Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8a6214f8-dce9-4901-ac99-3d2d2415d641.roa
File:                     8a6214f8-dce9-4901-ac99-3d2d2415d641.roa (raw, json)
Hash identifier:          hAjV4F7fiEugM+xlA/zwwTcVNq+Fkq3UzdBkKOYRW+4=
Subject key identifier:   C1:FA:38:24:FF:68:3F:B8:35:59:F3:E1:6E:01:E7:13:3E:96:1F:0D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       664DB8A1C4A45C05AF5198633CD8D3B1E76D704E
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8a6214f8-dce9-4901-ac99-3d2d2415d641.roa
Signing time:             Tue 27 Feb 2024 00:00:00 +0000
ROA not before:           Tue 27 Feb 2024 00:00:00 +0000
ROA not after:            Tue 02 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 28 Feb 2024 02:29:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:4d:b8:a1:c4:a4:5c:05:af:51:98:63:3c:d8:d3:b1:e7:6d:70:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Feb 27 00:00:00 2024 GMT
            Not After : Apr  2 23:59:59 2024 GMT
        Subject: serialNumber=55bcc00c0720c27af3e998a9b7c1745e4a0af589b78e4f840bfa8a4c25f390b7, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:94:95:42:61:e5:61:46:95:21:c6:e5:44:5b:
                    c1:06:df:9c:f5:64:2f:c5:72:ba:bb:76:5f:57:d9:
                    cc:c1:fd:37:66:84:1a:43:9d:6d:cd:c8:01:37:0e:
                    0e:a5:83:15:8a:66:ff:3a:6e:2b:16:01:ea:bc:a1:
                    5b:cf:62:49:e2:e2:70:b3:40:18:74:56:23:d3:54:
                    78:1f:77:3c:2e:01:84:05:35:bf:a3:bb:c5:d7:3c:
                    97:cc:a1:b5:d4:6b:62:95:9f:06:7a:fc:07:3e:25:
                    41:df:45:9a:87:7d:64:40:30:43:95:bd:3f:30:3a:
                    db:dc:27:50:18:ad:e6:1a:ee:57:5a:e8:83:3c:e7:
                    fa:07:f3:d3:bd:7c:a5:d0:39:d8:b5:fa:69:12:a1:
                    56:46:28:ea:c1:f0:e4:22:87:3c:15:70:3c:5f:f9:
                    50:f5:5a:43:3d:a2:ba:c0:2f:19:92:d7:2f:aa:73:
                    79:9d:4c:52:92:ac:22:b7:64:77:39:64:5f:8a:97:
                    73:9f:c6:29:d3:e9:25:b3:87:5f:c0:cc:8b:74:2f:
                    5f:56:3c:f1:e3:91:1d:1c:a2:a6:e7:19:d4:0e:c9:
                    9c:d3:2d:b0:6b:1b:52:9f:c3:08:f0:4d:1f:0c:c3:
                    d7:c3:02:ee:06:a8:8f:8a:21:15:a9:2e:6d:5d:ce:
                    e6:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:FA:38:24:FF:68:3F:B8:35:59:F3:E1:6E:01:E7:13:3E:96:1F:0D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/8a6214f8-dce9-4901-ac99-3d2d2415d641.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:e2:10:9c:8c:14:78:3a:ee:02:a6:9b:7f:ab:83:db:1b:be:
         6d:bc:11:71:b3:53:b4:51:4b:34:cb:33:49:e6:9f:2f:c4:0e:
         a4:57:a4:55:e5:78:22:9c:9b:cc:65:ca:70:54:93:1f:a9:d5:
         73:9c:55:4d:49:59:52:ad:ef:6e:06:a4:55:48:df:85:22:08:
         fb:7f:e0:c8:e1:a0:8d:89:27:8c:7b:78:19:8a:7b:79:40:88:
         e0:81:c7:6f:a0:63:c3:0b:b7:6f:20:4a:23:c5:11:cf:eb:fc:
         8a:7d:e3:4f:ea:6a:51:83:7e:ea:04:d1:d4:79:f1:d5:f5:17:
         94:f3:48:5c:a0:3e:88:d8:2f:af:ec:14:8a:b9:bb:36:3e:a7:
         7f:13:02:28:e0:f2:70:66:cb:7e:e2:9a:6a:c7:97:08:6f:63:
         c6:3f:6a:8f:77:72:8e:22:ec:75:7f:80:d2:58:50:2b:74:00:
         d7:60:9f:8d:5e:d0:51:1f:45:83:3d:de:84:c0:1a:b0:1a:28:
         a8:9f:dd:33:2a:ce:7e:be:e9:fb:83:ca:78:36:f5:e9:db:6d:
         5e:fd:30:72:46:26:84:18:16:75:c9:85:33:b6:06:99:26:8c:
         29:e0:d5:db:75:b0:c1:95:ea:ee:92:ef:80:38:30:53:b3:68:
         ed:35:c9:8e
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZk24ocSkXAWvUZhjPNjTsedtcE4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMjI3MDAwMDAwWhcNMjQwNDAyMjM1OTU5
WjB6MUkwRwYDVQQFE0A1NWJjYzAwYzA3MjBjMjdhZjNlOTk4YTliN2MxNzQ1ZTRh
MGFmNTg5Yjc4ZTRmODQwYmZhOGE0YzI1ZjM5MGI3MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCUlJVCYeVhRpUhxuVEW8EG35z1ZC/Fcrq7dl9X2czB/Tdm
hBpDnW3NyAE3Dg6lgxWKZv86bisWAeq8oVvPYkni4nCzQBh0ViPTVHgfdzwuAYQF
Nb+ju8XXPJfMobXUa2KVnwZ6/Ac+JUHfRZqHfWRAMEOVvT8wOtvcJ1AYreYa7lda
6IM85/oH89O9fKXQOdi1+mkSoVZGKOrB8OQihzwVcDxf+VD1WkM9orrALxmS1y+q
c3mdTFKSrCK3ZHc5ZF+Kl3OfxinT6SWzh1/AzIt0L19WPPHjkR0coqbnGdQOyZzT
LbBrG1KfwwjwTR8Mw9fDAu4GqI+KIRWpLm1dzuZzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUwfo4JP9oP7g1WfPhbgHnEz6WHw0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2LzhhNjIxNGY4LWRjZTktNDkwMS1hYzk5LTNkMmQyNDE1ZDY0MS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBADriEJyMFHg67gKmm3+rg9sbvm28
EXGzU7RRSzTLM0nmny/EDqRXpFXleCKcm8xlynBUkx+p1XOcVU1JWVKt724GpFVI
34UiCPt/4MjhoI2JJ4x7eBmKe3lAiOCBx2+gY8MLt28gSiPFEc/r/Ip940/qalGD
fuoE0dR58dX1F5TzSFygPojYL6/sFIq5uzY+p38TAijg8nBmy37immrHlwhvY8Y/
ao93co4i7HV/gNJYUCt0ANdgn41e0FEfRYM93oTAGrAaKKif3TMqzn6+6fuDyng2
9enbbV79MHJGJoQYFnXJhTO2BpkmjCng1dt1sMGV6u6S74A4MFOzaO01yY4=
-----END CERTIFICATE-----