Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3aaf1f3c-55b8-419c-bcaf-892b30f3ef3c.roa
File:                     3aaf1f3c-55b8-419c-bcaf-892b30f3ef3c.roa (raw, json)
Hash identifier:          3WK9y4VGs49W0QxwYoCOevqTGacpDYhpn8xA/excP20=
Subject key identifier:   53:E8:66:B8:E6:95:90:92:FD:7E:3A:9B:3F:40:03:37:66:ED:53:1A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       57CCD92A481372C2034609E102B0844F2FE9BF6B
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3aaf1f3c-55b8-419c-bcaf-892b30f3ef3c.roa
Signing time:             Wed 30 Jul 2025 00:50:12 +0000
ROA not before:           Wed 30 Jul 2025 00:50:12 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:6000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 17:52:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            57:cc:d9:2a:48:13:72:c2:03:46:09:e1:02:b0:84:4f:2f:e9:bf:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:50:12 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=fdf32797d55a9e75fd092d6d6ac327321b9e30f4d76f54fc22da52da83de9bea, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d3:b7:cd:b7:94:9a:a4:7e:85:48:03:50:3f:
                    47:94:7b:8c:31:77:bc:32:1d:15:18:d2:19:07:0d:
                    1a:4f:db:c9:5a:1a:b5:cf:26:2f:d9:24:8f:00:e5:
                    1d:ae:bb:5d:d1:4c:b4:44:4b:18:16:6c:8b:10:8c:
                    32:c6:02:da:79:83:76:9d:b8:4c:1a:25:56:61:03:
                    1c:9d:ca:ab:95:a1:af:7c:fd:86:08:c8:b6:54:2d:
                    c2:c0:db:e6:4d:6f:b0:36:61:9b:f4:bf:55:a4:af:
                    63:99:49:83:77:25:63:b2:d5:81:55:6d:e2:41:4d:
                    af:0b:ec:5a:e1:cc:e4:2f:45:66:41:7d:90:b1:bb:
                    fd:c7:07:07:6d:4a:bb:b7:ed:ef:3a:43:43:09:f6:
                    d2:e7:80:bf:5a:18:ea:1c:65:70:57:88:95:0e:e8:
                    42:4f:3a:c3:b9:a6:a6:54:2e:a3:04:19:f5:54:25:
                    b4:db:f9:ed:8c:86:cb:10:4d:47:3f:17:50:ec:db:
                    99:66:7b:92:ab:c3:dd:3e:70:1f:0d:0e:01:3c:00:
                    bd:16:b6:e6:fc:ac:ae:e7:19:df:6f:1b:4a:99:3b:
                    1a:bb:d4:48:f5:da:3e:15:63:07:c4:85:2d:1b:3e:
                    9b:b3:e0:b7:04:2d:f0:0c:fe:98:fb:37:5a:35:cc:
                    66:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:E8:66:B8:E6:95:90:92:FD:7E:3A:9B:3F:40:03:37:66:ED:53:1A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/3aaf1f3c-55b8-419c-bcaf-892b30f3ef3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         9b:61:0f:6d:e0:8f:3a:16:71:45:73:74:3f:68:74:f1:4a:e2:
         e1:7f:1d:9c:81:dc:4f:eb:76:65:ee:6e:20:b5:79:97:92:d4:
         78:60:75:62:2d:8a:74:e0:84:e6:37:9f:b1:22:e0:a6:c8:ee:
         dc:dd:c4:d4:74:e1:77:dc:6a:ba:4f:39:4c:64:87:92:0c:99:
         4f:02:8c:83:9b:86:09:9d:8c:38:72:9d:6e:f5:ac:a7:63:ac:
         27:18:0e:e0:05:a8:a7:3e:36:08:cb:ff:4a:b8:72:a8:d1:54:
         fd:0a:95:f3:c3:bf:59:52:d7:17:3d:c2:83:64:2b:38:6e:2b:
         c7:68:be:c8:86:17:da:9f:cd:f4:08:15:62:cc:bb:84:c3:d2:
         de:33:43:03:86:fb:6d:88:32:82:18:b1:a9:58:6d:8d:c8:8a:
         a4:e8:64:be:2b:37:fb:38:83:57:e7:65:ba:f7:9f:51:6b:e2:
         43:70:ac:42:cc:27:27:38:c0:0d:58:ad:31:fd:0a:08:99:78:
         41:9b:2b:52:97:fc:b5:a4:d2:93:1b:f8:fa:30:2c:49:c7:a2:
         7d:7c:ba:b8:79:ae:0b:a5:d4:ee:ea:0f:71:15:e1:d8:dd:20:
         87:53:dd:57:b6:d0:64:cf:79:be:56:81:06:ef:68:06:ab:87:
         d0:d4:1d:ec
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUV8zZKkgTcsIDRgnhArCETy/pv2swDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwNTAxMloX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNAZmRmMzI3OTdkNTVhOWU3NWZkMDky
ZDZkNmFjMzI3MzIxYjllMzBmNGQ3NmY1NGZjMjJkYTUyZGE4M2RlOWJlYTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdO3zbeUmqR+hUgDUD9HlHuMMXe8
Mh0VGNIZBw0aT9vJWhq1zyYv2SSPAOUdrrtd0Uy0REsYFmyLEIwyxgLaeYN2nbhM
GiVWYQMcncqrlaGvfP2GCMi2VC3CwNvmTW+wNmGb9L9VpK9jmUmDdyVjstWBVW3i
QU2vC+xa4czkL0VmQX2Qsbv9xwcHbUq7t+3vOkNDCfbS54C/WhjqHGVwV4iVDuhC
TzrDuaamVC6jBBn1VCW02/ntjIbLEE1HPxdQ7NuZZnuSq8PdPnAfDQ4BPAC9Frbm
/Kyu5xnfbxtKmTsau9RI9do+FWMHxIUtGz6bs+C3BC3wDP6Y+zdaNcxm1wIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFFPoZrjmlZCS/X46mz9AAzdm7VMaMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzNhYWYxZjNjLTU1YjgtNDE5Yy1iY2FmLTg5MmIzMGYzZWYzYy5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+2AwDQYJKoZIhvcNAQELBQADggEBAJthD23gjzoWcUVzdD9o
dPFK4uF/HZyB3E/rdmXubiC1eZeS1HhgdWItinTghOY3n7Ei4KbI7tzdxNR04Xfc
arpPOUxkh5IMmU8CjIObhgmdjDhynW71rKdjrCcYDuAFqKc+NgjL/0q4cqjRVP0K
lfPDv1lS1xc9woNkKzhuK8dovsiGF9qfzfQIFWLMu4TD0t4zQwOG+22IMoIYsalY
bY3IiqToZL4rN/s4g1fnZbr3n1Fr4kNwrELMJyc4wA1YrTH9CgiZeEGbK1KX/LWk
0pMb+PowLEnHon18urh5rgul1O7qD3EV4djdIIdT3Ve20GTPeb5WgQbvaAarh9DU
Hew=
-----END CERTIFICATE-----