Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/16fa5cd6-d620-4eea-82e0-c8708b35fa37.roa
File:                     16fa5cd6-d620-4eea-82e0-c8708b35fa37.roa (raw, json)
Hash identifier:          SelmUtWs6Cprdce90oM3TchtQaro1f9MC3A1MA3fEmE=
Subject key identifier:   D5:23:B1:14:81:78:6B:64:8C:D8:F1:B7:89:56:4A:72:1E:76:BE:78
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1E9D6DA1B2451B5DBDA5CC0A32A03A91EEDDDEAA
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/16fa5cd6-d620-4eea-82e0-c8708b35fa37.roa
Signing time:             Fri 16 May 2025 00:30:20 +0000
ROA not before:           Fri 16 May 2025 00:30:20 +0000
ROA not after:            Fri 20 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:c800::/40 maxlen: 40
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 19:38:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:9d:6d:a1:b2:45:1b:5d:bd:a5:cc:0a:32:a0:3a:91:ee:dd:de:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 16 00:30:20 2025 GMT
            Not After : Jun 20 23:59:59 2025 GMT
        Subject: serialNumber=b311bcea516a2fcbc79f2ad332c6d9274db4ed3a2b5f3b9d13357d85412f09be, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:1f:aa:90:e7:0b:23:0a:a1:d3:b2:f6:d5:10:
                    86:e1:f7:fb:c0:d7:56:c5:e6:28:0f:1f:9b:a0:cc:
                    90:5b:29:0b:14:9f:6f:13:37:ba:e8:6f:17:78:f9:
                    36:c6:e0:27:13:53:57:87:c2:9b:78:8d:d7:95:91:
                    fb:37:73:d6:17:18:b1:13:92:08:d4:5c:18:81:53:
                    98:4b:3e:32:a2:32:0d:fc:95:b9:20:ed:41:95:4c:
                    40:f8:ad:04:e1:80:ef:c1:01:1c:5a:91:4b:b1:e2:
                    dc:c2:df:40:83:bd:bc:2c:b9:81:b6:13:65:6d:ee:
                    f2:c4:1a:06:e2:2a:a0:c5:c2:2d:df:44:26:09:88:
                    76:20:64:c4:f5:fe:38:76:d5:eb:34:ab:e2:05:4e:
                    73:79:77:67:a5:36:22:41:15:d5:4b:13:f5:a1:a2:
                    6b:08:80:ce:fd:88:1c:3d:32:a0:3d:89:43:0d:ba:
                    69:75:f8:0b:ad:68:53:de:02:11:83:70:90:9b:9b:
                    d1:62:fa:a2:ae:89:81:de:92:d6:81:e9:cc:15:6d:
                    a6:27:76:05:79:36:f2:b6:de:01:41:c5:e2:03:a4:
                    d7:6b:6b:25:25:be:b9:56:f7:0f:1c:13:88:b1:df:
                    b8:48:6a:e6:b5:92:fa:dc:18:9a:30:1f:73:aa:eb:
                    0e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:23:B1:14:81:78:6B:64:8C:D8:F1:B7:89:56:4A:72:1E:76:BE:78
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/16fa5cd6-d620-4eea-82e0-c8708b35fa37.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         25:d8:a6:80:6a:e0:68:5c:3a:49:01:53:8f:70:f4:d9:48:ed:
         8e:97:a3:a4:1d:28:d2:bd:18:59:c5:48:9b:7c:ce:a7:21:78:
         af:8d:be:9a:5e:1c:b4:1d:0b:4f:32:04:48:fd:31:94:25:71:
         90:e7:14:e0:19:dd:16:b0:27:cd:18:95:af:33:fc:97:bb:3e:
         73:a1:27:aa:83:df:91:e8:60:a6:10:c3:1b:3e:45:aa:af:21:
         03:97:89:12:2a:5b:46:68:7f:74:82:29:c4:95:69:4a:89:6e:
         94:08:2c:0e:d7:e2:a7:4c:be:d2:ee:c8:bb:5f:96:0a:2c:06:
         ad:8a:c8:b9:f6:81:39:52:6b:9d:04:a8:87:be:c8:3e:05:1b:
         c6:f6:6b:7e:73:5e:5a:a6:40:68:78:9d:0c:cf:8c:bd:6d:56:
         3c:57:c1:58:8c:d4:5d:e6:b4:33:2a:42:ed:c8:8b:ca:32:71:
         8c:50:22:eb:65:d2:01:68:ae:06:f2:3f:64:8c:8d:a0:b7:d2:
         cd:06:cc:be:10:9b:9f:1e:9c:9c:a1:e2:41:e9:f6:ed:f5:69:
         f8:82:8e:d8:2e:3a:77:6f:1f:6f:c0:f3:63:1f:24:a1:5f:d5:
         1e:47:dc:58:16:f2:16:26:fd:f5:3a:de:5b:ef:6a:71:be:7c:
         16:5b:79:5a
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUHp1tobJFG129pcwKMqA6ke7d3qowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUxNjAwMzAyMFoX
DTI1MDYyMDIzNTk1OVowejFJMEcGA1UEBRNAYjMxMWJjZWE1MTZhMmZjYmM3OWYy
YWQzMzJjNmQ5Mjc0ZGI0ZWQzYTJiNWYzYjlkMTMzNTdkODU0MTJmMDliZTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAux+qkOcLIwqh07L21RCG4ff7wNdW
xeYoDx+boMyQWykLFJ9vEze66G8XePk2xuAnE1NXh8KbeI3XlZH7N3PWFxixE5II
1FwYgVOYSz4yojIN/JW5IO1BlUxA+K0E4YDvwQEcWpFLseLcwt9Ag728LLmBthNl
be7yxBoG4iqgxcIt30QmCYh2IGTE9f44dtXrNKviBU5zeXdnpTYiQRXVSxP1oaJr
CIDO/YgcPTKgPYlDDbppdfgLrWhT3gIRg3CQm5vRYvqiromB3pLWgenMFW2mJ3YF
eTbytt4BQcXiA6TXa2slJb65VvcPHBOIsd+4SGrmtZL63BiaMB9zqusOOwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFNUjsRSBeGtkjNjxt4lWSnIedr54MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzE2ZmE1Y2Q2LWQ2MjAtNGVlYS04MmUwLWM4NzA4YjM1ZmEzNy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba9MgwDQYJKoZIhvcNAQELBQADggEBACXYpoBq4GhcOkkBU49w
9NlI7Y6Xo6QdKNK9GFnFSJt8zqcheK+NvppeHLQdC08yBEj9MZQlcZDnFOAZ3Raw
J80Yla8z/Je7PnOhJ6qD35HoYKYQwxs+RaqvIQOXiRIqW0Zof3SCKcSVaUqJbpQI
LA7X4qdMvtLuyLtflgosBq2KyLn2gTlSa50EqIe+yD4FG8b2a35zXlqmQGh4nQzP
jL1tVjxXwViM1F3mtDMqQu3Ii8oycYxQIutl0gForgbyP2SMjaC30s0GzL4Qm58e
nJyh4kHp9u31afiCjtguOndvH2/A82MfJKFf1R5H3FgW8hYm/fU63lvvanG+fBZb
eVo=
-----END CERTIFICATE-----