Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d63aeec2-84eb-4156-92d6-79920067aa98.roa
File:                     d63aeec2-84eb-4156-92d6-79920067aa98.roa (raw, json)
Hash identifier:          7tQ//BEqU+6OH6/+nSg6Mz/jOryia33537JoE4MTCx4=
Subject key identifier:   64:AB:B1:EF:3D:E7:5E:C1:4A:CB:95:49:0C:F5:CC:E7:58:86:3C:A5
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       55581018A69858EDFC6494EAB938D76258B85956
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d63aeec2-84eb-4156-92d6-79920067aa98.roa
Signing time:             Mon 25 Mar 2024 00:00:00 +0000
ROA not before:           Mon 25 Mar 2024 00:00:00 +0000
ROA not after:            Mon 29 Apr 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 18:10:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:58:10:18:a6:98:58:ed:fc:64:94:ea:b9:38:d7:62:58:b8:59:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 25 00:00:00 2024 GMT
            Not After : Apr 29 23:59:59 2024 GMT
        Subject: serialNumber=8d70cdf9b8432bf3c29d9bcf2a2a4698cf85d66f0cd436c4c704466596482673, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:bb:59:8f:ab:be:21:27:fd:8d:16:6a:ae:13:
                    99:c0:64:f8:fa:1d:99:8a:b7:ce:ee:cd:43:7d:7e:
                    9c:01:cd:1b:df:d8:82:dc:df:b5:52:e3:bd:fb:3b:
                    4a:ae:dc:5f:3d:da:6d:d9:91:62:c3:e7:fc:6e:50:
                    35:7b:b0:e6:13:e6:f8:99:9a:e0:b0:b2:88:31:fc:
                    d7:d5:e0:ca:74:e9:99:ab:83:d4:6f:ab:0c:65:cc:
                    91:e9:54:1a:3b:89:74:ff:80:94:5a:4c:6d:cc:b5:
                    2d:e9:c9:bd:bc:a5:be:db:5c:c9:a5:86:fa:1a:87:
                    f3:cc:22:10:7d:44:35:06:c2:49:1e:4f:b8:f8:a3:
                    07:8c:20:2b:5d:13:23:88:23:38:36:ef:47:c6:58:
                    9a:1d:bf:78:95:81:71:f9:61:41:b5:2a:35:74:9b:
                    20:61:ff:cc:5f:67:6f:c6:97:0b:c1:80:1f:73:2d:
                    08:be:e3:38:34:29:ae:ff:bc:a3:1b:a4:ed:d6:5a:
                    9f:62:86:a9:d5:b2:ba:f2:91:4e:a3:f9:be:27:09:
                    96:72:2a:23:86:e7:fd:8f:bd:79:bc:a1:47:c2:3b:
                    21:b2:af:c4:99:cf:65:6f:9b:f2:48:37:9b:1e:51:
                    81:b5:30:70:5b:7d:e7:3a:42:8b:7d:9b:77:f3:88:
                    df:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:AB:B1:EF:3D:E7:5E:C1:4A:CB:95:49:0C:F5:CC:E7:58:86:3C:A5
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/d63aeec2-84eb-4156-92d6-79920067aa98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:9b:df:d3:8f:1c:85:b2:43:de:18:14:d2:91:ef:a3:d1:37:
         d6:e6:38:60:de:4e:2f:51:4d:aa:e7:d2:c7:b4:ed:41:91:a7:
         1a:52:25:ef:5a:d3:ea:a3:d1:a6:16:f3:0f:5b:16:0f:df:5b:
         51:91:70:9e:e1:5a:d7:bc:ef:e4:89:32:6d:81:78:c1:55:ad:
         41:20:d3:10:b8:6a:23:00:32:dc:b0:39:d8:e7:21:46:6b:f4:
         37:80:02:09:f3:e4:da:5a:2b:b1:32:bc:45:19:cd:02:8c:7e:
         7c:7f:83:77:ba:7f:67:47:13:03:10:44:6c:73:98:a5:b9:38:
         ce:8f:a5:98:2d:82:0b:8c:fe:5d:c8:a5:53:4a:c1:7c:01:4c:
         95:da:fa:b4:bd:67:2b:55:3d:97:7d:73:98:7d:c9:bc:9c:5b:
         8a:e8:84:40:2d:e1:51:b1:cc:75:8c:85:93:c0:1d:96:5f:92:
         06:bc:3d:82:35:11:be:a1:b0:8c:4c:35:a7:ca:da:d0:29:a8:
         51:66:b6:4c:36:83:02:38:15:ca:4b:b8:c7:2c:ad:e2:2c:ad:
         43:24:46:1b:d7:6b:ac:61:dd:1d:ab:2f:ac:e1:ea:74:8b:78:
         d7:fa:c7:c2:64:c1:2a:4e:c3:18:ae:51:f7:58:be:f2:0b:37:
         90:2f:9e:cb
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUVVgQGKaYWO38ZJTquTjXYli4WVYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzI1MDAwMDAwWhcNMjQwNDI5MjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDcwY2RmOWI4NDMyYmYzYzI5ZDliY2YyYTJhNDY5OGNm
ODVkNjZmMGNkNDM2YzRjNzA0NDY2NTk2NDgyNjczMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9u1mPq74hJ/2NFmquE5nAZPj6HZmKt87uzUN9fpwBzRvf
2ILc37VS4737O0qu3F892m3ZkWLD5/xuUDV7sOYT5viZmuCwsogx/NfV4Mp06Zmr
g9RvqwxlzJHpVBo7iXT/gJRaTG3MtS3pyb28pb7bXMmlhvoah/PMIhB9RDUGwkke
T7j4oweMICtdEyOIIzg270fGWJodv3iVgXH5YUG1KjV0myBh/8xfZ2/GlwvBgB9z
LQi+4zg0Ka7/vKMbpO3WWp9ihqnVsrrykU6j+b4nCZZyKiOG5/2PvXm8oUfCOyGy
r8SZz2Vvm/JIN5seUYG1MHBbfec6Qot9m3fziN/5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUZKux7z3nXsFKy5VJDPXM51iGPKUwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2Q2M2FlZWMyLTg0ZWItNDE1Ni05MmQ2LTc5OTIwMDY3YWE5OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAGKb39OPHIWyQ94YFNKR76PRN9bm
OGDeTi9RTarn0se07UGRpxpSJe9a0+qj0aYW8w9bFg/fW1GRcJ7hWte87+SJMm2B
eMFVrUEg0xC4aiMAMtywOdjnIUZr9DeAAgnz5NpaK7EyvEUZzQKMfnx/g3e6f2dH
EwMQRGxzmKW5OM6PpZgtgguM/l3IpVNKwXwBTJXa+rS9ZytVPZd9c5h9ybycW4ro
hEAt4VGxzHWMhZPAHZZfkga8PYI1Eb6hsIxMNafK2tApqFFmtkw2gwI4FcpLuMcs
reIsrUMkRhvXa6xh3R2rL6zh6nSLeNf6x8JkwSpOwxiuUfdYvvILN5Avnss=
-----END CERTIFICATE-----