Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9c804d9a-be43-4636-8f74-69e695113d21.roa
File:                     9c804d9a-be43-4636-8f74-69e695113d21.roa (raw, json)
Hash identifier:          lT4T3Mum77UeaJ+PETXtOj8GlYXZzJ2u00gHJ7CU8UM=
Subject key identifier:   DE:FD:41:36:A9:B2:8D:6B:50:DB:45:44:6F:C9:21:DD:02:FC:20:EF
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       0F4017B41EB57403FC7833F1593526E6B6806043
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9c804d9a-be43-4636-8f74-69e695113d21.roa
Signing time:             Wed 30 Jul 2025 00:41:47 +0000
ROA not before:           Wed 30 Jul 2025 00:41:47 +0000
ROA not after:            Wed 03 Sep 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf7:7000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 18:52:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:40:17:b4:1e:b5:74:03:fc:78:33:f1:59:35:26:e6:b6:80:60:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Jul 30 00:41:47 2025 GMT
            Not After : Sep  3 23:59:59 2025 GMT
        Subject: serialNumber=1249e41b1f9cf8dbfd5edf01ab9dc17d61ed07118ec2f59214eb41efcf9f7211, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:97:cc:96:be:3f:91:82:c2:b7:0f:67:e8:d8:
                    d9:d1:af:4e:1c:23:b7:b6:90:76:d9:5d:27:e1:0b:
                    e4:07:0a:e1:26:c4:c6:67:3c:05:bd:ae:df:84:d6:
                    32:8f:70:45:9d:b8:4c:1f:29:0b:58:09:69:4e:03:
                    4c:21:77:0f:5d:7d:92:38:a1:f3:86:b6:ab:9b:04:
                    e4:16:c6:93:62:09:4a:15:b4:9b:6c:d0:75:b0:4a:
                    09:09:24:66:98:48:2b:96:70:f8:ff:5c:af:46:9b:
                    b6:41:9a:d8:de:dc:69:67:7a:2a:21:3c:9b:08:28:
                    c4:0f:40:d7:3f:90:40:33:57:d3:5e:b3:73:16:58:
                    1a:e7:95:97:39:81:91:5e:75:ea:4b:66:07:ea:23:
                    b3:a9:0f:6f:64:c5:8d:50:18:7b:ec:92:1d:48:05:
                    67:a0:03:80:2f:b9:23:98:70:6e:6c:d4:78:23:98:
                    55:e7:77:68:4d:0f:28:be:a2:47:0f:c7:97:83:d8:
                    fc:3e:c7:18:6e:26:33:08:2c:4b:38:ba:13:29:22:
                    6a:53:22:a9:48:8c:0c:db:ba:1c:59:8f:1d:45:19:
                    c2:52:36:02:f4:0c:01:95:64:e0:c3:a5:47:af:1d:
                    a0:cd:21:79:5b:57:c2:30:48:02:05:60:22:81:ec:
                    25:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:FD:41:36:A9:B2:8D:6B:50:DB:45:44:6F:C9:21:DD:02:FC:20:EF
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/9c804d9a-be43-4636-8f74-69e695113d21.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf7:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:66:25:f2:3e:83:44:e2:7c:bf:c8:6b:7e:6c:fc:84:26:1b:
         94:e2:c7:31:9d:07:f8:b7:ad:ef:c0:07:cb:e6:27:20:d5:a1:
         8a:ad:bd:78:fd:d8:dd:8b:b9:19:fc:25:9d:30:98:be:a8:27:
         3c:8e:00:5b:2e:0c:a8:2b:02:4c:22:9a:c4:0a:18:74:8a:90:
         48:98:37:0c:e0:de:1e:01:2b:d8:64:54:94:cc:3d:41:b1:de:
         52:3c:c9:14:72:2c:23:a9:47:dd:d9:4c:8b:f5:d4:c8:59:96:
         b8:9c:c1:10:df:52:56:3c:70:f8:e5:96:03:88:c5:67:d0:f7:
         35:ae:64:d6:94:35:1c:2f:f1:35:4c:d9:00:26:16:ea:e7:42:
         55:95:71:6c:b6:36:64:55:d2:b1:36:34:2b:11:b1:9e:63:2f:
         bd:c3:ef:ef:17:50:4f:50:c8:91:de:8a:ea:d5:5e:e3:93:43:
         62:ce:6a:cc:e2:99:64:76:95:95:bc:1a:67:36:40:02:02:3e:
         6c:e2:ba:60:59:09:52:e7:c6:ca:9e:2f:95:99:34:86:87:b7:
         42:2b:49:2c:63:c7:a9:89:63:42:7f:fd:45:79:14:ae:8b:18:
         d9:7f:f1:6e:70:94:d5:97:d2:d8:6d:7b:25:49:89:9f:ce:27:
         9d:9c:1e:70
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUD0AXtB61dAP8eDPxWTUm5raAYEMwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDczMDAwNDE0N1oX
DTI1MDkwMzIzNTk1OVowejFJMEcGA1UEBRNAMTI0OWU0MWIxZjljZjhkYmZkNWVk
ZjAxYWI5ZGMxN2Q2MWVkMDcxMThlYzJmNTkyMTRlYjQxZWZjZjlmNzIxMTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pfMlr4/kYLCtw9n6NjZ0a9OHCO3
tpB22V0n4QvkBwrhJsTGZzwFva7fhNYyj3BFnbhMHykLWAlpTgNMIXcPXX2SOKHz
hrarmwTkFsaTYglKFbSbbNB1sEoJCSRmmEgrlnD4/1yvRpu2QZrY3txpZ3oqITyb
CCjED0DXP5BAM1fTXrNzFlga55WXOYGRXnXqS2YH6iOzqQ9vZMWNUBh77JIdSAVn
oAOAL7kjmHBubNR4I5hV53doTQ8ovqJHD8eXg9j8PscYbiYzCCxLOLoTKSJqUyKp
SIwM27ocWY8dRRnCUjYC9AwBlWTgw6VHrx2gzSF5W1fCMEgCBWAigewlQQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFN79QTapso1rUNtFRG/JId0C/CDvMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
LzljODA0ZDlhLWJlNDMtNDYzNi04Zjc0LTY5ZTY5NTExM2QyMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba93AwDQYJKoZIhvcNAQELBQADggEBAAlmJfI+g0TifL/Ia35s
/IQmG5TixzGdB/i3re/AB8vmJyDVoYqtvXj92N2LuRn8JZ0wmL6oJzyOAFsuDKgr
AkwimsQKGHSKkEiYNwzg3h4BK9hkVJTMPUGx3lI8yRRyLCOpR93ZTIv11MhZlric
wRDfUlY8cPjllgOIxWfQ9zWuZNaUNRwv8TVM2QAmFurnQlWVcWy2NmRV0rE2NCsR
sZ5jL73D7+8XUE9QyJHeiurVXuOTQ2LOaszimWR2lZW8Gmc2QAICPmziumBZCVLn
xsqeL5WZNIaHt0IrSSxjx6mJY0J//UV5FK6LGNl/8W5wlNWX0thteyVJiZ/OJ52c
HnA=
-----END CERTIFICATE-----