Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062343a3a2f34382d3438203d3e203437323732.roa
File:                     326131313a323963303a393062343a3a2f34382d3438203d3e203437323732.roa (raw, json)
Hash identifier:          r0tuAx5SSMF+wj8h7JBIjKLmdoroAlLjQen4387tnBw=
Subject key identifier:   ED:6C:EF:CC:C8:4E:EE:91:6C:F1:F2:80:CC:9A:FC:8A:46:EB:37:E9
Certificate issuer:       /CN=CDC014669D381152AFB94B76936268BFF73E7D50
Certificate serial:       2B0B7F8072E7DB9EBB17A860123690DA5256BDD5
Authority key identifier: CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50
Authority info access:    rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062343a3a2f34382d3438203d3e203437323732.roa
Signing time:             Sun 26 Nov 2023 11:08:45 +0000
ROA not before:           Sun 26 Nov 2023 11:03:45 +0000
ROA not after:            Sun 24 Nov 2024 11:08:45 +0000
asID:                     47272
IP address blocks:        2a11:29c0:90b4::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:0b:7f:80:72:e7:db:9e:bb:17:a8:60:12:36:90:da:52:56:bd:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CDC014669D381152AFB94B76936268BFF73E7D50
        Validity
            Not Before: Nov 26 11:03:45 2023 GMT
            Not After : Nov 24 11:08:45 2024 GMT
        Subject: CN=ED6CEFCCC84EEE916CF1F280CC9AFC8A46EB37E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:35:69:65:36:8c:c3:70:c5:03:94:04:c9:c4:
                    36:c4:24:7b:2a:af:3a:61:b8:31:e3:70:a6:fd:df:
                    77:77:c7:14:dd:f4:4b:f4:80:c7:a4:7b:d7:23:f3:
                    3c:39:5f:1a:9b:ca:9b:5c:58:a8:5b:9c:26:7c:20:
                    a6:ec:08:ed:91:9e:45:45:ff:2d:3d:1f:34:a3:6c:
                    27:34:74:33:1f:24:1a:31:3b:7d:ce:be:c6:27:8e:
                    a9:ad:38:36:a9:79:71:48:81:7a:39:0e:82:ce:4f:
                    19:d4:8e:db:f7:b4:09:8d:04:32:1f:a2:86:65:38:
                    e4:1a:fc:1d:68:a4:5a:69:83:4e:14:bf:ad:08:c7:
                    cd:14:64:82:e1:9e:42:4c:d8:f4:ba:ea:1f:35:66:
                    12:8b:f2:8b:51:29:a4:d8:93:e9:74:d2:ca:a2:97:
                    d5:f5:1b:a8:a1:6c:63:e2:42:d9:8e:49:b1:cd:91:
                    91:cb:9f:f7:f4:a7:8f:d8:f8:53:19:fa:3d:79:7b:
                    31:8e:9f:4d:c3:1b:a1:23:ec:33:63:4b:e6:36:52:
                    3c:df:1b:5d:53:8a:a1:69:4a:6e:bc:c7:23:6c:25:
                    82:d2:a6:a0:cc:61:98:84:ce:c4:bf:63:b5:a8:3e:
                    37:f7:64:52:2b:f1:55:9f:99:67:f2:16:28:bf:6d:
                    13:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:6C:EF:CC:C8:4E:EE:91:6C:F1:F2:80:CC:9A:FC:8A:46:EB:37:E9
            X509v3 Authority Key Identifier:
                keyid:CD:C0:14:66:9D:38:11:52:AF:B9:4B:76:93:62:68:BF:F7:3E:7D:50

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/CDC014669D381152AFB94B76936268BFF73E7D50.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rsync.paas.rpki.ripe.net/repository/81115bc6-10f6-4af3-ba09-8b687a56fbf5/0/CDC014669D381152AFB94B76936268BFF73E7D50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/3253d973-d5bf-4541-bcc1-276543a25c7d/2/326131313a323963303a393062343a3a2f34382d3438203d3e203437323732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:29c0:90b4::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:ea:b7:95:d3:49:48:93:eb:6f:d2:0a:ec:7a:25:3d:7c:e5:
