Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062313a3a2f34382d3438203d3e203437323732.roa
File:                     326131313a323963303a393062313a3a2f34382d3438203d3e203437323732.roa (raw, json)
Hash identifier:          OoIqCGB8ZVZNGBhujeYI5BjFHGfcJK7C68mbpsi8mRU=
Subject key identifier:   B3:78:23:24:4E:71:3C:D6:30:88:22:77:C5:20:98:2E:C5:4B:46:8E
Certificate issuer:       /CN=CDC014669D381152AFB94B76936268BFF73E7D50
Certificate serial:       59D672D2DFCA0D8D4C98B351719EB560347CD225
Authority key identifier: CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062313a3a2f34382d3438203d3e203437323732.roa
Signing time:             Sun 26 Nov 2023 11:08:44 +0000
ROA not before:           Sun 26 Nov 2023 11:03:44 +0000
ROA not after:            Sun 24 Nov 2024 11:08:44 +0000
asID:                     47272
IP address blocks:        2a11:29c0:90b1::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:d6:72:d2:df:ca:0d:8d:4c:98:b3:51:71:9e:b5:60:34:7c:d2:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CDC014669D381152AFB94B76936268BFF73E7D50
        Validity
            Not Before: Nov 26 11:03:44 2023 GMT
            Not After : Nov 24 11:08:44 2024 GMT
        Subject: CN=B37823244E713CD630882277C520982EC54B468E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a5:1c:9b:42:66:52:60:c2:19:30:a3:d1:61:
                    fc:93:99:7b:b6:a3:61:23:fe:1c:6d:7e:89:c8:35:
                    06:06:35:eb:53:04:10:a6:19:21:30:82:3f:b8:16:
                    2a:45:11:41:ba:20:46:c0:2e:95:d5:ca:4e:1c:63:
                    2b:36:c2:7c:83:7d:49:1b:55:b3:f2:d6:3f:97:10:
                    64:46:af:c8:34:f6:a5:44:b2:6b:9c:d3:5d:f9:51:
                    4b:44:96:4d:c4:4c:57:7d:26:73:6a:56:07:87:b3:
                    7c:9a:aa:08:ec:40:f8:e9:cd:65:10:6d:a2:7c:f9:
                    1e:6e:0f:f6:32:a1:b5:71:e3:c7:ec:26:0b:f8:ef:
                    a7:22:74:99:82:cd:33:3b:96:c5:a1:84:d4:04:a1:
                    cb:4a:8b:fb:bb:4c:57:11:9f:a8:22:84:d2:a5:b7:
                    1e:05:23:e0:e4:a6:36:35:58:1f:bf:e0:86:a2:5b:
                    eb:a6:b9:9f:27:a5:de:95:dc:8f:1c:68:4b:9a:6f:
                    ac:09:f9:01:ad:8b:99:ca:f1:d5:f1:49:99:5d:45:
                    4d:3c:6c:ff:30:c8:5e:27:0a:d3:ca:70:85:a5:78:
                    23:e8:d2:0a:83:25:3b:de:76:c2:f8:9b:25:dd:cc:
                    51:19:62:1b:b8:f0:16:e1:2d:39:45:e9:b7:d6:ad:
                    8b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:78:23:24:4E:71:3C:D6:30:88:22:77:C5:20:98:2E:C5:4B:46:8E
            X509v3 Authority Key Identifier:
                keyid:CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/CDC014669D381152AFB94B76936268BFF73E7D50.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062313a3a2f34382d3438203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:90b1::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:ea:c0:0c:99:93:28:d4:ff:35:98:9f:22:ca:65:74:33:c6:
