Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/29d76710-8f64-42a2-abc9-39ee7ab69569.roa
File:                     29d76710-8f64-42a2-abc9-39ee7ab69569.roa (raw, json)
Hash identifier:          DWIT+WFIGo6N8fR0wJjFt2kzVN6FTYuMtd4otoP3Xxs=
Subject key identifier:   A8:54:B1:12:22:26:E1:95:1A:93:6B:5D:FE:A2:4F:49:CB:51:A8:E7
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0B9F907A1092789045C82B3E2C9F05210E4F5CA2
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/29d76710-8f64-42a2-abc9-39ee7ab69569.roa
Signing time:             Thu 22 May 2025 00:52:01 +0000
ROA not before:           Thu 22 May 2025 00:52:01 +0000
ROA not after:            Thu 26 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab9:2800::/40 maxlen: 40
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 19:37:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:9f:90:7a:10:92:78:90:45:c8:2b:3e:2c:9f:05:21:0e:4f:5c:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 22 00:52:01 2025 GMT
            Not After : Jun 26 23:59:59 2025 GMT
        Subject: serialNumber=01222982ea100851ab594a0a67198a40ecfa7846beee9fe1899510fc581c4947, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:52:20:2b:75:47:7d:4b:79:71:2f:c0:76:30:
                    0e:c7:61:e5:06:8b:d1:49:ea:67:72:3f:8d:80:4f:
                    20:d8:ac:f1:34:cd:57:19:58:cc:d3:3d:cc:8c:29:
                    b1:83:62:20:4d:57:53:ab:27:7a:22:87:2e:c4:23:
                    39:d7:10:ca:70:d2:7a:db:6a:0c:eb:a3:5c:64:aa:
                    b3:98:ee:35:df:ae:b1:5e:23:ad:fe:77:a8:9b:85:
                    c2:23:0d:bc:bd:3d:c0:8e:a4:de:7f:d8:54:a1:93:
                    43:a5:6a:56:c0:b1:f9:97:48:c0:49:5f:11:c2:64:
                    2e:d2:b8:81:98:e1:bd:b4:ed:21:9a:50:5e:1f:f8:
                    3c:50:74:4c:e6:cf:63:43:d1:a2:58:b4:48:db:cd:
                    13:10:02:92:8b:d5:55:0a:88:7a:18:42:96:80:53:
                    79:4a:3d:8d:03:93:65:ea:8d:05:a1:65:ba:b2:fe:
                    b7:1c:aa:ea:51:7a:24:12:46:4b:57:1b:7b:5f:00:
                    b3:90:ad:bc:79:3e:0a:6a:b8:d6:fa:4b:77:43:f5:
                    31:51:b0:ed:7e:26:34:ce:65:51:15:02:48:ad:7a:
                    45:04:81:23:bb:17:ca:b3:16:0b:1b:64:d2:05:49:
                    4d:75:63:26:72:35:17:2f:62:a8:3e:91:d7:73:67:
                    b5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:54:B1:12:22:26:E1:95:1A:93:6B:5D:FE:A2:4F:49:CB:51:A8:E7
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/29d76710-8f64-42a2-abc9-39ee7ab69569.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab9:2800::/40

    Signature Algorithm: sha256WithRSAEncryption
         15:95:b1:71:cd:ca:0e:51:f0:2d:ce:ca:11:0b:39:3f:e4:22:
         72:95:d5:fb:8d:27:e1:b7:b0:80:27:9f:b8:cc:8f:97:32:6b:
         67:a3:ff:a1:93:83:fd:9f:d8:7e:b8:fd:d0:25:33:bd:fe:d6:
         d4:b6:cd:ae:68:e2:b1:94:21:1f:ab:24:51:d0:e7:be:96:12:
         ff:ba:f3:d9:ed:53:9b:c6:dd:05:14:1d:1c:ce:dd:5d:da:6b:
         d7:f2:82:12:d1:b9:01:57:c6:ad:ec:80:b0:82:72:81:09:d0:
         a8:7e:c0:32:ce:41:f2:c0:cb:f3:fa:1d:a0:f4:20:d0:fd:bb:
         7f:e0:50:e7:c2:f9:e3:6b:b9:71:33:ff:6b:ce:0e:d6:b4:94:
         36:83:83:a2:68:d8:1a:d6:69:e2:5a:01:d6:7f:00:10:3a:9f:
         2f:91:97:5a:d2:02:96:07:06:a2:67:50:10:dd:07:ce:7a:11:
         7e:32:bc:1b:2e:5b:01:05:54:e3:08:17:f1:27:56:05:2f:90:
         55:e6:d1:f5:99:38:96:7a:fd:83:bf:be:05:41:a7:f4:01:03:
         9a:80:8b:58:7f:04:2d:4d:bc:01:35:15:7f:dd:93:14:35:1a:
         da:06:11:2e:1d:19:e0:e9:f5:9a:ef:12:14:f0:66:6c:06:13:
         4b:98:c3:8d
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUC5+QehCSeJBFyCs+LJ8FIQ5PXKIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUyMjAwNTIwMVoX
DTI1MDYyNjIzNTk1OVowejFJMEcGA1UEBRNAMDEyMjI5ODJlYTEwMDg1MWFiNTk0
YTBhNjcxOThhNDBlY2ZhNzg0NmJlZWU5ZmUxODk5NTEwZmM1ODFjNDk0NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FIgK3VHfUt5cS/AdjAOx2HlBovR
Sepncj+NgE8g2KzxNM1XGVjM0z3MjCmxg2IgTVdTqyd6IocuxCM51xDKcNJ622oM
66NcZKqzmO41366xXiOt/neom4XCIw28vT3AjqTef9hUoZNDpWpWwLH5l0jASV8R
wmQu0riBmOG9tO0hmlBeH/g8UHRM5s9jQ9GiWLRI280TEAKSi9VVCoh6GEKWgFN5
Sj2NA5Nl6o0FoWW6sv63HKrqUXokEkZLVxt7XwCzkK28eT4KarjW+kt3Q/UxUbDt
fiY0zmVRFQJIrXpFBIEjuxfKsxYLG2TSBUlNdWMmcjUXL2KoPpHXc2e1WQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFKhUsRIiJuGVGpNrXf6iT0nLUajnMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzI5ZDc2NzEwLThmNjQtNDJhMi1hYmM5LTM5ZWU3YWI2OTU2OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauSgwDQYJKoZIhvcNAQELBQADggEBABWVsXHNyg5R8C3OyhEL
OT/kInKV1fuNJ+G3sIAnn7jMj5cya2ej/6GTg/2f2H64/dAlM73+1tS2za5o4rGU
IR+rJFHQ576WEv+689ntU5vG3QUUHRzO3V3aa9fyghLRuQFXxq3sgLCCcoEJ0Kh+
wDLOQfLAy/P6HaD0IND9u3/gUOfC+eNruXEz/2vODta0lDaDg6Jo2BrWaeJaAdZ/
ABA6ny+Rl1rSApYHBqJnUBDdB856EX4yvBsuWwEFVOMIF/EnVgUvkFXm0fWZOJZ6
/YO/vgVBp/QBA5qAi1h/BC1NvAE1FX/dkxQ1GtoGES4dGeDp9ZrvEhTwZmwGE0uY
w40=
-----END CERTIFICATE-----