Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f4077791-add9-436b-8f2e-4a21cda9ff2b.roa
File:                     f4077791-add9-436b-8f2e-4a21cda9ff2b.roa (raw, json)
Hash identifier:          xZCAIA2rOzVLPTQczjthjhaEN4y6BD7tH1zVUvuu6jc=
Subject key identifier:   ED:DC:31:59:6F:4A:F9:09:AB:6C:A0:35:2D:BA:DC:53:FC:AF:2F:69
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       3FE295639E38A37B0744B32B85E907C600E5291E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f4077791-add9-436b-8f2e-4a21cda9ff2b.roa
Signing time:             Fri 16 May 2025 15:10:11 +0000
ROA not before:           Fri 16 May 2025 15:10:11 +0000
ROA not after:            Fri 20 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dab9:4800::/40 maxlen: 48
Validation:               Failed, certificate revoked on Thu 22 May 2025 00:52:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:e2:95:63:9e:38:a3:7b:07:44:b3:2b:85:e9:07:c6:00:e5:29:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 16 15:10:11 2025 GMT
            Not After : Jun 20 23:59:59 2025 GMT
        Subject: serialNumber=cc36e7caf3ebcf552125dbe28c6283d2440e186646839161fd64d50f77908e5a, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4a:51:3c:5d:f2:05:70:98:ab:1f:57:9a:14:
                    ed:e4:9f:35:d5:13:6b:89:eb:20:da:78:8e:d5:36:
                    92:c3:38:6e:20:76:85:9a:e9:94:3b:ef:45:a3:17:
                    59:08:4c:0b:97:a0:74:f6:64:66:3a:8f:0c:5b:c6:
                    95:e1:fb:58:f2:75:98:5b:13:0a:b1:39:3d:0d:ae:
                    12:d9:0e:3a:c0:8b:5a:f1:93:f3:b8:3b:fe:c9:0b:
                    27:b9:ae:7f:83:22:02:9f:01:2e:e5:0c:3e:45:59:
                    72:36:c6:b7:7b:ac:d1:c2:cd:86:31:8a:f4:46:1d:
                    f6:6e:6c:e4:6f:4b:c1:48:05:8c:ea:bf:80:b1:ef:
                    93:33:14:4a:ed:1c:16:69:14:f3:86:69:ae:9c:38:
                    9e:b1:67:c2:6b:79:4a:b5:75:0c:37:60:df:8c:47:
                    bc:5f:67:ec:db:b0:c1:af:63:7f:72:4b:c1:95:9d:
                    2d:f1:26:9f:e9:47:81:0c:57:a2:33:d5:41:cc:5a:
                    39:6d:91:7e:ce:22:32:8b:d7:7f:fc:2f:39:19:55:
                    ca:ba:bf:e2:cf:71:b4:28:3f:32:ac:fb:9c:ce:3a:
                    30:d9:21:50:b0:77:6f:38:9e:31:e2:bf:ca:08:fa:
                    72:28:36:01:0f:58:ea:bd:e4:86:a6:3f:01:ef:c3:
                    2c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:DC:31:59:6F:4A:F9:09:AB:6C:A0:35:2D:BA:DC:53:FC:AF:2F:69
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/f4077791-add9-436b-8f2e-4a21cda9ff2b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dab9:4800::/40

    Signature Algorithm: sha256WithRSAEncryption
         b5:31:68:5b:f1:f5:15:61:a5:e7:d1:0a:ce:40:2f:06:62:11:
         9c:23:3e:ad:21:6b:3a:65:1c:67:e0:37:16:51:26:c3:75:46:
         2c:b5:81:d6:f7:9e:6b:4e:27:5d:e3:67:68:ef:e9:b9:5c:37:
         d9:7b:be:3d:c7:e8:8f:2f:94:24:f9:78:9c:9c:29:c2:9e:fd:
         be:1e:f9:d8:1b:9d:e6:e7:12:2c:ae:53:f0:55:3b:74:59:31:
         17:04:6b:21:7d:ec:d0:46:51:ce:13:cb:5c:da:b1:cd:aa:4c:
         18:8c:61:12:ca:54:76:c8:1f:de:7e:6f:d9:62:7a:10:cc:54:
         31:20:a1:30:b6:2c:b1:1c:ca:bd:c8:59:c1:4c:a7:5f:62:c0:
         18:6b:17:97:98:2b:fa:7b:2c:08:81:c1:ff:d9:bb:67:ca:94:
         c2:bc:c0:56:63:d9:f6:fb:0e:5d:42:cf:d7:2f:23:f8:bc:7b:
         5b:84:5b:00:20:4d:36:45:a2:fe:2d:60:0f:12:6f:da:99:ed:
         d1:c8:ec:e7:8f:e9:ac:68:eb:51:70:c7:70:68:db:da:01:35:
         16:1e:2c:a4:8c:c7:64:1e:92:20:8c:06:68:cf:17:9e:5b:a6:
         5c:bd:2d:7a:b2:ac:ee:5a:c7:c6:d1:c4:6b:7c:c1:5c:e0:3c:
         14:67:c5:e5
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUP+KVY544o3sHRLMrhekHxgDlKR4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUxNjE1MTAxMVoX
DTI1MDYyMDIzNTk1OVowejFJMEcGA1UEBRNAY2MzNmU3Y2FmM2ViY2Y1NTIxMjVk
YmUyOGM2MjgzZDI0NDBlMTg2NjQ2ODM5MTYxZmQ2NGQ1MGY3NzkwOGU1YTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0pRPF3yBXCYqx9XmhTt5J811RNr
iesg2niO1TaSwzhuIHaFmumUO+9FoxdZCEwLl6B09mRmOo8MW8aV4ftY8nWYWxMK
sTk9Da4S2Q46wIta8ZPzuDv+yQsnua5/gyICnwEu5Qw+RVlyNsa3e6zRws2GMYr0
Rh32bmzkb0vBSAWM6r+Ase+TMxRK7RwWaRTzhmmunDiesWfCa3lKtXUMN2DfjEe8
X2fs27DBr2N/ckvBlZ0t8Saf6UeBDFeiM9VBzFo5bZF+ziIyi9d//C85GVXKur/i
z3G0KD8yrPuczjow2SFQsHdvOJ4x4r/KCPpyKDYBD1jqveSGpj8B78MshwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFO3cMVlvSvkJq2ygNS263FP8ry9pMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2Y0MDc3NzkxLWFkZDktNDM2Yi04ZjJlLTRhMjFjZGE5ZmYyYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauUgwDQYJKoZIhvcNAQELBQADggEBALUxaFvx9RVhpefRCs5A
LwZiEZwjPq0hazplHGfgNxZRJsN1Riy1gdb3nmtOJ13jZ2jv6blcN9l7vj3H6I8v
lCT5eJycKcKe/b4e+dgbnebnEiyuU/BVO3RZMRcEayF97NBGUc4Ty1zasc2qTBiM
YRLKVHbIH95+b9liehDMVDEgoTC2LLEcyr3IWcFMp19iwBhrF5eYK/p7LAiBwf/Z
u2fKlMK8wFZj2fb7Dl1Cz9cvI/i8e1uEWwAgTTZFov4tYA8Sb9qZ7dHI7OeP6axo
61Fwx3Bo29oBNRYeLKSMx2QekiCMBmjPF55bply9LXqyrO5ax8bRxGt8wVzgPBRn
xeU=
-----END CERTIFICATE-----