Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS200809.roa
File:                     AS200809.roa (raw, json)
Hash identifier:          TJDhyuusKtb2XEQJa+LvjrKehufPi0GPxA66vpMCjXg=
Subject key identifier:   B9:A3:AF:0A:1D:D3:83:40:53:38:FE:36:DC:FB:00:B7:9F:5E:DD:9B
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       018DE197E84D55FDE36BD1ADCE83F51E86E0C71E
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS200809.roa
Signing time:             Sun 31 Dec 2023 20:03:45 +0000
ROA not before:           Sun 31 Dec 2023 19:58:45 +0000
ROA not after:            Sun 29 Dec 2024 20:03:45 +0000
asID:                     200809
IP address blocks:        2a0f:9400:6903::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e1:97:e8:4d:55:fd:e3:6b:d1:ad:ce:83:f5:1e:86:e0:c7:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Dec 31 19:58:45 2023 GMT
            Not After : Dec 29 20:03:45 2024 GMT
        Subject: CN=B9A3AF0A1DD383405338FE36DCFB00B79F5EDD9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8e:9e:14:79:aa:c1:9c:59:d3:a3:4e:32:f6:
                    28:e3:76:71:8a:40:90:63:65:2f:96:4b:af:a8:66:
                    c7:22:5b:7b:f3:be:ec:39:c2:77:36:02:48:52:a7:
                    8e:79:d0:24:fb:cf:f7:89:00:38:31:b1:7c:9c:a9:
                    ad:f7:7a:af:4c:be:47:6b:7f:00:f7:fb:b0:ad:4d:
                    86:0c:ba:1d:dd:93:6c:ab:d9:51:f5:be:9a:60:27:
                    7c:fe:a6:10:96:bb:3f:e1:8f:4c:c7:71:71:9d:a9:
                    b2:75:01:d5:5d:ae:a7:cf:08:87:9f:1e:8d:87:a0:
                    19:13:91:b1:f1:1a:5c:30:26:ec:55:fd:41:00:9a:
                    e0:99:be:8d:37:d0:c5:29:f3:8b:d4:b0:56:df:87:
                    5b:b4:96:9b:2c:6e:d9:ef:9c:5b:7f:c1:bc:ed:f4:
                    38:c1:cd:48:75:da:aa:cc:85:ce:1c:82:b6:44:62:
                    05:75:94:ab:4d:f3:4f:aa:56:18:bf:76:fd:bd:46:
                    20:a9:dd:5d:38:88:f7:3b:2a:09:ac:32:4e:76:c5:
                    61:77:34:99:4c:2c:f6:19:a5:68:28:a7:a9:d8:43:
                    9d:a3:6c:b3:dc:5e:a6:5f:74:8d:83:fa:f8:48:75:
                    24:96:57:64:8a:07:9b:5b:62:02:63:0a:7d:6b:8f:
                    29:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A3:AF:0A:1D:D3:83:40:53:38:FE:36:DC:FB:00:B7:9F:5E:DD:9B
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS200809.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:6903::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:f2:c1:79:7e:5d:d7:af:ec:ff:41:78:29:aa:aa:89:3e:9a:
         3b:82:dd:6d:73:fe:a2:a7:12:cf:1a:b7:d9:d3:2b:1d:86:00:
         b0:53:d5:30:cc:d8:8c:46:cc:e4:f0:bb:68:89:35:5e:00:e2:
         d7:f9:dd:7c:55:77:04:a3:b2:2b:db:8e:a0:2c:47:19:0c:f1:
         e5:ff:c7:3a:38:91:38:d2:9d:c1:c5:86:d1:9c:f2:ce:e6:67:
         ba:29:5e:5f:82:b1:eb:19:4c:52:78:f9:6a:9e:b2:63:57:3c:
         98:f4:32:3a:56:83:08:33:97:9f:e2:64:9e:78:73:d8:ea:2b:
         bf:4e:f0:5e:6e:f6:7b:7d:9d:6d:78:8b:be:7b:65:8b:17:1f:
         a5:25:51:00:83:74:11:36:4b:24:64:80:7c:4c:4d:73:d1:7f:
         2f:2f:7d:84:0e:86:a2:18:53:5b:28:70:57:78:64:a7:a1:62:
         49:71:2b:4d:e9:f4:e2:1c:88:60:dc:48:15:fb:78:e7:c4:b5:
         bc:99:8e:ba:fd:3f:5c:18:91:71:f3:23:34:9f:52:e5:06:74:
         c4:67:62:d4:99:ee:84:1e:5c:aa:26:a4:5f:55:18:a9:8b:6a:
         6e:c3:5e:aa:39:9c:57:e1:96:da:ca:00:0c:f9:7b:8a:7f:34:
         53:93:c3:ff
-----BEGIN CERTIFICATE-----
MIIEvzCCA6egAwIBAgIUAY3hl+hNVf3ja9GtzoP1Hobgxx4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yMzEyMzExOTU4NDVaFw0yNDEyMjkyMDAzNDVaMDMxMTAvBgNV
BAMTKEI5QTNBRjBBMUREMzgzNDA1MzM4RkUzNkRDRkIwMEI3OUY1RUREOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4jp4UearBnFnTo04y9ijjdnGK
QJBjZS+WS6+oZsciW3vzvuw5wnc2AkhSp4550CT7z/eJADgxsXycqa33eq9Mvkdr
fwD3+7CtTYYMuh3dk2yr2VH1vppgJ3z+phCWuz/hj0zHcXGdqbJ1AdVdrqfPCIef
Ho2HoBkTkbHxGlwwJuxV/UEAmuCZvo030MUp84vUsFbfh1u0lpssbtnvnFt/wbzt
9DjBzUh12qrMhc4cgrZEYgV1lKtN80+qVhi/dv29RiCp3V04iPc7KgmsMk52xWF3
NJlMLPYZpWgop6nYQ52jbLPcXqZfdI2D+vhIdSSWV2SKB5tbYgJjCn1rjynlAgMB
AAGjggHJMIIBxTAdBgNVHQ4EFgQUuaOvCh3Tg0BTOP423PsAt59e3ZswHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBcBggrBgEFBQcBCwRQME4wTAYIKwYBBQUHMAuG
QHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzIwMDgwOS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoPlABpAzANBgkqhkiG9w0BAQsFAAOC
AQEAd/LBeX5d16/s/0F4KaqqiT6aO4LdbXP+oqcSzxq32dMrHYYAsFPVMMzYjEbM
5PC7aIk1XgDi1/ndfFV3BKOyK9uOoCxHGQzx5f/HOjiRONKdwcWG0ZzyzuZnuile
X4Kx6xlMUnj5ap6yY1c8mPQyOlaDCDOXn+Jknnhz2Oorv07wXm72e32dbXiLvntl
ixcfpSVRAIN0ETZLJGSAfExNc9F/Ly99hA6GohhTWyhwV3hkp6FiSXErTen04hyI
YNxIFft458S1vJmOuv0/XBiRcfMjNJ9S5QZ0xGdi1JnuhB5cqiakX1UYqYtqbsNe
qjmcV+GW2soADPl7in80U5PD/w==
-----END CERTIFICATE-----