Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dad9b82b-117c-4d50-b94f-4e0b7bd7cc2d.roa
File:                     dad9b82b-117c-4d50-b94f-4e0b7bd7cc2d.roa (raw, json)
Hash identifier:          Zu6/4pdIBlEkUMu0RTiaLnE5VHvBzR0t4bYiVD6SWwI=
Subject key identifier:   2A:44:7A:B7:FE:42:F3:20:4F:9E:D3:6D:48:2A:8C:48:2E:BA:61:69
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       7C16610E64F38E991FDE0D8A2123EDE39CBEFFC6
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dad9b82b-117c-4d50-b94f-4e0b7bd7cc2d.roa
Signing time:             Wed 27 Mar 2024 00:00:00 +0000
ROA not before:           Wed 27 Mar 2024 00:00:00 +0000
ROA not after:            Wed 01 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 20:45:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:16:61:0e:64:f3:8e:99:1f:de:0d:8a:21:23:ed:e3:9c:be:ff:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Mar 27 00:00:00 2024 GMT
            Not After : May  1 23:59:59 2024 GMT
        Subject: serialNumber=b0f0fe800a2a7e942fb7b2fe9ea3c0daa4e268dd5252a86daa2b80c3111919fc, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:46:7f:19:28:cb:25:f6:73:e1:e5:99:57:6d:
                    90:41:a2:f0:01:6b:f9:f6:69:80:4e:d8:ea:57:04:
                    13:17:17:3b:cf:de:5d:7e:d6:d3:f7:cd:f6:b9:c9:
                    68:ec:87:88:91:e6:6d:ca:ef:64:76:5b:6e:eb:19:
                    5c:cc:be:a5:aa:2a:d1:7b:7c:be:cd:f5:bb:ae:92:
                    fe:bc:b4:03:62:42:1e:fe:28:18:8f:56:b3:5b:e8:
                    e2:48:cd:4a:3f:5f:9a:cf:cf:2b:7f:44:90:f3:ec:
                    0c:65:2f:ca:33:a1:c6:4e:fc:fa:ea:2c:d4:de:d3:
                    dd:0d:f8:6a:18:f8:c6:93:ca:4b:6c:60:5b:b9:1a:
                    15:9e:d0:48:2e:69:71:85:68:17:95:df:aa:d1:6c:
                    41:81:dc:36:57:25:fd:d0:a0:85:8c:00:d9:57:12:
                    05:fd:e0:f1:e9:5f:50:86:68:31:b8:50:48:aa:35:
                    88:a7:e6:65:84:7a:54:32:d4:12:a0:64:87:1a:95:
                    d8:7a:cc:0d:bc:1f:82:bf:f2:3a:52:e9:ab:88:e7:
                    7f:da:22:9c:9e:ae:35:c2:9a:01:eb:29:9c:95:ff:
                    c4:19:b9:a2:00:17:27:ca:b0:6f:44:49:a4:1b:be:
                    da:1a:01:96:5f:d4:34:94:bc:ec:5f:79:7c:3d:51:
                    18:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:44:7A:B7:FE:42:F3:20:4F:9E:D3:6D:48:2A:8C:48:2E:BA:61:69
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dad9b82b-117c-4d50-b94f-4e0b7bd7cc2d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:93:63:2e:b5:c1:f2:1e:00:e5:c3:83:85:29:24:c1:55:d3:
         b8:de:1d:13:ec:49:ff:3c:ab:da:3a:06:ca:08:0a:fa:3f:be:
         ee:50:14:b2:c6:07:1e:cf:0e:aa:d7:be:90:3e:ac:5e:a0:b3:
         49:54:34:ee:86:27:7d:32:14:ea:ec:15:38:ed:2e:af:45:20:
         e2:90:94:be:d5:b2:81:57:cb:e2:92:67:9a:7e:16:b3:f9:d8:
         b7:9f:c3:06:ce:d1:a5:88:57:c6:8f:ba:78:2c:c5:37:74:d1:
         ec:09:ae:11:95:15:30:0a:dc:a1:3e:78:b2:70:dd:10:1d:c5:
         5e:73:91:bd:c4:6b:87:cc:2f:a2:04:31:1d:a7:74:82:40:45:
         70:be:f3:2f:25:6e:39:58:ac:39:b2:da:50:b3:a0:74:48:0c:
         c4:e1:98:55:cd:30:b9:03:25:30:01:84:7c:9b:14:78:fb:11:
         df:c9:99:1f:17:44:8e:9e:e0:dd:aa:a4:b0:ad:46:4d:f4:cc:
         82:b0:d8:d7:7a:4a:11:08:28:ca:34:4b:a8:38:3c:3a:a4:12:
         b1:db:34:41:cc:fa:f7:a1:09:ef:ff:bb:ca:56:86:ef:9a:30:
         cd:d5:83:3c:f5:7c:ca:96:f6:26:61:04:45:04:89:95:7f:d5:
         ed:55:7f:3c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUfBZhDmTzjpkf3g2KISPt45y+/8YwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwMzI3MDAwMDAwWhcNMjQwNTAxMjM1OTU5
WjB6MUkwRwYDVQQFE0BiMGYwZmU4MDBhMmE3ZTk0MmZiN2IyZmU5ZWEzYzBkYWE0
ZTI2OGRkNTI1MmE4NmRhYTJiODBjMzExMTkxOWZjMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCoRn8ZKMsl9nPh5ZlXbZBBovABa/n2aYBO2OpXBBMXFzvP
3l1+1tP3zfa5yWjsh4iR5m3K72R2W27rGVzMvqWqKtF7fL7N9buukv68tANiQh7+
KBiPVrNb6OJIzUo/X5rPzyt/RJDz7AxlL8ozocZO/PrqLNTe090N+GoY+MaTykts
YFu5GhWe0EguaXGFaBeV36rRbEGB3DZXJf3QoIWMANlXEgX94PHpX1CGaDG4UEiq
NYin5mWEelQy1BKgZIcaldh6zA28H4K/8jpS6auI53/aIpyerjXCmgHrKZyV/8QZ
uaIAFyfKsG9ESaQbvtoaAZZf1DSUvOxfeXw9URhzAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKkR6t/5C8yBPntNtSCqMSC66YWkwHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RhZDliODJiLTExN2MtNGQ1MC1iOTRmLTRlMGI3YmQ3Y2MyZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAC+TYy61wfIeAOXDg4UpJMFV07je
HRPsSf88q9o6BsoICvo/vu5QFLLGBx7PDqrXvpA+rF6gs0lUNO6GJ30yFOrsFTjt
Lq9FIOKQlL7VsoFXy+KSZ5p+FrP52LefwwbO0aWIV8aPungsxTd00ewJrhGVFTAK
3KE+eLJw3RAdxV5zkb3Ea4fML6IEMR2ndIJARXC+8y8lbjlYrDmy2lCzoHRIDMTh
mFXNMLkDJTABhHybFHj7Ed/JmR8XRI6e4N2qpLCtRk30zIKw2Nd6ShEIKMo0S6g4
PDqkErHbNEHM+vehCe//u8pWhu+aMM3Vgzz1fMqW9iZhBEUEiZV/1e1Vfzw=
-----END CERTIFICATE-----