Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a3df2bf5-dcf1-4c82-b75e-7132f025eb2b.roa
File:                     a3df2bf5-dcf1-4c82-b75e-7132f025eb2b.roa (raw, json)
Hash identifier:          U0waAd3lYg5mepGh6UY9/dqEa1goMDCA0/OyZZ4RxDI=
Subject key identifier:   D3:29:64:52:C3:DF:98:49:DD:4E:00:82:8A:96:2F:17:EC:F3:0F:B3
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       2D775DCFB4D80D92BD640B32A65E0A15682D1472
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a3df2bf5-dcf1-4c82-b75e-7132f025eb2b.roa
Signing time:             Thu 22 May 2025 00:38:25 +0000
ROA not before:           Thu 22 May 2025 00:38:25 +0000
ROA not after:            Thu 26 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab9:7080::/48 maxlen: 48
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 19:38:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2d:77:5d:cf:b4:d8:0d:92:bd:64:0b:32:a6:5e:0a:15:68:2d:14:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 22 00:38:25 2025 GMT
            Not After : Jun 26 23:59:59 2025 GMT
        Subject: serialNumber=3c468430e3e84c87d7f957267fb0870c48144c6b103151233b341e64a7cdd447, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:77:9f:fe:80:b1:03:55:45:6e:96:cd:7e:09:
                    8c:f2:0c:13:ae:32:af:43:86:07:be:40:40:ab:ee:
                    b3:45:b2:b8:b4:e8:72:47:0d:96:b2:6d:89:a6:15:
                    38:c7:6e:ee:07:2f:6c:b0:59:d5:48:d3:3f:7f:1f:
                    45:6e:23:00:cc:04:00:a6:54:1b:b3:54:93:26:f8:
                    cc:7e:9d:7f:e7:49:48:89:67:d5:f3:07:e3:ea:21:
                    44:2f:31:6f:13:f0:4e:33:41:86:fe:06:fa:ba:fe:
                    d2:d2:1e:3e:31:27:97:fa:99:a2:c7:aa:79:dc:ee:
                    78:33:f4:e8:b2:9f:81:8e:1e:cb:0c:91:ff:fb:e1:
                    a7:44:84:06:80:eb:71:e6:b9:99:2e:e1:1d:d3:46:
                    01:1f:ee:c2:b0:5c:5c:c4:d0:3d:88:88:e2:a7:62:
                    ed:31:1b:ce:a8:5f:41:1b:bf:6e:20:31:a5:5b:ad:
                    83:0b:32:f0:b3:b9:6c:0f:63:7f:b1:a1:77:b8:2e:
                    d0:70:b4:ec:c1:e0:be:d8:75:da:68:98:4c:18:94:
                    eb:81:f9:94:8a:23:57:1d:ab:d2:71:aa:70:72:a9:
                    ba:fa:2d:b3:60:e6:af:36:99:ec:62:c1:f5:11:ab:
                    97:85:31:41:10:91:12:1a:16:55:1a:2a:16:17:e0:
                    80:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:29:64:52:C3:DF:98:49:DD:4E:00:82:8A:96:2F:17:EC:F3:0F:B3
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/a3df2bf5-dcf1-4c82-b75e-7132f025eb2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab9:7080::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:16:56:7e:4a:d0:73:57:82:c6:76:c2:b5:19:a7:40:ab:33:
         ea:02:85:e2:82:91:30:c9:ba:81:03:0b:bc:0b:94:7b:ab:d8:
         79:55:aa:75:79:2f:87:bf:14:f4:10:35:7e:fc:fa:0f:24:4a:
         d7:58:cc:78:c1:f6:9d:a9:c7:8f:d7:9e:0e:49:01:13:f7:51:
         40:fc:cb:4b:af:e9:ea:f0:c8:0e:7c:ca:5c:00:1d:6f:26:31:
         c4:54:6f:d0:4d:d7:d7:3e:63:e5:44:27:91:7c:bd:f8:90:ff:
         74:0b:e9:18:ca:cc:cd:44:ad:d1:64:66:ca:82:5e:ef:dc:5f:
         2c:4a:b5:69:3d:40:fd:d3:cc:bd:aa:b0:80:d6:b4:6e:2c:d6:
         87:30:6b:b4:cd:43:fc:44:51:6a:cb:11:08:49:81:d6:48:22:
         ec:44:17:3d:33:cb:25:18:f3:10:e8:74:02:8a:e9:88:db:ed:
         e5:64:e3:cc:98:cb:0b:9a:a3:01:ca:69:3f:28:dc:cd:35:46:
         bb:8b:e8:98:57:01:7d:46:61:68:2f:30:bf:d1:c6:57:d9:c7:
         d2:b1:65:1a:6f:c2:44:d6:a7:b6:a1:39:27:0a:da:44:42:89:
         c3:1e:a5:ac:1c:a7:e5:30:6a:23:89:66:96:e8:3b:15:23:e1:
         29:ea:2d:2e
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIULXddz7TYDZK9ZAsypl4KFWgtFHIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUyMjAwMzgyNVoX
DTI1MDYyNjIzNTk1OVowejFJMEcGA1UEBRNAM2M0Njg0MzBlM2U4NGM4N2Q3Zjk1
NzI2N2ZiMDg3MGM0ODE0NGM2YjEwMzE1MTIzM2IzNDFlNjRhN2NkZDQ0NzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Hef/oCxA1VFbpbNfgmM8gwTrjKv
Q4YHvkBAq+6zRbK4tOhyRw2Wsm2JphU4x27uBy9ssFnVSNM/fx9FbiMAzAQAplQb
s1STJvjMfp1/50lIiWfV8wfj6iFELzFvE/BOM0GG/gb6uv7S0h4+MSeX+pmix6p5
3O54M/Tosp+Bjh7LDJH/++GnRIQGgOtx5rmZLuEd00YBH+7CsFxcxNA9iIjip2Lt
MRvOqF9BG79uIDGlW62DCzLws7lsD2N/saF3uC7QcLTsweC+2HXaaJhMGJTrgfmU
iiNXHavScapwcqm6+i2zYOavNpnsYsH1EauXhTFBEJESGhZVGioWF+CAjQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNMpZFLD35hJ3U4AgoqWLxfs8w+zMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2EzZGYyYmY1LWRjZjEtNGM4Mi1iNzVlLTcxMzJmMDI1ZWIyYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAbauXCAMA0GCSqGSIb3DQEBCwUAA4IBAQCjFlZ+StBzV4LGdsK1
GadAqzPqAoXigpEwybqBAwu8C5R7q9h5Vap1eS+HvxT0EDV+/PoPJErXWMx4wfad
qceP154OSQET91FA/MtLr+nq8MgOfMpcAB1vJjHEVG/QTdfXPmPlRCeRfL34kP90
C+kYyszNRK3RZGbKgl7v3F8sSrVpPUD908y9qrCA1rRuLNaHMGu0zUP8RFFqyxEI
SYHWSCLsRBc9M8slGPMQ6HQCiumI2+3lZOPMmMsLmqMBymk/KNzNNUa7i+iYVwF9
RmFoLzC/0cZX2cfSsWUab8JE1qe2oTknCtpEQonDHqWsHKflMGojiWaW6DsVI+Ep
6i0u
-----END CERTIFICATE-----