Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/98286ddc-f06b-49d3-856d-cb91877b813e.roa
File:                     98286ddc-f06b-49d3-856d-cb91877b813e.roa (raw, json)
Hash identifier:          /ItPJCOtkpSm/zv72I6zx96+81J+IZXwNxoJaaHw66o=
Subject key identifier:   9D:50:41:D8:CC:97:EA:34:88:CF:83:17:D1:AA:97:4E:4A:AB:B8:86
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       78694CC28452A3D6033503C7324D58E62414600C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/98286ddc-f06b-49d3-856d-cb91877b813e.roa
Signing time:             Tue 25 Mar 2025 00:20:08 +0000
ROA not before:           Tue 25 Mar 2025 00:20:08 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:a080::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 18:53:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:69:4c:c2:84:52:a3:d6:03:35:03:c7:32:4d:58:e6:24:14:60:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 25 00:20:08 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=9c0b1646ba3f6244d30e38b2bb22472dbbe8fb4de0e1566e7d443f28dd678560, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:65:4a:cf:31:e2:e4:00:89:5c:6c:51:8f:12:
                    e3:28:e0:0a:b5:14:50:97:28:3f:22:df:96:47:83:
                    97:04:9c:50:53:19:00:ca:f1:07:f9:81:11:57:c1:
                    0a:9f:f9:5d:16:81:5f:cb:47:84:b8:5b:2c:a5:12:
                    b1:a4:32:86:e3:06:0c:09:02:a1:df:d6:82:76:39:
                    7e:a8:60:7c:ef:7c:dc:45:a7:49:da:b7:82:7a:5d:
                    a7:e4:4d:c6:4d:6e:22:59:7c:a4:98:95:bd:73:c9:
                    8e:6e:54:3d:e3:54:de:34:84:32:18:fd:24:f6:81:
                    f3:34:54:41:4d:48:bb:8e:0a:92:92:c4:7c:d1:af:
                    ff:8a:e6:8e:b0:c9:01:26:f7:dc:f6:e5:76:7f:8e:
                    94:1b:e7:e7:91:50:47:85:3e:69:82:35:6e:49:10:
                    f9:70:ce:3d:cc:6d:9c:54:7e:48:81:ea:e6:9d:04:
                    e2:94:86:62:d5:ec:bc:99:b2:f8:d8:4b:c0:d8:35:
                    fe:17:4b:77:50:e7:e9:97:c6:d5:63:4d:22:7b:c2:
                    47:af:a5:af:26:12:db:6f:1d:ed:8f:83:ee:63:12:
                    fd:86:fd:a1:5c:4c:7f:b6:5f:50:6c:f3:fd:94:00:
                    70:a0:30:74:e7:27:16:d6:cd:01:1b:12:b4:d6:a7:
                    1b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:50:41:D8:CC:97:EA:34:88:CF:83:17:D1:AA:97:4E:4A:AB:B8:86
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/98286ddc-f06b-49d3-856d-cb91877b813e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:a080::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:7d:a3:78:7c:07:4f:5c:d5:0f:f7:76:bc:07:22:d6:e6:5d:
         f1:1a:24:85:67:32:0b:74:16:af:15:f7:e9:14:18:17:7c:99:
         b0:ff:cd:aa:12:0d:0c:37:67:8f:e8:01:24:2b:28:a0:e4:6d:
         f9:9e:7b:cc:f8:07:2b:16:99:86:24:34:7a:ef:1e:53:9d:4b:
         5d:28:3d:9e:4d:1a:2c:e9:e6:56:86:0e:89:33:72:10:89:bc:
         95:7a:f6:48:5b:d5:27:92:25:7a:01:46:2f:7f:40:01:d0:ca:
         5f:1f:67:0a:b1:d9:6d:6f:b1:84:3d:a8:86:11:c7:41:5a:ec:
         d0:71:bb:8d:e7:62:7a:36:93:ac:c2:da:9d:c7:92:65:c9:24:
         60:78:4e:0f:b0:60:c1:37:d6:dd:60:fd:c6:ba:24:d0:ac:f8:
         9f:84:29:27:3d:fc:5f:4b:9a:f0:19:f2:60:84:14:15:10:1d:
         ca:8d:de:61:d0:6c:6b:c5:08:0d:3e:da:85:a1:c5:6c:fb:de:
         90:83:af:c4:10:15:98:de:b0:5d:74:77:51:80:64:a7:de:c7:
         c1:07:40:fb:f8:dd:b3:c9:1f:37:65:64:9f:e8:4a:8a:98:c2:
         10:68:af:f3:93:95:9a:60:b6:b4:c7:43:59:77:40:92:ba:15:
         ac:83:63:56
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUeGlMwoRSo9YDNQPHMk1Y5iQUYAwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDMyNTAwMjAwOFoX
DTI1MDQyOTIzNTk1OVowejFJMEcGA1UEBRNAOWMwYjE2NDZiYTNmNjI0NGQzMGUz
OGIyYmIyMjQ3MmRiYmU4ZmI0ZGUwZTE1NjZlN2Q0NDNmMjhkZDY3ODU2MDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGVKzzHi5ACJXGxRjxLjKOAKtRRQ
lyg/It+WR4OXBJxQUxkAyvEH+YERV8EKn/ldFoFfy0eEuFsspRKxpDKG4wYMCQKh
39aCdjl+qGB873zcRadJ2reCel2n5E3GTW4iWXykmJW9c8mOblQ941TeNIQyGP0k
9oHzNFRBTUi7jgqSksR80a//iuaOsMkBJvfc9uV2f46UG+fnkVBHhT5pgjVuSRD5
cM49zG2cVH5IgermnQTilIZi1ey8mbL42EvA2DX+F0t3UOfpl8bVY00ie8JHr6Wv
JhLbbx3tj4PuYxL9hv2hXEx/tl9QbPP9lABwoDB05ycW1s0BGxK01qcbqwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJ1QQdjMl+o0iM+DF9Gql05Kq7iGMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzk4Mjg2ZGRjLWYwNmItNDlkMy04NTZkLWNiOTE4NzdiODEzZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba9KCAMA0GCSqGSIb3DQEBCwUAA4IBAQAZfaN4fAdPXNUP93a8
ByLW5l3xGiSFZzILdBavFffpFBgXfJmw/82qEg0MN2eP6AEkKyig5G35nnvM+Acr
FpmGJDR67x5TnUtdKD2eTRos6eZWhg6JM3IQibyVevZIW9UnkiV6AUYvf0AB0Mpf
H2cKsdltb7GEPaiGEcdBWuzQcbuN52J6NpOswtqdx5JlySRgeE4PsGDBN9bdYP3G
uiTQrPifhCknPfxfS5rwGfJghBQVEB3Kjd5h0GxrxQgNPtqFocVs+96Qg6/EEBWY
3rBddHdRgGSn3sfBB0D7+N2zyR83ZWSf6EqKmMIQaK/zk5WaYLa0x0NZd0CSuhWs
g2NW
-----END CERTIFICATE-----