Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5d122078-ae5a-40e2-9899-e0d04ed1ecc5.roa
File:                     5d122078-ae5a-40e2-9899-e0d04ed1ecc5.roa (raw, json)
Hash identifier:          3OXE9594Onrrd89YwlMQ/AYCK3Heg9RJI4koIONYuCE=
Subject key identifier:   60:51:FB:88:27:A6:FE:30:18:EC:E5:E7:8A:D4:09:53:C1:91:21:6C
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       701BD3B3750AFACD0F0A70DA8004699216A1C1ED
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5d122078-ae5a-40e2-9899-e0d04ed1ecc5.roa
Signing time:             Thu 14 Dec 2023 00:00:00 +0000
ROA not before:           Thu 14 Dec 2023 00:00:00 +0000
ROA not after:            Thu 18 Jan 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:1b:d3:b3:75:0a:fa:cd:0f:0a:70:da:80:04:69:92:16:a1:c1:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Dec 14 00:00:00 2023 GMT
            Not After : Jan 18 23:59:59 2024 GMT
        Subject: serialNumber=8c3d3888387d0f893425657d8707666b7ea5971800e13399dbead6699aa201f3, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:9e:00:6c:3d:0f:23:fa:b4:3c:4c:89:a5:d9:
                    fc:9e:04:f3:38:69:0a:8b:41:93:35:35:f8:c6:6b:
                    2b:31:bb:b8:3f:1e:73:34:8b:40:52:2f:7e:a7:7a:
                    36:e4:81:7e:94:16:2b:f4:ba:7c:e9:c0:57:a0:3e:
                    18:77:f3:85:e4:09:b9:e3:19:f5:50:37:c0:9d:e5:
                    b3:5e:fa:1e:2a:25:6a:ab:f1:41:78:e7:cd:2a:42:
                    3b:d3:84:c0:84:41:1d:95:4d:54:2e:f9:d8:b8:ae:
                    77:7c:41:9c:b2:e0:d4:0a:21:dc:23:33:cd:2b:32:
                    a7:7f:28:92:43:ef:93:3f:0f:e9:a8:66:f1:a8:4e:
                    01:38:ae:85:ad:1b:bd:9b:d0:65:85:d6:d8:11:ed:
                    1d:c2:9a:98:7e:51:ad:30:1e:be:7b:79:7b:e9:f2:
                    59:ea:a3:e4:aa:b6:1b:be:df:cf:45:4e:98:dc:67:
                    94:00:e7:ca:ae:43:f6:e4:47:81:9c:b9:be:13:4e:
                    ed:05:3e:0c:fb:62:dc:86:61:c2:89:5d:0c:3e:c7:
                    41:ff:21:1f:1c:50:5c:1c:c9:de:27:9c:90:46:24:
                    0f:d7:ad:e9:63:ea:de:51:f2:52:8b:96:9f:be:6e:
                    5c:50:81:09:12:75:9d:68:ba:91:7f:74:57:d2:4e:
                    be:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:51:FB:88:27:A6:FE:30:18:EC:E5:E7:8A:D4:09:53:C1:91:21:6C
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/5d122078-ae5a-40e2-9899-e0d04ed1ecc5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:95:da:1c:95:f8:0f:da:b7:44:1e:a5:20:21:96:0b:37:32:
         c0:93:fb:50:23:47:5d:c2:b2:51:6f:88:c6:02:e7:f6:7c:5b:
         a8:08:28:24:e1:d0:33:b4:45:38:86:e2:0a:27:96:9d:23:89:
         d3:96:56:a6:61:3f:38:8b:6c:79:8c:25:f8:28:24:28:98:3e:
         b6:d7:50:c4:f0:87:00:a0:24:d0:af:cc:cf:59:da:e8:e6:c8:
         76:72:5f:bc:84:a4:8b:64:15:8d:07:ad:94:58:f3:49:6e:69:
         06:24:d5:55:16:24:bc:4b:1c:f6:6c:e3:64:9d:35:f6:b0:bd:
         0b:28:5e:de:ab:83:0f:18:f2:58:2f:b5:5f:b3:0b:9a:dd:62:
         af:0e:d8:f4:f0:79:f2:3f:62:96:92:95:6c:0b:51:5d:d3:b9:
         2b:94:85:31:d4:9b:35:05:39:be:5d:67:3b:ce:97:29:0e:4a:
         99:94:00:69:34:2d:ab:48:fc:9b:a0:6f:88:3b:92:95:b3:2a:
         75:b1:20:fa:54:d7:a2:c3:25:69:23:98:a1:53:dc:c2:2f:a4:
         91:78:d3:4a:2a:f0:ff:e1:02:22:d4:e1:10:b6:d3:91:38:1f:
         cb:ca:54:da:c1:10:d3:7e:e4:3c:0d:3e:7f:1d:b4:7a:fa:a5:
         7d:00:00:0b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUcBvTs3UK+s0PCnDagARpkhahwe0wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMxMjE0MDAwMDAwWhcNMjQwMTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0A4YzNkMzg4ODM4N2QwZjg5MzQyNTY1N2Q4NzA3NjY2Yjdl
YTU5NzE4MDBlMTMzOTlkYmVhZDY2OTlhYTIwMWYzMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDkngBsPQ8j+rQ8TIml2fyeBPM4aQqLQZM1NfjGaysxu7g/
HnM0i0BSL36nejbkgX6UFiv0unzpwFegPhh384XkCbnjGfVQN8Cd5bNe+h4qJWqr
8UF4580qQjvThMCEQR2VTVQu+di4rnd8QZyy4NQKIdwjM80rMqd/KJJD75M/D+mo
ZvGoTgE4roWtG72b0GWF1tgR7R3Cmph+Ua0wHr57eXvp8lnqo+Sqthu+389FTpjc
Z5QA58quQ/bkR4Gcub4TTu0FPgz7YtyGYcKJXQw+x0H/IR8cUFwcyd4nnJBGJA/X
relj6t5R8lKLlp++blxQgQkSdZ1oupF/dFfSTr51AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUYFH7iCem/jAY7OXnitQJU8GRIWwwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzVkMTIyMDc4LWFlNWEtNDBlMi05ODk5LWUwZDA0ZWQxZWNjNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBALSV2hyV+A/at0QepSAhlgs3MsCT
+1AjR13CslFviMYC5/Z8W6gIKCTh0DO0RTiG4gonlp0jidOWVqZhPziLbHmMJfgo
JCiYPrbXUMTwhwCgJNCvzM9Z2ujmyHZyX7yEpItkFY0HrZRY80luaQYk1VUWJLxL
HPZs42SdNfawvQsoXt6rgw8Y8lgvtV+zC5rdYq8O2PTwefI/YpaSlWwLUV3TuSuU
hTHUmzUFOb5dZzvOlykOSpmUAGk0LatI/Jugb4g7kpWzKnWxIPpU16LDJWkjmKFT
3MIvpJF400oq8P/hAiLU4RC205E4H8vKVNrBENN+5DwNPn8dtHr6pX0AAAs=
-----END CERTIFICATE-----