Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16c9067b-6854-4c04-a03a-53bf3df702a4.roa
File:                     16c9067b-6854-4c04-a03a-53bf3df702a4.roa (raw, json)
Hash identifier:          pXAQcxnD5vRak6jMlwd1eDGK1nqOPclFL7g+/Kt7vYc=
Subject key identifier:   01:D9:FD:5B:72:B6:EE:0C:B0:21:56:B5:08:BF:4B:8B:1C:97:BF:90
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       1E759D616615009F3699B71449513623054030AE
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16c9067b-6854-4c04-a03a-53bf3df702a4.roa
Signing time:             Tue 08 Jul 2025 15:11:27 +0000
ROA not before:           Tue 08 Jul 2025 15:11:27 +0000
ROA not after:            Tue 12 Aug 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        2600:1ff7:8080::/46 maxlen: 48
Validation:               Failed, certificate revoked on Wed 30 Jul 2025 19:37:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1e:75:9d:61:66:15:00:9f:36:99:b7:14:49:51:36:23:05:40:30:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jul  8 15:11:27 2025 GMT
            Not After : Aug 12 23:59:59 2025 GMT
        Subject: serialNumber=1358656c4fb4bff9b42ef29e4cf26159f7db1861318a38a3c9f51835cf0c7313, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:33:95:a1:52:14:36:68:b6:82:01:52:a8:e1:
                    c7:62:e6:5e:e4:8c:ab:54:cd:b8:32:34:9e:19:e4:
                    94:bb:3c:a3:0e:d8:95:ec:55:bc:84:80:40:7d:79:
                    9a:af:14:b7:e4:16:75:3b:2d:ee:9b:40:5d:b3:8e:
                    40:48:9e:25:59:b1:34:68:80:c4:f6:b1:2d:8c:99:
                    35:54:b5:5d:4f:0e:ca:64:fd:80:a2:30:3f:aa:a3:
                    b5:61:12:62:b2:43:7e:7b:87:30:1c:2f:34:b0:64:
                    cc:55:ab:25:40:fe:87:6e:c9:e6:b0:23:5a:c1:ad:
                    c9:f1:8c:42:8b:f9:d8:1b:28:bd:5e:0a:10:97:e6:
                    a5:d2:52:19:19:ed:51:72:cc:1c:0f:6d:b5:fe:fa:
                    fd:32:cb:f1:79:89:f8:3c:cb:46:33:2f:51:dd:da:
                    6d:c9:15:e2:90:68:9a:9b:00:25:b7:c9:14:2b:11:
                    2c:f6:e4:e5:81:50:65:17:bf:5a:36:7a:14:7c:a7:
                    d5:be:cb:bd:02:0f:38:89:27:f3:00:78:ad:44:27:
                    f9:02:08:e4:58:66:80:41:7d:67:8a:a3:cd:ea:1b:
                    da:15:90:e2:53:bf:6b:d7:f2:51:83:87:bc:66:0b:
                    2c:b0:3f:98:e6:cc:d3:4c:6b:45:0c:44:85:4c:72:
                    2c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:D9:FD:5B:72:B6:EE:0C:B0:21:56:B5:08:BF:4B:8B:1C:97:BF:90
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/16c9067b-6854-4c04-a03a-53bf3df702a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2600:1ff7:8080::/46

    Signature Algorithm: sha256WithRSAEncryption
         d6:39:44:3c:2a:35:c9:cd:f2:c6:26:a4:7c:53:c0:f6:81:e8:
         c7:03:9b:68:01:90:ed:db:dc:35:f7:27:9e:80:ff:d6:52:de:
         5c:35:71:f9:e5:26:a6:d0:be:f9:f7:ac:36:97:2c:94:02:df:
         6d:fa:9d:04:2b:c8:ff:42:6d:ed:65:90:9d:18:a8:0f:2a:72:
         53:5d:c5:8e:b8:07:5e:b0:92:92:28:4b:d0:b8:64:13:5e:53:
         dc:8e:f5:aa:7c:b2:78:99:54:80:15:4d:28:47:cd:d9:42:44:
         f7:55:64:96:f6:51:60:b3:6f:bc:4b:71:0a:2f:2b:24:49:7c:
         40:9e:df:18:de:f1:e5:97:27:02:b0:89:28:6f:77:ff:01:9e:
         2f:64:74:22:b1:fc:ed:4c:f5:65:cb:85:21:c0:14:a5:35:da:
         a8:c9:96:66:32:e6:7e:c1:ee:ae:98:ee:a1:dc:60:e2:47:9a:
         84:fd:6c:00:4e:ab:f7:67:a3:e7:5a:56:1b:5b:bf:a5:1d:4c:
         a0:12:6b:4c:91:44:e0:d1:a6:46:c0:7c:53:16:04:88:e8:fd:
         5f:64:e4:b0:9d:89:7d:cd:11:de:7e:ce:22:34:00:35:8f:5e:
         ad:e9:43:38:bf:cd:d6:f0:fe:1e:ee:ef:05:40:b4:ad:29:8d:
         ca:51:24:9c
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgIUHnWdYWYVAJ82mbcUSVE2IwVAMK4wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwNzA4MTUxMTI3WhcNMjUwODEyMjM1OTU5
WjB6MUkwRwYDVQQFE0AxMzU4NjU2YzRmYjRiZmY5YjQyZWYyOWU0Y2YyNjE1OWY3
ZGIxODYxMzE4YTM4YTNjOWY1MTgzNWNmMGM3MzEzMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDbM5WhUhQ2aLaCAVKo4cdi5l7kjKtUzbgyNJ4Z5JS7PKMO
2JXsVbyEgEB9eZqvFLfkFnU7Le6bQF2zjkBIniVZsTRogMT2sS2MmTVUtV1PDspk
/YCiMD+qo7VhEmKyQ357hzAcLzSwZMxVqyVA/oduyeawI1rBrcnxjEKL+dgbKL1e
ChCX5qXSUhkZ7VFyzBwPbbX++v0yy/F5ifg8y0YzL1Hd2m3JFeKQaJqbACW3yRQr
ESz25OWBUGUXv1o2ehR8p9W+y70CDziJJ/MAeK1EJ/kCCORYZoBBfWeKo83qG9oV
kOJTv2vX8lGDh7xmCyywP5jmzNNMa0UMRIVMciyVAgMBAAGjggK0MIICsDAdBgNV
HQ4EFgQUAdn9W3K27gywIVa1CL9LixyXv5AwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzE2YzkwNjdiLTY4NTQtNGMwNC1hMDNhLTUzYmYzZGY3MDJhNC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgAC
MAkDBwImAB/3gIAwDQYJKoZIhvcNAQELBQADggEBANY5RDwqNcnN8sYmpHxTwPaB
6McDm2gBkO3b3DX3J56A/9ZS3lw1cfnlJqbQvvn3rDaXLJQC3236nQQryP9Cbe1l
kJ0YqA8qclNdxY64B16wkpIoS9C4ZBNeU9yO9ap8sniZVIAVTShHzdlCRPdVZJb2
UWCzb7xLcQovKyRJfECe3xje8eWXJwKwiShvd/8Bni9kdCKx/O1M9WXLhSHAFKU1
2qjJlmYy5n7B7q6Y7qHcYOJHmoT9bABOq/dno+daVhtbv6UdTKASa0yRRODRpkbA
fFMWBIjo/V9k5LCdiX3NEd5+ziI0ADWPXq3pQzi/zdbw/h7u7wVAtK0pjcpRJJw=
-----END CERTIFICATE-----