Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062333a3a2f34382d3438203d3e203437323732.roa
File:                     326131313a323963303a393062333a3a2f34382d3438203d3e203437323732.roa (raw, json)
Hash identifier:          kvhCbkiAlLMehT1UoFwSy/9uXl4hjr0yKF2D8cXXZy0=
Subject key identifier:   5F:2F:E5:75:94:10:65:17:65:34:DD:C8:52:02:B9:3D:E9:6D:4E:45
Certificate issuer:       /CN=CDC014669D381152AFB94B76936268BFF73E7D50
Certificate serial:       24EE5A9AD9F0585F0ED86215E21EB7CB773CA239
Authority key identifier: CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062333a3a2f34382d3438203d3e203437323732.roa
Signing time:             Sun 26 Nov 2023 11:08:45 +0000
ROA not before:           Sun 26 Nov 2023 11:03:45 +0000
ROA not after:            Sun 24 Nov 2024 11:08:45 +0000
asID:                     47272
IP address blocks:        2a11:29c0:90b3::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:ee:5a:9a:d9:f0:58:5f:0e:d8:62:15:e2:1e:b7:cb:77:3c:a2:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CDC014669D381152AFB94B76936268BFF73E7D50
        Validity
            Not Before: Nov 26 11:03:45 2023 GMT
            Not After : Nov 24 11:08:45 2024 GMT
        Subject: CN=5F2FE575941065176534DDC85202B93DE96D4E45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a0:2e:1c:f3:f2:35:37:e0:39:fe:30:1d:24:
                    e7:16:5e:3a:69:08:01:be:80:18:6a:fb:98:2c:5d:
                    94:7b:6c:65:d8:aa:d5:a3:99:f2:f2:30:31:cd:3a:
                    26:13:61:cf:a3:76:2a:05:bd:fd:95:38:eb:bd:8f:
                    d1:a5:6b:2f:4a:39:99:11:43:51:4c:58:74:d4:e3:
                    74:6f:45:a7:a5:66:39:06:75:a9:16:79:13:5a:5d:
                    5c:be:c3:0a:15:45:0b:bf:a2:59:b4:12:af:a0:66:
                    ce:79:ac:38:6f:77:1c:00:e7:8a:b4:1d:4c:d4:d0:
                    1c:07:ad:0c:dd:ba:4c:5d:c5:e1:a2:02:d3:58:1d:
                    d5:91:38:da:23:69:f7:90:b4:c6:0a:fa:90:3d:61:
                    83:5b:6e:7a:68:71:1c:a7:42:99:09:5f:89:f0:28:
                    71:ce:cb:12:28:35:5f:0b:51:d2:f9:d2:0f:f4:39:
                    95:c2:cc:ef:fa:eb:96:8d:28:93:da:49:b8:8e:8d:
                    98:90:4e:0e:31:0f:17:d5:06:9d:1f:f6:fa:2f:ae:
                    fc:b5:41:e8:ff:f4:c5:0b:ae:fd:03:01:bd:5f:23:
                    95:13:35:3b:b3:77:44:0d:6a:2e:d8:2c:61:42:8e:
                    7c:26:23:b0:d0:59:07:7f:15:77:48:ba:01:2f:58:
                    9d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:2F:E5:75:94:10:65:17:65:34:DD:C8:52:02:B9:3D:E9:6D:4E:45
            X509v3 Authority Key Identifier:
                keyid:CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/CDC014669D381152AFB94B76936268BFF73E7D50.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062333a3a2f34382d3438203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:90b3::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:02:5b:68:d1:0d:ed:25:0a:ca:3d:af:fd:bd:2f:d4:d6:15:
