Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fd95545-b5ca-4bb0-a1c9-c8c48c1faf3b.roa
File:                     4fd95545-b5ca-4bb0-a1c9-c8c48c1faf3b.roa (raw, json)
Hash identifier:          Nvpfc9+j97s2SdE7TopDvO2ZHqT2TfKeGHqQLQgfSgg=
Subject key identifier:   E5:19:1B:E7:07:7C:E2:4E:CA:E6:B7:EA:86:2D:50:05:C4:88:C5:3D
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       4580CA3C81DF98D51B035395F53C8F8D0DCB7C4C
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fd95545-b5ca-4bb0-a1c9-c8c48c1faf3b.roa
Signing time:             Wed 30 Jul 2025 00:41:48 +0000
ROA not before:           Wed 30 Jul 2025 00:41:48 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:1000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 17:39:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:80:ca:3c:81:df:98:d5:1b:03:53:95:f5:3c:8f:8d:0d:cb:7c:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:41:48 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=64d636255fd1cd325917aa16dc61f9160558503d33ca70fc538269d00dee9a5a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:9d:24:9a:ce:8b:34:1d:79:bd:30:b3:e5:1b:
                    b5:f4:4d:fc:75:0f:95:66:76:4c:71:a5:76:1a:d8:
                    9f:b5:d6:e0:83:3c:e5:be:6c:e0:d2:03:c7:ba:dc:
                    a5:94:95:38:0d:51:6b:af:a2:38:a2:c5:90:17:2c:
                    14:91:a3:40:43:ea:71:ea:b9:11:ef:f4:fc:23:61:
                    e7:1c:ee:22:86:0c:be:b2:a4:89:ef:c8:60:98:c2:
                    4a:7f:99:dd:e3:73:6c:7c:f9:97:6a:14:2a:e2:c2:
                    19:21:00:a3:b0:73:ea:82:b5:51:cf:79:1e:47:7a:
                    6b:96:bb:41:21:a5:61:84:88:4f:8b:7e:1c:98:c6:
                    21:58:9f:d2:95:71:7f:cf:93:81:fa:97:1b:87:c1:
                    0c:da:ff:d3:6c:76:d6:0b:fe:96:e2:b5:85:8e:a6:
                    0b:a6:5a:15:48:39:4e:15:bd:61:90:9b:92:9e:59:
                    99:7d:fe:e7:93:4b:e5:df:da:80:59:9d:65:dd:75:
                    42:55:02:7a:22:52:b5:44:4e:fb:d5:35:87:69:0a:
                    cb:41:99:6f:1a:b8:c5:56:8c:66:b4:e3:e1:64:83:
                    7a:62:59:e0:67:a5:80:c4:b9:48:40:72:6b:ce:86:
                    e3:32:80:c6:e1:ae:47:b9:10:c7:bd:85:96:41:15:
                    a3:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:19:1B:E7:07:7C:E2:4E:CA:E6:B7:EA:86:2D:50:05:C4:88:C5:3D
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/4fd95545-b5ca-4bb0-a1c9-c8c48c1faf3b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         54:ec:19:4e:7a:36:74:a6:f0:91:77:53:75:3d:c9:45:ad:02:
         0b:22:16:f6:52:a5:5f:59:c5:24:2b:73:c2:60:16:2f:fc:2d:
         2c:dc:3e:07:88:a9:dc:cc:53:72:e1:e6:c4:d3:d5:df:a4:21:
         67:48:50:e2:28:59:39:8b:49:32:c9:3b:2d:73:27:58:a5:c5:
         4f:1d:0c:e8:87:c4:1c:1c:ee:4c:64:77:64:c3:b2:68:9e:ef:
         fd:5b:0e:4f:48:ee:42:7f:f7:cb:73:17:fb:a6:56:10:6f:d1:
         69:78:64:17:45:f3:26:d0:fe:98:9d:39:ee:2f:68:6b:98:56:
         3b:1e:cd:e5:9b:f5:b0:7b:4d:dd:b4:b0:3d:82:6a:7e:c3:2e:
         5a:79:94:0f:71:a2:ac:fb:59:9a:59:f9:45:3f:e7:95:55:54:
         22:aa:a2:42:69:4e:1e:0a:31:0e:56:bf:be:e4:ec:f5:73:1d:
         ea:a6:0a:66:f3:9d:2b:ba:e2:67:dd:a6:c1:b3:4d:cf:7f:70:
         97:44:d6:cc:05:41:b0:40:81:08:e9:a3:3c:1f:88:fc:87:d8:
         b2:19:32:71:70:9c:c5:14:b2:f4:cf:7f:58:b9:ce:4a:1c:bb:
         80:67:49:fe:1e:e7:12:9b:55:ce:60:f9:8a:6e:c8:30:0b:89:
         cf:69:21:51
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIURYDKPIHfmNUbA1OV9TyPjQ3LfEwwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwNDE0OFoX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNANjRkNjM2MjU1ZmQxY2QzMjU5MTdh
YTE2ZGM2MWY5MTYwNTU4NTAzZDMzY2E3MGZjNTM4MjY5ZDAwZGVlOWE1YTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZ0kms6LNB15vTCz5Ru19E38dQ+V
ZnZMcaV2Gtiftdbggzzlvmzg0gPHutyllJU4DVFrr6I4osWQFywUkaNAQ+px6rkR
7/T8I2HnHO4ihgy+sqSJ78hgmMJKf5nd43NsfPmXahQq4sIZIQCjsHPqgrVRz3ke
R3prlrtBIaVhhIhPi34cmMYhWJ/SlXF/z5OB+pcbh8EM2v/TbHbWC/6W4rWFjqYL
ploVSDlOFb1hkJuSnlmZff7nk0vl39qAWZ1l3XVCVQJ6IlK1RE771TWHaQrLQZlv
GrjFVoxmtOPhZIN6YlngZ6WAxLlIQHJrzobjMoDG4a5HuRDHvYWWQRWjmQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOUZG+cHfOJOyua36oYtUAXEiMU9MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzRmZDk1NTQ1LWI1Y2EtNGJiMC1hMWM5LWM4YzQ4YzFmYWYzYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbaaRAwDQYJKoZIhvcNAQELBQADggEBAFTsGU56NnSm8JF3U3U9
yUWtAgsiFvZSpV9ZxSQrc8JgFi/8LSzcPgeIqdzMU3Lh5sTT1d+kIWdIUOIoWTmL
STLJOy1zJ1ilxU8dDOiHxBwc7kxkd2TDsmie7/1bDk9I7kJ/98tzF/umVhBv0Wl4
ZBdF8ybQ/pidOe4vaGuYVjsezeWb9bB7Td20sD2Can7DLlp5lA9xoqz7WZpZ+UU/
55VVVCKqokJpTh4KMQ5Wv77k7PVzHeqmCmbznSu64mfdpsGzTc9/cJdE1swFQbBA
gQjpozwfiPyH2LIZMnFwnMUUsvTPf1i5zkocu4BnSf4e5xKbVc5g+YpuyDALic9p
IVE=
-----END CERTIFICATE-----