Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8585b68c-1041-463e-a5f7-1c3d0d88dc84.roa
File:                     8585b68c-1041-463e-a5f7-1c3d0d88dc84.roa (raw, json)
Hash identifier:          t4KAAqCUyg97Q+MkMV9uxH5vKMGWrWZsvs49koksLDI=
Subject key identifier:   ED:F5:FF:83:23:07:2B:E0:A3:1F:70:F1:98:6C:A6:7E:A8:F2:62:B2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       7D6EB03CEC9D9C3521D22886F2266F051E31B754
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8585b68c-1041-463e-a5f7-1c3d0d88dc84.roa
Signing time:             Wed 30 Jul 2025 00:40:02 +0000
ROA not before:           Wed 30 Jul 2025 00:40:02 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:da69:f080::/46 maxlen: 48
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 18:08:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:6e:b0:3c:ec:9d:9c:35:21:d2:28:86:f2:26:6f:05:1e:31:b7:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:40:02 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=6ce79961590afb905eacf618e0b4de181d191282ec633095331927db6666494c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:aa:c6:99:55:9b:b0:a7:41:c4:19:cb:de:a2:
                    3e:4b:36:bd:4a:21:bd:0b:6e:4c:9e:5b:8b:da:97:
                    1b:20:a5:e3:de:9a:66:3c:80:bc:f7:e9:c1:f8:79:
                    45:2d:0f:96:5c:c9:b3:0c:1f:e1:01:7e:a8:09:31:
                    5e:36:c4:3b:6b:a1:c2:b3:d1:e3:0b:95:34:e9:33:
                    a9:a6:39:10:ab:e2:c7:6a:84:fc:84:9a:cd:80:7b:
                    e4:ae:2b:25:55:2d:80:81:40:3f:54:8c:73:ff:e4:
                    1a:ca:2c:b2:1c:ef:06:86:09:67:a7:fd:be:26:e3:
                    43:59:fb:29:52:ca:bf:31:99:6d:75:65:3a:cf:3d:
                    97:0b:39:65:02:2d:f8:97:f3:ca:88:64:5b:7e:30:
                    17:30:67:71:aa:6a:62:fc:9f:45:12:99:d0:70:ab:
                    8f:e4:d1:76:08:0d:e0:56:39:7b:10:23:b0:76:68:
                    90:3c:7b:0e:1d:41:ca:a2:93:5f:62:10:ff:66:24:
                    07:51:a3:a3:86:41:fc:a5:45:4c:31:4c:cd:3c:60:
                    2d:30:07:11:ba:c4:1b:0d:dd:f4:d2:16:df:9c:75:
                    85:9a:1f:72:be:66:e3:41:35:08:a8:a3:c2:12:39:
                    ae:eb:40:66:32:43:a0:32:db:5e:aa:22:dc:9d:5b:
                    6f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:F5:FF:83:23:07:2B:E0:A3:1F:70:F1:98:6C:A6:7E:A8:F2:62:B2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8585b68c-1041-463e-a5f7-1c3d0d88dc84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:da69:f080::/46

    Signature Algorithm: sha256WithRSAEncryption
         85:da:a5:ae:bd:cd:81:56:d2:af:8b:66:ad:80:73:06:7f:d2:
         a3:4a:83:79:43:37:30:aa:b2:58:99:4b:44:e9:8f:e4:0a:89:
         f5:61:95:3b:eb:60:89:80:18:16:0e:30:5c:24:85:1a:04:6e:
         a2:34:b2:63:33:77:7d:3a:59:e2:b3:a2:c3:21:f2:e3:53:6a:
         b4:ed:7b:b7:7d:d7:a5:1b:fe:eb:50:25:63:56:04:6e:9b:6f:
         e2:47:3b:f6:52:e1:1c:aa:72:96:d0:9f:71:f7:35:60:29:5b:
         0b:ec:d4:a1:2c:94:79:2e:45:b8:41:ae:03:84:3a:69:ae:41:
         b1:91:0f:a7:49:a4:48:8b:82:92:e3:a6:56:df:5c:2a:a0:40:
         70:5d:b5:72:f8:d7:22:a1:f4:0f:45:8d:1e:b0:6c:19:d7:90:
         87:df:a8:fd:23:27:ad:30:31:b9:32:69:13:77:83:77:8a:22:
         48:4d:5a:ec:ca:6d:ff:f7:d0:9c:83:a2:8e:39:b0:47:de:2f:
         ea:d7:42:b6:e5:16:86:9e:da:12:5f:70:4c:b6:ac:0b:00:77:
         cd:66:92:4c:e9:ca:b6:7e:53:41:44:4d:c5:01:df:09:bb:7f:
         58:d0:f7:98:b3:9a:b8:48:ea:ef:2e:4c:8e:4f:fd:eb:fb:9e:
         06:17:5f:b7
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUfW6wPOydnDUh0iiG8iZvBR4xt1QwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwNDAwMloX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNANmNlNzk5NjE1OTBhZmI5MDVlYWNm
NjE4ZTBiNGRlMTgxZDE5MTI4MmVjNjMzMDk1MzMxOTI3ZGI2NjY2NDk0YzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKrGmVWbsKdBxBnL3qI+Sza9SiG9
C25MnluL2pcbIKXj3ppmPIC89+nB+HlFLQ+WXMmzDB/hAX6oCTFeNsQ7a6HCs9Hj
C5U06TOppjkQq+LHaoT8hJrNgHvkrislVS2AgUA/VIxz/+QayiyyHO8Ghglnp/2+
JuNDWfspUsq/MZltdWU6zz2XCzllAi34l/PKiGRbfjAXMGdxqmpi/J9FEpnQcKuP
5NF2CA3gVjl7ECOwdmiQPHsOHUHKopNfYhD/ZiQHUaOjhkH8pUVMMUzNPGAtMAcR
usQbDd300hbfnHWFmh9yvmbjQTUIqKPCEjmu60BmMkOgMtteqiLcnVtvpQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFO31/4MjByvgox9w8Zhspn6o8mKyMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg1ODViNjhjLTEwNDEtNDYzZS1hNWY3LTFjM2QwZDg4ZGM4NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcCJAbaafCAMA0GCSqGSIb3DQEBCwUAA4IBAQCF2qWuvc2BVtKvi2at
gHMGf9KjSoN5QzcwqrJYmUtE6Y/kCon1YZU762CJgBgWDjBcJIUaBG6iNLJjM3d9
Olnis6LDIfLjU2q07Xu3fdelG/7rUCVjVgRum2/iRzv2UuEcqnKW0J9x9zVgKVsL
7NShLJR5LkW4Qa4DhDpprkGxkQ+nSaRIi4KS46ZW31wqoEBwXbVy+NciofQPRY0e
sGwZ15CH36j9IyetMDG5MmkTd4N3iiJITVrsym3/99Ccg6KOObBH3i/q10K25RaG
ntoSX3BMtqwLAHfNZpJM6cq2flNBRE3FAd8Ju39Y0PeYs5q4SOrvLkyOT/3r+54G
F1+3
-----END CERTIFICATE-----