Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ca1a5e8e-10db-42ce-9731-03ccb93253e5.roa
File:                     ca1a5e8e-10db-42ce-9731-03ccb93253e5.roa (raw, json)
Hash identifier:          2npEraSM9K54VFKnGlPt+fSD37IBWxp2Oy8nzualExc=
Subject key identifier:   3C:A8:B7:C4:05:DD:ED:E7:30:38:AE:B3:6C:3B:60:BF:9F:A9:90:CB
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       0E9488A4BEA38740521463FA9067923AE0878DD1
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ca1a5e8e-10db-42ce-9731-03ccb93253e5.roa
Signing time:             Tue 09 Jul 2024 00:00:00 +0000
ROA not before:           Tue 09 Jul 2024 00:00:00 +0000
ROA not after:            Tue 13 Aug 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 09 Jul 2024 07:28:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:94:88:a4:be:a3:87:40:52:14:63:fa:90:67:92:3a:e0:87:8d:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Jul  9 00:00:00 2024 GMT
            Not After : Aug 13 23:59:59 2024 GMT
        Subject: serialNumber=a699eefd13bd78c2f37059913c12e4b250364cfd813fda2733fd42005fc21054, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:16:6c:17:13:9c:e9:12:1f:5b:cc:e4:4e:44:
                    28:70:d4:e9:0b:65:a9:1f:e8:4c:4d:b7:7a:79:0f:
                    3e:b2:e8:6c:92:32:b8:e9:07:ea:3b:79:d9:a1:5f:
                    99:64:8b:01:23:10:19:c3:32:58:da:50:e6:76:25:
                    d5:68:76:0a:92:3e:d0:34:fb:af:16:a8:5b:67:07:
                    4f:c5:72:87:3b:db:80:61:31:65:90:fd:a0:cc:c0:
                    5a:5d:06:1f:89:00:71:43:c4:9e:12:d8:d5:8c:67:
                    7a:cc:b7:7c:6f:90:31:29:8d:df:b8:3c:db:a2:71:
                    81:cd:8f:3f:59:a9:ef:79:21:06:07:d2:9b:4d:11:
                    49:bc:34:88:21:e2:53:cd:b0:f0:0d:53:d5:cf:d4:
                    b7:a6:a6:08:a3:db:39:36:c2:70:7d:ef:d0:a0:2f:
                    cd:2b:3f:ea:97:a2:0e:e7:72:ff:58:f3:65:b6:70:
                    6d:e1:c6:6c:5b:79:54:3f:d8:e3:20:ce:75:ad:4d:
                    e2:52:08:b5:10:54:2a:9a:a3:13:28:f7:75:85:3f:
                    19:6a:8d:6f:4b:9d:7d:29:39:5b:69:10:70:b4:75:
                    59:f6:78:31:86:4b:41:65:92:4e:72:e2:da:e7:b8:
                    cb:a8:d5:12:fe:5c:b1:7e:fc:7d:a6:bc:ea:3d:9b:
                    4c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:A8:B7:C4:05:DD:ED:E7:30:38:AE:B3:6C:3B:60:BF:9F:A9:90:CB
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/ca1a5e8e-10db-42ce-9731-03ccb93253e5.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:15:5e:24:39:50:1c:6d:d6:63:65:99:92:40:13:68:de:90:
         45:e8:37:61:e1:a3:29:9c:d3:21:23:7c:08:ed:0b:ce:fd:be:
         e2:4c:6d:aa:b3:6f:6d:af:d7:87:53:1a:c9:c1:65:d8:0a:3a:
         57:6e:05:b5:20:1c:11:e4:02:e6:71:ab:57:dc:9e:83:3a:4f:
         b0:1b:a3:1a:50:89:37:7f:bd:f8:d8:a5:9d:f4:c5:cc:b8:5f:
         56:b5:4d:18:41:4d:b4:a2:d6:2d:1e:de:dd:72:06:eb:e1:aa:
         f1:24:44:4e:92:61:80:52:6e:9e:e1:c2:25:bc:29:8b:0f:ee:
         5f:33:c7:89:fc:d8:46:9c:29:c6:30:6f:10:26:ed:3f:55:d6:
         db:37:0e:a8:61:97:7b:2f:27:84:64:78:00:c3:e4:c3:a2:37:
         d0:f3:28:95:a2:d0:f5:b8:e5:0e:34:90:9c:69:59:bb:a0:e1:
         ba:25:2a:3e:d5:c4:d7:05:69:29:bb:0a:7c:cc:00:4c:e0:22:
         1d:ec:53:5f:4f:34:a9:c3:07:25:6b:74:b7:5c:71:6b:1f:77:
         36:dd:d9:55:92:56:ba:41:fc:a2:95:84:4e:f3:3b:14:26:05:
         b7:5d:14:5e:93:64:96:a2:6d:51:ea:29:bb:67:9b:a6:c9:ee:
         bb:be:6d:e4
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUDpSIpL6jh0BSFGP6kGeSOuCHjdEwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNzA5MDAwMDAwWhcNMjQwODEzMjM1OTU5
WjB6MUkwRwYDVQQFE0BhNjk5ZWVmZDEzYmQ3OGMyZjM3MDU5OTEzYzEyZTRiMjUw
MzY0Y2ZkODEzZmRhMjczM2ZkNDIwMDVmYzIxMDU0MS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQChFmwXE5zpEh9bzORORChw1OkLZakf6ExNt3p5Dz6y6GyS
MrjpB+o7edmhX5lkiwEjEBnDMljaUOZ2JdVodgqSPtA0+68WqFtnB0/Fcoc724Bh
MWWQ/aDMwFpdBh+JAHFDxJ4S2NWMZ3rMt3xvkDEpjd+4PNuicYHNjz9Zqe95IQYH
0ptNEUm8NIgh4lPNsPANU9XP1Lempgij2zk2wnB979CgL80rP+qXog7ncv9Y82W2
cG3hxmxbeVQ/2OMgznWtTeJSCLUQVCqaoxMo93WFPxlqjW9LnX0pOVtpEHC0dVn2
eDGGS0Flkk5y4trnuMuo1RL+XLF+/H2mvOo9m0wLAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUPKi3xAXd7ecwOK6zbDtgv5+pkMswHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2NhMWE1ZThlLTEwZGItNDJjZS05NzMxLTAzY2NiOTMyNTNlNS5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAHEVXiQ5UBxt1mNlmZJAE2jekEXo
N2Hhoymc0yEjfAjtC879vuJMbaqzb22v14dTGsnBZdgKOlduBbUgHBHkAuZxq1fc
noM6T7AboxpQiTd/vfjYpZ30xcy4X1a1TRhBTbSi1i0e3t1yBuvhqvEkRE6SYYBS
bp7hwiW8KYsP7l8zx4n82EacKcYwbxAm7T9V1ts3Dqhhl3svJ4RkeADD5MOiN9Dz
KJWi0PW45Q40kJxpWbug4bolKj7VxNcFaSm7CnzMAEzgIh3sU19PNKnDByVrdLdc
cWsfdzbd2VWSVrpB/KKVhE7zOxQmBbddFF6TZJaibVHqKbtnm6bJ7ru+beQ=
-----END CERTIFICATE-----