Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS41732.roa
File:                     AS41732.roa (raw, json)
Hash identifier:          37+lEDM0HqXBzThLOa0JlxsGApIC9T4uce+zjRN/Efs=
Subject key identifier:   F3:0C:DB:F9:D0:B2:5C:D1:DE:B2:96:1A:DB:F5:A4:7A:DC:68:C1:04
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       722D303FE744ECB4B60D8C16352D4F2D162EB91C
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS41732.roa
Signing time:             Tue 16 Jul 2024 02:42:25 +0000
ROA not before:           Tue 16 Jul 2024 02:37:25 +0000
ROA not after:            Tue 15 Jul 2025 02:42:25 +0000
asID:                     41732
IP address blocks:        2a0f:9400:7310::/48 maxlen: 48
                          2a0f:9400:7311::/48 maxlen: 48
                          2a0f:9400:7312::/48 maxlen: 48
                          2a0f:9400:7313::/48 maxlen: 48
                          2a0f:9400:7314::/48 maxlen: 48
                          2a0f:9400:7316::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:2d:30:3f:e7:44:ec:b4:b6:0d:8c:16:35:2d:4f:2d:16:2e:b9:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Jul 16 02:37:25 2024 GMT
            Not After : Jul 15 02:42:25 2025 GMT
        Subject: CN=F30CDBF9D0B25CD1DEB2961ADBF5A47ADC68C104
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:4d:db:95:a8:97:a7:68:fa:86:25:61:ad:82:
                    5a:b2:e7:ae:f7:a1:e0:b1:1c:4d:e7:fc:73:14:a1:
                    3e:22:f0:8a:63:e1:ee:4f:f8:53:fc:ac:25:91:46:
                    46:58:06:fc:50:dc:04:25:b5:f1:f4:0c:d9:99:dd:
                    bc:01:d7:8e:e0:8d:83:72:b1:77:5b:ea:91:9f:0c:
                    1c:2b:a0:52:89:30:b8:31:30:74:f1:00:68:0b:67:
                    df:54:3c:3a:5c:bc:80:36:ff:89:c7:97:41:89:f8:
                    fc:cf:53:f0:f7:32:61:37:6c:17:28:07:d7:b7:f1:
                    c6:80:58:cf:df:8e:65:21:65:a8:e4:bf:0d:a5:bd:
                    70:54:48:28:94:90:56:6c:1c:7f:de:f5:e8:33:91:
                    d5:0f:be:c5:df:cb:b7:49:f3:06:b3:71:20:e9:ea:
                    85:cb:66:