Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/c413bd55-4d9e-47f0-87cb-ba8981b5bce4.roa
File:                     c413bd55-4d9e-47f0-87cb-ba8981b5bce4.roa (raw, json)
Hash identifier:          YGPvunZ7Cs24Aj1m6AQA7ioAlpcv/bF6VlfBTJxHP+k=
Subject key identifier:   05:C7:B8:B5:3F:47:28:C6:3A:9E:22:D2:20:28:E7:8C:87:64:D6:96
Certificate issuer:       /CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
Certificate serial:       2BD7E114A2ACC8C858DF7B818F149CCBB08B35E7
Authority key identifier: BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/c413bd55-4d9e-47f0-87cb-ba8981b5bce4.roa
Signing time:             Tue 07 Jan 2025 00:00:00 +0000
ROA not before:           Tue 07 Jan 2025 00:00:00 +0000
ROA not after:            Tue 11 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        43.250.193.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 14 Jan 2025 07:24:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:d7:e1:14:a2:ac:c8:c8:58:df:7b:81:8f:14:9c:cb:b0:8b:35:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91609040001/serialNumber=BCE9BA11292F847512C0A8412E51E6E3BA0D991D
        Validity
            Not Before: Jan  7 00:00:00 2025 GMT
            Not After : Feb 11 23:59:59 2025 GMT
        Subject: serialNumber=633058192e1adb51c894a3b4c0edeead8250aaa2fa2dae91aebb91fbdca2136a, CN=1684111e-31c1-42e6-8f20-fc9ab8b5cf57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3e:15:78:fc:dc:f7:67:18:ac:95:ce:0c:c7:
                    38:6c:17:53:cc:aa:f1:30:fa:de:fd:04:8d:ee:a0:
                    08:03:2f:f7:04:c3:b8:76:89:e7:d3:c7:5e:c6:af:
                    5a:8f:57:83:9d:f0:26:cd:ab:be:c0:7e:99:60:12:
                    b0:bb:24:d0:2f:c3:52:fb:b9:7a:66:f1:fa:19:32:
                    f8:12:99:5e:69:0f:cd:8d:70:70:41:c4:5e:b7:b9:
                    ba:b6:f4:b1:85:2a:6f:59:77:47:2a:24:7f:b3:6d:
                    aa:9c:24:a0:f8:75:64:8a:a3:c6:6a:83:61:93:2a:
                    15:97:55:de:e3:52:14:56:8c:2a:54:a6:36:68:fe:
                    c9:2d:86:92:cc:cf:a6:c3:56:16:01:2c:b3:20:32:
                    26:9d:bf:31:35:c6:a3:99:13:bc:41:f1:0f:6e:e2:
                    90:9c:72:78:bc:2d:14:2c:0b:bb:8c:e8:07:d1:e0:
                    35:17:53:54:7c:7a:9c:a7:7d:da:df:cd:af:8b:e4:
                    91:65:fb:9c:df:2c:5b:f9:3c:32:3d:54:54:3a:67:
                    f4:2f:93:80:4b:f6:fe:c6:a5:37:a9:ba:2e:e8:cc:
                    8d:11:72:b7:3a:83:07:99:47:92:98:d3:e5:e1:29:
                    e1:65:9e:2b:cb:dd:41:cb:32:a2:0c:90:18:ca:c1:
                    33:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:C7:B8:B5:3F:47:28:C6:3A:9E:22:D2:20:28:E7:8C:87:64:D6:96
            X509v3 Authority Key Identifier:
                keyid:BC:E9:BA:11:29:2F:84:75:12:C0:A8:41:2E:51:E6:E3:BA:0D:99:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vOm6ESkvhHUSwKhBLlHm47oNmR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/c413bd55-4d9e-47f0-87cb-ba8981b5bce4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/bd48a1fa-3471-4ab2-8508-ad36b96813e4/220cee0c-6002-409a-8194-38e216c0096c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.250.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:80:89:fa:aa:53:83:1e:50:1d:b4:a4:28:bd:d4:85:4a:ac:
