Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS209642.roa
File:                     AS209642.roa (raw, json)
Hash identifier:          685lPE3fUrXJQNek8GWGMO0jr/6y3tJ+QJGPb2leyn8=
Subject key identifier:   2B:99:C6:6B:58:81:4F:1B:F7:1D:5E:3B:56:CF:3A:77:F1:70:FA:FC
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       1572B40686D82241DD968873BB209F938E2C5A39
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS209642.roa
Signing time:             Tue 16 Jul 2024 02:42:23 +0000
ROA not before:           Tue 16 Jul 2024 02:37:23 +0000
ROA not after:            Tue 15 Jul 2025 02:42:23 +0000
asID:                     209642
IP address blocks:        2a0f:9400:6107::/48 maxlen: 48
                          2a0f:9400:73b0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:72:b4:06:86:d8:22:41:dd:96:88:73:bb:20:9f:93:8e:2c:5a:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Jul 16 02:37:23 2024 GMT
            Not After : Jul 15 02:42:23 2025 GMT
        Subject: CN=2B99C66B58814F1BF71D5E3B56CF3A77F170FAFC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:05:c8:e5:b0:70:75:0a:e7:8d:a3:9b:24:bf:
                    38:3b:51:17:a4:39:7f:2c:36:d6:c3:2d:1b:df:d3:
                    d1:5b:a6:41:df:7f:bc:1a:ec:2f:dd:8e:66:47:b9:
                    fb:74:9c:99:61:bd:27:e5:dc:74:c0:e4:d6:8d:a5:
                    6b:17:ce:4c:04:cd:15:b1:01:c1:ce:3c:dc:20:e4:
                    be:4f:bb:19:13:b1:da:c0:a5:06:b9:ac:69:b6:b8:
                    c6:6f:e6:fa:f7:de:2a:bb:ee:c9:c2:39:8f:0e:2b:
                    79:8a:54:cf:7f:42:b4:cf:f1:4c:be:4c:e1:f0:66:
                    08:84:5a:36:b5:67:d4:ce:f6:8b:9a:e4:d4:3a:30:
                    c7:fa:6c:2d:99:72:a3:3c:3b:26:0c:0b:a2:e3:f1:
                    8e:08:c4:f1:41:4e:6a:45:ea:c1:ba:8e:fd:4c:2c:
                    d1:66:82:44:d5:44:f5:da:c2:57:dc:50:05:73:94:
                    8f:35:56:43:01:9f:ae:99:4c:d8:d2:18:9c:78:86:
                    c6:a8:ae:77:1c:11:b5:7a:e3:8e:73:6e:81:34:56:
                    78:a1:a0:95:8d:04:a2:7c:73:6b:c9:46:b9:da:d4:
                    a4:5f:1e:57:1d:0d:a3:8e:fb:12:9f:a0:1f:20:33:
                    7c:e4:82:04:1a:cd:52:f9:93:4f:0a:9c:fc:91:0c:
                    33:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:99:C6:6B:58:81:4F:1B:F7:1D:5E:3B:56:CF:3A:77:F1:70:FA:FC
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS209642.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:6107::/48
                  2a0f:9400:73b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         30:6d:b7:48:f5:f9:90:98:68:18:d0:e4:bf:32:eb:44:a7:29:
         5f:66:58:d3:08:47:bf:3b:13:9d:83:fd:24:df:23:6b:b8:a9:
         74:a1:64:d3:c5:3a:45:eb:d6:ba:1c:23:fd:31:5e:c5:9d:5e:
         38:d6:89:b2:55:d0:d9:22:f2:35:17:e5:ff:5d:26:ac:7b:1b:
         09:ea:a1:28:1a:00:6a:38:98:7b:c9:e2:31:d6:74:17:6b:72:
         cd:cf:b9:4f:49:4c:83:e4:42:49:6d:64:4d:09:37:ca:fa:96:
         4f:84:4d:b0:8b:98:8c:42:c5:3b:ea:d2:99:cf:eb:74:ac:c9:
         68:f6:3a:5b:da:fe:c7:a6:6e:c7:82:ba:07:b2:15:5b:ca:0f:
         24:82:a6:f0:0c:ef:46:57:2e:05:fb:28:c1:97:a8:bf:2b:c2:
         15:4e:51:a2:67:0c:4b:fb:ae:6e:4f:21:09:13:37:38:71:11:
         cf:8a:97:dc:72:33:af:74:5a:32:25:07:b6:fc:b9:d5:13:8a:
         24:98:d9:21:11:73:8b:eb:bc:c3:a3:3a:e0:8f:86:1b:98:e6:
         10:e5:3b:ab:a8:3d:ac:3f:18:c6:83:8a:fb:ed:a3:0d:68:0d:
         eb:1a:22:a5:57:29:dc:6b:b1:06:0c:06:ca:ce:b4:a4:cb:37:
         5c:52:1e:a8
-----BEGIN CERTIFICATE-----
MIIEyDCCA7CgAwIBAgIUFXK0BobYIkHdlohzuyCfk44sWjkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yNDA3MTYwMjM3MjNaFw0yNTA3MTUwMjQyMjNaMDMxMTAvBgNV
BAMTKDJCOTlDNjZCNTg4MTRGMUJGNzFENUUzQjU2Q0YzQTc3RjE3MEZBRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzBcjlsHB1CueNo5skvzg7URek
OX8sNtbDLRvf09FbpkHff7wa7C/djmZHuft0nJlhvSfl3HTA5NaNpWsXzkwEzRWx
AcHOPNwg5L5PuxkTsdrApQa5rGm2uMZv5vr33iq77snCOY8OK3mKVM9/QrTP8Uy+
TOHwZgiEWja1Z9TO9oua5NQ6MMf6bC2ZcqM8OyYMC6Lj8Y4IxPFBTmpF6sG6jv1M
LNFmgkTVRPXawlfcUAVzlI81VkMBn66ZTNjSGJx4hsaornccEbV6445zboE0Vnih
oJWNBKJ8c2vJRrna1KRfHlcdDaOO+xKfoB8gM3zkggQazVL5k08KnPyRDDPHAgMB
AAGjggHSMIIBzjAdBgNVHQ4EFgQUK5nGa1iBTxv3HV47Vs86d/Fw+vwwHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBcBggrBgEFBQcBCwRQME4wTAYIKwYBBQUHMAuG
QHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzIwOTY0Mi5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjArBggr
BgEFBQcBBwEB/wQcMBowGAQCAAIwEgMHACoPlABhBwMHBCoPlABzsDANBgkqhkiG
9w0BAQsFAAOCAQEAMG23SPX5kJhoGNDkvzLrRKcpX2ZY0whHvzsTnYP9JN8ja7ip
dKFk08U6RevWuhwj/TFexZ1eONaJslXQ2SLyNRfl/10mrHsbCeqhKBoAajiYe8ni
MdZ0F2tyzc+5T0lMg+RCSW1kTQk3yvqWT4RNsIuYjELFO+rSmc/rdKzJaPY6W9r+
x6Zux4K6B7IVW8oPJIKm8AzvRlcuBfsowZeovyvCFU5RomcMS/uubk8hCRM3OHER
z4qX3HIzr3RaMiUHtvy51ROKJJjZIRFzi+u8w6M64I+GG5jmEOU7q6g9rD8YxoOK
++2jDWgN6xoipVcp3GuxBgwGys60pMs3XFIeqA==
-----END CERTIFICATE-----