Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1b96f1b3-5c7a-41a6-ac5b-116289fe143d.roa
File:                     1b96f1b3-5c7a-41a6-ac5b-116289fe143d.roa (raw, json)
Hash identifier:          nxaiothJnOE4I+1UvCyHKF5akamvRLs8B4OyIiPdc9Y=
Subject key identifier:   7F:88:5D:DB:A3:77:33:20:24:A4:FD:DD:82:A2:23:22:DD:E1:07:83
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0A9955DBABA0202CA64EC09B7EEF2364A8D06B7F
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1b96f1b3-5c7a-41a6-ac5b-116289fe143d.roa
Signing time:             Wed 30 Jul 2025 00:50:20 +0000
ROA not before:           Wed 30 Jul 2025 00:50:20 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:b080::/46 maxlen: 48
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 18:38:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:99:55:db:ab:a0:20:2c:a6:4e:c0:9b:7e:ef:23:64:a8:d0:6b:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:50:20 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=0a06db07f640b30c6253707dfd7c41a909de17a265a943e25bbbb78027e26a59, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1b:a3:12:c0:2f:ac:c0:fd:3e:14:74:f5:b2:
                    2c:2f:ad:ca:f6:ea:23:f0:44:dd:9a:78:9e:6b:9d:
                    dd:19:f3:16:53:bd:49:ea:aa:74:a8:fc:2e:d0:d6:
                    00:5b:6d:f0:40:84:59:44:35:cc:4f:2b:8e:cc:ad:
                    8b:e8:93:05:27:8f:25:ef:6f:85:27:85:40:c6:8e:
                    2e:24:c3:1c:4f:e2:03:36:fe:34:64:b1:34:8d:43:
                    a2:16:aa:90:c0:40:71:ea:61:a4:02:d6:dc:1c:9d:
                    a0:10:0d:6a:d5:ff:de:3a:da:d9:af:51:75:73:bf:
                    66:64:4f:6a:ba:2f:d0:3c:79:31:d9:ce:4a:fc:08:
                    69:d1:09:ed:e2:ec:b3:82:54:0e:a6:7b:24:85:bb:
                    8e:1d:d4:20:fb:db:ae:d7:06:2b:f8:37:4d:cc:66:
                    85:dc:1d:0b:08:5c:cc:97:42:ec:b2:d7:6e:1f:e0:
                    2b:70:f9:ea:8f:e7:00:26:69:7f:c5:b6:dd:df:be:
                    c1:90:4c:d3:97:b5:35:86:73:55:8e:48:8e:aa:ae:
                    a5:e0:26:ad:99:5a:d2:95:14:00:75:f5:fc:f9:2e:
                    32:e3:0b:b0:3c:02:9c:1a:f2:cf:1b:ff:56:dd:d4:
                    ef:16:ce:02:62:ef:50:f7:d6:3d:97:f2:27:94:9e:
                    c3:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:88:5D:DB:A3:77:33:20:24:A4:FD:DD:82:A2:23:22:DD:E1:07:83
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/1b96f1b3-5c7a-41a6-ac5b-116289fe143d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:b080::/46

    Signature Algorithm: sha256WithRSAEncryption
         3a:9d:98:1c:1e:95:4b:79:e0:41:57:1a:b5:c8:2c:86:fc:c0:
         2d:1d:06:2e:77:c8:66:12:49:83:dd:1c:12:90:00:e9:7e:ac:
         d6:57:f9:36:9b:d7:c9:5a:9a:eb:64:bb:66:b4:ea:04:cd:02:
         4d:c1:50:38:22:0a:0c:a4:21:f6:1b:a4:7a:37:db:d6:5c:4f:
         78:9b:20:28:83:fc:2c:52:a2:c1:e2:01:71:4f:90:bf:e4:4e:
         9c:aa:9a:6d:3b:45:12:b7:b9:be:09:13:c5:af:a4:6b:4f:0f:
         c7:7e:d5:91:c6:60:f3:65:c4:a4:7b:1a:86:d4:35:d7:12:a0:
         10:9a:19:4a:30:51:8c:91:75:cd:5f:1c:7f:ff:25:3b:9b:58:
         a3:4f:83:fc:83:d0:cd:e5:14:67:72:de:e0:38:48:82:8b:70:
         7e:2c:ed:a5:d2:86:db:f8:89:3e:8c:56:06:a2:46:60:02:97:
         94:53:bd:8c:3d:b6:e8:27:d5:e3:cb:fc:1b:20:78:f8:36:2c:
         22:77:07:b3:b7:6e:09:95:5f:77:96:3b:f7:25:01:2c:0a:76:
         81:e3:98:d7:96:bc:0b:16:f4:57:f8:57:76:74:ff:24:9c:b1:
         79:37:c9:07:61:06:59:2b:fa:1a:92:64:91:88:78:bd:87:bc:
         64:ea:3b:1f
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUCplV26ugICymTsCbfu8jZKjQa38wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwNTAyMFoX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNAMGEwNmRiMDdmNjQwYjMwYzYyNTM3
MDdkZmQ3YzQxYTkwOWRlMTdhMjY1YTk0M2UyNWJiYmI3ODAyN2UyNmE1OTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxujEsAvrMD9PhR09bIsL63K9uoj
8ETdmniea53dGfMWU71J6qp0qPwu0NYAW23wQIRZRDXMTyuOzK2L6JMFJ48l72+F
J4VAxo4uJMMcT+IDNv40ZLE0jUOiFqqQwEBx6mGkAtbcHJ2gEA1q1f/eOtrZr1F1
c79mZE9qui/QPHkx2c5K/Ahp0Qnt4uyzglQOpnskhbuOHdQg+9uu1wYr+DdNzGaF
3B0LCFzMl0LsstduH+ArcPnqj+cAJml/xbbd377BkEzTl7U1hnNVjkiOqq6l4Cat
mVrSlRQAdfX8+S4y4wuwPAKcGvLPG/9W3dTvFs4CYu9Q99Y9l/InlJ7D5QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFH+IXdujdzMgJKT93YKiIyLd4QeDMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzFiOTZmMWIzLTVjN2EtNDFhNi1hYzViLTExNjI4OWZlMTQzZC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAba+7CAMA0GCSqGSIb3DQEBCwUAA4IBAQA6nZgcHpVLeeBBVxq1
yCyG/MAtHQYud8hmEkmD3RwSkADpfqzWV/k2m9fJWprrZLtmtOoEzQJNwVA4IgoM
pCH2G6R6N9vWXE94myAog/wsUqLB4gFxT5C/5E6cqpptO0USt7m+CRPFr6RrTw/H
ftWRxmDzZcSkexqG1DXXEqAQmhlKMFGMkXXNXxx//yU7m1ijT4P8g9DN5RRnct7g
OEiCi3B+LO2l0obb+Ik+jFYGokZgApeUU72MPbboJ9Xjy/wbIHj4Niwidwezt24J
lV93ljv3JQEsCnaB45jXlrwLFvRX+Fd2dP8knLF5N8kHYQZZK/oakmSRiHi9h7xk
6jsf
-----END CERTIFICATE-----