Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/329e93f6-04eb-4c13-8818-83f24142dcf6.roa
File:                     329e93f6-04eb-4c13-8818-83f24142dcf6.roa (raw, json)
Hash identifier:          WfYDh8k4JCp+BMhxTK0tVZFpkSkgCs4p2buhkERcX6w=
Subject key identifier:   F8:4C:06:B6:4C:50:DF:72:94:78:73:B0:BD:89:30:9D:4D:50:8A:0E
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       094B43109A46F85DD55D61776983CC5C9B1689DA
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/329e93f6-04eb-4c13-8818-83f24142dcf6.roa
Signing time:             Tue 25 Mar 2025 00:01:11 +0000
ROA not before:           Tue 25 Mar 2025 00:01:11 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:2040::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 18:53:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:4b:43:10:9a:46:f8:5d:d5:5d:61:77:69:83:cc:5c:9b:16:89:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 25 00:01:11 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=126c99d4b5a89ac282602d1268f9f4537d2af542a13392d31800fe408c5ea4bb, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d3:22:56:21:2e:0f:88:98:35:3b:7d:ae:80:
                    1c:a3:3d:02:ca:c5:89:62:2c:c2:46:85:da:d1:4e:
                    28:51:16:44:36:94:b0:8a:43:10:38:22:4d:29:74:
                    ee:a2:b3:8a:b0:43:68:09:a4:94:90:64:72:62:09:
                    2c:df:4b:b8:48:08:eb:eb:c7:e4:7f:13:32:8e:82:
                    bb:13:ca:2a:bf:c1:11:44:23:4f:cd:11:6d:11:77:
                    e2:02:c3:52:ee:88:64:29:5b:f0:83:af:d5:52:eb:
                    5e:9a:0a:71:65:d1:9c:00:13:be:d2:b0:96:8d:48:
                    0b:25:a8:e2:0f:f3:7d:99:9c:22:b1:8d:28:89:19:
                    f7:78:95:e4:f3:97:67:08:37:ac:07:5b:87:1e:4f:
                    75:97:77:3a:ad:43:dd:74:ee:ff:9c:69:ef:f0:08:
                    f3:67:da:57:46:5c:fa:fb:36:95:ec:23:8b:1e:ad:
                    27:0b:e8:52:51:2a:7d:40:59:df:02:54:46:5b:6f:
                    33:98:33:4d:9f:80:cb:25:49:b9:4b:3c:8f:74:90:
                    db:f2:30:ba:81:b7:ad:9b:45:08:fe:f6:80:dd:0b:
                    30:34:51:5b:62:0c:f0:66:93:11:9b:87:32:b1:b9:
                    d5:28:75:50:15:a4:1a:18:77:42:22:45:10:35:0c:
                    dc:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:4C:06:B6:4C:50:DF:72:94:78:73:B0:BD:89:30:9D:4D:50:8A:0E
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/329e93f6-04eb-4c13-8818-83f24142dcf6.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:2040::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:fd:39:1b:65:c2:df:07:4d:26:df:9c:c1:8d:4b:a3:4e:d7:
         4c:ae:10:5b:16:f6:51:50:f8:54:3e:68:62:7e:0c:46:8d:94:
         1b:ba:f9:f3:dc:7c:e2:41:e3:4c:ca:3a:24:01:f1:f2:85:d6:
         d2:56:d8:3a:cd:3a:c7:62:b0:15:af:ab:72:b8:14:52:9b:7f:
         e0:cd:93:9d:10:ea:4e:7a:0d:34:a3:34:7e:f4:25:2b:cb:cb:
         fc:b5:fd:be:d2:6a:06:53:d3:c9:6d:02:c0:14:53:b1:b6:a7:
         13:6f:2d:3d:44:36:52:00:01:f8:c2:9c:80:2c:60:df:10:70:
         33:29:92:73:18:79:69:fc:a6:ce:5f:cb:95:3a:9c:61:39:d4:
         55:d2:e6:a9:b7:5c:63:b9:f8:c6:fa:60:25:03:e7:e3:ed:80:
         83:f1:c9:e7:54:4b:2c:fb:4c:81:f3:03:0c:8b:af:39:d2:b3:
         ec:c5:58:df:d2:6f:82:01:62:4d:37:44:19:e8:c2:b6:08:e7:
         ed:df:7d:59:19:f8:90:7d:75:53:7e:18:f6:37:a2:fc:9c:a9:
         64:bb:99:71:a6:3c:5a:d3:0d:13:97:c1:8c:f9:90:2d:db:33:
         42:61:5a:f8:86:d2:02:25:03:38:85:08:fd:08:ed:41:8d:bf:
         a9:f4:63:e2
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUCUtDEJpG+F3VXWF3aYPMXJsWidowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDMyNTAwMDExMVoX
DTI1MDQyOTIzNTk1OVowejFJMEcGA1UEBRNAMTI2Yzk5ZDRiNWE4OWFjMjgyNjAy
ZDEyNjhmOWY0NTM3ZDJhZjU0MmExMzM5MmQzMTgwMGZlNDA4YzVlYTRiYjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdMiViEuD4iYNTt9roAcoz0CysWJ
YizCRoXa0U4oURZENpSwikMQOCJNKXTuorOKsENoCaSUkGRyYgks30u4SAjr68fk
fxMyjoK7E8oqv8ERRCNPzRFtEXfiAsNS7ohkKVvwg6/VUutemgpxZdGcABO+0rCW
jUgLJajiD/N9mZwisY0oiRn3eJXk85dnCDesB1uHHk91l3c6rUPddO7/nGnv8Ajz
Z9pXRlz6+zaV7COLHq0nC+hSUSp9QFnfAlRGW28zmDNNn4DLJUm5SzyPdJDb8jC6
gbetm0UI/vaA3QswNFFbYgzwZpMRm4cysbnVKHVQFaQaGHdCIkUQNQzccQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFPhMBrZMUN9ylHhzsL2JMJ1NUIoOMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzMyOWU5M2Y2LTA0ZWItNGMxMy04ODE4LTgzZjI0MTQyZGNmNi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba9CBAMA0GCSqGSIb3DQEBCwUAA4IBAQCz/TkbZcLfB00m35zB
jUujTtdMrhBbFvZRUPhUPmhifgxGjZQbuvnz3HziQeNMyjokAfHyhdbSVtg6zTrH
YrAVr6tyuBRSm3/gzZOdEOpOeg00ozR+9CUry8v8tf2+0moGU9PJbQLAFFOxtqcT
by09RDZSAAH4wpyALGDfEHAzKZJzGHlp/KbOX8uVOpxhOdRV0uapt1xjufjG+mAl
A+fj7YCD8cnnVEss+0yB8wMMi6850rPsxVjf0m+CAWJNN0QZ6MK2COft331ZGfiQ
fXVTfhj2N6L8nKlku5lxpjxa0w0Tl8GM+ZAt2zNCYVr4htICJQM4hQj9CO1Bjb+p
9GPi
-----END CERTIFICATE-----