Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3a6b3ecd-f7ff-4379-a780-1f1e7ee8e62b.roa
File:                     3a6b3ecd-f7ff-4379-a780-1f1e7ee8e62b.roa (raw, json)
Hash identifier:          kT4O8M9eEnH5KiZMeo9IRA9oSZFfjZ5IXaFtSSm8cgU=
Subject key identifier:   EA:A5:D1:6E:E3:86:D1:55:3D:A3:F2:9B:79:B0:11:94:DD:80:FE:73
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       11F241BB64A4BC8FD77032889AA28D614CCD22D1
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3a6b3ecd-f7ff-4379-a780-1f1e7ee8e62b.roa
Signing time:             Wed 30 Jul 2025 00:41:05 +0000
ROA not before:           Wed 30 Jul 2025 00:41:05 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:20c0::/46 maxlen: 48
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 18:37:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:f2:41:bb:64:a4:bc:8f:d7:70:32:88:9a:a2:8d:61:4c:cd:22:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:41:05 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=90375145764ece5de77abdade1aa2a4d14e71f1f7e3b88f57a2d5a4ba8be496f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4b:1c:76:73:77:cb:f7:e3:de:c5:b1:04:69:
                    e5:d8:4e:7a:34:d3:6b:f9:b4:cd:fe:9b:9c:c3:37:
                    2d:f0:a6:31:30:fe:59:d7:82:6c:a9:68:35:bd:2e:
                    d0:20:70:8b:82:eb:f5:93:51:e9:6b:60:72:54:86:
                    b7:9b:36:9f:3c:5d:36:6d:3d:3f:c3:08:ad:50:2b:
                    1a:49:c7:e2:ce:bb:5d:f5:f1:b8:17:27:3e:b6:98:
                    95:91:ca:65:6b:79:e0:33:ec:d6:b2:d7:ed:02:bb:
                    dc:d9:80:75:c5:f8:16:68:eb:c6:b9:45:b0:72:bf:
                    7f:db:b1:30:c9:7f:ce:9c:db:7d:7c:ca:a1:b5:f0:
                    23:9e:67:75:bd:9e:96:15:2a:80:9a:c5:df:f8:ef:
                    cc:5d:68:fc:90:d7:8a:d7:7e:5d:22:7b:1e:42:d4:
                    da:b2:35:05:3d:6d:4f:81:40:ba:40:06:17:96:e7:
                    ee:19:07:75:f2:03:c4:51:4d:9d:3b:bf:2a:5e:1f:
                    1d:fe:f8:28:c1:04:d7:51:b6:28:c3:4a:96:aa:eb:
                    8b:c7:b2:5b:a9:d3:21:50:57:ad:65:f5:e8:78:43:
                    2c:67:ef:f0:dd:f6:6b:d0:a5:f7:9b:86:0f:5b:72:
                    76:ba:22:85:37:b2:a0:ac:41:28:10:36:1d:b4:a5:
                    87:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:A5:D1:6E:E3:86:D1:55:3D:A3:F2:9B:79:B0:11:94:DD:80:FE:73
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3a6b3ecd-f7ff-4379-a780-1f1e7ee8e62b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:20c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         46:81:15:6b:6e:3f:75:2c:01:77:31:27:7f:d1:09:ad:1a:c2:
         fb:73:c6:15:48:5f:6e:ac:71:5b:ee:22:e0:0f:43:04:ee:e8:
         e6:75:0f:03:ab:da:51:8b:83:4b:6d:27:54:9f:d0:ad:25:32:
         c1:ee:13:18:15:0d:0f:53:04:fb:a7:49:51:a0:4d:27:8c:8c:
         d5:47:53:50:ea:b5:12:f6:a4:bb:e0:1c:05:54:9e:91:67:8d:
         24:05:59:13:e6:e1:1f:66:e9:21:2d:41:e6:02:c3:03:47:a9:
         7e:ec:67:6b:c9:af:7e:23:7c:dd:01:fc:79:06:3d:c1:ab:d5:
         db:e3:46:79:b9:c7:91:c8:70:e0:b0:0b:45:5c:42:38:eb:a9:
         0a:35:85:5f:34:1c:9b:ae:9b:ba:1c:3b:94:d6:e0:09:f9:56:
         c4:bf:76:66:f1:3e:00:f7:67:2c:d5:8f:53:11:5c:ee:9d:b8:
         45:aa:bb:69:0a:7c:14:f5:9c:2a:2d:79:77:16:79:60:33:62:
         ec:6d:a1:20:00:5e:52:b1:4d:3f:fd:7b:2a:54:68:7f:8d:8e:
         df:8d:26:5a:c8:94:e6:6d:e5:71:26:9f:1f:eb:ad:29:ca:d2:
         35:a3:c9:99:45:85:f4:77:9c:b5:6b:0d:1c:04:9f:02:d2:6e:
         b9:d0:20:6a
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUEfJBu2SkvI/XcDKImqKNYUzNItEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwNDEwNVoX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNAOTAzNzUxNDU3NjRlY2U1ZGU3N2Fi
ZGFkZTFhYTJhNGQxNGU3MWYxZjdlM2I4OGY1N2EyZDVhNGJhOGJlNDk2ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEscdnN3y/fj3sWxBGnl2E56NNNr
+bTN/pucwzct8KYxMP5Z14JsqWg1vS7QIHCLguv1k1Hpa2ByVIa3mzafPF02bT0/
wwitUCsaScfizrtd9fG4Fyc+tpiVkcpla3ngM+zWstftArvc2YB1xfgWaOvGuUWw
cr9/27EwyX/OnNt9fMqhtfAjnmd1vZ6WFSqAmsXf+O/MXWj8kNeK135dInseQtTa
sjUFPW1PgUC6QAYXlufuGQd18gPEUU2dO78qXh8d/vgowQTXUbYow0qWquuLx7Jb
qdMhUFetZfXoeEMsZ+/w3fZr0KX3m4YPW3J2uiKFN7KgrEEoEDYdtKWHcwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFOql0W7jhtFVPaPym3mwEZTdgP5zMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzNhNmIzZWNkLWY3ZmYtNDM3OS1hNzgwLTFmMWU3ZWU4ZTYyYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAba+yDAMA0GCSqGSIb3DQEBCwUAA4IBAQBGgRVrbj91LAF3MSd/
0QmtGsL7c8YVSF9urHFb7iLgD0ME7ujmdQ8Dq9pRi4NLbSdUn9CtJTLB7hMYFQ0P
UwT7p0lRoE0njIzVR1NQ6rUS9qS74BwFVJ6RZ40kBVkT5uEfZukhLUHmAsMDR6l+
7Gdrya9+I3zdAfx5Bj3Bq9Xb40Z5uceRyHDgsAtFXEI466kKNYVfNBybrpu6HDuU
1uAJ+VbEv3Zm8T4A92cs1Y9TEVzunbhFqrtpCnwU9ZwqLXl3FnlgM2LsbaEgAF5S
sU0//XsqVGh/jY7fjSZayJTmbeVxJp8f660pytI1o8mZRYX0d5y1aw0cBJ8C0m65
0CBq
-----END CERTIFICATE-----