Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ed3d3a28-3c88-49ed-8b25-85cbf545c35e.roa
File:                     ed3d3a28-3c88-49ed-8b25-85cbf545c35e.roa (raw, json)
Hash identifier:          hGGVXlX6fXIc9Hh9csn0oHO5GqU6KQUcXqP+TufW8W0=
Subject key identifier:   21:EA:54:BF:F8:3B:FB:4C:F7:EC:B5:A6:36:79:1B:73:29:7C:3F:73
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       375051C3A1CC6267452EF7D0D3AC9BA672896C62
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ed3d3a28-3c88-49ed-8b25-85cbf545c35e.roa
Signing time:             Wed 14 May 2025 00:11:21 +0000
ROA not before:           Wed 14 May 2025 00:11:21 +0000
ROA not after:            Wed 18 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:7080::/48 maxlen: 48
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 19:53:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:50:51:c3:a1:cc:62:67:45:2e:f7:d0:d3:ac:9b:a6:72:89:6c:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 14 00:11:21 2025 GMT
            Not After : Jun 18 23:59:59 2025 GMT
        Subject: serialNumber=3d605bc85e58387a0fa5ceef6ca5486f093fbb89e8635747001f1c72f629fd59, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0e:4a:df:f9:d2:b0:0a:f9:cf:03:e0:58:60:
                    8b:c8:0d:84:40:fa:4c:0e:f8:b3:6c:78:7e:ff:92:
                    dd:15:73:e2:ba:9e:91:de:e4:c4:51:6c:63:d4:3a:
                    f1:21:02:41:ad:a4:13:4a:9a:8d:29:69:e9:79:2f:
                    fc:0e:e1:ae:41:42:d3:45:30:b4:a4:84:17:e5:c5:
                    bf:f3:1f:a4:36:7f:d2:c3:36:0a:15:c4:67:e6:15:
                    0b:05:cf:24:59:7e:78:d3:a4:db:f1:38:e6:e1:03:
                    82:81:9a:04:c0:fa:1d:95:cf:e1:f6:2a:04:43:12:
                    b9:30:57:07:86:eb:07:99:13:0f:99:8d:55:2e:e5:
                    0f:f4:59:46:4b:04:21:a2:b0:1f:35:71:93:09:e7:
                    a8:a1:e4:55:2f:1b:2a:bb:dc:73:ff:4c:83:91:70:
                    55:ab:80:11:86:2f:2e:d8:4f:49:6b:2a:1f:3c:f6:
                    bf:fa:c7:64:99:56:80:5a:dd:c9:b0:76:de:fd:4a:
                    8b:f0:c8:32:ca:7a:60:58:41:4f:f0:77:2f:5b:89:
                    36:5e:a9:43:93:bf:a0:28:ef:1f:12:07:75:6d:3b:
                    5a:1e:02:16:45:fb:50:cc:d5:ef:4b:82:66:9e:5f:
                    59:e9:7b:12:1c:3a:d1:18:e5:08:9d:b9:43:03:89:
                    ab:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:EA:54:BF:F8:3B:FB:4C:F7:EC:B5:A6:36:79:1B:73:29:7C:3F:73
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ed3d3a28-3c88-49ed-8b25-85cbf545c35e.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:7080::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:7d:e0:70:66:b7:0d:6d:94:02:1f:b5:80:bc:91:40:8f:52:
         3e:6b:16:44:04:13:94:90:a9:91:eb:06:c2:03:84:b0:25:f4:
         c2:9a:ac:ec:ea:25:10:54:6f:e7:cd:bb:e1:9a:80:db:94:3b:
         86:92:3d:e6:4e:ea:b6:dc:8c:1b:dc:2c:e8:2e:ed:d4:a8:60:
         88:27:5b:84:52:8b:15:8a:04:bf:cd:c6:2a:c5:66:1d:9a:00:
         c5:c6:4b:21:7b:09:5f:fa:b9:40:ad:3a:8c:0f:06:4e:2e:29:
         a9:f8:63:fa:42:46:2d:ab:ce:c2:b0:0c:cf:cc:64:39:d0:59:
         de:8c:c6:0f:58:6a:82:5d:16:10:58:bb:ca:8c:2e:64:7c:17:
         0e:de:93:b9:e6:07:cd:d5:ae:57:ac:37:f5:b1:b5:1d:6f:19:
         11:49:a5:77:72:81:cc:80:3e:97:ba:35:01:a3:53:5c:00:7d:
         e3:a4:4d:92:eb:5d:83:6e:fb:f2:9d:e1:1f:40:4e:36:bd:95:
         cb:eb:e2:76:2e:f0:7b:a0:92:50:f9:ca:81:71:02:1a:bd:b7:
         2a:52:98:56:2a:41:9a:c6:c0:ee:af:34:c7:8f:33:7b:63:86:
         e9:82:9b:af:32:3e:de:c5:4a:9d:f1:ea:40:bd:04:4d:43:10:
         e0:44:9a:0f
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUN1BRw6HMYmdFLvfQ06ybpnKJbGIwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUxNDAwMTEyMVoX
DTI1MDYxODIzNTk1OVowejFJMEcGA1UEBRNAM2Q2MDViYzg1ZTU4Mzg3YTBmYTVj
ZWVmNmNhNTQ4NmYwOTNmYmI4OWU4NjM1NzQ3MDAxZjFjNzJmNjI5ZmQ1OTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAug5K3/nSsAr5zwPgWGCLyA2EQPpM
DvizbHh+/5LdFXPiup6R3uTEUWxj1DrxIQJBraQTSpqNKWnpeS/8DuGuQULTRTC0
pIQX5cW/8x+kNn/SwzYKFcRn5hULBc8kWX5406Tb8Tjm4QOCgZoEwPodlc/h9ioE
QxK5MFcHhusHmRMPmY1VLuUP9FlGSwQhorAfNXGTCeeooeRVLxsqu9xz/0yDkXBV
q4ARhi8u2E9JayofPPa/+sdkmVaAWt3JsHbe/UqL8MgyynpgWEFP8HcvW4k2XqlD
k7+gKO8fEgd1bTtaHgIWRftQzNXvS4Jmnl9Z6XsSHDrRGOUInblDA4mrmwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCHqVL/4O/tM9+y1pjZ5G3MpfD9zMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2VkM2QzYTI4LTNjODgtNDllZC04YjI1LTg1Y2JmNTQ1YzM1ZS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba9HCAMA0GCSqGSIb3DQEBCwUAA4IBAQBIfeBwZrcNbZQCH7WA
vJFAj1I+axZEBBOUkKmR6wbCA4SwJfTCmqzs6iUQVG/nzbvhmoDblDuGkj3mTuq2
3Iwb3CzoLu3UqGCIJ1uEUosVigS/zcYqxWYdmgDFxkshewlf+rlArTqMDwZOLimp
+GP6QkYtq87CsAzPzGQ50FnejMYPWGqCXRYQWLvKjC5kfBcO3pO55gfN1a5XrDf1
sbUdbxkRSaV3coHMgD6XujUBo1NcAH3jpE2S612DbvvyneEfQE42vZXL6+J2LvB7
oJJQ+cqBcQIavbcqUphWKkGaxsDurzTHjzN7Y4bpgpuvMj7exUqd8epAvQRNQxDg
RJoP
-----END CERTIFICATE-----