         23:50:a5:f0:33:08:18:9f:ea:99:f1:ec:fe:ab:47:8c:e2:38:
         01:c0:6d:3c:72:a6:de:b0:e6:06:59:ab:c7:40:06:59:46:a6:
         0d:cf:94:24:3f:15:63:ad:52:d0:ab:f4:34:de:40:cc:5a:cc:
         ea:ce:f1:d0:65:57:f4:98:42:f4:85:52:93:d1:45:b8:60:a7:
         42:80:4e:44:5f:41:b3:3f:46:19:b9:a2:86:ec:83:08:f3:7e:
         91:ef:46:f5:64:f5:79:ed:38:71:b2:9a:4a:1c:37:9c:04:0e:
         5f:a1:92:a3:5c:72:b3:de:01:de:da:d7:df:9c:c3:d7:6a:b8:
         c6:60:1b:44:f7:50:00:0d:e5:88:b9:2b:81:61:f6:9b:66:c9:
         29:95:36:78:bd:cc:bf:da:65:26:58:1f:59:10:35:31:6d:59:
         af:43:e3:09:6a:16:0e:99:2c:a2:e4:db:d6:b0:96:2c:6e:df:
         21:0e:0b:d3:f9:02:68:63:00:cf:8b:b7:29:b2:4e:3b:fe:8b:
         1b:26:42:09:d2:da:b1:3c:79:13:d2:18:81:a2:97:49:21:08:
         55:21:b3:7d:51:8b:a0:e2:6e:7a:1c:09:c1:0f:ec:83:27:08:
         8f:85:ed:f8
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgIUKwt/gHLn2567F6hgEjaQ2lJWvdUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZG
NzNFN0Q1MDAeFw0yMzExMjYxMTAzNDVaFw0yNDExMjQxMTA4NDVaMDMxMTAvBgNV
BAMTKEVENkNFRkNDQzg0RUVFOTE2Q0YxRjI4MENDOUFGQzhBNDZFQjM3RTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmNWllNozDcMUDlATJxDbEJHsq
rzphuDHjcKb933d3xxTd9Ev0gMeke9cj8zw5XxqbyptcWKhbnCZ8IKbsCO2RnkVF
/y09HzSjbCc0dDMfJBoxO33OvsYnjqmtODapeXFIgXo5DoLOTxnUjtv3tAmNBDIf
ooZlOOQa/B1opFppg04Uv60Ix80UZILhnkJM2PS66h81ZhKL8otRKaTYk+l00sqi
l9X1G6ihbGPiQtmOSbHNkZHLn/f0p4/Y+FMZ+j15ezGOn03DG6Ej7DNjS+Y2Ujzf
G11TiqFpSm68xyNsJYLSpqDMYZiEzsS/Y7WoPjf3ZFIr8VWfmWfyFii/bRM5AgMB
AAGjggKDMIICfzAdBgNVHQ4EFgQU7WzvzMhO7pFs8fKAzJr8ikbrN+kwHwYDVR0j
BBgwFoAUzcAUZp04EVKvuUt2k2Jov/c+fVAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMzI1M2Q5NzMtZDViZi00NTQxLWJjYzEtMjc2NTQzYTI1
YzdkLzIvQ0RDMDE0NjY5RDM4MTE1MkFGQjk0Qjc2OTM2MjY4QkZGNzNFN0Q1MC5j
cmwwgZ4GCCsGAQUFBwEBBIGRMIGOMIGLBggrBgEFBQcwAoZ/cnN5bmM6Ly9yc3lu
Yy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS84MTExNWJjNi0xMGY2LTRh
ZjMtYmEwOS04YjY4N2E1NmZiZjUvMC9DREMwMTQ2NjlEMzgxMTUyQUZCOTRCNzY5
MzYyNjhCRkY3M0U3RDUwLmNlcjCBtQYIKwYBBQUHAQsEgagwgaUwgaIGCCsGAQUF
BzALhoGVcnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS8zMjUzZDk3My1kNWJmLTQ1NDEtYmNjMS0yNzY1NDNhMjVjN2QvMi8zMjYxMzEz
MTNhMzIzOTYzMzAzYTM5MzA2MjM0M2EzYTJmMzQzODJkMzQzODIwM2QzZTIwMzQz
NzMyMzczMi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggrBgEFBQcB
BwEB/wQTMBEwDwQCAAIwCQMHACoRKcCQtDANBgkqhkiG9w0BAQsFAAOCAQEAh+q3
ldNJSJPrb9IK7HolPXzlI1Cl8DMIGJ/qmfHs/qtHjOI4AcBtPHKm3rDmBlmrx0AG
WUamDc+UJD8VY61S0Kv0NN5AzFrM6s7x0GVX9JhC9IVSk9FFuGCnQoBORF9Bsz9G
GbmihuyDCPN+ke9G9WT1ee04cbKaShw3nAQOX6GSo1xys94B3trX35zD12q4xmAb
RPdQAA3liLkrgWH2m2bJKZU2eL3Mv9plJlgfWRA1MW1Zr0PjCWoWDpksouTb1rCW
LG7fIQ4L0/kCaGMAz4u3KbJOO/6LGyZCCdLasTx5E9IYgaKXSSEIVSGzfVGLoOJu
ehwJwQ/sgycIj4Xt+A==
-----END CERTIFICATE-----