Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6b65b2ea-4198-4abe-8fda-90a11d6ca4bb.roa
File:                     6b65b2ea-4198-4abe-8fda-90a11d6ca4bb.roa (raw, json)
Hash identifier:          IAvsVYH2+skD2tioQhowOGU89tocaRzGgDy34/zfM7o=
Subject key identifier:   16:69:DF:5F:B1:E9:8B:B4:25:0F:DA:A1:04:0D:91:9E:AC:73:80:BB
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3ABF1543B40222CA7250427C2628BAD61ED7F467
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6b65b2ea-4198-4abe-8fda-90a11d6ca4bb.roa
Signing time:             Wed 30 Jul 2025 00:51:13 +0000
ROA not before:           Wed 30 Jul 2025 00:51:13 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:20c0::/46 maxlen: 48
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 18:08:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:bf:15:43:b4:02:22:ca:72:50:42:7c:26:28:ba:d6:1e:d7:f4:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:51:13 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=e2a6f7f33836fb1f625968dab46191ff1a2eb70bd3836568d97c1ac942936616, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ff:c0:20:01:3d:1a:54:06:e3:2d:cc:3a:52:
                    a6:9d:81:0e:a4:cd:43:62:02:90:0b:ce:18:c2:4c:
                    1c:69:ce:11:8e:52:a8:73:1b:22:3c:5e:9b:b1:c7:
                    a8:bd:e4:ac:4f:8e:20:cb:84:5c:44:66:79:71:55:
                    a2:0b:e2:e5:c3:c9:19:91:e0:c1:ec:3a:f0:20:b8:
                    85:30:29:ed:46:3c:73:5a:89:2b:15:27:d5:18:81:
                    51:4d:e0:8b:88:47:bc:72:9d:3b:ce:ed:58:c0:e3:
                    5f:4d:8a:d1:bd:7f:d7:b8:e5:db:1f:3f:d7:e4:96:
                    a6:cf:4d:3b:e7:87:71:5f:b2:0c:ca:b6:fe:fa:7b:
                    1b:82:df:2b:71:90:6c:e1:ff:38:91:f3:17:4d:a2:
                    0d:24:ae:e5:ab:2f:8f:5f:73:d7:4b:d8:7f:d6:ce:
                    c0:dd:27:dd:27:50:e2:66:91:55:bb:d8:3d:11:ee:
                    e8:5c:98:b4:8e:85:b9:d8:4c:da:de:86:62:ee:60:
                    a7:9e:b6:8c:fe:2a:d3:74:8a:d2:29:21:59:d1:d5:
                    54:55:ed:de:45:7c:84:b7:50:ae:4c:1f:eb:82:ed:
                    f1:63:3b:8c:4f:5d:6b:55:e2:ef:8e:5c:d7:64:c4:
                    57:f3:db:2d:1d:a9:ba:7a:3e:a7:85:35:d6:72:b2:
                    4b:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:69:DF:5F:B1:E9:8B:B4:25:0F:DA:A1:04:0D:91:9E:AC:73:80:BB
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/6b65b2ea-4198-4abe-8fda-90a11d6ca4bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:20c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         08:5b:27:ec:ba:7f:19:78:93:2e:b5:f5:e1:3b:12:6b:8a:4a:
         32:29:2b:d1:36:a4:09:10:c2:3f:2d:cd:1e:77:0b:b1:34:57:
         c8:7d:92:82:34:f8:ec:42:14:f8:f8:0a:88:dd:fe:92:80:43:
         89:47:dd:f5:00:a4:b8:09:63:9d:f0:f8:23:10:5c:12:fd:0e:
         30:bd:47:36:fd:bc:b8:25:f0:64:9b:f8:68:65:a3:a5:a5:2b:
         4c:dc:9a:81:a0:7e:f3:10:8d:4c:bd:67:4a:3d:6f:a5:ce:1d:
         bc:90:04:21:2b:11:3c:dd:8a:c8:dc:d2:4d:38:11:36:17:53:
         f9:91:15:85:f6:b0:bb:e4:58:2b:96:14:96:39:17:63:02:fa:
         12:f7:70:bb:1e:65:d7:c3:64:5a:88:a1:5b:3b:e9:53:2b:61:
         95:30:53:60:f7:f7:bb:08:9e:55:68:5a:7e:fa:ce:2e:25:03:
         79:13:ea:33:b0:70:94:3e:4c:b8:67:1f:d6:67:3a:14:9d:ca:
         12:8d:0f:2c:38:c0:53:10:57:dd:9c:54:04:8d:97:a9:37:3f:
         32:b7:6f:bf:cc:08:0a:5f:5e:e3:3f:b4:e2:5d:5a:d9:a0:74:
         62:2f:30:07:0d:67:01:fb:8b:14:e8:b1:b8:a6:a5:06:3f:ab:
         53:e5:cf:33
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUOr8VQ7QCIspyUEJ8Jii61h7X9GcwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwNTExM1oX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNAZTJhNmY3ZjMzODM2ZmIxZjYyNTk2
OGRhYjQ2MTkxZmYxYTJlYjcwYmQzODM2NTY4ZDk3YzFhYzk0MjkzNjYxNjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP/AIAE9GlQG4y3MOlKmnYEOpM1D
YgKQC84Ywkwcac4RjlKocxsiPF6bsceoveSsT44gy4RcRGZ5cVWiC+Llw8kZkeDB
7DrwILiFMCntRjxzWokrFSfVGIFRTeCLiEe8cp07zu1YwONfTYrRvX/XuOXbHz/X
5Jamz00754dxX7IMyrb++nsbgt8rcZBs4f84kfMXTaINJK7lqy+PX3PXS9h/1s7A
3SfdJ1DiZpFVu9g9Ee7oXJi0joW52Eza3oZi7mCnnraM/irTdIrSKSFZ0dVUVe3e
RXyEt1CuTB/rgu3xYzuMT11rVeLvjlzXZMRX89stHam6ej6nhTXWcrJLIQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFBZp31+x6Yu0JQ/aoQQNkZ6sc4C7MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzZiNjViMmVhLTQxOTgtNGFiZS04ZmRhLTkwYTExZDZjYTRiYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAba9yDAMA0GCSqGSIb3DQEBCwUAA4IBAQAIWyfsun8ZeJMutfXh
OxJrikoyKSvRNqQJEMI/Lc0edwuxNFfIfZKCNPjsQhT4+AqI3f6SgEOJR931AKS4
CWOd8PgjEFwS/Q4wvUc2/by4JfBkm/hoZaOlpStM3JqBoH7zEI1MvWdKPW+lzh28
kAQhKxE83YrI3NJNOBE2F1P5kRWF9rC75FgrlhSWORdjAvoS93C7HmXXw2RaiKFb
O+lTK2GVMFNg9/e7CJ5VaFp++s4uJQN5E+ozsHCUPky4Zx/WZzoUncoSjQ8sOMBT
EFfdnFQEjZepNz8yt2+/zAgKX17jP7TiXVrZoHRiLzAHDWcB+4sU6LG4pqUGP6tT
5c8z
-----END CERTIFICATE-----