         9f:db:39:8a:6f:3f:34:1c:80:18:1e:14:13:5e:2d:48:5f:0e:
         cf:4d:c2:f4:3f:c3:d0:09:d4:2c:6b:a0:ef:3d:82:cf:d9:25:
         72:9c:45:6d:e8:2d:1d:17:b6:cc:ac:83:3f:8a:2a:c7:c2:12:
         19:39:28:79:60:04:f7:a2:b4:b1:f6:cf:a1:5d:2a:fe:0e:a1:
         79:70:ac:d6:6b:75:f2:85:fb:e2:de:49:c4:40:d9:bf:dd:fb:
         81:f4:38:b2:0b:0b:eb:9f:06:7e:fa:6c:f0:44:3a:45:9f:cb:
         13:fd:c0:f0:1d:3f:b8:7e:53:f2:89:83:e5:b1:b8:70:77:f0:
         cb:9d:18:11:42:9f:6d:ba:0d:04:3b:9b:e4:59:29:2b:1c:48:
         35:c3:31:f3:71:e0:c5:a4:77:50:ea:36:80:31:1c:05:84:e0:
         c4:53:4a:d7:06:b0:77:07:aa:5e:cd:f4:1c:b9:c8:97:39:24:
         5e:d1:e9:27:84:47:c7:86:eb:70:f6:ef:0f:35:f2:45:79:92:
         bc:c3:db:8b:af:91:54:f9:da:d9:21:cf:ac:e4:25:4b:f1:7c:
         1f:37:26:5f:3b:ec:d7:eb:82:78:24:e0:86:4a:aa:16:9f:db:
         52:b5:38:70
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUWdZy0t/KDY1MmLNRcZ61YDR80iUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZG
NzNFN0Q1MDAeFw0yMzExMjYxMTAzNDRaFw0yNDExMjQxMTA4NDRaMDMxMTAvBgNV
BAMTKEIzNzgyMzI0NEU3MTNDRDYzMDg4MjI3N0M1MjA5ODJFQzU0QjQ2OEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqpRybQmZSYMIZMKPRYfyTmXu2
o2Ej/hxtfonINQYGNetTBBCmGSEwgj+4FipFEUG6IEbALpXVyk4cYys2wnyDfUkb
VbPy1j+XEGRGr8g09qVEsmuc0135UUtElk3ETFd9JnNqVgeHs3yaqgjsQPjpzWUQ
baJ8+R5uD/YyobVx48fsJgv476cidJmCzTM7lsWhhNQEoctKi/u7TFcRn6gihNKl
tx4FI+DkpjY1WB+/4IaiW+umuZ8npd6V3I8caEuab6wJ+QGti5nK8dXxSZldRU08
bP8wyF4nCtPKcIWleCPo0gqDJTvedsL4myXdzFEZYhu48BbhLTlF6bfWrYuxAgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUs3gjJE5xPNYwiCJ3xSCYLsVLRo4wHwYDVR0j
BBgwFoAUzcAUZp04EVKvuUt2k2Jov/c+fVAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzIvQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZGNzNFN0Q1MC5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84MTExNWJjNi0xMGY2LTRh
ZjMtYmEwOS04YjY4N2E1NmZiZjUvMC9DREMwMTQ2NjlEMzgxMTUyQUZCOTRCNzY5
MzYyNjhCRkY3M0U3RDUwLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8zMjUzZDk3My1kNWJmLTQ1NDEtYmNjMS0yNzY1NDNhMjVjN2QvMi8zMjYxMzEz
MTNhMzIzOTYzMzAzYTM5MzA2MjMxM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzQz
NzMyMzczMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoRKcCQsTANBgkqhkiG9w0BAQsFAAOCAQEAU+rA
DJmTKNT/NZifIspldDPGn9s5im8/NByAGB4UE14tSF8Oz03C9D/D0AnULGug7z2C
z9klcpxFbegtHRe2zKyDP4oqx8ISGTkoeWAE96K0sfbPoV0q/g6heXCs1mt18oX7
4t5JxEDZv937gfQ4sgsL658Gfvps8EQ6RZ/LE/3A8B0/uH5T8omD5bG4cHfwy50Y
EUKfbboNBDub5FkpKxxINcMx83HgxaR3UOo2gDEcBYTgxFNK1wawdweqXs30HLnI
lzkkXtHpJ4RHx4brcPbvDzXyRXmSvMPbi6+RVPna2SHPrOQlS/F8HzcmXzvs1+uC
eCTghkqqFp/bUrU4cA==
-----END CERTIFICATE-----