Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/af207e1e-2d12-4bb9-8bd9-94fc7e3f6ab9.roa
File:                     af207e1e-2d12-4bb9-8bd9-94fc7e3f6ab9.roa (raw, json)
Hash identifier:          F2UPsqeNyMjwGTSFoAL/JNni1WUWi/Kyy5XBhxifhhE=
Subject key identifier:   5A:76:94:2E:77:B7:77:3B:56:89:3E:B0:8E:AA:CC:CB:20:93:87:31
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       1A5242480217120494B02000FF60184C92DA1CBB
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/af207e1e-2d12-4bb9-8bd9-94fc7e3f6ab9.roa
Signing time:             Sat 20 Apr 2024 00:00:00 +0000
ROA not before:           Sat 20 Apr 2024 00:00:00 +0000
ROA not after:            Sat 25 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 21 Apr 2024 01:45:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:52:42:48:02:17:12:04:94:b0:20:00:ff:60:18:4c:92:da:1c:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 20 00:00:00 2024 GMT
            Not After : May 25 23:59:59 2024 GMT
        Subject: serialNumber=3bc38aa91c4d2be47a6c66abad090c5b6a1696cc711c12243c2cf3ee2e156ea6, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:71:7a:96:cf:6e:8e:f7:a8:93:50:3b:e2:eb:
                    3c:e6:cd:f3:04:8a:0b:53:f5:5c:41:17:03:94:57:
                    32:ce:33:25:ef:f5:ed:6c:61:9d:0e:96:4f:d2:4c:
                    61:f7:d1:14:26:26:28:a5:7a:e3:61:72:52:7b:b2:
                    39:09:b5:e9:3a:0d:aa:e8:8e:29:d5:ef:eb:91:61:
                    cf:46:c9:8e:7c:3a:f2:d0:2c:88:83:33:e6:9b:66:
                    73:54:48:a6:ff:0e:46:bf:43:3d:7f:26:95:db:f2:
                    28:63:26:b2:97:55:2b:fe:44:ff:19:4c:0d:ea:77:
                    94:ac:8a:78:4b:ae:4a:81:4a:5b:d2:72:a7:79:65:
                    bd:66:9d:84:9e:f0:e4:fe:15:30:0b:ea:8e:bd:28:
                    3e:43:4d:00:d9:7f:39:00:10:c2:cd:ae:79:cd:99:
                    94:f8:e4:20:99:7c:f6:56:5d:1f:7b:2f:66:40:68:
                    67:4c:76:b5:8f:41:16:96:26:f1:f7:e9:48:2d:5b:
                    73:56:77:1d:f3:e7:7e:f6:9b:d4:d2:fd:7b:0f:6a:
                    3d:a6:fd:4d:aa:c5:3e:da:0f:db:67:c6:d1:ae:ac:
                    db:85:4d:6a:fe:0d:2c:6b:a3:c6:a3:d5:60:a0:39:
                    5b:2c:08:dc:7c:91:7c:8c:c0:a9:55:7a:12:34:fc:
                    c5:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:76:94:2E:77:B7:77:3B:56:89:3E:B0:8E:AA:CC:CB:20:93:87:31
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/af207e1e-2d12-4bb9-8bd9-94fc7e3f6ab9.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:95:ba:e1:ed:ee:68:be:46:04:5a:3f:df:b6:41:01:4d:7a:
         60:75:88:23:20:6c:b2:b7:70:dd:d5:ba:36:d7:87:9b:56:3e:
         bb:da:a0:15:b4:78:ef:c1:51:e6:1a:51:9f:a7:6e:22:32:cf:
         89:7c:43:01:41:24:26:c4:d3:b9:f5:cb:d4:a8:fb:1e:e0:c7:
         2c:5a:24:85:85:67:fd:72:35:f4:02:5e:bc:0e:a1:ae:fe:8d:
         5c:9e:2a:cb:e8:1b:e5:12:5c:a7:1c:b3:98:83:0a:54:5e:0d:
         79:9b:9e:c0:7f:16:cf:9d:3d:1c:49:f1:40:20:3c:3c:d3:98:
         02:1e:81:fd:f6:29:b7:dc:14:05:7d:b3:c8:bd:00:73:27:7c:
         42:43:ba:4d:66:10:fe:51:fb:15:80:4f:a5:d0:ee:ed:95:b6:
         6c:05:31:ed:04:9e:31:26:54:c2:8c:8c:ad:6e:61:ee:ab:bd:
         f3:1a:6b:e6:1b:40:e2:40:e2:a9:97:30:60:0c:95:7f:11:3d:
         6f:4a:ab:ec:44:b5:66:13:81:7f:ec:4a:1c:44:7f:ce:10:f5:
         8e:31:a3:22:be:14:35:b1:71:5a:fd:ea:8b:98:4d:76:6d:c7:
         0e:61:07:fa:a2:3b:13:fe:ea:2b:98:c0:37:d8:18:ec:f0:b1:
         29:c3:e0:9f
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUGlJCSAIXEgSUsCAA/2AYTJLaHLswDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDIwMDAwMDAwWhcNMjQwNTI1MjM1OTU5
WjB6MUkwRwYDVQQFE0AzYmMzOGFhOTFjNGQyYmU0N2E2YzY2YWJhZDA5MGM1YjZh
MTY5NmNjNzExYzEyMjQzYzJjZjNlZTJlMTU2ZWE2MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDOcXqWz26O96iTUDvi6zzmzfMEigtT9VxBFwOUVzLOMyXv
9e1sYZ0Olk/STGH30RQmJiileuNhclJ7sjkJtek6DarojinV7+uRYc9GyY58OvLQ
LIiDM+abZnNUSKb/Dka/Qz1/JpXb8ihjJrKXVSv+RP8ZTA3qd5SsinhLrkqBSlvS
cqd5Zb1mnYSe8OT+FTAL6o69KD5DTQDZfzkAEMLNrnnNmZT45CCZfPZWXR97L2ZA
aGdMdrWPQRaWJvH36UgtW3NWdx3z5372m9TS/XsPaj2m/U2qxT7aD9tnxtGurNuF
TWr+DSxro8aj1WCgOVssCNx8kXyMwKlVehI0/MWrAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUWnaULne3dztWiT6wjqrMyyCThzEwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2FmMjA3ZTFlLTJkMTItNGJiOS04YmQ5LTk0ZmM3ZTNmNmFiOS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAASVuuHt7mi+RgRaP9+2QQFNemB1
iCMgbLK3cN3VujbXh5tWPrvaoBW0eO/BUeYaUZ+nbiIyz4l8QwFBJCbE07n1y9So
+x7gxyxaJIWFZ/1yNfQCXrwOoa7+jVyeKsvoG+USXKccs5iDClReDXmbnsB/Fs+d
PRxJ8UAgPDzTmAIegf32KbfcFAV9s8i9AHMnfEJDuk1mEP5R+xWAT6XQ7u2VtmwF
Me0EnjEmVMKMjK1uYe6rvfMaa+YbQOJA4qmXMGAMlX8RPW9Kq+xEtWYTgX/sShxE
f84Q9Y4xoyK+FDWxcVr96ouYTXZtxw5hB/qiOxP+6iuYwDfYGOzwsSnD4J8=
-----END CERTIFICATE-----