Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS147028.roa
File:                     AS147028.roa (raw, json)
Hash identifier:          vA7m+P/LKsNVecwo1yfWpEcBtJP5Wwzr97BOMtKSRys=
Subject key identifier:   94:11:D1:A6:D6:E5:C3:43:AD:B4:21:38:ED:21:F4:03:8F:21:38:7A
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       6F97269C7CDF3C1C23B63C66356AD3CBCE021537
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS147028.roa
Signing time:             Tue 16 Jul 2024 02:42:22 +0000
ROA not before:           Tue 16 Jul 2024 02:37:22 +0000
ROA not after:            Tue 15 Jul 2025 02:42:22 +0000
asID:                     147028
IP address blocks:        2a0f:9400:7810::/44 maxlen: 48
                          2a0f:9400:7814::/47 maxlen: 48
                          2a0f:9400:7820::/44 maxlen: 48
                          2a0f:9400:7834::/47 maxlen: 47
                          2a0f:9400:7844::/47 maxlen: 47

Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:97:26:9c:7c:df:3c:1c:23:b6:3c:66:35:6a:d3:cb:ce:02:15:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Jul 16 02:37:22 2024 GMT
            Not After : Jul 15 02:42:22 2025 GMT
        Subject: CN=9411D1A6D6E5C343ADB42138ED21F4038F21387A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:80:de:30:0f:9c:38:81:d9:16:04:bd:19:b2:
                    f4:f2:ed:4e:7a:29:23:48:74:a1:44:73:34:f0:8c:
                    36:e8:a9:58:1c:1d:fa:e4:3d:c9:56:8c:ca:d0:4d:
                    b6:85:09:a7:fc:53:b0:3c:5f:6d:86:10:d8:03:44:
                    03:a5:70:6b:7a:c1:93:0e:01:c7:73:ea:60:e3:15:
                    53:77:ad:a8:31:b0:30:ce:4e:9b:03:97:c6:00:29:
                    f2:40:f4:81:f8:c6:e5:81:bf:89:68:5e:27:67:5f:
                    fc:93:c8:2d:7d:df:84:85:6d:b8:69:9b:f2:1e:e0:
                    c1:36:41:55:a5:8d:ef:c8:75:a5:7d:27:b5:a0:7e:
                    ba:4c:d7:05:a4:ca:66:c3:16:96:3f:72:0f:f5:02:
                    71:b3:c8:9a:3d:bd:3b:9a:0e:8e:b1:d5:d3:e1:72:
                    54:9f:d0:d0:3b:ed:1a:89:9c:ac:14:41:0d:7f:18:
                    74:4d:cc:3e:fc:d8:31:96:71:01:93:83:5b:fc:62:
                    db:3c:0d:50:b2:7a:c7:5d:92:cd:70:af:9d:22:c1:
                    29:55:ca:da:41:ed:b4:bd:52:2c:40:2d:bc:31:f0:
                    9e:b4:6a:ff:ac:04:23:15:40:63:cb:6b:de:37:e6:
                    76:4c:05:1c:08:3c:a6:c4:cf:78:a3:da:d5:c3:c5:
                    42:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:11:D1:A6:D6:E5:C3:43:AD:B4:21:38:ED:21:F4:03:8F:21:38:7A
