Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86031003-8765-4ab1-842d-ef1af47deb94.roa
File:                     86031003-8765-4ab1-842d-ef1af47deb94.roa (raw, json)
Hash identifier:          YI/XZnp0G+b91BXsyGwiYj3MnvSJ6/reMCxWcIMUES0=
Subject key identifier:   6C:C8:71:82:8A:82:F8:F8:23:0C:D4:93:FF:71:DE:91:EF:2E:C7:BD
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       43C62B7186BBA68A7A3B38348F20574A94E08A40
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86031003-8765-4ab1-842d-ef1af47deb94.roa
Signing time:             Tue 25 Mar 2025 00:11:01 +0000
ROA not before:           Tue 25 Mar 2025 00:11:01 +0000
ROA not after:            Tue 29 Apr 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daf4:10c0::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 16 Apr 2025 18:53:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:c6:2b:71:86:bb:a6:8a:7a:3b:38:34:8f:20:57:4a:94:e0:8a:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Mar 25 00:11:01 2025 GMT
            Not After : Apr 29 23:59:59 2025 GMT
        Subject: serialNumber=9085f41d1a3499acc05061ed65a02ce7632c2b0d385fdc97319b881c3daf6b50, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:9b:1f:19:de:3f:74:4d:de:58:0c:5b:4e:5a:
                    e6:64:57:fb:e9:6f:9b:78:97:ce:d5:3c:c6:13:77:
                    a9:63:ae:a2:db:ff:ac:1b:69:fc:39:19:27:a8:47:
                    8b:06:02:87:e7:d5:14:ea:ab:58:a5:14:d1:4e:10:
                    d0:16:d9:03:fc:54:44:cc:99:27:44:eb:f2:06:3c:
                    81:9d:34:b2:0f:58:3c:75:80:f1:9c:14:e8:60:16:
                    6f:76:22:61:90:8e:62:eb:26:60:11:8a:44:71:b3:
                    f8:60:a2:82:7e:8c:75:c1:76:2d:18:2c:3d:50:d0:
                    30:a4:c5:04:33:ac:46:87:f6:59:9e:91:2f:5a:c0:
                    8b:b8:dd:85:f1:b1:11:8f:0c:fe:07:b2:2a:2d:d4:
                    d4:b1:11:93:fc:17:0c:0c:79:c6:80:aa:23:11:70:
                    02:23:80:17:fa:43:22:79:d5:85:cd:2f:e0:1d:e1:
                    48:da:8e:eb:e7:c0:7a:88:de:4f:c3:ff:b0:d8:d9:
                    e8:0b:b4:50:93:ba:cb:d0:3a:c4:be:68:57:04:4b:
                    98:dc:05:ca:7e:0c:7c:f9:71:2a:ba:6a:9a:f5:ae:
                    07:01:8d:67:21:72:00:58:21:0d:cd:b1:61:78:99:
                    b5:aa:81:00:da:4f:64:45:e3:fb:51:df:8d:d2:44:
                    50:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:C8:71:82:8A:82:F8:F8:23:0C:D4:93:FF:71:DE:91:EF:2E:C7:BD
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/86031003-8765-4ab1-842d-ef1af47deb94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daf4:10c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:d7:82:c0:91:aa:9a:24:92:75:88:f6:a0:c6:0a:1a:b0:0a:
         e6:98:b9:60:39:2b:8e:3f:bb:c6:ba:ab:f7:c0:9d:ba:84:e2:
         d5:c9:41:1e:de:29:e9:38:96:e7:b6:4b:8a:97:3d:99:c3:72:
         19:4f:12:5e:89:d3:47:14:99:10:c9:9c:08:d6:19:0a:9d:4b:
         de:d7:61:ef:fc:da:6b:40:45:2b:37:dd:95:d0:da:21:8e:1d:
         30:9f:c9:18:ba:aa:93:86:e0:6c:52:72:5c:d8:d6:f4:77:1a:
         d3:27:57:4e:30:5d:0b:d0:d2:ec:64:70:e7:36:1d:41:b7:bd:
         e3:af:6a:dd:64:2c:68:e1:ec:09:90:45:77:92:63:54:eb:33:
         5f:d7:55:40:ca:e2:81:0f:f4:50:31:82:da:d2:45:4b:44:6d:
         b9:f4:38:19:12:40:d6:85:36:11:75:24:63:28:c3:0a:8c:09:
         e6:3c:81:17:21:0b:4d:62:a1:67:34:69:11:fa:8f:d0:1e:66:
         5f:5f:12:8c:98:38:59:81:77:b9:24:9b:c1:37:60:10:54:bc:
         7e:2f:fe:38:a2:fe:72:37:6b:a0:82:ed:10:33:10:ed:1a:5c:
         52:d2:55:e6:12:15:a8:9d:e1:54:3b:00:5f:87:87:d7:43:c9:
         d8:c5:dc:ef
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgIUQ8YrcYa7pop6Ozg0jyBXSpTgikAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDMyNTAwMTEwMVoX
DTI1MDQyOTIzNTk1OVowejFJMEcGA1UEBRNAOTA4NWY0MWQxYTM0OTlhY2MwNTA2
MWVkNjVhMDJjZTc2MzJjMmIwZDM4NWZkYzk3MzE5Yjg4MWMzZGFmNmI1MDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopsfGd4/dE3eWAxbTlrmZFf76W+b
eJfO1TzGE3epY66i2/+sG2n8ORknqEeLBgKH59UU6qtYpRTRThDQFtkD/FREzJkn
ROvyBjyBnTSyD1g8dYDxnBToYBZvdiJhkI5i6yZgEYpEcbP4YKKCfox1wXYtGCw9
UNAwpMUEM6xGh/ZZnpEvWsCLuN2F8bERjwz+B7IqLdTUsRGT/BcMDHnGgKojEXAC
I4AX+kMiedWFzS/gHeFI2o7r58B6iN5Pw/+w2NnoC7RQk7rL0DrEvmhXBEuY3AXK
fgx8+XEqumqa9a4HAY1nIXIAWCENzbFheJm1qoEA2k9kReP7Ud+N0kRQkQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFGzIcYKKgvj4IwzUk/9x3pHvLse9MB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
Lzg2MDMxMDAzLTg3NjUtNGFiMS04NDJkLWVmMWFmNDdkZWI5NC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAP
BAIAAjAJAwcAJAba9BDAMA0GCSqGSIb3DQEBCwUAA4IBAQC514LAkaqaJJJ1iPag
xgoasArmmLlgOSuOP7vGuqv3wJ26hOLVyUEe3inpOJbntkuKlz2Zw3IZTxJeidNH
FJkQyZwI1hkKnUve12Hv/NprQEUrN92V0Nohjh0wn8kYuqqThuBsUnJc2Nb0dxrT
J1dOMF0L0NLsZHDnNh1Bt73jr2rdZCxo4ewJkEV3kmNU6zNf11VAyuKBD/RQMYLa
0kVLRG259DgZEkDWhTYRdSRjKMMKjAnmPIEXIQtNYqFnNGkR+o/QHmZfXxKMmDhZ
gXe5JJvBN2AQVLx+L/44ov5yN2uggu0QMxDtGlxS0lXmEhWoneFUOwBfh4fXQ8nY
xdzv
-----END CERTIFICATE-----