Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d65ab995-dc40-402e-8ae6-67b5a55b9835.roa
File:                     d65ab995-dc40-402e-8ae6-67b5a55b9835.roa (raw, json)
Hash identifier:          Z9/slZLRZ5VEcUUGjrXbjI/q/0MGh0Qw2Df9RyN+aw4=
Subject key identifier:   B3:C1:40:92:2B:B2:1B:91:B6:60:CF:C2:BC:54:C4:E9:8A:89:A7:41
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3CCCDB7738499313337ADAA0EC5EA8A113807E5B
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d65ab995-dc40-402e-8ae6-67b5a55b9835.roa
Signing time:             Tue 25 Mar 2025 00:31:08 +0000
ROA not before:           Tue 25 Mar 2025 00:31:08 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:a040::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 18:54:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:cc:db:77:38:49:93:13:33:7a:da:a0:ec:5e:a8:a1:13:80:7e:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 25 00:31:08 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=0818a05ee43361a8bfbdfa66ebd544fc232b2d17278fff4bb591e1e91d49830f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:dc:97:df:a6:21:08:59:dc:d6:f3:fc:c6:a1:
                    2c:bc:8c:82:a7:cc:b8:43:b8:c5:fb:0c:0c:02:71:
                    66:fb:90:73:35:02:4f:c2:94:f6:da:ea:cc:18:0c:
                    29:35:09:ab:b9:95:b9:3c:7e:04:1f:fe:76:8a:b7:
                    7f:4b:0a:f1:2c:08:8b:1a:11:14:9a:a2:d7:30:09:
                    a8:5a:6e:44:ef:3c:e5:14:7e:5a:88:26:ef:41:1a:
                    9a:3e:6e:1f:f4:0f:73:42:86:b1:79:5a:50:81:a0:
                    df:af:88:3c:68:a5:c0:15:20:12:50:30:b2:50:f5:
                    e5:a3:03:37:d2:35:fb:fb:c4:bd:b7:3d:44:a6:5e:
                    1b:13:c9:16:4b:21:91:56:90:85:78:dd:ac:8e:72:
                    84:a1:cf:e7:33:c3:95:8b:aa:d6:34:01:a2:01:25:
                    0e:19:48:4b:40:1f:52:4f:d3:0f:e6:47:47:8a:fb:
                    e2:d5:dc:24:12:a4:ee:31:1c:45:3e:33:c4:8a:3d:
                    f7:70:f6:50:7f:2a:8f:f4:ff:13:fc:b9:21:db:9b:
                    a1:d3:4f:e0:f0:85:6c:b0:22:59:39:ad:22:b7:83:
                    a0:cb:32:d3:54:f5:8d:98:1d:b7:0d:23:46:31:1e:
                    76:df:69:ce:18:84:ff:c0:e4:98:ae:e9:ca:db:8e:
                    7a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:C1:40:92:2B:B2:1B:91:B6:60:CF:C2:BC:54:C4:E9:8A:89:A7:41
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/d65ab995-dc40-402e-8ae6-67b5a55b9835.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:a040::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:a2:87:23:f4:0e:25:9a:01:b9:5c:db:43:1d:15:15:29:b4:
         22:80:7a:7a:72:f7:0d:8c:1f:03:7c:93:7d:52:eb:0d:1e:a3:
         55:df:4d:80:52:a2:71:6c:fa:dc:10:6c:4d:8b:42:90:4e:51:
         e3:dc:f4:b4:18:f9:78:67:13:88:55:28:1a:1c:19:86:4a:b9:
         7c:25:67:f6:12:bd:8f:e9:50:49:4d:71:53:62:bc:bc:f0:c1:
         d5:05:90:59:22:9e:52:d0:01:9c:52:0b:0c:02:17:95:47:07:
         3c:a8:ff:e5:c9:68:62:cf:ad:85:2f:c4:ae:a0:38:bb:71:aa:
         be:0d:19:86:79:e0:cd:e8:87:55:ff:42:ad:27:3b:ce:97:99:
         6a:ff:b5:bf:2b:a9:82:79:de:50:d9:50:3a:20:fc:8c:95:45:
         fa:02:58:d4:42:10:89:c5:df:de:d0:f1:91:ce:98:68:f5:bc:
         ae:6e:c9:4b:cf:22:b5:1b:e1:ee:ea:b4:80:93:72:97:a3:ac:
         ce:e4:8a:80:88:fa:65:63:f4:96:df:c4:fe:35:c6:97:4b:5b:
         67:ba:4f:79:f2:16:38:1e:ea:cd:1b:eb:38:18:ce:c6:21:35:
         3f:20:b2:87:fa:11:b3:ff:e5:b0:6b:f3:85:0d:00:a3:c2:52:
         11:a7:4c:af
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUPMzbdzhJkxMzetqg7F6ooROAflswDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDMyNTAwMzEwOFoX
DTI1MDQyOTIzNTk1OVowejFJMEcGA1UEBRNAMDgxOGEwNWVlNDMzNjFhOGJmYmRm
YTY2ZWJkNTQ0ZmMyMzJiMmQxNzI3OGZmZjRiYjU5MWUxZTkxZDQ5ODMwZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNyX36YhCFnc1vP8xqEsvIyCp8y4
Q7jF+wwMAnFm+5BzNQJPwpT22urMGAwpNQmruZW5PH4EH/52ird/SwrxLAiLGhEU
mqLXMAmoWm5E7zzlFH5aiCbvQRqaPm4f9A9zQoaxeVpQgaDfr4g8aKXAFSASUDCy
UPXlowM30jX7+8S9tz1Epl4bE8kWSyGRVpCFeN2sjnKEoc/nM8OVi6rWNAGiASUO
GUhLQB9ST9MP5kdHivvi1dwkEqTuMRxFPjPEij33cPZQfyqP9P8T/Lkh25uh00/g
8IVssCJZOa0it4OgyzLTVPWNmB23DSNGMR5232nOGIT/wOSYrunK2456hQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFLPBQJIrshuRtmDPwrxUxOmKiadBMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Q2NWFiOTk1LWRjNDAtNDAyZS04YWU2LTY3YjVhNTViOTgzNS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba9KBAMA0GCSqGSIb3DQEBCwUAA4IBAQCaoocj9A4lmgG5XNtD
HRUVKbQigHp6cvcNjB8DfJN9UusNHqNV302AUqJxbPrcEGxNi0KQTlHj3PS0GPl4
ZxOIVSgaHBmGSrl8JWf2Er2P6VBJTXFTYry88MHVBZBZIp5S0AGcUgsMAheVRwc8
qP/lyWhiz62FL8SuoDi7caq+DRmGeeDN6IdV/0KtJzvOl5lq/7W/K6mCed5Q2VA6
IPyMlUX6AljUQhCJxd/e0PGRzpho9byubslLzyK1G+Hu6rSAk3KXo6zO5IqAiPpl
Y/SW38T+NcaXS1tnuk958hY4HurNG+s4GM7GITU/ILKH+hGz/+Wwa/OFDQCjwlIR
p0yv
-----END CERTIFICATE-----