Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4a17824f-4dd6-4a98-a830-4566fc7803ea.roa
File:                     4a17824f-4dd6-4a98-a830-4566fc7803ea.roa (raw, json)
Hash identifier:          L32yKsnueamgSnfsOqmvu+TUSvxTVWQoWfTof8ugLDM=
Subject key identifier:   8E:7C:5D:C9:31:94:46:7B:CD:3B:35:A1:14:62:56:06:CC:FE:68:F2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7D52DC63A5F6223FD22CDBDCB7A1327A19978510
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4a17824f-4dd6-4a98-a830-4566fc7803ea.roa
Signing time:             Wed 30 Jul 2025 00:41:42 +0000
ROA not before:           Wed 30 Jul 2025 00:41:42 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:a040::/46 maxlen: 48
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 18:07:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:52:dc:63:a5:f6:22:3f:d2:2c:db:dc:b7:a1:32:7a:19:97:85:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:41:42 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=d24364ff5be82eff3a4980f47b4052db4255409d6417e9df7e204d679b6ef07f, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:39:d9:17:b5:b8:e7:c8:68:6e:86:79:3e:e2:
                    f8:52:c0:91:ee:98:92:87:10:8e:8b:41:31:eb:76:
                    5d:59:21:cb:6e:d9:4d:42:c9:14:58:7a:6a:76:43:
                    d9:37:99:d6:53:e7:1e:0e:0a:56:ff:56:8b:38:a7:
                    46:ab:29:e4:26:db:0e:24:aa:d8:a8:d5:71:b0:11:
                    42:22:a8:2b:3a:5a:cf:52:96:48:04:18:94:ac:e8:
                    1f:e7:49:c1:91:6a:37:33:b3:27:a5:5d:64:12:a1:
                    df:50:06:a5:67:e8:c5:68:64:00:1b:90:27:b8:85:
                    35:84:55:0b:32:7c:dc:e6:5c:1c:f6:dc:ac:47:aa:
                    69:df:6b:3b:57:b1:46:07:db:b7:e8:ee:a0:30:c7:
                    1b:4c:93:51:15:4d:7a:9b:4d:8b:7f:8f:98:d8:2f:
                    cb:2d:af:ac:46:2a:8d:46:30:4f:31:5a:b7:32:38:
                    01:19:c7:fd:e9:61:bf:1b:27:48:32:92:c9:ff:43:
                    dc:15:91:50:57:82:7c:6d:21:59:dd:07:51:81:3d:
                    e3:7d:44:30:dd:7a:59:12:56:42:a6:5b:88:df:77:
                    b3:a0:e6:83:0c:c2:96:ac:b8:96:0e:ff:b7:20:fe:
                    66:41:6d:17:dd:54:90:05:24:bd:4d:20:dd:38:40:
                    e3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:7C:5D:C9:31:94:46:7B:CD:3B:35:A1:14:62:56:06:CC:FE:68:F2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4a17824f-4dd6-4a98-a830-4566fc7803ea.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:a040::/46

    Signature Algorithm: sha256WithRSAEncryption
         8a:8e:3c:8e:25:fe:8f:5f:19:e3:bc:f0:f9:d3:58:c0:ec:3d:
         a2:c8:bc:18:2b:d0:ca:15:e8:a4:98:21:5c:7c:a7:0d:6d:e5:
         72:db:42:21:ad:4e:c1:d9:2e:26:6f:a2:87:82:6b:f4:38:9a:
         55:92:a1:d1:97:0c:e7:bb:de:1e:54:c2:46:db:93:16:51:4d:
         8a:48:95:d7:7b:29:81:0b:9d:1f:38:2a:da:d2:47:d6:61:34:
         92:57:4e:43:f4:6c:e6:5e:12:4b:b7:b5:8e:9b:7a:62:71:5f:
         f2:fc:43:58:73:bf:b8:73:ce:99:06:4d:31:64:63:06:41:ba:
         21:22:0c:d8:5e:ce:ea:06:2f:15:fb:ca:49:0f:0e:a8:3a:cb:
         72:e2:4a:fc:5d:7f:f5:21:45:a7:cd:36:d2:3c:08:ac:1a:27:
         6c:4c:f0:3d:65:dc:5c:c4:f3:cf:2b:b7:10:37:99:29:63:59:
         60:26:b0:a0:39:5d:7b:86:70:aa:3f:cf:f4:91:c3:ed:cb:f1:
         6b:2c:84:95:c9:73:64:e7:7b:2c:f1:41:6a:bc:00:34:33:54:
         e9:0a:aa:ec:31:31:ca:07:66:c6:d0:0c:6d:cd:93:ff:a4:38:
         0a:9f:2f:00:78:0f:10:d3:c3:dc:35:51:51:d5:d0:21:b1:e9:
         30:76:37:66
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUfVLcY6X2Ij/SLNvct6EyehmXhRAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwNDE0MloX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNAZDI0MzY0ZmY1YmU4MmVmZjNhNDk4
MGY0N2I0MDUyZGI0MjU1NDA5ZDY0MTdlOWRmN2UyMDRkNjc5YjZlZjA3ZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvznZF7W458hoboZ5PuL4UsCR7piS
hxCOi0Ex63ZdWSHLbtlNQskUWHpqdkPZN5nWU+ceDgpW/1aLOKdGqynkJtsOJKrY
qNVxsBFCIqgrOlrPUpZIBBiUrOgf50nBkWo3M7MnpV1kEqHfUAalZ+jFaGQAG5An
uIU1hFULMnzc5lwc9tysR6pp32s7V7FGB9u36O6gMMcbTJNRFU16m02Lf4+Y2C/L
La+sRiqNRjBPMVq3MjgBGcf96WG/GydIMpLJ/0PcFZFQV4J8bSFZ3QdRgT3jfUQw
3XpZElZCpluI33ezoOaDDMKWrLiWDv+3IP5mQW0X3VSQBSS9TSDdOEDj7QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFI58XckxlEZ7zTs1oRRiVgbM/mjyMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRhMTc4MjRmLTRkZDYtNGE5OC1hODMwLTQ1NjZmYzc4MDNlYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAbaaaBAMA0GCSqGSIb3DQEBCwUAA4IBAQCKjjyOJf6PXxnjvPD5
01jA7D2iyLwYK9DKFeikmCFcfKcNbeVy20IhrU7B2S4mb6KHgmv0OJpVkqHRlwzn
u94eVMJG25MWUU2KSJXXeymBC50fOCra0kfWYTSSV05D9GzmXhJLt7WOm3picV/y
/ENYc7+4c86ZBk0xZGMGQbohIgzYXs7qBi8V+8pJDw6oOsty4kr8XX/1IUWnzTbS
PAisGidsTPA9ZdxcxPPPK7cQN5kpY1lgJrCgOV17hnCqP8/0kcPty/FrLISVyXNk
53ss8UFqvAA0M1TpCqrsMTHKB2bG0AxtzZP/pDgKny8AeA8Q08PcNVFR1dAhsekw
djdm
-----END CERTIFICATE-----