Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e1367368-fb8b-40dc-a886-d20d64eee8aa.roa
File:                     e1367368-fb8b-40dc-a886-d20d64eee8aa.roa (raw, json)
Hash identifier:          HEFr8/yw5r/yfZFYBJrc1AG/MJtd5gwFNnzTDzPvHm4=
Subject key identifier:   39:BA:EB:66:4A:D5:73:E8:AD:43:B8:2D:DE:14:FD:0D:36:7C:BD:B2
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       1D71282B1789CE13AA67A2D852D6E80159B38367
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e1367368-fb8b-40dc-a886-d20d64eee8aa.roa
Signing time:             Mon 12 May 2025 15:01:08 +0000
ROA not before:           Mon 12 May 2025 15:01:08 +0000
ROA not after:            Mon 16 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dabb:a000::/40 maxlen: 48
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 20:07:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:71:28:2b:17:89:ce:13:aa:67:a2:d8:52:d6:e8:01:59:b3:83:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 12 15:01:08 2025 GMT
            Not After : Jun 16 23:59:59 2025 GMT
        Subject: serialNumber=92817776bc465d6691bc7c41a3a0ca40c8c79ce2cd38d638c9645faf1f3f9c83, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:72:b8:8b:42:93:57:0d:d3:30:a6:0f:ff:21:
                    08:f7:92:4a:de:8d:d4:64:64:90:7c:5e:0c:5c:7d:
                    b3:94:f8:23:bf:bf:18:7c:bd:61:92:24:9c:5f:20:
                    e3:d6:92:bb:16:b1:4e:82:6c:b0:85:54:57:2c:d0:
                    06:60:e0:3a:80:f1:79:19:a2:2d:74:f0:bc:7a:2c:
                    15:9a:51:62:33:89:47:41:72:c4:f8:47:cd:73:bc:
                    ff:b6:72:77:d9:32:35:03:9a:70:bd:da:76:b7:dc:
                    23:09:70:7a:c4:d7:d0:a4:7d:9e:14:17:f2:27:cb:
                    2c:5b:10:51:f2:38:3e:7a:78:41:c1:dd:46:11:36:
                    2f:24:02:28:09:6c:f0:a7:b3:8a:17:81:a1:ae:f0:
                    f3:6d:44:f2:f7:72:51:8a:b4:7b:ee:89:ad:16:b1:
                    2b:67:83:9e:90:f1:a6:b5:fb:a9:e1:0a:95:f6:10:
                    1a:84:7d:2c:0f:c0:6c:3a:e6:89:d7:62:95:99:dc:
                    0e:71:2b:5b:15:ad:11:f8:26:84:f2:dd:1b:e4:1a:
                    47:b0:c7:95:59:93:1e:82:6d:08:79:7f:e8:f3:05:
                    e5:ec:26:80:52:3c:40:12:96:58:40:85:ad:b6:91:
                    e2:0b:2b:6c:40:5d:22:a6:7f:42:79:8c:32:3d:60:
                    7a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:BA:EB:66:4A:D5:73:E8:AD:43:B8:2D:DE:14:FD:0D:36:7C:BD:B2
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/e1367368-fb8b-40dc-a886-d20d64eee8aa.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dabb:a000::/40

    Signature Algorithm: sha256WithRSAEncryption
         21:fb:04:37:24:fa:bd:91:8d:77:ea:83:41:f1:ca:0c:25:fd:
         25:3a:40:4f:eb:13:84:83:04:5c:7c:c2:04:7e:95:62:0a:84:
         57:ea:51:61:87:c2:36:e6:c5:c8:54:ca:76:4d:e7:00:e5:18:
         07:59:4b:bc:8d:a0:4c:cf:79:cd:93:a0:f9:fb:7f:e5:fa:71:
         f3:a3:13:6d:47:cd:d4:84:ef:51:6b:1e:ec:36:4e:97:9b:a4:
         45:42:6a:ff:fd:a3:cf:30:15:f3:38:28:98:a4:b3:9b:c8:8c:
         b3:78:d4:a9:5b:d8:ed:24:e7:79:45:7e:c2:ed:8b:bd:88:c7:
         04:ac:c3:d9:de:74:7e:3f:38:ce:7e:c9:dd:01:48:82:e7:b9:
         66:21:d6:f6:47:60:b8:2c:53:b8:c9:11:de:c1:a4:6f:e8:a9:
         74:5c:28:8a:a4:ac:4a:75:b1:ac:85:30:bc:55:a0:8b:23:05:
         ac:34:d6:b4:0f:98:a7:6c:9c:8a:f4:cc:aa:de:90:70:0d:80:
         72:fa:f2:e6:71:5e:16:db:1a:60:9a:13:19:4b:82:ad:8e:cb:
         85:5f:9e:df:63:5c:13:04:05:92:27:73:61:e0:50:fb:52:a2:
         0c:d2:96:df:17:e8:56:e2:d4:cd:9c:d0:32:50:f3:fe:98:4a:
         a4:34:bc:20
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUHXEoKxeJzhOqZ6LYUtboAVmzg2cwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUxMjE1MDEwOFoX
DTI1MDYxNjIzNTk1OVowejFJMEcGA1UEBRNAOTI4MTc3NzZiYzQ2NWQ2NjkxYmM3
YzQxYTNhMGNhNDBjOGM3OWNlMmNkMzhkNjM4Yzk2NDVmYWYxZjNmOWM4MzEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHK4i0KTVw3TMKYP/yEI95JK3o3U
ZGSQfF4MXH2zlPgjv78YfL1hkiScXyDj1pK7FrFOgmywhVRXLNAGYOA6gPF5GaIt
dPC8eiwVmlFiM4lHQXLE+EfNc7z/tnJ32TI1A5pwvdp2t9wjCXB6xNfQpH2eFBfy
J8ssWxBR8jg+enhBwd1GETYvJAIoCWzwp7OKF4GhrvDzbUTy93JRirR77omtFrEr
Z4OekPGmtfup4QqV9hAahH0sD8BsOuaJ12KVmdwOcStbFa0R+CaE8t0b5BpHsMeV
WZMegm0IeX/o8wXl7CaAUjxAEpZYQIWttpHiCytsQF0ipn9CeYwyPWB6wwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFDm662ZK1XPorUO4Ld4U/Q02fL2yMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2UxMzY3MzY4LWZiOGItNDBkYy1hODg2LWQyMGQ2NGVlZThhYS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbau6AwDQYJKoZIhvcNAQELBQADggEBACH7BDck+r2RjXfqg0Hx
ygwl/SU6QE/rE4SDBFx8wgR+lWIKhFfqUWGHwjbmxchUynZN5wDlGAdZS7yNoEzP
ec2ToPn7f+X6cfOjE21HzdSE71FrHuw2TpebpEVCav/9o88wFfM4KJiks5vIjLN4
1Klb2O0k53lFfsLti72IxwSsw9nedH4/OM5+yd0BSILnuWYh1vZHYLgsU7jJEd7B
pG/oqXRcKIqkrEp1sayFMLxVoIsjBaw01rQPmKdsnIr0zKrekHANgHL68uZxXhbb
GmCaExlLgq2Oy4Vfnt9jXBMEBZInc2HgUPtSogzSlt8X6Fbi1M2c0DJQ8/6YSqQ0
vCA=
-----END CERTIFICATE-----