Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/db3424c8-0ae1-4042-9a6f-62bcb44b8dd3.roa
File:                     db3424c8-0ae1-4042-9a6f-62bcb44b8dd3.roa (raw, json)
Hash identifier:          GS5oJze60fKQCkjqEHw3FaIfNQZOLRoUIu+Kit8rE8A=
Subject key identifier:   99:43:0B:C3:89:7B:1F:6B:3E:09:34:BF:C6:49:B5:F6:63:26:F7:2B
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       367F7A988CFCBA3507A5C11D2E8E6145EB7FFDD9
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/db3424c8-0ae1-4042-9a6f-62bcb44b8dd3.roa
Signing time:             Tue 25 Mar 2025 00:30:15 +0000
ROA not before:           Tue 25 Mar 2025 00:30:15 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:2080::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 18:53:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:7f:7a:98:8c:fc:ba:35:07:a5:c1:1d:2e:8e:61:45:eb:7f:fd:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 25 00:30:15 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=e9bf59b1e58022d577ce04495f32342cd1dc38ba2590410082d424472eb203ae, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:85:7b:ed:52:22:1a:f8:58:d8:cd:db:b6:b5:
                    ed:08:61:00:ef:43:0e:77:28:51:39:5d:ea:1c:f7:
                    04:b3:dc:eb:0e:21:ac:af:a1:e5:2c:c9:e8:45:64:
                    e0:82:40:5d:13:20:ed:0c:b3:dd:30:89:02:05:e1:
                    01:6e:96:ba:ab:41:f4:5d:22:0b:57:e9:56:30:b3:
                    bd:b7:57:f4:43:36:74:4a:d4:b9:14:ee:f5:4c:d5:
                    9f:21:fb:54:6a:e8:d7:29:d7:fd:d2:49:68:f4:3d:
                    1e:2d:28:b9:39:b2:f7:39:33:93:35:97:af:2f:61:
                    04:f5:25:de:4c:fb:a1:0d:fc:37:f0:45:c9:05:13:
                    3c:a6:9a:4e:5f:eb:1c:97:d2:7d:13:d4:d7:17:e3:
                    f9:e8:8f:c9:00:f5:db:f1:87:bf:b1:04:97:04:79:
                    6c:0b:84:ac:df:95:b4:6d:3f:1f:35:48:6d:4f:93:
                    c6:2f:d0:38:0e:23:5e:a1:98:37:e0:e3:93:e8:44:
                    52:17:5c:5c:7a:01:0d:c5:dd:b7:18:46:9e:01:26:
                    7a:6a:2a:9b:de:0b:19:3c:9f:b0:4a:c6:64:77:fa:
                    f9:17:6f:d3:fe:46:09:e8:f4:04:1b:23:2c:ca:7f:
                    35:60:3f:18:99:8f:cf:6f:71:d1:f5:6c:2b:89:db:
                    ed:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:43:0B:C3:89:7B:1F:6B:3E:09:34:BF:C6:49:B5:F6:63:26:F7:2B
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/db3424c8-0ae1-4042-9a6f-62bcb44b8dd3.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:2080::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:77:01:cc:eb:55:d8:ff:e3:a0:69:47:a4:3f:cc:53:2c:a2:
         f4:cb:ea:9f:25:6d:1a:67:a4:ce:d2:3a:8e:d9:f8:2b:cc:2a:
         e6:98:7e:9c:36:91:d8:2d:fe:21:af:ba:5e:e5:50:93:61:bd:
         87:b0:13:53:9e:73:e6:f8:1b:2d:62:fa:e7:45:7a:84:84:06:
         fb:10:9d:ba:80:2a:35:f1:d3:2e:e7:ca:ed:e1:1f:b8:24:8a:
         66:2f:c0:48:05:f9:37:ef:1a:9f:cc:d6:bf:3d:52:af:5a:84:
         14:52:43:7e:fd:dc:c5:46:e2:7d:b4:57:6f:c6:f4:7d:4d:32:
         84:b0:52:50:79:31:d1:2c:9c:db:b5:0b:49:35:78:8f:ff:ae:
         38:9b:b9:5a:bd:b1:43:16:08:bd:2a:5b:49:dd:37:65:ff:08:
         9a:e5:46:30:44:5d:c8:06:01:a8:6e:e0:3e:b1:5a:45:9a:52:
         15:24:b0:a5:e4:0c:22:5d:90:95:e5:28:1d:9b:ff:d1:7b:2a:
         fb:60:2f:9e:b1:f9:79:1e:42:37:df:6a:1f:56:8d:6b:cc:f9:
         42:ad:a3:16:d5:5b:90:1b:66:7c:a7:45:69:0d:f0:01:d8:8d:
         33:cc:3b:56:7b:e4:ed:a8:47:03:47:bb:51:9b:77:2c:e0:d1:
         e8:b6:35:7c
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUNn96mIz8ujUHpcEdLo5hRet//dkwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDMyNTAwMzAxNVoX
DTI1MDQyOTIzNTk1OVowejFJMEcGA1UEBRNAZTliZjU5YjFlNTgwMjJkNTc3Y2Uw
NDQ5NWYzMjM0MmNkMWRjMzhiYTI1OTA0MTAwODJkNDI0NDcyZWIyMDNhZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYV77VIiGvhY2M3btrXtCGEA70MO
dyhROV3qHPcEs9zrDiGsr6HlLMnoRWTggkBdEyDtDLPdMIkCBeEBbpa6q0H0XSIL
V+lWMLO9t1f0QzZ0StS5FO71TNWfIftUaujXKdf90klo9D0eLSi5ObL3OTOTNZev
L2EE9SXeTPuhDfw38EXJBRM8pppOX+scl9J9E9TXF+P56I/JAPXb8Ye/sQSXBHls
C4Ss35W0bT8fNUhtT5PGL9A4DiNeoZg34OOT6ERSF1xcegENxd23GEaeASZ6aiqb
3gsZPJ+wSsZkd/r5F2/T/kYJ6PQEGyMsyn81YD8YmY/Pb3HR9WwridvtLQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJlDC8OJex9rPgk0v8ZJtfZjJvcrMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2RiMzQyNGM4LTBhZTEtNDA0Mi05YTZmLTYyYmNiNDRiOGRkMy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba9CCAMA0GCSqGSIb3DQEBCwUAA4IBAQBIdwHM61XY/+OgaUek
P8xTLKL0y+qfJW0aZ6TO0jqO2fgrzCrmmH6cNpHYLf4hr7pe5VCTYb2HsBNTnnPm
+BstYvrnRXqEhAb7EJ26gCo18dMu58rt4R+4JIpmL8BIBfk37xqfzNa/PVKvWoQU
UkN+/dzFRuJ9tFdvxvR9TTKEsFJQeTHRLJzbtQtJNXiP/644m7lavbFDFgi9KltJ
3Tdl/wia5UYwRF3IBgGobuA+sVpFmlIVJLCl5AwiXZCV5Sgdm//Reyr7YC+esfl5
HkI332ofVo1rzPlCraMW1VuQG2Z8p0VpDfAB2I0zzDtWe+TtqEcDR7tRm3cs4NHo
tjV8
-----END CERTIFICATE-----