Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/14e739f6-8650-4583-96ca-2f090de0cc47.roa
File:                     14e739f6-8650-4583-96ca-2f090de0cc47.roa (raw, json)
Hash identifier:          3W+C4WGc1NpZanJJ7EmFtMnJOgrJJMBITLaxh6VZlSU=
Subject key identifier:   7F:D7:60:CF:0B:A5:27:77:AD:A8:1B:77:84:F7:28:23:CC:E9:48:B6
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2CF498CF9C20767CE5C1959D4BE8AD9B71ACCA83
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/14e739f6-8650-4583-96ca-2f090de0cc47.roa
Signing time:             Wed 30 Jul 2025 00:50:56 +0000
ROA not before:           Wed 30 Jul 2025 00:50:56 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:f000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 18:53:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:f4:98:cf:9c:20:76:7c:e5:c1:95:9d:4b:e8:ad:9b:71:ac:ca:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:50:56 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=a40d583f349c1c4274e628b2525c413724e1f708a0d6bae2c965a0959ecb08fe, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:06:4a:cc:1b:0b:7a:6b:91:ad:ad:2e:11:c4:
                    02:8c:93:4c:db:f1:db:c7:29:2e:41:18:69:88:b9:
                    0d:a4:75:18:ec:9c:d5:3b:85:5c:c1:33:a6:a7:a4:
                    02:5c:96:55:97:fe:4d:21:a9:d0:b2:05:be:9c:9e:
                    d4:fd:a7:ce:c6:f5:88:1f:78:1b:a7:fb:9d:14:bb:
                    5e:a7:9a:38:4b:8c:2c:95:e0:32:70:54:b5:d8:2a:
                    76:54:1c:36:a3:17:12:77:9b:24:c5:fe:59:65:0d:
                    49:6a:da:4f:ce:1c:c1:59:1b:fc:b1:b1:c0:95:f4:
                    26:97:cd:38:21:6e:13:dd:24:9c:5c:32:05:7a:3b:
                    1d:60:e4:ef:84:6f:2f:ae:c3:b3:12:bb:2e:33:37:
                    19:6b:85:31:26:b3:0e:80:3d:57:0c:d0:57:5f:6d:
                    2b:c3:7f:07:d0:60:67:e3:82:96:19:20:d2:fe:1e:
                    24:19:82:3c:18:0c:ac:84:48:5c:46:90:73:f5:4b:
                    f1:a1:8c:04:c8:5d:f4:0f:f7:93:bd:dc:1c:85:ee:
                    ef:46:f4:9e:6f:1f:27:dc:c1:24:da:b9:65:72:ab:
                    6d:1c:6a:56:69:ee:5f:a2:1d:29:60:82:61:dd:4c:
                    67:1a:61:ba:e7:c2:bc:94:a4:ca:8a:be:d5:8b:b4:
                    51:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D7:60:CF:0B:A5:27:77:AD:A8:1B:77:84:F7:28:23:CC:E9:48:B6
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/14e739f6-8650-4583-96ca-2f090de0cc47.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         67:8b:f7:bf:94:9b:6e:f7:61:cd:38:8d:db:74:9f:de:a5:db:
         46:25:44:1f:dc:11:2a:74:56:80:5f:e9:2a:a0:36:d6:0a:a8:
         be:f9:84:e3:be:25:d3:16:a0:b9:a2:55:b9:9a:fc:14:ed:ec:
         e8:52:40:6e:f2:a9:63:06:d2:0b:f6:e1:09:9f:e6:c7:fc:bb:
         7a:91:4d:e9:24:3f:6d:2b:78:fb:9b:26:9b:e4:1f:e0:d9:69:
         93:88:21:96:05:3c:7f:25:96:df:da:bb:75:74:c1:02:58:37:
         8e:91:1e:3c:cb:bc:00:62:b9:8b:66:48:c7:87:db:5c:60:2a:
         9c:70:ce:d1:20:cf:a0:88:96:e7:89:4e:89:3e:06:02:5a:dd:
         eb:39:c1:cd:45:8d:ac:14:6a:fb:f3:03:bf:fc:b9:8f:3a:09:
         f8:fe:4d:2e:49:f9:56:1e:c0:cd:d2:e5:ce:c6:de:75:27:c8:
         a3:62:cc:54:d7:35:e6:43:c0:b4:9c:95:9d:24:cc:94:c3:1f:
         63:13:bd:8e:3d:a9:03:36:69:04:a8:0f:6a:a8:7c:2f:01:dc:
         1f:75:b4:4f:59:94:f2:c2:03:ea:63:c5:a8:7b:39:9e:48:30:
         38:f9:01:4b:0a:f1:9f:0a:77:c4:9b:ae:b8:0f:f4:ec:fb:d2:
         48:6f:ed:30
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIULPSYz5wgdnzlwZWdS+itm3GsyoMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwNTA1NloX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNAYTQwZDU4M2YzNDljMWM0Mjc0ZTYy
OGIyNTI1YzQxMzcyNGUxZjcwOGEwZDZiYWUyYzk2NWEwOTU5ZWNiMDhmZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gZKzBsLemuRra0uEcQCjJNM2/Hb
xykuQRhpiLkNpHUY7JzVO4VcwTOmp6QCXJZVl/5NIanQsgW+nJ7U/afOxvWIH3gb
p/udFLtep5o4S4wsleAycFS12Cp2VBw2oxcSd5skxf5ZZQ1JatpPzhzBWRv8sbHA
lfQml804IW4T3SScXDIFejsdYOTvhG8vrsOzErsuMzcZa4UxJrMOgD1XDNBXX20r
w38H0GBn44KWGSDS/h4kGYI8GAyshEhcRpBz9UvxoYwEyF30D/eTvdwche7vRvSe
bx8n3MEk2rllcqttHGpWae5foh0pYIJh3UxnGmG658K8lKTKir7Vi7RRmwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFH/XYM8LpSd3ragbd4T3KCPM6Ui2MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzE0ZTczOWY2LTg2NTAtNDU4My05NmNhLTJmMDkwZGUwY2M0Ny5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9/AwDQYJKoZIhvcNAQELBQADggEBAGeL97+Um273Yc04jdt0
n96l20YlRB/cESp0VoBf6SqgNtYKqL75hOO+JdMWoLmiVbma/BTt7OhSQG7yqWMG
0gv24Qmf5sf8u3qRTekkP20rePubJpvkH+DZaZOIIZYFPH8llt/au3V0wQJYN46R
HjzLvABiuYtmSMeH21xgKpxwztEgz6CIlueJTok+BgJa3es5wc1FjawUavvzA7/8
uY86Cfj+TS5J+VYewM3S5c7G3nUnyKNizFTXNeZDwLSclZ0kzJTDH2MTvY49qQM2
aQSoD2qofC8B3B91tE9ZlPLCA+pjxah7OZ5IMDj5AUsK8Z8Kd8SbrrgP9Oz70khv
7TA=
-----END CERTIFICATE-----