Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bfae4f06-e834-43f8-aa8f-3ea7143afe11.roa
File:                     bfae4f06-e834-43f8-aa8f-3ea7143afe11.roa (raw, json)
Hash identifier:          UObuach0bjbbMRzQeslv8yDpbEibXDpq+Oof7UpEsk0=
Subject key identifier:   5E:15:B9:1E:06:82:86:C8:E8:EF:CE:02:59:BC:34:A9:18:81:DC:B1
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       74066450B028F3C0A824DCC545AADBC6AF268D2D
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bfae4f06-e834-43f8-aa8f-3ea7143afe11.roa
Signing time:             Thu 17 Apr 2025 16:07:07 +0000
ROA not before:           Thu 17 Apr 2025 16:07:07 +0000
ROA not after:            Thu 22 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:dabb:1000::/40 maxlen: 40
Validation:               Failed, certificate revoked on Thu 17 Apr 2025 20:09:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:06:64:50:b0:28:f3:c0:a8:24:dc:c5:45:aa:db:c6:af:26:8d:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Apr 17 16:07:07 2025 GMT
            Not After : May 22 23:59:59 2025 GMT
        Subject: serialNumber=a9a11d04b43df0db82d3fb7331586c32ea4e50bd9868a69b23f945d893f765a0, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:8f:f2:36:71:4e:24:4b:8b:ca:98:65:8c:ec:
                    5c:91:91:32:47:9c:d2:88:ba:da:cb:a5:cd:50:5b:
                    ef:39:d5:87:c3:da:28:97:b6:ac:08:d2:bf:65:6c:
                    8b:a3:ef:08:b7:20:15:2a:84:ac:30:4a:36:f3:f6:
                    0c:ce:2a:fe:9a:db:4f:5f:49:3d:66:06:b7:09:82:
                    d5:bd:fe:10:7a:a4:1a:52:c6:5e:37:d5:a6:68:22:
                    12:17:f0:99:4e:4a:27:35:39:d8:ec:ec:68:f5:97:
                    f0:8b:ee:58:4d:90:e0:70:31:39:24:b4:a5:4f:f6:
                    b5:71:7e:0d:1c:21:9d:8d:52:7e:04:ca:bb:49:c2:
                    55:75:85:5c:2b:11:7b:74:03:45:8d:80:fa:74:91:
                    aa:9c:a6:96:8a:f9:53:6a:b2:df:27:02:bc:a4:a5:
                    ad:d7:a9:c6:a1:4e:d4:a8:76:f4:bd:02:80:98:fb:
                    d5:7b:53:eb:4c:5d:76:82:d3:31:66:4a:17:7c:25:
                    8e:65:e7:a1:67:bc:e5:de:1f:75:02:8f:4a:3a:8d:
                    43:69:e0:b0:2d:5f:a5:53:79:92:2f:ff:60:00:2c:
                    81:93:a6:68:32:9e:a7:12:5f:8c:dc:1c:d0:59:94:
                    87:0e:df:19:cc:eb:6d:9d:aa:6d:06:b3:11:ca:97:
                    e2:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:15:B9:1E:06:82:86:C8:E8:EF:CE:02:59:BC:34:A9:18:81:DC:B1
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/bfae4f06-e834-43f8-aa8f-3ea7143afe11.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:dabb:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a8:ea:ca:f3:15:e1:ac:0c:f1:81:12:cc:a4:7f:ae:f1:74:5e:
         8a:9e:e3:bb:74:8c:b4:db:d0:8e:8b:38:68:51:b3:a9:8c:16:
         67:50:55:7a:e5:e6:eb:f1:03:b6:61:9c:83:a8:48:4e:75:84:
         2d:df:28:e7:26:35:98:3d:e0:39:21:da:ba:83:1c:5a:4e:78:
         e4:3f:4a:35:cd:da:40:0a:39:d0:f7:72:c4:39:0b:4b:1b:2f:
         65:1f:a9:5e:98:26:bb:b8:0f:6b:3a:b4:7c:9c:d6:6b:da:3f:
         96:f5:b3:22:b3:27:70:3c:55:f6:27:e7:92:0e:d3:fd:2a:61:
         49:3b:cc:e9:d4:b7:96:25:02:de:43:27:7e:cd:62:63:89:c1:
         24:55:10:41:dc:bf:a0:a3:5a:c2:c3:14:56:aa:c7:a4:ea:e3:
         7f:1e:85:55:2c:99:65:22:3a:fe:43:83:ed:a8:0c:49:77:fb:
         cf:79:13:30:15:1e:6a:59:09:00:83:9a:e9:6e:64:13:fc:f8:
         cf:0e:db:1b:40:e2:88:4a:6b:93:a7:c0:6f:f9:bd:05:6c:87:
         c3:b8:92:1f:8c:5b:a6:3e:89:ff:5b:85:e5:14:ac:98:12:d6:
         f3:e6:d7:52:a7:d6:a2:29:b6:9f:8e:e0:04:f4:81:46:64:1d:
         28:24:ee:c9
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgIUdAZkULAo88CoJNzFRarbxq8mjS0wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDQxNzE2MDcwN1oX
DTI1MDUyMjIzNTk1OVowejFJMEcGA1UEBRNAYTlhMTFkMDRiNDNkZjBkYjgyZDNm
YjczMzE1ODZjMzJlYTRlNTBiZDk4NjhhNjliMjNmOTQ1ZDg5M2Y3NjVhMDEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1o/yNnFOJEuLyphljOxckZEyR5zS
iLray6XNUFvvOdWHw9ool7asCNK/ZWyLo+8ItyAVKoSsMEo28/YMzir+mttPX0k9
Zga3CYLVvf4QeqQaUsZeN9WmaCISF/CZTkonNTnY7Oxo9Zfwi+5YTZDgcDE5JLSl
T/a1cX4NHCGdjVJ+BMq7ScJVdYVcKxF7dANFjYD6dJGqnKaWivlTarLfJwK8pKWt
16nGoU7UqHb0vQKAmPvVe1PrTF12gtMxZkoXfCWOZeehZ7zl3h91Ao9KOo1DaeCw
LV+lU3mSL/9gACyBk6ZoMp6nEl+M3BzQWZSHDt8ZzOttnaptBrMRypfiDQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFF4VuR4GgobI6O/OAlm8NKkYgdyxMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2JmYWU0ZjA2LWU4MzQtNDNmOC1hYThmLTNlYTcxNDNhZmUxMS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAO
BAIAAjAIAwYAJAbauxAwDQYJKoZIhvcNAQELBQADggEBAKjqyvMV4awM8YESzKR/
rvF0Xoqe47t0jLTb0I6LOGhRs6mMFmdQVXrl5uvxA7ZhnIOoSE51hC3fKOcmNZg9
4Dkh2rqDHFpOeOQ/SjXN2kAKOdD3csQ5C0sbL2UfqV6YJru4D2s6tHyc1mvaP5b1
syKzJ3A8VfYn55IO0/0qYUk7zOnUt5YlAt5DJ37NYmOJwSRVEEHcv6CjWsLDFFaq
x6Tq438ehVUsmWUiOv5Dg+2oDEl3+895EzAVHmpZCQCDmuluZBP8+M8O2xtA4ohK
a5OnwG/5vQVsh8O4kh+MW6Y+if9bheUUrJgS1vPm11Kn1qIptp+O4AT0gUZkHSgk
7sk=
-----END CERTIFICATE-----