Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS40676.roa
File:                     AS40676.roa (raw, json)
Hash identifier:          xwbgMXsd9N/InDfIvPGTcNRDAoD5CFP/aRJml+jgw/Y=
Subject key identifier:   44:26:8D:FC:DC:5B:65:04:0D:A9:5E:19:76:6B:99:8A:74:34:BC:88
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       62B30B66B2A49E190EAE5AD8810364B2BBA6BDF9
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS40676.roa
Signing time:             Thu 25 Apr 2024 05:06:33 +0000
ROA not before:           Thu 25 Apr 2024 05:01:33 +0000
ROA not after:            Thu 24 Apr 2025 05:06:33 +0000
asID:                     40676
IP address blocks:        2a0f:9400:6950::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:b3:0b:66:b2:a4:9e:19:0e:ae:5a:d8:81:03:64:b2:bb:a6:bd:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Apr 25 05:01:33 2024 GMT
            Not After : Apr 24 05:06:33 2025 GMT
        Subject: CN=44268DFCDC5B65040DA95E19766B998A7434BC88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d0:8e:70:03:23:d9:ed:e5:36:e4:d5:59:a7:
                    38:6a:bc:9e:dc:70:d0:40:c5:f9:50:c8:cb:99:c1:
                    2c:07:59:0a:cc:35:4c:85:ee:f7:82:df:83:11:ae:
                    c4:e3:8b:19:58:0c:82:e6:a1:fe:44:95:84:08:80:
                    ea:2a:cb:b6:f5:32:e2:f8:01:79:f5:1e:ef:e7:f9:
                    8a:e7:b9:8b:ee:30:89:8a:f7:92:71:9c:81:ff:0a:
                    3c:50:d9:86:40:1c:9c:0f:60:10:fa:7f:db:f9:2a:
                    25:5b:a1:9a:f4:26:e2:b0:67:ff:7d:c8:c8:7f:b3:
                    de:e8:b5:3d:e7:7e:4a:71:99:90:15:c3:1d:9d:1f:
                    cc:7a:00:a9:a6:e3:22:d8:ca:2b:a3:c2:29:f6:50:
                    97:16:a2:aa:84:6a:d2:ef:d3:f7:f9:1f:2d:f8:43:
                    91:9d:05:22:ad:33:55:77:3c:94:08:c1:4c:34:8a:
                    c1:ca:a9:6c:f3:a3:de:f5:95:14:c9:dd:c6:df:d1:
                    77:d9:cb:39:2b:f5:70:89:1b:13:0e:04:06:50:21:
                    55:a5:8b:0b:6a:fd:c3:b2:ba:57:4a:dd:52:79:47:
                    3f:32:c6:87:a4:61:b2:84:45:64:6c:09:a2:ca:b3:
                    58:78:fa:33:1f:bb:d9:09:f9:0c:eb:ec:e1:40:c9:
                    00:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:26:8D:FC:DC:5B:65:04:0D:A9:5E:19:76:6B:99:8A:74:34:BC:88
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS40676.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:6950::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:1b:2c:60:87:2d:79:f1:63:41:c0:3f:1e:cd:67:92:72:0b:
         d2:f4:0b:f7:41:a4:21:a4:39:4a:77:af:50:23:e0:d2:ea:ad:
         ad:72:7a:a0:5c:d2:52:8c:50:58:7f:05:e3:2e:85:7d:9c:e7:
         f9:98:56:03:4a:6e:10:50:1f:50:a0:d9:5d:b9:b7:df:37:db:
         f8:10:48:b3:b7:0a:8b:16:79:bb:12:1c:94:8b:d2:f2:ff:d7:
         c4:e1:6d:52:f7:c4:ca:c1:03:db:4e:b3:b9:65:19:23:83:6d:
         99:74:94:ad:25:30:18:a1:b5:bc:d6:b2:d2:1f:91:7c:48:d6:
         c7:eb:34:82:ca:93:e0:9d:da:c3:a0:15:4c:74:33:0e:fc:e6:
         91:1d:06:17:78:bc:ed:ee:b4:41:ff:fe:e0:68:0f:1d:0e:0d:
         42:7f:89:a8:5a:6a:d2:06:c7:d1:ae:23:91:0b:4b:13:89:4d:
         08:80:69:ab:db:32:fe:b0:e8:22:4e:39:0b:ea:c1:a0:35:fc:
         18:8e:95:28:54:53:88:69:81:49:46:30:6b:d5:21:62:11:2f:
         ec:7f:f8:e4:22:00:bb:35:cb:e8:3f:1a:aa:66:74:c3:8f:23:
         a8:8d:be:3e:7a:9e:f1:9f:84:df:90:1f:f0:c3:1a:d7:38:54:
         c1:a8:0d:80
-----BEGIN CERTIFICATE-----
MIIEvjCCA6agAwIBAgIUYrMLZrKknhkOrlrYgQNksrumvfkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yNDA0MjUwNTAxMzNaFw0yNTA0MjQwNTA2MzNaMDMxMTAvBgNV
BAMTKDQ0MjY4REZDREM1QjY1MDQwREE5NUUxOTc2NkI5OThBNzQzNEJDODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu0I5wAyPZ7eU25NVZpzhqvJ7c
cNBAxflQyMuZwSwHWQrMNUyF7veC34MRrsTjixlYDILmof5ElYQIgOoqy7b1MuL4
AXn1Hu/n+YrnuYvuMImK95JxnIH/CjxQ2YZAHJwPYBD6f9v5KiVboZr0JuKwZ/99
yMh/s97otT3nfkpxmZAVwx2dH8x6AKmm4yLYyiujwin2UJcWoqqEatLv0/f5Hy34
Q5GdBSKtM1V3PJQIwUw0isHKqWzzo971lRTJ3cbf0XfZyzkr9XCJGxMOBAZQIVWl
iwtq/cOyuldK3VJ5Rz8yxoekYbKERWRsCaLKs1h4+jMfu9kJ+Qzr7OFAyQChAgMB
AAGjggHIMIIBxDAdBgNVHQ4EFgQURCaN/NxbZQQNqV4ZdmuZinQ0vIgwHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBbBggrBgEFBQcBCwRPME0wSwYIKwYBBQUHMAuG
P3JzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzQwNjc2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsG
AQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+UAGlQMA0GCSqGSIb3DQEBCwUAA4IB
AQA8Gyxghy158WNBwD8ezWeScgvS9Av3QaQhpDlKd69QI+DS6q2tcnqgXNJSjFBY
fwXjLoV9nOf5mFYDSm4QUB9QoNldubffN9v4EEiztwqLFnm7EhyUi9Ly/9fE4W1S
98TKwQPbTrO5ZRkjg22ZdJStJTAYobW81rLSH5F8SNbH6zSCypPgndrDoBVMdDMO
/OaRHQYXeLzt7rRB//7gaA8dDg1Cf4moWmrSBsfRriORC0sTiU0IgGmr2zL+sOgi
TjkL6sGgNfwYjpUoVFOIaYFJRjBr1SFiES/sf/jkIgC7NcvoPxqqZnTDjyOojb4+
ep7xn4TfkB/wwxrXOFTBqA2A
-----END CERTIFICATE-----