Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/01809cdd-6c02-42ea-b174-eaf3b6ef39da.roa
File:                     01809cdd-6c02-42ea-b174-eaf3b6ef39da.roa (raw, json)
Hash identifier:          s3BidREaVg2rfskhNDAxLJEeMiylqa9l201/KiA01PI=
Subject key identifier:   6D:37:BE:19:52:33:CC:B8:09:E6:AC:78:4D:07:7F:CC:38:BD:B2:03
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       227EB29E8B521BB15111BB1848E02E0E58843F88
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/01809cdd-6c02-42ea-b174-eaf3b6ef39da.roa
Signing time:             Tue 25 Mar 2025 15:02:06 +0000
ROA not before:           Tue 25 Mar 2025 15:02:06 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:2000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 18:53:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:7e:b2:9e:8b:52:1b:b1:51:11:bb:18:48:e0:2e:0e:58:84:3f:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 25 15:02:06 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=8122948790fb62803e6a982a0f785c474950e6bedcc9a647b8249da208ab3883, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:db:50:b0:c8:13:44:5d:ab:f6:ac:cf:ae:a3:
                    63:14:ec:81:22:5d:fe:31:c7:f1:ee:5e:43:31:12:
                    06:d8:19:f3:c6:e0:8d:8a:28:21:1a:cd:b2:cc:de:
                    2a:0e:71:b6:7b:93:ad:d6:25:ed:c5:39:33:a4:35:
                    c5:d1:6d:50:79:0b:8f:6e:4f:92:f0:d1:97:c7:f3:
                    bf:6d:a0:db:84:28:81:d2:57:5f:4b:bc:29:9a:4c:
                    55:d5:18:50:60:cf:35:72:77:47:a5:a9:25:90:33:
                    74:04:ab:70:cd:7f:5f:c6:00:37:e5:ec:cc:ff:66:
                    8d:1f:0a:3d:f2:5a:ba:f5:a3:45:38:eb:eb:8d:4b:
                    c8:c7:ab:b1:7f:0e:27:24:7f:cb:6c:37:57:ed:2e:
                    25:59:48:a5:ec:17:3e:1b:f1:e8:8b:4e:ca:27:60:
                    2c:fc:dc:15:1d:1a:12:70:58:ba:21:7c:80:43:33:
                    d8:77:0d:b4:96:56:e7:5a:7d:eb:a7:28:c0:e6:31:
                    b6:83:fa:ec:c9:81:91:4a:b0:25:cc:cc:d3:28:8e:
                    88:98:31:95:80:2b:8c:22:c7:c7:58:87:a0:5b:7a:
                    1d:20:24:6f:f1:24:be:94:c1:4e:22:29:50:c6:91:
                    3e:f8:c7:d1:8c:4f:c1:26:8c:a4:86:83:9e:bc:1f:
                    09:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:37:BE:19:52:33:CC:B8:09:E6:AC:78:4D:07:7F:CC:38:BD:B2:03
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/01809cdd-6c02-42ea-b174-eaf3b6ef39da.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7f:eb:4e:2a:43:a6:ff:f5:f4:76:44:0d:0b:fd:7c:74:4a:d0:
         c2:61:9d:e0:0f:ad:ee:76:76:a0:78:02:c0:45:57:18:fa:a1:
         47:a3:c7:19:c9:21:56:bc:c8:24:7e:a3:a8:99:7a:72:76:db:
         c5:7b:51:8e:87:48:60:fb:48:ac:6e:21:17:5e:66:42:ec:9e:
         05:be:b1:59:d0:fd:1e:15:24:e7:d3:f2:fc:bb:e3:60:8c:c9:
         9a:eb:65:a0:8a:ea:ea:80:d0:b0:41:59:0a:39:78:d7:03:ff:
         b5:d0:f2:f6:0b:03:a9:2c:d7:41:81:78:33:2d:30:2d:f8:b9:
         35:6d:a1:f2:69:6c:76:50:2e:ea:fb:c9:53:43:a8:ff:d2:8e:
         05:a3:bc:8f:10:37:27:b3:a3:ba:bb:8e:97:d5:e9:74:62:8b:
         0d:fd:b2:b6:06:69:e6:22:3b:8b:19:fc:7a:e3:28:58:82:43:
         ec:9c:45:9e:13:c4:e4:9b:94:08:3a:00:54:71:eb:5d:2e:df:
         fc:db:db:a5:9b:08:89:b7:04:7f:88:f1:a9:d9:48:ec:d6:3e:
         2e:e2:c1:b4:24:f2:0a:ed:79:d8:1e:c6:c6:ca:d3:e2:87:0e:
         29:5f:ce:23:1c:c3:f5:38:7e:29:f3:8e:fc:d9:a2:29:61:d2:
         50:6d:3f:c3
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUIn6ynotSG7FREbsYSOAuDliEP4gwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDMyNTE1MDIwNloX
DTI1MDQyOTIzNTk1OVowejFJMEcGA1UEBRNAODEyMjk0ODc5MGZiNjI4MDNlNmE5
ODJhMGY3ODVjNDc0OTUwZTZiZWRjYzlhNjQ3YjgyNDlkYTIwOGFiMzg4MzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodtQsMgTRF2r9qzPrqNjFOyBIl3+
Mcfx7l5DMRIG2BnzxuCNiighGs2yzN4qDnG2e5Ot1iXtxTkzpDXF0W1QeQuPbk+S
8NGXx/O/baDbhCiB0ldfS7wpmkxV1RhQYM81cndHpaklkDN0BKtwzX9fxgA35ezM
/2aNHwo98lq69aNFOOvrjUvIx6uxfw4nJH/LbDdX7S4lWUil7Bc+G/Hoi07KJ2As
/NwVHRoScFi6IXyAQzPYdw20llbnWn3rpyjA5jG2g/rsyYGRSrAlzMzTKI6ImDGV
gCuMIsfHWIegW3odICRv8SS+lMFOIilQxpE++MfRjE/BJoykhoOevB8JxQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFG03vhlSM8y4CeaseE0Hf8w4vbIDMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzAxODA5Y2RkLTZjMDItNDJlYS1iMTc0LWVhZjNiNmVmMzlkYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9CAwDQYJKoZIhvcNAQELBQADggEBAH/rTipDpv/19HZEDQv9
fHRK0MJhneAPre52dqB4AsBFVxj6oUejxxnJIVa8yCR+o6iZenJ228V7UY6HSGD7
SKxuIRdeZkLsngW+sVnQ/R4VJOfT8vy742CMyZrrZaCK6uqA0LBBWQo5eNcD/7XQ
8vYLA6ks10GBeDMtMC34uTVtofJpbHZQLur7yVNDqP/SjgWjvI8QNyezo7q7jpfV
6XRiiw39srYGaeYiO4sZ/HrjKFiCQ+ycRZ4TxOSblAg6AFRx610u3/zb26WbCIm3
BH+I8anZSOzWPi7iwbQk8grtedgexsbK0+KHDilfziMcw/U4finzjvzZoilh0lBt
P8M=
-----END CERTIFICATE-----