Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ba8efdcb-f1a2-4027-a963-0552719399bb.roa
File:                     ba8efdcb-f1a2-4027-a963-0552719399bb.roa (raw, json)
Hash identifier:          DruCmL6n1v8O0c/N9+lU1Dn8JfU2LWychW1sKeBU0sU=
Subject key identifier:   BC:DD:17:9C:C1:A3:07:EA:2A:53:21:28:6F:89:87:E1:D5:3A:FB:9A
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       72D2FE9F9EFF20BF3B73067C5C6FFC87D43B81DA
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ba8efdcb-f1a2-4027-a963-0552719399bb.roa
Signing time:             Mon 12 May 2025 15:10:09 +0000
ROA not before:           Mon 12 May 2025 15:10:09 +0000
ROA not after:            Mon 16 Jun 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daee:4000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 20:08:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:d2:fe:9f:9e:ff:20:bf:3b:73:06:7c:5c:6f:fc:87:d4:3b:81:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: May 12 15:10:09 2025 GMT
            Not After : Jun 16 23:59:59 2025 GMT
        Subject: serialNumber=d1b32417dfee21d8505b679fbb4571ddce3daa463b07f94e3e8c48958da0cabf, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:a8:44:af:2c:c4:0e:f1:fd:b1:3b:7a:69:e8:
                    93:59:cc:fc:c9:40:a8:20:98:b1:0d:f3:ca:f8:0b:
                    27:8d:d7:27:ee:e2:cf:a7:a6:05:98:3b:8a:d9:d3:
                    02:42:9e:01:f3:b8:07:a3:d1:18:9c:f8:5b:70:11:
                    00:bf:3f:63:57:a8:63:16:82:aa:31:fc:5e:be:bf:
                    b6:cb:f9:f8:ef:46:4a:50:13:b4:dd:c6:48:17:3f:
                    1e:fd:a1:e5:73:02:30:8d:a1:4d:f8:11:49:1c:20:
                    04:9a:a5:2e:e7:ed:18:64:b3:f6:f4:44:c3:74:83:
                    ff:41:7e:73:f6:a7:4f:2c:b8:46:1e:e1:1f:a4:81:
                    03:78:8c:c9:fa:bd:8c:cb:71:2c:6d:7d:24:7c:fa:
                    aa:02:dc:b7:e3:1e:aa:c1:5f:50:03:c3:1c:1c:21:
                    bb:e5:17:ff:0a:de:bd:48:71:58:d9:cb:27:55:88:
                    1b:d8:3d:d0:3b:c2:19:22:77:e4:0d:f7:56:07:c1:
                    72:7f:58:3d:2d:ff:a0:c9:6f:57:a6:3b:7c:2c:91:
                    5b:8e:0b:93:43:de:6d:88:74:82:c7:ef:d4:81:98:
                    16:9c:9d:6b:0a:64:f7:5d:78:04:84:23:41:69:8f:
                    54:a4:c1:88:cb:07:b1:8c:fc:49:42:a7:c2:c0:7d:
                    fc:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:DD:17:9C:C1:A3:07:EA:2A:53:21:28:6F:89:87:E1:D5:3A:FB:9A
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/ba8efdcb-f1a2-4027-a963-0552719399bb.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daee:4000::/40

    Signature Algorithm: sha256WithRSAEncryption
         7e:80:8a:a9:73:8c:3e:59:a1:5a:1e:20:a5:43:ef:f4:90:0c:
         43:72:33:d8:3e:8c:1a:30:0f:7a:47:d2:39:d5:c8:55:08:95:
         c3:14:dd:e9:05:19:4d:29:2c:07:22:a9:3a:ec:a1:03:b5:37:
         6c:cd:ca:66:cc:1b:d8:de:f1:1c:9a:2a:f4:ba:df:67:6e:22:
         fc:25:49:17:4c:1b:29:d1:61:60:31:a1:16:e6:09:9c:3a:97:
         f0:f2:67:61:ee:d2:23:6e:b6:cb:4b:87:65:7e:7b:77:2a:0d:
         f3:17:fc:a4:fa:92:94:55:76:84:26:a2:ad:74:2a:19:f8:96:
         de:a3:64:b8:7c:4d:26:bd:1f:fd:b1:74:a3:87:cb:15:6b:58:
         93:d1:e0:5a:46:a3:bc:73:9b:f1:7a:25:d5:3c:d8:24:fa:dd:
         58:c7:b4:ce:53:3b:8c:38:38:a0:7e:c5:5b:a6:c2:fd:c0:59:
         e2:21:e6:83:b9:9b:a9:90:ae:58:7b:07:47:67:cb:76:77:7b:
         2b:65:e7:1e:61:af:44:43:6c:1f:7e:4a:9e:11:0b:73:ce:bb:
         68:e3:b0:d5:54:ad:06:81:c7:fc:52:05:36:c4:8c:df:88:c1:
         e7:e6:dd:7b:aa:d4:5a:8a:49:be:5f:86:e7:0f:b4:9d:be:ea:
         ce:6f:ad:f9
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUctL+n57/IL87cwZ8XG/8h9Q7gdowDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDUxMjE1MTAwOVoX
DTI1MDYxNjIzNTk1OVowejFJMEcGA1UEBRNAZDFiMzI0MTdkZmVlMjFkODUwNWI2
NzlmYmI0NTcxZGRjZTNkYWE0NjNiMDdmOTRlM2U4YzQ4OTU4ZGEwY2FiZjEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKhEryzEDvH9sTt6aeiTWcz8yUCo
IJixDfPK+Asnjdcn7uLPp6YFmDuK2dMCQp4B87gHo9EYnPhbcBEAvz9jV6hjFoKq
Mfxevr+2y/n470ZKUBO03cZIFz8e/aHlcwIwjaFN+BFJHCAEmqUu5+0YZLP29ETD
dIP/QX5z9qdPLLhGHuEfpIEDeIzJ+r2My3EsbX0kfPqqAty34x6qwV9QA8McHCG7
5Rf/Ct69SHFY2csnVYgb2D3QO8IZInfkDfdWB8Fyf1g9Lf+gyW9Xpjt8LJFbjguT
Q95tiHSCx+/UgZgWnJ1rCmT3XXgEhCNBaY9UpMGIywexjPxJQqfCwH38uQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFLzdF5zBowfqKlMhKG+Jh+HVOvuaMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JhOGVmZGNiLWYxYTItNDAyNy1hOTYzLTA1NTI3MTkzOTliYi5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAba7kAwDQYJKoZIhvcNAQELBQADggEBAH6AiqlzjD5ZoVoeIKVD
7/SQDENyM9g+jBowD3pH0jnVyFUIlcMU3ekFGU0pLAciqTrsoQO1N2zNymbMG9je
8RyaKvS632duIvwlSRdMGynRYWAxoRbmCZw6l/DyZ2Hu0iNutstLh2V+e3cqDfMX
/KT6kpRVdoQmoq10Khn4lt6jZLh8TSa9H/2xdKOHyxVrWJPR4FpGo7xzm/F6JdU8
2CT63VjHtM5TO4w4OKB+xVumwv3AWeIh5oO5m6mQrlh7B0dny3Z3eytl5x5hr0RD
bB9+Sp4RC3POu2jjsNVUrQaBx/xSBTbEjN+Iwefm3Xuq1FqKSb5fhucPtJ2+6s5v
rfk=
-----END CERTIFICATE-----