Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/48c27610-66dd-4e99-839b-39b2b551cda7.roa
File:                     48c27610-66dd-4e99-839b-39b2b551cda7.roa (raw, json)
Hash identifier:          jr+tAd42ZTHae4i0OcEqVjghxGnjIQnkEdc7dtxdkVg=
Subject key identifier:   98:0A:FB:F3:3D:14:A1:60:CB:EC:CA:B6:6B:D1:E6:2A:DF:7E:69:6A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       152DE668E9151B3D0DF031296C28F48B856083CF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/48c27610-66dd-4e99-839b-39b2b551cda7.roa
Signing time:             Tue 25 Mar 2025 15:11:42 +0000
ROA not before:           Tue 25 Mar 2025 15:11:42 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:4000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 18:53:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:2d:e6:68:e9:15:1b:3d:0d:f0:31:29:6c:28:f4:8b:85:60:83:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 25 15:11:42 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=1eb6c757a4a0c71df8851831d882c8388d6bc3406f4933fcbb72fedf4e4b0cea, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:00:63:16:4c:15:41:bd:34:8a:49:10:37:fa:
                    93:4c:44:ab:67:c0:9a:e9:4d:8c:7c:de:e0:0d:48:
                    36:b4:71:49:8e:cd:29:ef:63:ec:3f:09:c2:09:d1:
                    45:24:a6:76:d5:56:c3:a5:90:c9:3b:02:ba:59:fe:
                    6c:37:0c:7b:a7:de:48:95:0b:23:f3:d4:f2:31:46:
                    d8:5e:65:ea:a3:62:38:27:40:59:e0:15:6d:2a:a4:
                    93:de:66:cc:4c:37:01:81:50:e2:e2:86:73:84:26:
                    38:e1:13:17:f8:1b:05:7c:98:fa:7e:05:12:1f:cf:
                    a7:84:dc:78:da:08:04:d7:b0:6b:cc:49:94:28:c5:
                    1a:23:8c:84:da:60:fe:39:fa:7c:62:ab:00:2c:a1:
                    cf:61:9c:df:ea:fd:f1:18:63:65:67:13:fa:bd:b0:
                    0b:e4:b9:fa:9a:e3:21:25:cc:7a:c4:cd:ad:28:0d:
                    c5:28:57:94:a1:87:cf:37:02:6c:39:11:10:f1:b6:
                    33:3d:10:2a:c5:41:6f:b6:ac:ab:f9:50:35:b8:e2:
                    f5:0f:68:6b:27:5b:b9:b8:2b:c9:c6:c3:0b:ff:d3:
                    84:b1:60:04:8b:a6:2f:59:ab:65:1c:04:87:6e:75:
                    81:68:f1:f0:9f:7c:06:3e:1a:e8:5a:6f:17:ed:e4:
                    fe:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:0A:FB:F3:3D:14:A1:60:CB:EC:CA:B6:6B:D1:E6:2A:DF:7E:69:6A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/48c27610-66dd-4e99-839b-39b2b551cda7.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:b5:ce:dd:b0:0b:87:01:2c:37:dd:aa:67:33:d6:34:f5:7e:
         5a:d8:02:33:da:b9:14:73:82:08:9a:35:13:5e:98:4b:f2:9e:
         e9:5c:10:35:6c:7d:63:31:56:7b:39:f9:f6:9a:9b:62:a0:77:
         2f:15:c1:c6:50:b3:c6:8b:8c:64:e5:98:96:b8:a7:26:8b:6f:
         52:0e:fa:8a:18:97:ae:0d:1d:ee:c6:e5:b9:d3:d9:59:55:94:
         be:22:76:f0:a3:f3:9f:cc:33:1b:5a:e5:d0:3a:87:1e:ed:c9:
         7f:e8:7a:63:47:9d:41:0c:b7:c1:93:d7:28:84:7a:aa:b5:11:
         a2:0f:f1:c5:ec:a2:d5:a9:ca:ec:d7:af:fa:86:e8:eb:02:74:
         2f:13:26:64:ed:d6:0b:80:46:e6:9d:ff:d4:ae:9f:16:de:06:
         45:9f:a2:74:ee:d0:bf:a3:db:8e:8b:27:01:d9:01:07:3c:07:
         dc:d4:11:b9:02:49:18:84:0e:6b:6f:59:55:fd:b5:fc:bd:e7:
         3f:15:13:8c:c2:45:8c:4c:4c:24:b6:2a:b5:91:ac:6d:44:41:
         5d:c4:c7:3b:df:8c:52:55:be:04:76:1f:39:ab:e2:df:ed:e9:
         24:c2:c6:c3:da:31:ae:b8:70:64:82:30:f5:d9:78:d5:a5:d7:
         2a:14:76:43
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUFS3maOkVGz0N8DEpbCj0i4Vgg88wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDMyNTE1MTE0MloX
DTI1MDQyOTIzNTk1OVowejFJMEcGA1UEBRNAMWViNmM3NTdhNGEwYzcxZGY4ODUx
ODMxZDg4MmM4Mzg4ZDZiYzM0MDZmNDkzM2ZjYmI3MmZlZGY0ZTRiMGNlYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QBjFkwVQb00ikkQN/qTTESrZ8Ca
6U2MfN7gDUg2tHFJjs0p72PsPwnCCdFFJKZ21VbDpZDJOwK6Wf5sNwx7p95IlQsj
89TyMUbYXmXqo2I4J0BZ4BVtKqST3mbMTDcBgVDi4oZzhCY44RMX+BsFfJj6fgUS
H8+nhNx42ggE17BrzEmUKMUaI4yE2mD+Ofp8YqsALKHPYZzf6v3xGGNlZxP6vbAL
5Ln6muMhJcx6xM2tKA3FKFeUoYfPNwJsOREQ8bYzPRAqxUFvtqyr+VA1uOL1D2hr
J1u5uCvJxsML/9OEsWAEi6YvWatlHASHbnWBaPHwn3wGPhroWm8X7eT+CQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJgK+/M9FKFgy+zKtmvR5irffmlqMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzQ4YzI3NjEwLTY2ZGQtNGU5OS04MzliLTM5YjJiNTUxY2RhNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9EAwDQYJKoZIhvcNAQELBQADggEBACS1zt2wC4cBLDfdqmcz
1jT1flrYAjPauRRzggiaNRNemEvynulcEDVsfWMxVns5+faam2Kgdy8VwcZQs8aL
jGTlmJa4pyaLb1IO+ooYl64NHe7G5bnT2VlVlL4idvCj85/MMxta5dA6hx7tyX/o
emNHnUEMt8GT1yiEeqq1EaIP8cXsotWpyuzXr/qG6OsCdC8TJmTt1guARuad/9Su
nxbeBkWfonTu0L+j246LJwHZAQc8B9zUEbkCSRiEDmtvWVX9tfy95z8VE4zCRYxM
TCS2KrWRrG1EQV3ExzvfjFJVvgR2Hzmr4t/t6STCxsPaMa64cGSCMPXZeNWl1yoU
dkM=
-----END CERTIFICATE-----