Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8926995e-bde5-49af-a989-17dd351a253f.roa
File:                     8926995e-bde5-49af-a989-17dd351a253f.roa (raw, json)
Hash identifier:          zHwZKFgNTmOvP9YBRj9N4VyIjvcQBMyaWxtAinMYtU0=
Subject key identifier:   31:EB:BB:4B:F8:86:84:69:4A:BD:91:79:54:D1:5C:F7:27:E8:DB:D3
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       52E9F66C888C98BA684CF074BF4B0984CC009425
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8926995e-bde5-49af-a989-17dd351a253f.roa
Signing time:             Wed 30 Jul 2025 00:50:43 +0000
ROA not before:           Wed 30 Jul 2025 00:50:43 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dafb:8000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 17:52:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:e9:f6:6c:88:8c:98:ba:68:4c:f0:74:bf:4b:09:84:cc:00:94:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:50:43 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=98141f00d3207f73dc31156f2903e5d43abbe79b585f58485b6ef0c83632ac0c, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:bb:4d:cc:cf:93:ad:e6:d3:82:da:e2:1a:42:
                    14:e4:27:6b:d1:7a:34:21:51:00:d9:7f:d2:32:15:
                    7e:79:54:de:90:20:c3:23:29:f7:52:61:70:1b:19:
                    f7:02:72:76:e9:fe:81:cd:f6:6c:ad:0d:83:76:ad:
                    a6:4f:99:65:7b:25:62:7e:be:c0:ba:d9:14:74:a3:
                    d3:0f:26:e0:0b:96:31:86:85:fe:88:fa:0e:a7:0d:
                    7d:a6:12:dd:75:ef:c1:7c:81:68:34:bf:1c:4a:ed:
                    ca:96:88:0d:40:56:d5:36:12:3f:f8:21:21:7a:e8:
                    1e:64:8b:bb:e5:97:d2:f3:e9:b9:af:41:c2:2a:1e:
                    0a:59:a2:5a:71:c2:7f:1f:29:a1:5f:4b:01:f8:a9:
                    27:b8:c3:7c:66:5d:6c:c6:eb:0a:18:e0:ee:eb:b2:
                    a4:12:1b:96:ab:54:3e:56:44:5b:b3:b1:06:4a:96:
                    05:31:92:d3:f6:f0:b4:dc:7d:a1:ac:74:43:a9:cf:
                    55:77:3d:96:44:fa:83:3b:ae:f8:59:e3:98:1e:56:
                    52:53:0d:01:c1:79:39:7e:14:c6:53:bf:d6:eb:57:
                    8d:e3:2e:a0:55:10:f5:aa:38:66:76:67:6f:06:2a:
                    3b:68:ea:8c:90:0f:b4:b2:e5:2d:e8:fc:df:bc:23:
                    ac:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:EB:BB:4B:F8:86:84:69:4A:BD:91:79:54:D1:5C:F7:27:E8:DB:D3
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/8926995e-bde5-49af-a989-17dd351a253f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dafb:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         69:2a:d9:e2:76:55:fc:5a:4e:8f:98:ad:9e:2c:97:c5:9c:89:
         81:e0:97:51:f7:de:22:c1:af:d2:92:ef:e5:7a:73:f4:23:d7:
         27:0b:b2:99:f0:04:3f:80:83:bf:a7:35:5a:a4:82:84:5a:f1:
         9f:d0:b0:3a:59:fe:a6:76:d1:4c:3e:69:02:5a:fe:46:b0:7e:
         cb:c1:2e:b1:9b:09:14:e3:3b:8c:0c:b3:db:23:3c:8f:ac:fd:
         28:c6:eb:a1:f6:3d:ac:92:39:c2:93:4d:77:fa:ae:1d:21:98:
         4e:0c:1e:40:e9:30:1e:40:58:ff:18:f6:a0:65:c6:a6:64:09:
         7b:da:f5:60:a1:59:e3:ea:cd:af:87:6f:b0:9f:25:01:9a:a1:
         59:99:26:e7:13:3c:24:80:a7:33:06:ce:d7:2f:ed:b6:88:a2:
         f5:26:bf:ee:ff:88:43:19:93:85:56:79:fe:9e:8f:38:5b:e0:
         0f:91:69:b5:12:f7:83:25:05:da:5a:a2:67:0a:63:26:21:a4:
         90:e3:e0:16:6b:50:02:e7:6c:b7:df:c7:97:97:7e:75:70:96:
         bf:31:ee:5c:4c:bb:15:71:12:f4:d9:de:25:6f:11:54:3e:32:
         5c:79:6a:7c:ab:1b:61:b2:95:80:67:ea:cb:50:de:cf:08:b0:
         6b:02:2a:f7
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUUun2bIiMmLpoTPB0v0sJhMwAlCUwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwNTA0M1oX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNAOTgxNDFmMDBkMzIwN2Y3M2RjMzEx
NTZmMjkwM2U1ZDQzYWJiZTc5YjU4NWY1ODQ4NWI2ZWYwYzgzNjMyYWMwYzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LtNzM+TrebTgtriGkIU5Cdr0Xo0
IVEA2X/SMhV+eVTekCDDIyn3UmFwGxn3AnJ26f6BzfZsrQ2Ddq2mT5lleyVifr7A
utkUdKPTDybgC5YxhoX+iPoOpw19phLdde/BfIFoNL8cSu3KlogNQFbVNhI/+CEh
eugeZIu75ZfS8+m5r0HCKh4KWaJaccJ/HymhX0sB+KknuMN8Zl1sxusKGODu67Kk
EhuWq1Q+VkRbs7EGSpYFMZLT9vC03H2hrHRDqc9Vdz2WRPqDO674WeOYHlZSUw0B
wXk5fhTGU7/W61eN4y6gVRD1qjhmdmdvBio7aOqMkA+0suUt6PzfvCOsZwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDHru0v4hoRpSr2ReVTRXPcn6NvTMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg5MjY5OTVlLWJkZTUtNDlhZi1hOTg5LTE3ZGQzNTFhMjUzZi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba+4AwDQYJKoZIhvcNAQELBQADggEBAGkq2eJ2VfxaTo+YrZ4s
l8WciYHgl1H33iLBr9KS7+V6c/Qj1ycLspnwBD+Ag7+nNVqkgoRa8Z/QsDpZ/qZ2
0Uw+aQJa/kawfsvBLrGbCRTjO4wMs9sjPI+s/SjG66H2PaySOcKTTXf6rh0hmE4M
HkDpMB5AWP8Y9qBlxqZkCXva9WChWePqza+Hb7CfJQGaoVmZJucTPCSApzMGztcv
7baIovUmv+7/iEMZk4VWef6ejzhb4A+RabUS94MlBdpaomcKYyYhpJDj4BZrUALn
bLffx5eXfnVwlr8x7lxMuxVxEvTZ3iVvEVQ+Mlx5anyrG2GylYBn6stQ3s8IsGsC
Kvc=
-----END CERTIFICATE-----