         62:35:44:30:50:70:6f:d3:8d:1f:f2:12:bc:58:5a:8e:60:80:
         a4:51:13:19:9f:25:09:19:b0:33:47:c5:76:d8:98:59:8b:84:
         0e:7d:54:90:26:76:59:b1:ad:e5:74:23:4e:57:34:c9:a4:76:
         b3:69:c1:5d:8e:64:1f:35:a2:60:f4:a0:02:52:d7:a1:b7:1f:
         39:55:d6:54:28:c1:67:b1:7a:85:6c:e5:94:a0:42:11:9e:83:
         f5:e7:7e:0c:f3:1a:16:75:5f:b4:c2:42:9f:0e:2d:6d:59:08:
         d1:f0:08:28:ad:f4:69:56:dc:3d:1d:95:80:80:dc:1c:e6:a0:
         89:b0:eb:00:47:75:90:73:e0:e7:13:8a:e2:bd:27:93:2f:a7:
         d8:22:9e:ee:49:45:bd:7c:92:78:93:46:73:ba:26:1b:ba:f6:
         d7:0f:02:6f:c1:2a:f2:2f:91:9d:98:d3:6f:ed:57:83:11:4d:
         5f:a2:e2:55:ab:36:fd:0f:7c:7c:cf:2c:38:c7:0d:a1:10:53:
         30:15:56:1c:54:e2:6b:d6:2c:f9:f8:c2:d2:54:95:0a:e8:52:
         90:87:2c:ac:e1:f9:e4:4a:e4:20:d9:9a:6e:3e:04:f4:c1:40:
         f9:22:43:b2
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUJO5amtnwWF8O2GIV4h63y3c8ojkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZG
NzNFN0Q1MDAeFw0yMzExMjYxMTAzNDVaFw0yNDExMjQxMTA4NDVaMDMxMTAvBgNV
BAMTKDVGMkZFNTc1OTQxMDY1MTc2NTM0RERDODUyMDJCOTNERTk2RDRFNDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOoC4c8/I1N+A5/jAdJOcWXjpp
CAG+gBhq+5gsXZR7bGXYqtWjmfLyMDHNOiYTYc+jdioFvf2VOOu9j9Glay9KOZkR
Q1FMWHTU43RvRaelZjkGdakWeRNaXVy+wwoVRQu/olm0Eq+gZs55rDhvdxwA54q0
HUzU0BwHrQzdukxdxeGiAtNYHdWRONojafeQtMYK+pA9YYNbbnpocRynQpkJX4nw
KHHOyxIoNV8LUdL50g/0OZXCzO/665aNKJPaSbiOjZiQTg4xDxfVBp0f9vovrvy1
Qej/9MULrv0DAb1fI5UTNTuzd0QNai7YLGFCjnwmI7DQWQd/FXdIugEvWJ09AgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQUXy/ldZQQZRdlNN3IUgK5PeltTkUwHwYDVR0j
BBgwFoAUzcAUZp04EVKvuUt2k2Jov/c+fVAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzIvQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZGNzNFN0Q1MC5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84MTExNWJjNi0xMGY2LTRh
ZjMtYmEwOS04YjY4N2E1NmZiZjUvMC9DREMwMTQ2NjlEMzgxMTUyQUZCOTRCNzY5
MzYyNjhCRkY3M0U3RDUwLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8zMjUzZDk3My1kNWJmLTQ1NDEtYmNjMS0yNzY1NDNhMjVjN2QvMi8zMjYxMzEz
MTNhMzIzOTYzMzAzYTM5MzA2MjMzM2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzQz
NzMyMzczMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoRKcCQszANBgkqhkiG9w0BAQsFAAOCAQEAdQJb
aNEN7SUKyj2v/b0v1NYVYjVEMFBwb9ONH/ISvFhajmCApFETGZ8lCRmwM0fFdtiY
WYuEDn1UkCZ2WbGt5XQjTlc0yaR2s2nBXY5kHzWiYPSgAlLXobcfOVXWVCjBZ7F6
hWzllKBCEZ6D9ed+DPMaFnVftMJCnw4tbVkI0fAIKK30aVbcPR2VgIDcHOagibDr
AEd1kHPg5xOK4r0nky+n2CKe7klFvXySeJNGc7omG7r21w8Cb8Eq8i+RnZjTb+1X
gxFNX6LiVas2/Q98fM8sOMcNoRBTMBVWHFTia9Ys+fjC0lSVCuhSkIcsrOH55Erk
INmabj4E9MFA+SJDsg==
-----END CERTIFICATE-----