Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062303a3a2f34382d3438203d3e203437323732.roa
File:                     326131313a323963303a393062303a3a2f34382d3438203d3e203437323732.roa (raw, json)
Hash identifier:          N1hs9DxX8DH3dSnwZMMLUpiokO6TZnVilxeguGUgY9w=
Subject key identifier:   26:D0:B0:E9:51:03:33:4D:FE:5D:BF:A1:31:D3:6C:15:FA:D3:1E:14
Certificate issuer:       /CN=CDC014669D381152AFB94B76936268BFF73E7D50
Certificate serial:       7F11927B0DA4296A920488DD094F79F350D222CA
Authority key identifier: CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062303a3a2f34382d3438203d3e203437323732.roa
Signing time:             Sun 26 Nov 2023 11:08:45 +0000
ROA not before:           Sun 26 Nov 2023 11:03:45 +0000
ROA not after:            Sun 24 Nov 2024 11:08:45 +0000
asID:                     47272
IP address blocks:        2a11:29c0:90b0::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:11:92:7b:0d:a4:29:6a:92:04:88:dd:09:4f:79:f3:50:d2:22:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CDC014669D381152AFB94B76936268BFF73E7D50
        Validity
            Not Before: Nov 26 11:03:45 2023 GMT
            Not After : Nov 24 11:08:45 2024 GMT
        Subject: CN=26D0B0E95103334DFE5DBFA131D36C15FAD31E14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4a:21:17:0b:b0:c1:3f:31:35:f0:99:ce:3b:
                    c4:4b:8a:6d:17:30:e7:f7:f3:28:98:ac:80:58:e7:
                    b5:49:ed:02:91:90:8c:c3:49:0e:a9:d9:2b:50:b6:
                    b6:38:aa:af:20:75:9b:63:3d:2f:96:3f:71:bd:19:
                    65:bc:b0:a3:60:96:93:49:88:08:7a:fb:19:81:e5:
                    75:a2:9b:a2:2b:b5:80:9a:ad:3a:db:1e:ce:ce:51:
                    fc:cc:47:59:9f:84:e5:41:67:a2:cc:9f:ce:9c:cf:
                    b8:8a:77:d7:b3:6d:f1:f4:68:3f:4c:57:df:c0:d6:
                    18:40:59:02:e1:a3:9a:83:d8:d5:c1:84:23:e3:8c:
                    bd:3a:2d:4f:f6:ae:6a:48:dc:01:dc:4a:96:a7:4b:
                    4a:b7:52:b2:82:d5:1a:08:a8:9a:1f:67:52:e8:5b:
                    6c:1a:ab:51:fa:64:46:fc:0c:7c:89:9b:1a:67:09:
                    88:14:45:86:28:33:c3:ec:51:76:63:5f:f4:ba:2b:
                    07:4a:d1:1a:6a:ff:b5:e0:48:68:8b:bc:79:03:bf:
                    c6:9c:5a:bb:08:1f:3e:ff:a1:09:7a:6c:28:15:c4:
                    8f:fa:d4:8c:b0:fd:75:b2:4e:7b:2d:14:ba:e7:65:
                    f9:55:f6:18:89:0e:b6:bd:cc:2c:3b:50:0a:0e:8b:
                    15:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D0:B0:E9:51:03:33:4D:FE:5D:BF:A1:31:D3:6C:15:FA:D3:1E:14
            X509v3 Authority Key Identifier:
                keyid:CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/CDC014669D381152AFB94B76936268BFF73E7D50.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062303a3a2f34382d3438203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:90b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:ee:92:3f:1f:80:5b:88:0b:e2:67:b1:42:eb:d3:5f:f2:44:
