Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS204508.roa
File:                     AS204508.roa (raw, json)
Hash identifier:          /s01CB7bgFHRHi33kFIJwQbX1sykhrWpbwnIkrhVv/8=
Subject key identifier:   32:F4:07:D9:C0:C3:D4:34:8D:8B:F9:3C:66:D8:FC:48:79:70:21:27
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       11246E346D1CF2EE8654EAE54F0CE24CBC4D7498
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS204508.roa
Signing time:             Mon 12 Feb 2024 18:07:33 +0000
ROA not before:           Mon 12 Feb 2024 18:02:33 +0000
ROA not after:            Mon 10 Feb 2025 18:07:33 +0000
asID:                     204508
IP address blocks:        2a0f:9400:6111::/48 maxlen: 48
                          2a0f:9400:611d::/48 maxlen: 48
                          2a0f:9400:690d::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:24:6e:34:6d:1c:f2:ee:86:54:ea:e5:4f:0c:e2:4c:bc:4d:74:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Feb 12 18:02:33 2024 GMT
            Not After : Feb 10 18:07:33 2025 GMT
        Subject: CN=32F407D9C0C3D4348D8BF93C66D8FC4879702127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ed:fd:86:30:be:cf:19:51:0b:78:c0:dd:cc:
                    9f:25:72:ff:2d:e9:e9:a2:55:22:ac:e6:8c:94:e9:
                    63:a6:98:96:c4:ea:20:6a:e3:09:30:db:5d:e0:a4:
                    16:b0:75:b7:96:5c:24:93:17:45:74:5c:f4:c8:bf:
                    a3:b6:b2:5a:c5:25:fe:c2:23:89:9c:7e:2b:4f:c6:
                    61:80:3c:85:35:da:29:fa:d6:29:54:db:b8:1b:6e:
                    f1:c7:1e:d9:e5:33:54:d1:72:0f:f2:f7:89:e1:6e:
                    14:4a:b4:7a:4c:1e:65:99:7f:e2:91:9d:50:32:78:
                    17:ae:0d:c2:6b:3b:f9:af:62:5e:89:85:d1:fb:4a:
                    24:ed:66:f2:10:ac:93:f8:53:ab:b2:a6:42:89:1d:
                    10:6d:c4:b4:e8:96:cd:ef:2a:95:f0:78:52:62:9b:
                    96:08:ec:cd:19:22:e0:96:6a:ca:08:16:1c:40:f7:
                    78:ef:f4:27:35:fc:45:07:23:4b:11:7f:b3:2c:71:
                    d6:be:36:c7:e7:c1:2b:07:29:99:10:31:2c:b9:18:
                    d9:78:42:5f:c8:da:c7:3b:bd:2b:a9:dc:cc:1f:28:
                    71:dc:c5:33:e7:a3:bf:10:bc:1f:f0:9f:9c:2d:99:
                    b0:1e:0b:b8:89:5e:d4:cf:7e:76:24:0a:7b:e6:85:
                    ae:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:F4:07:D9:C0:C3:D4:34:8D:8B:F9:3C:66:D8:FC:48:79:70:21:27
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS204508.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:6111::/48
                  2a0f:9400:611d::/48
                  2a0f:9400:690d::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:47:8c:f6:74:9f:ce:0b:d7:57:da:54:c6:d1:61:21:f6:56:
         2b:a8:18:37:81:f8:f7:0e:83:a6:e7:04:81:cc:98:63:3a:30:
         c7:68:fd:8f:08:73:8b:a0:19:61:d3:84:29:11:1e:33:bb:e6:
         27:32:c9:61:1a:aa:08:88:b5:e8:a8:73:fd:e6:19:45:64:01:
         a2:3b:f9:47:62:79:87:9a:a9:5c:d1:04:34:80:2d:e0:9b:ca:
         ad:0a:ba:05:9a:b2:17:55:22:ac:c7:ab:24:49:fb:be:c8:10:
         6b:7f:c3:52:50:5c:50:dc:07:d1:28:b0:75:1c:a0:47:56:ad:
         76:d8:8f:48:c3:db:e8:1b:7c:98:2f:39:08:14:b9:e6:98:40:
         1c:93:95:73:7e:44:36:93:9c:54:52:a0:e0:04:66:c0:d1:86:
         a6:8d:63:f4:f7:ae:46:d5:93:7a:96:9e:6e:37:c1:1e:5b:62:
         0a:9a:70:08:ff:96:f9:61:ec:27:1e:53:30:90:a2:45:d5:a4:
         2c:09:5a:ed:a9:8c:ea:71:b2:d7:68:53:c0:30:39:81:31:d7:
         70:7c:25:df:ba:2e:b2:7a:f2:7a:9e:fb:0d:89:3f:e8:50:61:
         b1:60:f4:35:1b:f5:e4:65:72:06:87:3b:30:6c:da:ea:77:a4:
         23:d7:f3:56
-----BEGIN CERTIFICATE-----
MIIE0TCCA7mgAwIBAgIUESRuNG0c8u6GVOrlTwziTLxNdJgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yNDAyMTIxODAyMzNaFw0yNTAyMTAxODA3MzNaMDMxMTAvBgNV
BAMTKDMyRjQwN0Q5QzBDM0Q0MzQ4RDhCRjkzQzY2RDhGQzQ4Nzk3MDIxMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe7f2GML7PGVELeMDdzJ8lcv8t
6emiVSKs5oyU6WOmmJbE6iBq4wkw213gpBawdbeWXCSTF0V0XPTIv6O2slrFJf7C
I4mcfitPxmGAPIU12in61ilU27gbbvHHHtnlM1TRcg/y94nhbhRKtHpMHmWZf+KR
nVAyeBeuDcJrO/mvYl6JhdH7SiTtZvIQrJP4U6uypkKJHRBtxLTols3vKpXweFJi
m5YI7M0ZIuCWasoIFhxA93jv9Cc1/EUHI0sRf7Mscda+NsfnwSsHKZkQMSy5GNl4
Ql/I2sc7vSup3MwfKHHcxTPno78QvB/wn5wtmbAeC7iJXtTPfnYkCnvmha4DAgMB
AAGjggHbMIIB1zAdBgNVHQ4EFgQUMvQH2cDD1DSNi/k8Ztj8SHlwIScwHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBcBggrBgEFBQcBCwRQME4wTAYIKwYBBQUHMAuG
QHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzIwNDUwOC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0Bggr
BgEFBQcBBwEB/wQlMCMwIQQCAAIwGwMHACoPlABhEQMHACoPlABhHQMHACoPlABp
DTANBgkqhkiG9w0BAQsFAAOCAQEANUeM9nSfzgvXV9pUxtFhIfZWK6gYN4H49w6D
pucEgcyYYzowx2j9jwhzi6AZYdOEKREeM7vmJzLJYRqqCIi16Khz/eYZRWQBojv5
R2J5h5qpXNEENIAt4JvKrQq6BZqyF1UirMerJEn7vsgQa3/DUlBcUNwH0SiwdRyg
R1atdtiPSMPb6Bt8mC85CBS55phAHJOVc35ENpOcVFKg4ARmwNGGpo1j9PeuRtWT
epaebjfBHltiCppwCP+W+WHsJx5TMJCiRdWkLAla7amM6nGy12hTwDA5gTHXcHwl
37ousnryep77DYk/6FBhsWD0NRv15GVyBoc7MGza6nekI9fzVg==
-----END CERTIFICATE-----
Generated at Mon Nov 25 04:54:21 2024 by rpki-client on console-fra.rpki-client.org