:a4:49:97:a7:c3:60:5a:02:12:c7:ce:2c:8b:11:9f:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 15 00:00:00 2024 GMT
            Not After : Apr 19 23:59:59 2024 GMT
        Subject: serialNumber=a76f8194af937bbf19e61fd6e4373796b5eba540d5b094886453d8801cf9a658, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c4:3b:ec:fd:8f:c8:f2:28:bf:aa:30:d8:6a:
                    73:1e:6a:7f:1e:1c:5f:00:24:d1:75:99:01:57:ff:
                    c4:a6:e7:49:06:f2:92:f1:e8:e8:36:88:89:b8:8b:
                    07:b2:cc:12:f8:2b:ab:d3:75:50:9b:58:89:af:35:
                    90:e7:63:e1:e3:ba:c6:ab:5b:fa:4f:03:64:47:63:
                    1f:03:8e:d9:b0:9c:75:46:5f:5f:d2:a1:96:17:55:
                    e8:7a:42:3f:13:19:2d:21:a7:c4:45:06:9e:6c:e1:
                    7c:f3:33:85:9c:b2:d7:f7:a8:1f:1b:81:63:91:86:
                    e5:f9:12:5b:3d:34:69:9b:4c:e0:56:85:5a:c8:6e:
                    e4:95:d8:8a:83:2b:e5:c6:5d:78:ba:95:4c:e6:55:
                    ee:d1:83:7f:1a:95:79:78:5e:ff:f6:be:f6:39:08:
                    84:c3:9d:d5:72:7c:39:92:7d:7c:1c:d1:68:52:20:
                    d9:d5:7b:a9:c7:2f:c7:4b:5d:64:81:5c:3d:07:72:
                    2e:90:50:ca:e5:73:d3:dc:a3:ba:f9:79:08:ea:27:
                    59:83:1e:f9:c1:f7:5a:05:55:fa:b6:26:70:2a:4d:
                    85:14:ee:f9:e1:29:21:19:3c:61:d0:b1:04:1e:c0:
                    b2:89:0b:4d:9c:a3:ce:8e:0d:f7:7f:03:79:73:6e:
                    0a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:DC:D4:86:77:C4:61:0C:93:A1:6E:2B:9A:01:F6:1A:24:74:A0:37
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/59074e33-1e11-4c91-9132-054f42c4e041.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:22:7b:8b:61:4d:20:da:9d:cd:6e:cd:a7:25:e9:9f:5c:78:
         ef:c1:0e:c2:55:0e:f5:e5:70:c2:22:4a:de:94:5e:35:84:af:
         06:c9:da:ff:78:8a:9c:fc:d7:b1:50:2e:ce:0e:41:0f:59:69:
         6b:34:c5:68:33:c6:dc:d8:60:93:32:a4:f4:a6:36:a3:1b:ae:
         25:5c:69:03:d3:aa:91:5b:59:58:31:6b:1c:8b:62:7d:69:58:
         97:c6:eb:fb:3a:13:24:86:48:83:5e:16:d6:97:d0:25:02:a1:
         6e:0b:a0:5b:9d:49:f2:16:13:fb:0d:d3:ba:e1:f3:98:c8:6e:
         e0:93:dd:eb:4f:46:87:a4:09:1c:a7:b6:d1:e1:8b:54:44:d7:
         d5:01:20:d4:87:95:8e:8c:2c:e0:de:58:15:79:ca:b5:c0:05:
         90:c6:fb:f7:45:63:43:7a:23:e5:63:b4:22:36:28:17:a0:ac:
         d4:6a:05:b2:a1:fd:18:62:07:9f:bb:39:0c:bd:c9:ee:d9:70:
         a1:bb:8a:66:3e:b5:67:0b:92:e2:36:1c:d1:5d:25:a0:4c:87:
         72:f5:fb:be:88:bb:a1:ed:01:22:1a:79:db:d6:4e:58:48:04:
         c2:d2:85:f7:95:6b:86:f0:03:d1:bc:c2:07:84:d5:f9:04:b3:
         96:d1:13:df
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBT2xa6RJl6fDYFoCEsfOLIsRn9UwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzE1MDAwMDAwWhcNMjQwNDE5MjM1OTU5
WjB6MUkwRwYDVQQFE0BhNzZmODE5NGFmOTM3YmJmMTllNjFmZDZlNDM3Mzc5NmI1
ZWJhNTQwZDViMDk0ODg2NDUzZDg4MDFjZjlhNjU4MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCuxDvs/Y/I8ii/qjDYanMean8eHF8AJNF1mQFX/8Sm50kG
8pLx6Og2iIm4iweyzBL4K6vTdVCbWImvNZDnY+HjusarW/pPA2RHYx8DjtmwnHVG
X1/SoZYXVeh6Qj8TGS0hp8RFBp5s4XzzM4Wcstf3qB8bgWORhuX5Els9NGmbTOBW
hVrIbuSV2IqDK+XGXXi6lUzmVe7Rg38alXl4Xv/2vvY5CITDndVyfDmSfXwc0WhS
INnVe6nHL8dLXWSBXD0Hci6QUMrlc9Pco7r5eQjqJ1mDHvnB91oFVfq2JnAqTYUU
7vnhKSEZPGHQsQQewLKJC02co86ODfd/A3lzbgr1AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUutzUhnfEYQyToW4rmgH2GiR0oDcwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzU5MDc0ZTMzLTFlMTEtNGM5MS05MTMyLTA1NGY0MmM0ZTA0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFcie4thTSDanc1uzacl6Z9ceO/B
DsJVDvXlcMIiSt6UXjWErwbJ2v94ipz817FQLs4OQQ9ZaWs0xWgzxtzYYJMypPSm
NqMbriVcaQPTqpFbWVgxaxyLYn1pWJfG6/s6EySGSINeFtaX0CUCoW4LoFudSfIW
E/sN07rh85jIbuCT3etPRoekCRynttHhi1RE19UBINSHlY6MLODeWBV5yrXABZDG
+/dFY0N6I+VjtCI2KBegrNRqBbKh/RhiB5+7OQy9ye7ZcKG7imY+tWcLkuI2HNFd
JaBMh3L1+76Iu6HtASIaedvWTlhIBMLShfeVa4bwA9G8wgeE1fkEs5bRE98=
-----END CERTIFICATE-----