         25:fc:cc:81:01:0c:ed:8b:06:99:10:d7:10:39:48:f5:f0:9c:
         0d:9a:99:21:16:b5:5a:6b:5f:25:de:21:3b:26:74:ad:fc:ad:
         0a:28:17:3e:56:e0:93:a0:da:10:91:64:2f:88:c5:7a:c9:e9:
         bf:06:c7:2c:33:2d:06:0b:98:66:f0:4d:67:bd:fc:fb:3d:03:
         bb:7b:e1:db:5b:1a:9c:9e:ab:20:3c:3a:be:f0:63:9a:2b:c7:
         0e:26:97:eb:07:45:e9:d7:1f:32:a3:40:78:4b:f6:c5:21:b0:
         9b:5d:4b:e2:cc:fe:9a:b5:9c:a0:1d:44:ae:22:21:05:8c:c4:
         d4:8d:ee:28:37:32:14:78:e5:48:2a:f5:c2:60:f9:2f:e7:7f:
         18:4e:6e:7e:c6:b8:0b:8a:38:38:c0:3a:b2:d6:23:9a:96:3a:
         42:5a:eb:78:c8:0d:2c:51:0e:a2:49:77:24:a2:3d:a7:80:c5:
         2d:ca:f1:7b:22:54:65:cb:35:d6:ba:b0:73:8d:69:ff:c6:43:
         34:19:a6:73:94:4d:6a:60:f8:b9:37:6a:1b:4b:27:53:f6:ca:
         0d:a7:ea:2f:d6:11:a4:55:07:e0:d7:95:b6:bd:b7:e6:30:90:
         c9:b1:f7:00
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUfxGSew2kKWqSBIjdCU9581DSIsowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZG
NzNFN0Q1MDAeFw0yMzExMjYxMTAzNDVaFw0yNDExMjQxMTA4NDVaMDMxMTAvBgNV
BAMTKDI2RDBCMEU5NTEwMzMzNERGRTVEQkZBMTMxRDM2QzE1RkFEMzFFMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRSiEXC7DBPzE18JnOO8RLim0X
MOf38yiYrIBY57VJ7QKRkIzDSQ6p2StQtrY4qq8gdZtjPS+WP3G9GWW8sKNglpNJ
iAh6+xmB5XWim6IrtYCarTrbHs7OUfzMR1mfhOVBZ6LMn86cz7iKd9ezbfH0aD9M
V9/A1hhAWQLho5qD2NXBhCPjjL06LU/2rmpI3AHcSpanS0q3UrKC1RoIqJofZ1Lo
W2waq1H6ZEb8DHyJmxpnCYgURYYoM8PsUXZjX/S6KwdK0Rpq/7XgSGiLvHkDv8ac
WrsIHz7/oQl6bCgVxI/61Iyw/XWyTnstFLrnZflV9hiJDra9zCw7UAoOixVXAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUJtCw6VEDM03+Xb+hMdNsFfrTHhQwHwYDVR0j
BBgwFoAUzcAUZp04EVKvuUt2k2Jov/c+fVAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzIvQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZGNzNFN0Q1MC5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84MTExNWJjNi0xMGY2LTRh
ZjMtYmEwOS04YjY4N2E1NmZiZjUvMC9DREMwMTQ2NjlEMzgxMTUyQUZCOTRCNzY5
MzYyNjhCRkY3M0U3RDUwLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8zMjUzZDk3My1kNWJmLTQ1NDEtYmNjMS0yNzY1NDNhMjVjN2QvMi8zMjYxMzEz
MTNhMzIzOTYzMzAzYTM5MzA2MjMwM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzQz
NzMyMzczMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoRKcCQsDANBgkqhkiG9w0BAQsFAAOCAQEAnu6S
Px+AW4gL4mexQuvTX/JEJfzMgQEM7YsGmRDXEDlI9fCcDZqZIRa1WmtfJd4hOyZ0
rfytCigXPlbgk6DaEJFkL4jFesnpvwbHLDMtBguYZvBNZ738+z0Du3vh21sanJ6r
IDw6vvBjmivHDiaX6wdF6dcfMqNAeEv2xSGwm11L4sz+mrWcoB1EriIhBYzE1I3u
KDcyFHjlSCr1wmD5L+d/GE5ufsa4C4o4OMA6stYjmpY6QlrreMgNLFEOokl3JKI9
p4DFLcrxeyJUZcs11rqwc41p/8ZDNBmmc5RNamD4uTdqG0snU/bKDafqL9YRpFUH
4NeVtr235jCQybH3AA==
-----END CERTIFICATE-----