Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          bU7q5OvwhofEGdRbXQpS1AyM1mVxlHjCRU1gIpuxUmc=
Subject key identifier:   82:9E:50:79:77:79:A4:E8:52:5B:70:23:75:BE:E4:32:8F:A4:71:EC
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       5BEF1FD577670A0AFF9E1B0787D75762FE2A2F63
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS20473.roa
Signing time:             Tue 12 Mar 2024 15:10:43 +0000
ROA not before:           Tue 12 Mar 2024 15:05:43 +0000
ROA not after:            Tue 11 Mar 2025 15:10:43 +0000
asID:                     20473
IP address blocks:        2a0f:9400:610e::/48 maxlen: 48
                          2a0f:9400:6118::/48 maxlen: 48
                          2a0f:9400:690a::/48 maxlen: 48
                          2a0f:9400:690b::/48 maxlen: 48
                          2a0f:9400:690e::/48 maxlen: 48
                          2a0f:9400:693e::/48 maxlen: 48
                          2a0f:9400:7386::/48 maxlen: 48
                          2a0f:9400:750a::/48 maxlen: 48
                          2a0f:9400:8020::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:ef:1f:d5:77:67:0a:0a:ff:9e:1b:07:87:d7:57:62:fe:2a:2f:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Mar 12 15:05:43 2024 GMT
            Not After : Mar 11 15:10:43 2025 GMT
        Subject: CN=829E50797779A4E8525B702375BEE4328FA471EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:0e:07:77:8c:3f:2b:81:3f:bc:df:f7:d2:50:
                    15:3a:17:a5:11:07:db:db:3f:ad:35:59:89:cd:ab:
                    89:a7:b2:bc:46:9d:61:96:e3:82:9c:72:50:c8:39:
                    04:71:e4:12:ee:6f:30:20:fc:52:3b:8e:e5:27:f5:
                    63:33:37:82:fb:98:39:72:04:2b:81:09:1d:62:3d:
                    03:d4:d3:74:4b:62:ce:cb:e3:8a:86:d0:5f:94:b4:
                    e5:a7:5e:dc:e8:62:9a:ca:6f:7c:f0:9a:8a:1b:ad:
                    d0:1c:e7:5f:2f:7f:57:33:f7:14:e0:96:04:77:b8:
                    bb:10:9b:be:1a:e6:68:05:d2:88:79:3d:87:e4:4d:
                    00:bc:5d:e8:1d:8b:7c:ff:27:43:7e:ac:37:d4:8f:
                    80:16:2b:f9:fb:85:93:ac:2c:37:c1:ea:60:ff:2d:
                    6e:19:50:7a:f1:b2:7e:69:10:54:5a:53:1e:6c:d1:
                    a5:1b:30:a2:19:c6:a5:0d:c1:73:f5:74:d2:2e:51:
                    70:70:0d:ca:59:0d:6d:ce:0b:5d:0d:9d:e8:6d:2e:
                    c4:3d:6c:0d:dd:17:17:cb:40:02:05:1c:d8:50:72:
                    96:08:f0:4a:51:8d:62:77:ee:12:19:2e:b9:78:ff:
                    4b:45:b0:e2:8f:1a:59:c7:35:f5:69:dd:2a:15:d5:
                    37:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:9E:50:79:77:79:A4:E8:52:5B:70:23:75:BE:E4:32:8F:A4:71:EC
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:610e::/48
                  2a0f:9400:6118::/48