         e7:44:8e:c1:43:dc:1f:b9:cf:22:3b:1c:ff:81:27:f1:db:87:
         7c:6f:55:66:c7:46:ab:7c:2f:7a:86:7f:53:71:b7:59:b0:d9:
         ce:3d:35:61:97:f3:81:6f:ef:5e:0e:11:d0:36:37:52:4f:be:
         d5:d4:94:7d:54:36:75:72:30:f8:16:2d:4b:d6:bc:e7:6f:6a:
         af:8e:77:51:5f:20:0e:db:aa:93:a2:d3:bb:c7:58:9c:18:62:
         d2:b9:b9:97:a3:e9:02:af:b9:22:37:73:57:0c:dc:7c:7a:7c:
         65:22:0a:13:5a:c4:0e:90:55:77:3c:1a:59:0e:0e:d8:4b:b2:
         76:15:ba:7d:5a:ce:92:63:ae:69:c5:e2:b0:c0:a7:b5:29:00:
         94:0c:6a:7a:0e:54:09:e7:e0:31:ea:03:82:8f:69:aa:76:64:
         f4:01:b3:4d:b3:be:1b:96:85:15:1a:0c:a7:f2:87:ca:79:f2:
         d4:f3:92:bb:85:ad:bb:57:50:ea:6f:38:23:9e:d2:88:70:8f:
         28:e0:ef:ba:d8:15:0e:43:94:f4:e3:bf:c7:07:25:8c:5f:b4:
         da:5c:d7:37:7e:e7:28:26:59:3c:ae:57:eb:3b:68:90:a5:52:
         2a:a9:ea:54
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgIUK9fhFKKsyMhY33uBjxScy7CLNecwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxNjA5MDQwMDAxMTEwLwYDVQQFEyhCQ0U5QkExMTI5
MkY4NDc1MTJDMEE4NDEyRTUxRTZFM0JBMEQ5OTFEMB4XDTI1MDEwNzAwMDAwMFoX
DTI1MDIxMTIzNTk1OVowejFJMEcGA1UEBRNANjMzMDU4MTkyZTFhZGI1MWM4OTRh
M2I0YzBlZGVlYWQ4MjUwYWFhMmZhMmRhZTkxYWViYjkxZmJkY2EyMTM2YTEtMCsG
A1UEAxMkMTY4NDExMWUtMzFjMS00MmU2LThmMjAtZmM5YWI4YjVjZjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjT4VePzc92cYrJXODMc4bBdTzKrx
MPre/QSN7qAIAy/3BMO4donn08dexq9aj1eDnfAmzau+wH6ZYBKwuyTQL8NS+7l6
ZvH6GTL4EpleaQ/NjXBwQcRet7m6tvSxhSpvWXdHKiR/s22qnCSg+HVkiqPGaoNh
kyoVl1Xe41IUVowqVKY2aP7JLYaSzM+mw1YWASyzIDImnb8xNcajmRO8QfEPbuKQ
nHJ4vC0ULAu7jOgH0eA1F1NUfHqcp33a382vi+SRZfuc3yxb+TwyPVRUOmf0L5OA
S/b+xqU3qbou6MyNEXK3OoMHmUeSmNPl4SnhZZ4ry91ByzKiDJAYysEz3QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFAXHuLU/RyjGOp4i0iAo54yHZNaWMB8GA1UdIwQY
MBaAFLzpuhEpL4R1EsCoQS5R5uO6DZkdMA4GA1UdDwEB/wQEAwIHgDB+BggrBgEF
BQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVw
b3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi92T202RVNr
dmhIVVN3S2hCTGxIbTQ3b05tUjAuY2VyMIGeBggrBgEFBQcBCwSBkTCBjjCBiwYI
KwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9uYXdz
LmNvbS92b2x1bWUvYmQ0OGExZmEtMzQ3MS00YWIyLTg1MDgtYWQzNmI5NjgxM2U0
L2M0MTNiZDU1LTRkOWUtNDdmMC04N2NiLWJhODk4MWI1YmNlNC5yb2EwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5h
bWF6b25hd3MuY29tL3ZvbHVtZS9iZDQ4YTFmYS0zNDcxLTRhYjItODUwOC1hZDM2
Yjk2ODEzZTQvMjIwY2VlMGMtNjAwMi00MDlhLTgxOTQtMzhlMjE2YzAwOTZjLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQAK/rBMA0GCSqGSIb3DQEBCwUAA4IBAQBYgIn6qlODHlAdtKQovdSF
SqznRI7BQ9wfuc8iOxz/gSfx24d8b1Vmx0arfC96hn9TcbdZsNnOPTVhl/OBb+9e
DhHQNjdST77V1JR9VDZ1cjD4Fi1L1rznb2qvjndRXyAO26qTotO7x1icGGLSubmX
o+kCr7kiN3NXDNx8enxlIgoTWsQOkFV3PBpZDg7YS7J2Fbp9Ws6SY65pxeKwwKe1
KQCUDGp6DlQJ5+Ax6gOCj2mqdmT0AbNNs74bloUVGgyn8ofKefLU85K7ha27V1Dq
bzgjntKIcI8o4O+62BUOQ5T047/HByWMX7TaXNc3fucoJlk8rlfrO2iQpVIqqepU
-----END CERTIFICATE-----