Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/85cf1f6a-405c-4d4b-909f-89c20b3bda8f.roa
File:                     85cf1f6a-405c-4d4b-909f-89c20b3bda8f.roa (raw, json)
Hash identifier:          eykZzhjBWfRJeDpa0bgAoCkNUiH6MKLvTmvT3OrelW4=
Subject key identifier:   FA:0F:3D:DD:09:06:F8:5B:8D:72:2D:FF:9E:CA:DF:01:E2:ED:BF:0A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       553102B091AAC2453978E0A760CBD1781066DF8F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/85cf1f6a-405c-4d4b-909f-89c20b3bda8f.roa
Signing time:             Tue 25 Mar 2025 15:11:00 +0000
ROA not before:           Tue 25 Mar 2025 15:11:00 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:e000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 18:53:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:31:02:b0:91:aa:c2:45:39:78:e0:a7:60:cb:d1:78:10:66:df:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 25 15:11:00 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=d98bdefa110e514e2274091178f87a8476ea4dc0340fed7386d04efea2152d1e, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e1:a2:cb:46:19:cd:67:ce:45:9f:a0:95:ca:
                    54:e1:1f:72:e9:3a:24:a8:a8:df:53:fa:73:45:45:
                    23:90:91:07:96:a2:1d:54:af:8b:d8:f7:9e:55:6b:
                    fb:32:6b:eb:a8:2e:d4:ba:78:ab:cf:0c:97:8b:cd:
                    96:58:c4:d0:c2:79:e9:0b:fd:7c:1c:f7:69:ea:3c:
                    ec:12:2f:8e:1d:de:6e:ca:d6:ab:1e:38:54:7c:3a:
                    f0:c8:fd:60:75:f4:90:a3:8d:5a:94:e5:df:cf:69:
                    37:01:29:b5:ce:e5:83:53:9d:2f:c8:48:6f:c1:57:
                    cb:33:a3:b5:1a:dc:a1:0b:bf:06:d7:b6:68:e1:49:
                    1b:39:f0:30:f9:19:d0:af:51:f3:d3:e3:eb:2d:7e:
                    b5:be:e1:a7:52:c2:26:26:02:5c:c9:65:da:b1:06:
                    2f:f7:e9:3a:7b:f3:27:69:04:e7:f3:cd:37:e5:58:
                    5b:ba:ec:55:c4:42:2e:3b:30:42:33:63:01:12:c5:
                    6e:b5:55:ad:43:71:50:6a:9f:66:e1:de:71:7c:81:
                    cd:90:6a:0f:3c:cc:82:f6:b2:3a:56:46:6e:ec:f3:
                    4b:e0:a3:3c:49:86:34:56:d5:32:6f:91:2d:e2:4a:
                    de:49:1f:17:53:08:1a:4e:24:4d:80:26:9b:1b:51:
                    db:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:0F:3D:DD:09:06:F8:5B:8D:72:2D:FF:9E:CA:DF:01:E2:ED:BF:0A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/85cf1f6a-405c-4d4b-909f-89c20b3bda8f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:e000::/40

    Signature Algorithm: sha256WithRSAEncryption
         3d:00:83:0f:63:2e:a0:fd:e3:23:17:4f:34:32:30:18:45:6a:
         fe:58:b2:d5:51:30:c0:63:f5:1e:f2:59:38:8c:80:62:de:68:
         84:4c:1b:c4:5a:28:18:03:24:db:05:24:d9:51:67:39:91:6b:
         18:fb:9a:26:dc:3b:08:3b:6a:b0:a1:67:d2:a2:0e:a7:ff:42:
         d1:14:4b:d6:f5:28:37:9e:bd:ff:28:61:db:08:83:24:64:1b:
         25:0a:14:98:79:f1:cd:2c:03:44:f5:90:2f:40:2e:cd:b2:90:
         b4:96:8e:b8:c6:36:d7:d6:6b:de:e1:13:96:37:29:c9:9f:53:
         b4:05:9f:9b:b5:a4:96:74:cd:3c:f9:dd:06:ed:4e:4a:84:74:
         be:e3:28:04:2e:cc:3d:88:e6:49:43:40:bf:84:33:30:38:2e:
         77:a9:d8:03:8d:1f:a5:f1:53:54:50:3f:9d:8f:b2:d0:9e:d6:
         6b:63:0d:07:09:a8:cd:6d:11:7a:f9:f1:35:61:f4:e7:0b:2d:
         40:3a:06:c7:e2:d8:8d:9f:72:d5:f1:35:55:58:6f:aa:02:b3:
         96:e3:50:16:0f:79:ca:49:87:9d:c7:61:03:d1:29:0a:a9:9e:
         b2:1d:a2:5f:1f:ac:d6:0c:3b:35:18:49:2b:c4:cf:2c:6a:79:
         2b:f5:6b:b8
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUVTECsJGqwkU5eOCnYMvReBBm348wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDMyNTE1MTEwMFoX
DTI1MDQyOTIzNTk1OVowejFJMEcGA1UEBRNAZDk4YmRlZmExMTBlNTE0ZTIyNzQw
OTExNzhmODdhODQ3NmVhNGRjMDM0MGZlZDczODZkMDRlZmVhMjE1MmQxZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeGiy0YZzWfORZ+glcpU4R9y6Tok
qKjfU/pzRUUjkJEHlqIdVK+L2PeeVWv7MmvrqC7UunirzwyXi82WWMTQwnnpC/18
HPdp6jzsEi+OHd5uytarHjhUfDrwyP1gdfSQo41alOXfz2k3ASm1zuWDU50vyEhv
wVfLM6O1GtyhC78G17Zo4UkbOfAw+RnQr1Hz0+PrLX61vuGnUsImJgJcyWXasQYv
9+k6e/MnaQTn88035VhbuuxVxEIuOzBCM2MBEsVutVWtQ3FQap9m4d5xfIHNkGoP
PMyC9rI6VkZu7PNL4KM8SYY0VtUyb5Et4kreSR8XUwgaTiRNgCabG1HbqwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPoPPd0JBvhbjXIt/57K3wHi7b8KMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg1Y2YxZjZhLTQwNWMtNGQ0Yi05MDlmLTg5YzIwYjNiZGE4Zi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9OAwDQYJKoZIhvcNAQELBQADggEBAD0Agw9jLqD94yMXTzQy
MBhFav5YstVRMMBj9R7yWTiMgGLeaIRMG8RaKBgDJNsFJNlRZzmRaxj7mibcOwg7
arChZ9KiDqf/QtEUS9b1KDeevf8oYdsIgyRkGyUKFJh58c0sA0T1kC9ALs2ykLSW
jrjGNtfWa97hE5Y3KcmfU7QFn5u1pJZ0zTz53QbtTkqEdL7jKAQuzD2I5klDQL+E
MzA4Lnep2AONH6XxU1RQP52PstCe1mtjDQcJqM1tEXr58TVh9OcLLUA6Bsfi2I2f
ctXxNVVYb6oCs5bjUBYPecpJh53HYQPRKQqpnrIdol8frNYMOzUYSSvEzyxqeSv1
a7g=
-----END CERTIFICATE-----