                  2a0f:9400:690a::/47
                  2a0f:9400:690e::/48
                  2a0f:9400:693e::/48
                  2a0f:9400:7386::/48
                  2a0f:9400:750a::/48
                  2a0f:9400:8020::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:ae:3d:c8:d3:f9:2f:d1:a4:30:9b:9c:66:1a:a9:e8:2e:7d:
         14:09:c9:7d:80:10:82:de:49:42:58:03:40:c2:3e:b5:9b:8a:
         20:0a:43:d9:f7:67:5d:21:48:c5:27:07:4e:92:93:1c:58:ff:
         66:d7:1b:ad:7c:e4:b9:33:67:3f:f7:98:d3:ff:5d:23:df:bf:
         b0:2e:d7:39:0c:65:7f:1e:c1:e4:e3:87:45:6a:4c:2b:0c:ec:
         b9:ba:9f:d3:1e:49:84:41:dd:11:e7:ed:c2:3e:7e:17:4c:91:
         87:6c:43:ea:37:ac:f6:d9:67:6c:9b:3a:e2:94:4d:1d:70:56:
         7d:42:74:e1:51:15:f0:a9:f2:f7:d8:80:22:dc:e9:42:1b:e2:
         0c:eb:21:45:ee:09:b6:27:7b:48:f6:56:3b:86:f6:d3:fb:f0:
         98:2c:1a:cc:0b:53:42:77:fe:17:e1:b3:7d:0e:ec:61:a3:a0:
         0e:2b:fe:62:05:dc:7f:3f:3c:d2:9c:b9:d4:5a:d8:f7:9b:d0:
         4f:1f:57:54:e0:82:d7:b1:c6:e3:01:02:60:85:1d:3e:75:8c:
         ad:db:65:47:e9:24:e7:97:1e:26:92:8e:f9:4b:60:de:ac:c2:
         3b:9b:2c:13:8a:70:84:5b:70:91:ae:63:81:44:a2:63:8a:10:
         5f:d0:09:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUW+8f1XdnCgr/nhsHh9dXYv4qL2MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yNDAzMTIxNTA1NDNaFw0yNTAzMTExNTEwNDNaMDMxMTAvBgNV
BAMTKDgyOUU1MDc5Nzc3OUE0RTg1MjVCNzAyMzc1QkVFNDMyOEZBNDcxRUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiDgd3jD8rgT+83/fSUBU6F6UR
B9vbP601WYnNq4mnsrxGnWGW44KcclDIOQRx5BLubzAg/FI7juUn9WMzN4L7mDly
BCuBCR1iPQPU03RLYs7L44qG0F+UtOWnXtzoYprKb3zwmoobrdAc518vf1cz9xTg
lgR3uLsQm74a5mgF0oh5PYfkTQC8Xegdi3z/J0N+rDfUj4AWK/n7hZOsLDfB6mD/
LW4ZUHrxsn5pEFRaUx5s0aUbMKIZxqUNwXP1dNIuUXBwDcpZDW3OC10NnehtLsQ9
bA3dFxfLQAIFHNhQcpYI8EpRjWJ37hIZLrl4/0tFsOKPGlnHNfVp3SoV1TdzAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUgp5QeXd5pOhSW3Ajdb7kMo+kcewwHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBbBggrBgEFBQcBCwRPME0wSwYIKwYBBQUHMAuG
P3JzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzIwNDczLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGEGCCsG
AQUFBwEHAQH/BFIwUDBOBAIAAjBIAwcAKg+UAGEOAwcAKg+UAGEYAwcBKg+UAGkK
AwcAKg+UAGkOAwcAKg+UAGk+AwcAKg+UAHOGAwcAKg+UAHUKAwcAKg+UAIAgMA0G
CSqGSIb3DQEBCwUAA4IBAQClrj3I0/kv0aQwm5xmGqnoLn0UCcl9gBCC3klCWANA
wj61m4ogCkPZ92ddIUjFJwdOkpMcWP9m1xutfOS5M2c/95jT/10j37+wLtc5DGV/
HsHk44dFakwrDOy5up/THkmEQd0R5+3CPn4XTJGHbEPqN6z22WdsmzrilE0dcFZ9
QnThURXwqfL32IAi3OlCG+IM6yFF7gm2J3tI9lY7hvbT+/CYLBrMC1NCd/4X4bN9
Duxho6AOK/5iBdx/PzzSnLnUWtj3m9BPH1dU4ILXscbjAQJghR0+dYyt22VH6STn
lx4mko75S2DerMI7mywTinCEW3CRrmOBRKJjihBf0AmG
-----END CERTIFICATE-----
Generated at Thu Mar 28 06:02:02 2024 by rpki-client on console-fra.rpki-client.org