Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/095aabaa-12a1-42c0-aeb7-99712365104e.roa
File:                     095aabaa-12a1-42c0-aeb7-99712365104e.roa (raw, json)
Hash identifier:          8CNHpNy0NOuCk2M1zCQSvpaS5BfcuHPOyyVVkECFdYE=
Subject key identifier:   95:FC:E3:C6:59:D0:61:9A:05:60:93:0A:4E:2F:BB:B1:C7:00:51:30
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2560224DF41278293D60DB1A92D84457217329EF
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/095aabaa-12a1-42c0-aeb7-99712365104e.roa
Signing time:             Fri 16 May 2025 00:20:09 +0000
ROA not before:           Fri 16 May 2025 00:20:09 +0000
ROA not after:            Fri 20 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:2800::/40 maxlen: 40
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 19:37:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:60:22:4d:f4:12:78:29:3d:60:db:1a:92:d8:44:57:21:73:29:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 16 00:20:09 2025 GMT
            Not After : Jun 20 23:59:59 2025 GMT
        Subject: serialNumber=895575bbd07e8e1f18a8f1ddc87a3a05c074d3e41adf5cea2658b40289174d27, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:01:3d:8e:65:41:9c:be:f2:e2:df:e1:c4:9f:
                    e0:3e:27:4f:86:eb:b1:a1:1c:d1:45:f6:02:16:74:
                    6f:10:3d:51:dd:50:7b:17:ef:fb:01:e8:0a:2d:36:
                    4d:d0:7a:5e:42:f2:55:ab:ce:4e:b8:bb:92:4f:36:
                    c3:15:a2:2c:03:a6:9f:3f:d9:e8:8c:1d:a0:bd:26:
                    df:80:16:14:4f:92:00:82:4e:fe:65:ae:54:3b:51:
                    2d:78:39:a4:15:9b:97:29:bf:99:e5:b4:2c:14:f8:
                    1f:dc:6a:0a:ef:87:df:e8:b7:46:31:9e:59:54:a4:
                    24:bd:c8:3a:fb:ad:f0:53:73:79:f6:d0:64:bc:45:
                    08:c7:be:dc:2b:e1:f5:15:8b:79:4e:ae:ae:19:3a:
                    43:98:40:35:3d:0f:e3:b2:74:fe:64:be:82:00:ba:
                    27:dd:5f:42:c3:ca:16:4b:4e:5e:b2:a0:43:5f:31:
                    36:cf:d7:95:63:f7:61:34:37:b4:5a:ae:21:84:e7:
                    59:29:01:48:27:0f:ef:15:ac:3d:26:ff:df:b9:e0:
                    26:af:b1:4b:1d:d9:c9:21:a4:85:42:fe:57:7a:ee:
                    d7:a7:d8:1b:37:09:3b:03:69:a9:94:55:a0:e6:52:
                    76:9d:be:05:c5:2d:c5:51:31:fd:f1:9b:19:e1:d7:
                    41:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:FC:E3:C6:59:D0:61:9A:05:60:93:0A:4E:2F:BB:B1:C7:00:51:30
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/095aabaa-12a1-42c0-aeb7-99712365104e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:2800::/40

    Signature Algorithm: sha256WithRSAEncryption
         7b:fb:ef:f4:64:29:7b:0b:90:30:b3:df:bc:6d:2d:9c:0f:ec:
         04:c3:fe:71:a7:20:dc:db:5b:7c:be:3e:d9:6d:08:ef:e5:aa:
         a7:0b:da:04:1c:c2:fc:fc:c9:f7:91:96:6a:19:bf:92:f7:25:
         44:ed:a0:ed:52:5a:82:c8:ee:35:55:04:bd:95:22:6b:58:be:
         c5:4e:b9:e2:53:05:ed:ee:b2:fd:bd:3f:c1:60:3e:5d:d1:dd:
         d7:c7:df:11:ba:71:3b:e6:f5:63:4b:04:c9:64:ef:b9:e2:18:
         04:8e:84:4a:8c:4f:70:14:13:f2:94:da:78:99:31:00:0c:42:
         04:2c:02:3d:0d:21:43:ef:05:e4:71:58:45:60:18:6c:41:5c:
         cd:43:ba:8c:fc:a2:49:ae:ae:e3:c4:ae:f5:53:fc:9c:53:8f:
         17:c8:18:f1:c7:45:b1:3e:c0:17:26:fa:81:87:06:95:de:3a:
         b4:24:ed:f7:e5:2e:e1:09:0d:7e:a5:74:b4:07:9a:e5:cb:8e:
         35:fd:39:4b:11:17:b8:0e:da:05:9b:14:26:d9:f3:04:a4:b2:
         37:2f:1b:f3:41:40:73:c1:8d:18:6e:dd:9a:f7:d5:bd:85:35:
         90:d5:92:51:12:2f:58:8c:50:20:9f:88:35:3e:56:90:cc:cc:
         5c:f3:fb:2e
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUJWAiTfQSeCk9YNsakthEVyFzKe8wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUxNjAwMjAwOVoX
DTI1MDYyMDIzNTk1OVowejFJMEcGA1UEBRNAODk1NTc1YmJkMDdlOGUxZjE4YThm
MWRkYzg3YTNhMDVjMDc0ZDNlNDFhZGY1Y2VhMjY1OGI0MDI4OTE3NGQyNzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkwE9jmVBnL7y4t/hxJ/gPidPhuux
oRzRRfYCFnRvED1R3VB7F+/7AegKLTZN0HpeQvJVq85OuLuSTzbDFaIsA6afP9no
jB2gvSbfgBYUT5IAgk7+Za5UO1EteDmkFZuXKb+Z5bQsFPgf3GoK74ff6LdGMZ5Z
VKQkvcg6+63wU3N59tBkvEUIx77cK+H1FYt5Tq6uGTpDmEA1PQ/jsnT+ZL6CALon
3V9Cw8oWS05esqBDXzE2z9eVY/dhNDe0Wq4hhOdZKQFIJw/vFaw9Jv/fueAmr7FL
HdnJIaSFQv5Xeu7Xp9gbNwk7A2mplFWg5lJ2nb4FxS3FUTH98ZsZ4ddByQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJX848ZZ0GGaBWCTCk4vu7HHAFEwMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzA5NWFhYmFhLTEyYTEtNDJjMC1hZWI3LTk5NzEyMzY1MTA0ZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9CgwDQYJKoZIhvcNAQELBQADggEBAHv77/RkKXsLkDCz37xt
LZwP7ATD/nGnINzbW3y+PtltCO/lqqcL2gQcwvz8yfeRlmoZv5L3JUTtoO1SWoLI
7jVVBL2VImtYvsVOueJTBe3usv29P8FgPl3R3dfH3xG6cTvm9WNLBMlk77niGASO
hEqMT3AUE/KU2niZMQAMQgQsAj0NIUPvBeRxWEVgGGxBXM1Duoz8okmuruPErvVT
/JxTjxfIGPHHRbE+wBcm+oGHBpXeOrQk7fflLuEJDX6ldLQHmuXLjjX9OUsRF7gO
2gWbFCbZ8wSksjcvG/NBQHPBjRhu3Zr31b2FNZDVklESL1iMUCCfiDU+VpDMzFzz
+y4=
-----END CERTIFICATE-----