Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd65ab51-8e39-4d90-8bed-973728830cf3.roa
File:                     dd65ab51-8e39-4d90-8bed-973728830cf3.roa (raw, json)
Hash identifier:          f5xyu7QsmCpisQmCJUpyK46gMXooRAVn8fbAoq7lJ60=
Subject key identifier:   D6:2F:E6:27:DE:22:A5:52:B8:3E:00:A4:E7:52:46:EB:F5:E5:CD:EA
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       2FEA1DF90B035ED16D962A496E4423F409B6674C
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd65ab51-8e39-4d90-8bed-973728830cf3.roa
Signing time:             Sat 13 Apr 2024 00:00:00 +0000
ROA not before:           Sat 13 Apr 2024 00:00:00 +0000
ROA not after:            Sat 18 May 2024 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 13 Apr 2024 17:55:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:ea:1d:f9:0b:03:5e:d1:6d:96:2a:49:6e:44:23:f4:09:b6:67:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Apr 13 00:00:00 2024 GMT
            Not After : May 18 23:59:59 2024 GMT
        Subject: serialNumber=eebb432e16ee6d83a4fffd894c45c60be02265ac0edc32864ae50ed31ec1a7aa, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:8c:96:5e:a4:7a:a0:87:cf:f4:f8:b4:14:13:
                    07:43:32:e8:ed:c3:fe:be:bf:2a:e3:22:db:49:73:
                    26:8a:b2:6c:f8:4e:46:dd:41:a3:7f:c2:3d:60:b8:
                    e8:70:0d:05:29:d5:67:12:e9:50:35:c1:ae:8b:84:
                    2e:2c:32:05:e9:dc:53:b5:c0:05:18:ad:7c:fd:1b:
                    57:66:6a:ae:65:84:8a:ec:95:70:18:3e:70:39:e2:
                    69:f0:b8:d9:6d:35:9b:fe:2c:16:65:9e:45:d5:ff:
                    49:d1:ae:07:78:2d:b6:1a:27:9f:0c:33:a7:59:fa:
                    f2:68:0f:4f:20:ee:43:44:5b:70:80:4e:fa:2d:de:
                    d4:d3:51:8e:28:c7:1a:8d:c2:7a:b5:86:a3:ba:d5:
                    f0:0c:3c:12:0e:d6:30:4a:9f:56:ce:d2:71:58:f3:
                    97:15:b0:34:bc:bf:84:80:85:b4:a0:18:a4:a9:fe:
                    bb:d1:bc:95:24:04:93:b4:d3:76:b0:3f:61:1b:8f:
                    39:06:7e:e0:f4:7d:a5:be:d3:a1:74:62:4f:78:dc:
                    0c:15:77:91:22:0a:5d:25:78:ef:16:da:6c:8b:cd:
                    27:f6:8d:dd:84:b2:f9:a1:75:31:40:4c:59:04:2b:
                    b0:f4:e1:65:49:c8:84:9e:11:6c:f9:80:bd:4d:ed:
                    77:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:2F:E6:27:DE:22:A5:52:B8:3E:00:A4:E7:52:46:EB:F5:E5:CD:EA
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/dd65ab51-8e39-4d90-8bed-973728830cf3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:3c:d0:15:34:45:05:9a:19:8a:8a:89:4b:00:93:6c:4e:60:
         5c:ab:c8:fe:4f:12:00:65:af:1f:29:97:4b:5a:a6:65:a4:95:
         21:b1:a3:58:5b:ad:21:b2:57:91:f1:a0:07:83:8b:cb:99:1a:
         9c:13:5f:2d:3e:5d:2e:a9:3b:30:94:ac:c8:e6:0d:b1:ee:a1:
         49:0d:f2:7a:f0:83:62:58:39:72:17:7b:d4:d6:e4:8a:d3:cc:
         ec:c2:83:42:2b:ff:9b:9b:fd:31:5c:55:50:35:09:02:3a:78:
         ba:f2:da:61:1e:db:c3:0e:e6:a5:6a:50:3a:11:d1:37:37:f7:
         3f:6b:8e:4a:ba:9d:2b:79:5d:f6:13:d0:85:3f:d5:03:00:b1:
         93:7d:95:a4:e5:9f:05:95:71:ac:f5:1f:06:87:39:3e:72:c2:
         c6:90:55:95:0e:49:f3:b4:34:ec:ca:42:5a:24:06:3e:27:e2:
         17:21:37:aa:7b:e8:ba:81:0e:80:2d:bd:8b:d1:df:57:e3:69:
         f9:21:ff:af:1b:e9:b8:cb:ee:bc:2c:7c:28:92:ce:37:20:e4:
         60:5a:2b:fe:38:03:da:fa:f5:98:f7:b4:a2:e0:56:7f:0c:36:
         fd:d4:fe:73:1c:ec:62:dd:0a:bf:5c:26:39:30:50:0f:11:8d:
         cc:15:3e:81
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUL+od+QsDXtFtlipJbkQj9Am2Z0wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjQwNDEzMDAwMDAwWhcNMjQwNTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0BlZWJiNDMyZTE2ZWU2ZDgzYTRmZmZkODk0YzQ1YzYwYmUw
MjI2NWFjMGVkYzMyODY0YWU1MGVkMzFlYzFhN2FhMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCzjJZepHqgh8/0+LQUEwdDMujtw/6+vyrjIttJcyaKsmz4
TkbdQaN/wj1guOhwDQUp1WcS6VA1wa6LhC4sMgXp3FO1wAUYrXz9G1dmaq5lhIrs
lXAYPnA54mnwuNltNZv+LBZlnkXV/0nRrgd4LbYaJ58MM6dZ+vJoD08g7kNEW3CA
Tvot3tTTUY4oxxqNwnq1hqO61fAMPBIO1jBKn1bO0nFY85cVsDS8v4SAhbSgGKSp
/rvRvJUkBJO003awP2EbjzkGfuD0faW+06F0Yk943AwVd5EiCl0leO8W2myLzSf2
jd2EsvmhdTFATFkEK7D04WVJyISeEWz5gL1N7XeNAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU1i/mJ94ipVK4PgCk51JG6/XlzeowHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2RkNjVhYjUxLThlMzktNGQ5MC04YmVkLTk3MzcyODgzMGNmMy5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFk80BU0RQWaGYqKiUsAk2xOYFyr
yP5PEgBlrx8pl0tapmWklSGxo1hbrSGyV5HxoAeDi8uZGpwTXy0+XS6pOzCUrMjm
DbHuoUkN8nrwg2JYOXIXe9TW5IrTzOzCg0Ir/5ub/TFcVVA1CQI6eLry2mEe28MO
5qVqUDoR0Tc39z9rjkq6nSt5XfYT0IU/1QMAsZN9laTlnwWVcaz1HwaHOT5ywsaQ
VZUOSfO0NOzKQlokBj4n4hchN6p76LqBDoAtvYvR31fjafkh/68b6bjL7rwsfCiS
zjcg5GBaK/44A9r69Zj3tKLgVn8MNv3U/nMc7GLdCr9cJjkwUA8RjcwVPoE=
-----END CERTIFICATE-----