Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cd4ae033-6f5a-4df3-891a-b695dd705c99.roa
File:                     cd4ae033-6f5a-4df3-891a-b695dd705c99.roa (raw, json)
Hash identifier:          wM+y5o3x9AP94hNTym6QbA0eZbJ0HPhgDcCLIHca3Vc=
Subject key identifier:   72:27:6F:A8:02:D9:31:D1:72:8F:C7:DD:13:EE:85:FA:45:E7:C6:10
Certificate issuer:       /CN=A91F635F0000/serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
Certificate serial:       24697E3767C049024A5063F6490AF15D1323409E
Authority key identifier: 40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cd4ae033-6f5a-4df3-891a-b695dd705c99.roa
Signing time:             Mon 14 Apr 2025 13:37:15 +0000
ROA not before:           Mon 14 Apr 2025 13:37:15 +0000
ROA not after:            Mon 19 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2406:daee::/32 maxlen: 48
Validation:               Failed, certificate revoked on Thu 17 Apr 2025 16:09:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:69:7e:37:67:c0:49:02:4a:50:63:f6:49:0a:f1:5d:13:23:40:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F635F0000, serialNumber=4076825524D2C66D2E10436FE65E93E8C1BD4A37
        Validity
            Not Before: Apr 14 13:37:15 2025 GMT
            Not After : May 19 23:59:59 2025 GMT
        Subject: serialNumber=bde6cc522e613e9da94e3285a8768c5e0bdf80e0eaca7ab4c4f9342e553ce5c9, CN=c0bf0fe8-717c-4f72-9b45-c9c519132a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:9d:6c:50:d7:64:dc:50:19:65:b0:40:44:27:
                    27:72:49:f3:93:e7:33:a1:fe:42:a4:c3:ef:df:8d:
                    ef:9a:69:9f:82:ff:7e:22:2b:86:c9:01:e0:1f:2a:
                    3b:f6:ea:8e:cc:c8:c9:d4:68:c8:3c:83:d5:7a:0f:
                    bd:77:e3:15:33:46:52:21:a1:75:a9:d8:5c:8d:26:
                    0b:bb:c1:2d:ce:96:29:f9:51:ce:4e:3b:6a:92:4e:
                    45:c6:d2:98:44:a6:8c:bd:ae:20:82:67:6a:92:5d:
                    a5:96:6a:33:83:97:12:46:25:e4:28:fe:56:36:0f:
                    b3:db:de:96:2b:14:3a:e6:87:87:54:4c:b5:58:f0:
                    0c:93:da:a7:a5:bb:df:9a:da:54:8e:3f:82:99:bc:
                    12:2b:ae:cb:af:ef:58:28:bc:7b:c3:99:a8:a2:52:
                    cb:32:79:ac:e4:75:26:89:8d:cb:bc:a0:38:5d:78:
                    2d:0b:2f:d9:e1:fb:19:a1:ff:79:a2:a2:4f:de:74:
                    3f:a3:55:db:c5:dc:7c:04:dc:45:98:10:2d:9b:12:
                    cc:4e:71:37:6d:b3:62:08:f1:35:c6:18:b1:55:89:
                    fb:3c:81:6f:1b:c3:8e:c3:9c:aa:a5:ec:3c:dd:60:
                    90:ae:fb:83:d7:6d:07:38:13:07:89:f5:8d:e0:8d:
                    38:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:27:6F:A8:02:D9:31:D1:72:8F:C7:DD:13:EE:85:FA:45:E7:C6:10
            X509v3 Authority Key Identifier:
