Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS19624.roa
File:                     AS19624.roa (raw, json)
Hash identifier:          NYqRKbcvS7aIyzt4mKDBfOmePGU/vY3E2D3ILC58wi4=
Subject key identifier:   74:FF:98:67:DB:B9:C2:BB:23:91:5A:F3:F5:97:D3:81:79:92:9D:54
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       53ACAF9D6884FCC91814CD7FC2FEF9A81A8A82D6
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS19624.roa
Signing time:             Fri 27 Sep 2024 18:32:51 +0000
ROA not before:           Fri 27 Sep 2024 18:27:51 +0000
ROA not after:            Fri 26 Sep 2025 18:32:51 +0000
asID:                     19624
IP address blocks:        2a0f:9400:690f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:ac:af:9d:68:84:fc:c9:18:14:cd:7f:c2:fe:f9:a8:1a:8a:82:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Sep 27 18:27:51 2024 GMT
            Not After : Sep 26 18:32:51 2025 GMT
        Subject: CN=74FF9867DBB9C2BB23915AF3F597D38179929D54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:9c:13:83:f7:72:c7:3e:4c:ea:b0:60:2b:83:
                    38:19:23:02:94:3b:83:39:69:73:17:e9:64:c3:f2:
                    a2:e4:2a:42:88:20:07:59:9b:f2:f0:58:29:81:d7:
                    55:fd:9a:cb:2f:72:a3:5f:f1:83:bb:eb:92:6c:4e:
                    e0:64:e3:8d:b4:e5:74:b4:a7:31:cd:86:0e:ed:e2:
                    19:a5:e0:d5:82:50:c1:8d:40:e2:dc:ba:fd:07:c8:
                    50:b3:9c:cf:dc:45:bd:b4:53:e2:2e:5c:27:a9:05:
                    76:1a:53:c2:9c:38:2b:32:d1:2e:8c:a2:fd:73:6a:
                    d1:3b:7d:44:20:d0:16:ce:d2:8b:ec:27:2c:71:1b:
                    ab:11:80:84:83:f9:81:04:30:be:71:10:de:b5:ba:
                    3f:af:73:bd:59:1e:d1:9a:90:1e:4d:1b:ff:d3:2c:
                    95:90:86:75:77:09:96:63:12:8c:7e:97:61:37:1c:
                    5e:90:5d:99:fa:95:a4:c7:99:b1:9d:67:f6:26:47:
                    47:30:76:c2:e9:e4:f7:39:27:d4:4b:a3:2b:27:0f:
                    45:a8:bf:73:d0:0c:53:e1:ea:b3:92:00:38:7a:c6:
                    a0:e4:36:57:03:79:0d:d4:88:31:2f:1f:71:08:8a:
                    a3:fb:b0:27:f2:21:a2:47:86:c3:d2:9d:68:eb:52:
                    8f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:FF:98:67:DB:B9:C2:BB:23:91:5A:F3:F5:97:D3:81:79:92:9D:54
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS19624.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:690f::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:f7:d8:3c:fd:05:49:20:39:11:a0:6e:ee:fe:99:b0:17:f7:
         53:39:02:41:c8:75:1b:83:0f:30:fd:a5:48:5c:0b:bd:d1:d1:
         e6:0b:0c:75:15:ff:d6:24:98:7e:1f:1e:20:ff:5e:fd:c2:8c:
         34:6d:f4:99:ef:89:be:81:60:45:80:c7:10:c9:c4:2c:d4:f1:
         73:e8:7c:41:73:b2:9a:31:4c:60:e3:68:2b:c3:ea:54:dd:b1:
         7c:67:4e:92:c4:df:b8:a7:69:68:02:8d:6b:78:c3:cf:13:28:
         21:42:de:01:1c:b0:48:28:74:c0:3e:25:39:91:f1:34:2e:5c:
         dc:49:04:ee:0e:1f:e7:42:76:3e:73:eb:20:0d:ac:46:34:d7:
         87:23:c0:45:97:9a:23:58:a4:d9:41:06:86:31:ab:a6:f0:4d:
         65:dc:dd:c1:cb:83:58:8b:13:ff:e7:ff:25:f6:ad:bb:02:84:
         e0:1f:bf:96:59:56:97:a3:ee:6c:f6:1c:83:77:a0:30:a4:79:
         0c:08:25:f2:fa:6c:09:d6:11:8e:cd:a9:c2:91:1b:c0:6c:9e:
         95:35:e5:cc:89:ad:88:cc:db:4a:5c:e6:0e:cc:28:de:a4:0d:
         64:1b:e3:15:3e:5a:58:55:ff:58:10:68:f1:3c:66:a1:9e:26:
         42:8d:3a:84
-----BEGIN CERTIFICATE-----
MIIEvjCCA6agAwIBAgIUU6yvnWiE/MkYFM1/wv75qBqKgtYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yNDA5MjcxODI3NTFaFw0yNTA5MjYxODMyNTFaMDMxMTAvBgNV
BAMTKDc0RkY5ODY3REJCOUMyQkIyMzkxNUFGM0Y1OTdEMzgxNzk5MjlENTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQnBOD93LHPkzqsGArgzgZIwKU
O4M5aXMX6WTD8qLkKkKIIAdZm/LwWCmB11X9mssvcqNf8YO765JsTuBk44205XS0
pzHNhg7t4hml4NWCUMGNQOLcuv0HyFCznM/cRb20U+IuXCepBXYaU8KcOCsy0S6M
ov1zatE7fUQg0BbO0ovsJyxxG6sRgISD+YEEML5xEN61uj+vc71ZHtGakB5NG//T
LJWQhnV3CZZjEox+l2E3HF6QXZn6laTHmbGdZ/YmR0cwdsLp5Pc5J9RLoysnD0Wo
v3PQDFPh6rOSADh6xqDkNlcDeQ3UiDEvH3EIiqP7sCfyIaJHhsPSnWjrUo8/AgMB
AAGjggHIMIIBxDAdBgNVHQ4EFgQUdP+YZ9u5wrsjkVrz9ZfTgXmSnVQwHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBbBggrBgEFBQcBCwRPME0wSwYIKwYBBQUHMAuG
P3JzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzE5NjI0LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsG
AQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+UAGkPMA0GCSqGSIb3DQEBCwUAA4IB
AQBo99g8/QVJIDkRoG7u/pmwF/dTOQJByHUbgw8w/aVIXAu90dHmCwx1Ff/WJJh+
Hx4g/179wow0bfSZ74m+gWBFgMcQycQs1PFz6HxBc7KaMUxg42grw+pU3bF8Z06S
xN+4p2loAo1reMPPEyghQt4BHLBIKHTAPiU5kfE0LlzcSQTuDh/nQnY+c+sgDaxG
NNeHI8BFl5ojWKTZQQaGMaum8E1l3N3By4NYixP/5/8l9q27AoTgH7+WWVaXo+5s
9hyDd6AwpHkMCCXy+mwJ1hGOzanCkRvAbJ6VNeXMia2IzNtKXOYOzCjepA1kG+MV
PlpYVf9YEGjxPGahniZCjTqE
-----END CERTIFICATE-----