Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS214085.roa
File:                     AS214085.roa (raw, json)
Hash identifier:          PTbjIzgMcUr3zpHTK7Zuw6XMdMNAZvpBZDr0FIiJGFA=
Subject key identifier:   C0:65:73:5B:3B:73:17:30:0F:EF:ED:12:1E:C8:AA:90:73:4F:E4:EA
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       7E9432CF4B56910FEF5E7CDDABCC9801CB3494BB
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS214085.roa
Signing time:             Mon 14 Oct 2024 17:40:58 +0000
ROA not before:           Mon 14 Oct 2024 17:35:58 +0000
ROA not after:            Mon 13 Oct 2025 17:40:58 +0000
asID:                     214085
IP address blocks:        2a0f:9400:614a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:94:32:cf:4b:56:91:0f:ef:5e:7c:dd:ab:cc:98:01:cb:34:94:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Oct 14 17:35:58 2024 GMT
            Not After : Oct 13 17:40:58 2025 GMT
        Subject: CN=C065735B3B7317300FEFED121EC8AA90734FE4EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:21:c1:b9:f1:17:fa:5f:bd:bc:b1:f6:fd:8c:
                    44:fa:f3:27:b3:4d:e6:f5:bc:ed:2b:41:94:f2:e5:
                    04:ed:a5:a1:95:df:d5:41:03:8d:d3:e5:d7:1b:f5:
                    e1:d5:98:9e:44:68:78:09:46:a1:69:c8:5b:de:40:
                    5c:f2:7b:d6:eb:10:20:df:de:58:5b:94:e2:71:75:
                    60:82:06:c5:57:83:31:73:64:bf:20:c4:e6:b3:fb:
                    39:ee:2c:05:b7:e3:bc:dd:3c:99:90:7b:39:1c:2e:
                    00:c9:38:62:67:e2:bd:35:0b:bc:79:34:3d:97:af:
                    ff:17:7e:d5:e4:02:45:3b:da:81:1b:14:be:2f:ad:
                    05:85:f8:7b:8a:1b:79:28:cf:ef:bb:6a:66:ee:cf:
                    3b:77:5e:b6:be:32:26:45:76:59:d6:32:8e:c8:bc:
                    60:e2:5e:24:80:48:d7:09:fb:1e:b6:3f:e9:d8:1e:
                    d0:73:89:c0:38:40:1c:b4:cc:51:67:45:b6:96:e0:
                    50:c8:b0:10:0d:7c:55:93:77:95:a4:2e:87:6a:c7:
                    e8:4b:fe:c4:fc:ff:fa:bb:2b:11:63:5f:76:75:49:
                    68:d4:7d:bd:0e:a8:79:2b:25:3f:13:e3:30:bd:81:
                    05:18:2d:f3:c8:b5:20:95:4f:b3:7c:af:3e:73:9f:
                    2d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:65:73:5B:3B:73:17:30:0F:EF:ED:12:1E:C8:AA:90:73:4F:E4:EA
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS214085.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:614a::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:72:4c:b3:ce:ff:cf:64:b2:0b:2b:10:43:d0:a3:6a:fb:c6:
         bc:f4:c8:ff:d2:df:f8:b5:5d:30:b6:e2:c1:ff:b0:69:7c:81:
         3a:e8:57:98:80:4c:b7:d4:a6:ce:7d:19:fd:fd:d3:50:e2:d1:
         db:08:db:81:ca:52:84:bc:74:da:f5:e0:25:a0:9d:bd:f7:4a:
         f9:45:a7:f5:29:75:84:fc:e5:c4:f8:f0:24:cb:29:a4:3c:d5:
         8a:bf:e7:2c:2b:a5:a7:87:01:49:48:1a:9a:09:e4:1d:b0:18:
         64:03:0b:4d:46:31:11:d6:d0:2b:0e:50:c4:f2:e6:7f:ce:05:
         a5:e9:74:82:46:e7:14:06:29:db:75:dd:1a:5b:93:8b:a5:36:
         24:42:29:15:2e:d1:a7:92:8d:21:f8:0a:e5:f6:70:18:d9:3d:
         61:3e:a6:f3:13:ef:3e:3c:5a:d6:65:9d:22:7b:bc:44:21:a5:
         98:c1:42:9f:85:27:bc:30:ae:18:4c:cc:5e:e4:9d:14:e2:1a:
         00:ca:86:1a:5d:e6:9b:e9:2f:f6:b2:f3:1d:d3:91:36:30:15:
         f5:13:02:7d:c8:af:d5:e7:9d:90:07:4b:6b:55:fa:fc:16:96:
         6d:93:a7:0c:e0:cf:55:e0:46:fe:04:a9:dd:8f:c3:2c:f7:08:
         6f:84:f2:5d
-----BEGIN CERTIFICATE-----
MIIEvzCCA6egAwIBAgIUfpQyz0tWkQ/vXnzdq8yYAcs0lLswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yNDEwMTQxNzM1NThaFw0yNTEwMTMxNzQwNThaMDMxMTAvBgNV
BAMTKEMwNjU3MzVCM0I3MzE3MzAwRkVGRUQxMjFFQzhBQTkwNzM0RkU0RUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAIcG58Rf6X728sfb9jET68yez
Teb1vO0rQZTy5QTtpaGV39VBA43T5dcb9eHVmJ5EaHgJRqFpyFveQFzye9brECDf
3lhblOJxdWCCBsVXgzFzZL8gxOaz+znuLAW347zdPJmQezkcLgDJOGJn4r01C7x5
ND2Xr/8XftXkAkU72oEbFL4vrQWF+HuKG3koz++7ambuzzt3Xra+MiZFdlnWMo7I
vGDiXiSASNcJ+x62P+nYHtBzicA4QBy0zFFnRbaW4FDIsBANfFWTd5WkLodqx+hL
/sT8//q7KxFjX3Z1SWjUfb0OqHkrJT8T4zC9gQUYLfPItSCVT7N8rz5zny1HAgMB
AAGjggHJMIIBxTAdBgNVHQ4EFgQUwGVzWztzFzAP7+0SHsiqkHNP5OowHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBcBggrBgEFBQcBCwRQME4wTAYIKwYBBQUHMAuG
QHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzIxNDA4NS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAiBggr
BgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoPlABhSjANBgkqhkiG9w0BAQsFAAOC
AQEAjnJMs87/z2SyCysQQ9CjavvGvPTI/9Lf+LVdMLbiwf+waXyBOuhXmIBMt9Sm
zn0Z/f3TUOLR2wjbgcpShLx02vXgJaCdvfdK+UWn9Sl1hPzlxPjwJMsppDzVir/n
LCulp4cBSUgamgnkHbAYZAMLTUYxEdbQKw5QxPLmf84Fpel0gkbnFAYp23XdGluT
i6U2JEIpFS7Rp5KNIfgK5fZwGNk9YT6m8xPvPjxa1mWdInu8RCGlmMFCn4UnvDCu
GEzMXuSdFOIaAMqGGl3mm+kv9rLzHdORNjAV9RMCfciv1eedkAdLa1X6/BaWbZOn
DODPVeBG/gSp3Y/DLPcIb4TyXQ==
-----END CERTIFICATE-----