Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1d157aba-693e-4328-9256-52d6fc681a3f.roa
File:                     1d157aba-693e-4328-9256-52d6fc681a3f.roa (raw, json)
Hash identifier:          whtKsEa/+ICASpozbpqzhnfLRV0jrCZyQd4cstMgnEE=
Subject key identifier:   58:43:56:FF:6C:09:C3:1E:CD:F5:3B:7C:A2:E1:BC:CF:CD:BF:EF:7D
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       38824328D018366D842FE2496D206AFCCA5044A8
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1d157aba-693e-4328-9256-52d6fc681a3f.roa
Signing time:             Tue 25 Mar 2025 00:31:38 +0000
ROA not before:           Tue 25 Mar 2025 00:31:38 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:e040::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 18:53:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:82:43:28:d0:18:36:6d:84:2f:e2:49:6d:20:6a:fc:ca:50:44:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 25 00:31:38 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=78deae5f3ce141d58d07d6fa0e1b68a53dd0321f3330924d939aa76369959385, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d2:63:17:05:de:b6:70:5d:cc:0c:8b:0c:7d:
                    3d:bb:c6:e0:77:0c:40:db:1a:23:be:39:36:4d:b0:
                    d5:d4:28:65:aa:92:4c:17:32:38:1d:84:21:ea:44:
                    7e:87:51:96:dc:b7:07:0c:c0:06:e3:c1:f9:cf:3b:
                    80:8a:d4:62:a7:8e:a8:b4:d5:34:a3:26:2f:e4:ba:
                    dd:5f:fd:91:96:2d:09:b3:7d:6e:61:7f:cd:14:6d:
                    3b:66:79:f9:a0:84:49:c5:d9:07:61:23:d9:f3:67:
                    02:19:24:72:6f:9c:57:8b:fd:3f:a1:93:10:ff:4d:
                    6c:20:59:c5:78:bf:69:6f:7d:ca:79:16:ff:a9:45:
                    64:f3:62:7b:66:fb:2f:c1:96:56:74:b0:88:47:35:
                    69:16:1a:62:c3:4d:f4:57:72:ac:9c:c5:e1:c7:94:
                    1e:62:ce:f4:71:bd:f2:a8:43:dc:f0:a8:7b:cc:4b:
                    8c:08:96:f6:60:f3:d6:87:74:bc:31:55:09:97:dd:
                    f3:8e:84:1a:e9:d6:c4:ec:b4:aa:66:68:d1:75:5d:
                    15:e5:69:d8:ba:6b:48:eb:49:b0:1a:f3:60:bb:34:
                    b4:b4:79:6d:8d:dd:ce:0d:e7:e6:85:a9:ee:9d:e9:
                    ed:69:2a:17:a6:5d:56:c7:31:1d:6a:23:0b:c4:52:
                    08:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:43:56:FF:6C:09:C3:1E:CD:F5:3B:7C:A2:E1:BC:CF:CD:BF:EF:7D
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1d157aba-693e-4328-9256-52d6fc681a3f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:e040::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:d3:9d:27:6f:cc:48:32:e6:ef:30:3b:59:4f:2b:52:9b:dd:
         44:a9:53:63:eb:48:b4:35:e3:ee:1d:13:68:9e:7a:cc:13:bf:
         34:03:b1:c8:70:e3:26:06:39:bf:cc:45:3f:37:34:25:30:ff:
         98:aa:a0:f0:1a:1c:9d:55:53:13:2d:39:13:7e:e5:29:e9:3c:
         cd:e1:1c:19:a2:65:91:f3:e6:c1:65:3a:49:e4:f7:43:11:75:
         60:24:0c:eb:31:7e:8d:29:93:19:c9:f5:ec:a4:42:5a:5f:75:
         74:3c:c5:8b:3c:f6:53:8c:1f:6c:1a:91:cc:80:9d:a0:84:32:
         8f:d4:98:7f:a2:58:ae:d1:c2:2c:d9:33:52:10:f6:60:af:79:
         7d:c3:e2:f8:90:91:dc:3f:4b:2c:8f:d1:e1:1e:9c:46:29:c8:
         cd:7c:9c:26:30:45:38:cb:d5:44:3c:29:df:17:8c:8c:64:fd:
         34:5f:83:1a:27:6e:98:9e:5e:ff:cd:8c:5d:a2:33:7e:d1:a4:
         9c:48:62:f6:86:c1:d6:51:27:e8:8e:c1:b5:e5:08:01:cf:63:
         dc:92:c7:85:e6:41:71:a3:b0:32:c5:6d:14:53:f2:7b:ee:55:
         16:0b:39:8a:07:55:8f:d5:68:c4:a7:87:0c:76:b5:67:8d:5a:
         06:1b:26:79
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUOIJDKNAYNm2EL+JJbSBq/MpQRKgwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDMyNTAwMzEzOFoX
DTI1MDQyOTIzNTk1OVowejFJMEcGA1UEBRNANzhkZWFlNWYzY2UxNDFkNThkMDdk
NmZhMGUxYjY4YTUzZGQwMzIxZjMzMzA5MjRkOTM5YWE3NjM2OTk1OTM4NTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9JjFwXetnBdzAyLDH09u8bgdwxA
2xojvjk2TbDV1ChlqpJMFzI4HYQh6kR+h1GW3LcHDMAG48H5zzuAitRip46otNU0
oyYv5LrdX/2Rli0Js31uYX/NFG07Znn5oIRJxdkHYSPZ82cCGSRyb5xXi/0/oZMQ
/01sIFnFeL9pb33KeRb/qUVk82J7ZvsvwZZWdLCIRzVpFhpiw030V3KsnMXhx5Qe
Ys70cb3yqEPc8Kh7zEuMCJb2YPPWh3S8MVUJl93zjoQa6dbE7LSqZmjRdV0V5WnY
umtI60mwGvNguzS0tHltjd3ODefmhanunentaSoXpl1WxzEdaiMLxFIIGwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFFhDVv9sCcMezfU7fKLhvM/Nv+99MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzFkMTU3YWJhLTY5M2UtNDMyOC05MjU2LTUyZDZmYzY4MWEzZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba9OBAMA0GCSqGSIb3DQEBCwUAA4IBAQCe050nb8xIMubvMDtZ
TytSm91EqVNj60i0NePuHRNonnrME780A7HIcOMmBjm/zEU/NzQlMP+YqqDwGhyd
VVMTLTkTfuUp6TzN4RwZomWR8+bBZTpJ5PdDEXVgJAzrMX6NKZMZyfXspEJaX3V0
PMWLPPZTjB9sGpHMgJ2ghDKP1Jh/oliu0cIs2TNSEPZgr3l9w+L4kJHcP0ssj9Hh
HpxGKcjNfJwmMEU4y9VEPCnfF4yMZP00X4MaJ26Ynl7/zYxdojN+0aScSGL2hsHW
USfojsG15QgBz2PckseF5kFxo7AyxW0UU/J77lUWCzmKB1WP1WjEp4cMdrVnjVoG
GyZ5
-----END CERTIFICATE-----