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS147028.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:7810::-2a0f:9400:782f:ffff:ffff:ffff:ffff:ffff
                  2a0f:9400:7834::/47
                  2a0f:9400:7844::/47

    Signature Algorithm: sha256WithRSAEncryption
         33:2f:07:47:3d:d6:b0:9f:14:6e:bb:83:de:f4:69:13:6e:1f:
         46:e6:c0:3f:4b:2b:be:ba:9c:82:93:42:3d:a7:9e:74:69:e2:
         6b:93:a2:20:99:f1:fb:cc:11:55:85:c0:54:bd:f3:16:e3:0b:
         68:3e:af:6c:55:d6:cf:50:2e:79:da:15:2e:74:de:85:32:38:
         e1:23:ff:c2:60:3d:7b:11:d4:95:ed:c3:c8:c8:db:e7:c8:8c:
         37:b3:07:a3:12:5e:fb:3d:38:c3:62:2a:88:9a:e5:6e:75:e4:
         fc:4d:5a:7f:9c:a8:00:d6:58:70:25:45:fa:03:2a:15:cc:09:
         f8:8f:8b:84:ba:11:77:ef:ce:a7:4e:bc:1b:5c:c1:26:9d:ac:
         ec:d3:69:77:7b:89:68:ec:bf:82:df:7b:c4:0b:e3:40:17:6a:
         47:9b:fb:41:03:52:9c:06:80:bd:7b:aa:81:97:f7:56:66:59:
         17:90:38:d7:62:d5:f2:44:5f:e1:09:e2:0a:cb:a2:45:fd:5f:
         26:09:49:74:98:0f:96:4a:30:e0:a6:84:60:5c:1c:13:3f:98:
         7e:f9:33:1e:f9:da:30:5a:9d:c4:3a:6f:a7:31:c2:e3:82:6b:
         cc:e7:08:f8:db:39:2d:dc:e4:48:c8:5f:f2:2b:81:bd:ea:a4:
         f0:a7:17:f4
-----BEGIN CERTIFICATE-----
MIIE3DCCA8SgAwIBAgIUb5cmnHzfPBwjtjxmNWrTy84CFTcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yNDA3MTYwMjM3MjJaFw0yNTA3MTUwMjQyMjJaMDMxMTAvBgNV
BAMTKDk0MTFEMUE2RDZFNUMzNDNBREI0MjEzOEVEMjFGNDAzOEYyMTM4N0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBgN4wD5w4gdkWBL0ZsvTy7U56
KSNIdKFEczTwjDboqVgcHfrkPclWjMrQTbaFCaf8U7A8X22GENgDRAOlcGt6wZMO
Acdz6mDjFVN3ragxsDDOTpsDl8YAKfJA9IH4xuWBv4loXidnX/yTyC1934SFbbhp
m/Ie4ME2QVWlje/IdaV9J7WgfrpM1wWkymbDFpY/cg/1AnGzyJo9vTuaDo6x1dPh
clSf0NA77RqJnKwUQQ1/GHRNzD782DGWcQGTg1v8Yts8DVCyesddks1wr50iwSlV
ytpB7bS9UixALbwx8J60av+sBCMVQGPLa9435nZMBRwIPKbEz3ij2tXDxUK5AgMB
AAGjggHmMIIB4jAdBgNVHQ4EFgQUlBHRptblw0OttCE47SH0A48hOHowHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBcBggrBgEFBQcBCwRQME4wTAYIKwYBBQUHMAuG
QHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzE0NzAyOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/Bggr
BgEFBQcBBwEB/wQwMC4wLAQCAAIwJjASAwcEKg+UAHgQAwcEKg+UAHggAwcBKg+U
AHg0AwcBKg+UAHhEMA0GCSqGSIb3DQEBCwUAA4IBAQAzLwdHPdawnxRuu4Pe9GkT
bh9G5sA/Syu+upyCk0I9p550aeJrk6IgmfH7zBFVhcBUvfMW4wtoPq9sVdbPUC55
2hUudN6FMjjhI//CYD17EdSV7cPIyNvnyIw3swejEl77PTjDYiqImuVudeT8TVp/
nKgA1lhwJUX6AyoVzAn4j4uEuhF3786nTrwbXMEmnazs02l3e4lo7L+C33vEC+NA
F2pHm/tBA1KcBoC9e6qBl/dWZlkXkDjXYtXyRF/hCeIKy6JF/V8mCUl0mA+WSjDg
poRgXBwTP5h++TMe+dowWp3EOm+nMcLjgmvM5wj42zkt3ORIyF/yK4G96qTwpxf0
-----END CERTIFICATE-----