                keyid:40:76:82:55:24:D2:C6:6D:2E:10:43:6F:E6:5E:93:E8:C1:BD:4A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QHaCVSTSxm0uEENv5l6T6MG9Sjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/cd4ae033-6f5a-4df3-891a-b695dd705c99.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/08c2f264-23f9-49fb-9d43-f8b50bec9261/7ba17863-a613-4197-9ed5-beda6a89869f.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:daee::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:85:07:2f:e0:e0:c5:db:57:c7:b4:b2:f9:77:fa:1b:3f:73:
         05:28:fe:f9:87:9f:e5:90:60:81:e8:a1:af:e0:8e:2b:5d:48:
         9e:2e:3b:c2:88:b0:5e:fa:a6:36:75:d4:34:02:07:7b:20:36:
         d6:72:c1:33:ed:cc:55:c4:64:53:7c:15:6b:d0:58:a1:4f:e4:
         75:0f:a9:8d:78:19:dd:a4:e6:85:28:2f:a5:40:b9:d6:37:7e:
         a9:59:57:31:aa:d9:36:db:3f:9b:1a:2b:1a:ff:70:42:7f:dc:
         b2:4c:73:4d:b0:fe:34:36:af:5d:70:f0:63:c9:3a:03:71:4a:
         69:a4:47:65:12:6a:ab:36:e3:58:28:34:9d:05:36:d4:e8:68:
         58:0e:65:02:86:ce:f6:78:1f:6e:15:b8:03:59:77:43:b6:12:
         2d:d9:8f:0b:87:c8:0a:37:3b:38:d9:f0:85:91:6f:26:f7:ae:
         5d:6f:c0:86:c6:85:cf:9c:90:48:7f:3b:41:9b:02:a5:8d:06:
         5e:17:9a:24:74:dc:39:93:e1:57:4b:b7:aa:9c:2a:a8:1f:7a:
         6d:cc:a4:30:0b:a3:7d:e7:66:9d:6a:9d:c5:24:c5:dd:53:82:
         c2:78:cb:cc:7a:54:93:1f:94:91:8e:28:f1:a6:53:b2:d3:b9:
         cd:94:4c:e3
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIUJGl+N2fASQJKUGP2SQrxXRMjQJ4wDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjYzNUYwMDAwMTEwLwYDVQQFEyg0MDc2ODI1NTI0
RDJDNjZEMkUxMDQzNkZFNjVFOTNFOEMxQkQ0QTM3MB4XDTI1MDQxNDEzMzcxNVoX
DTI1MDUxOTIzNTk1OVowejFJMEcGA1UEBRNAYmRlNmNjNTIyZTYxM2U5ZGE5NGUz
Mjg1YTg3NjhjNWUwYmRmODBlMGVhY2E3YWI0YzRmOTM0MmU1NTNjZTVjOTEtMCsG
A1UEAxMkYzBiZjBmZTgtNzE3Yy00ZjcyLTliNDUtYzljNTE5MTMyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu51sUNdk3FAZZbBARCcncknzk+cz
of5CpMPv343vmmmfgv9+IiuGyQHgHyo79uqOzMjJ1GjIPIPVeg+9d+MVM0ZSIaF1
qdhcjSYLu8EtzpYp+VHOTjtqkk5FxtKYRKaMva4ggmdqkl2llmozg5cSRiXkKP5W
Ng+z296WKxQ65oeHVEy1WPAMk9qnpbvfmtpUjj+CmbwSK67Lr+9YKLx7w5moolLL
Mnms5HUmiY3LvKA4XXgtCy/Z4fsZof95oqJP3nQ/o1Xbxdx8BNxFmBAtmxLMTnE3
bbNiCPE1xhixVYn7PIFvG8OOw5yqpew83WCQrvuD120HOBMHifWN4I04XQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFHInb6gC2THRco/H3RPuhfpF58YQMB8GA1UdIwQY
MBaAFEB2glUk0sZtLhBDb+Zek+jBvUo3MA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9RSGFDVlNU
U3htMHVFRU52NWw2VDZNRzlTamMuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvMDhjMmYyNjQtMjNmOS00OWZiLTlkNDMtZjhiNTBiZWM5MjYx
L2NkNGFlMDMzLTZmNWEtNGRmMy04OTFhLWI2OTVkZDcwNWM5OS5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS8wOGMyZjI2NC0yM2Y5LTQ5ZmItOWQ0My1mOGI1
MGJlYzkyNjEvN2JhMTc4NjMtYTYxMy00MTk3LTllZDUtYmVkYTZhODk4NjlmLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzAN
BAIAAjAHAwUAJAba7jANBgkqhkiG9w0BAQsFAAOCAQEAFoUHL+DgxdtXx7Sy+Xf6
Gz9zBSj++Yef5ZBggeihr+COK11Ini47woiwXvqmNnXUNAIHeyA21nLBM+3MVcRk
U3wVa9BYoU/kdQ+pjXgZ3aTmhSgvpUC51jd+qVlXMarZNts/mxorGv9wQn/cskxz
TbD+NDavXXDwY8k6A3FKaaRHZRJqqzbjWCg0nQU21OhoWA5lAobO9ngfbhW4A1l3
Q7YSLdmPC4fICjc7ONnwhZFvJveuXW/AhsaFz5yQSH87QZsCpY0GXheaJHTcOZPh
V0u3qpwqqB96bcykMAujfedmnWqdxSTF3VOCwnjLzHpUkx+UkY4o8aZTstO5zZRM
4w==
-----END CERTIFICATE-----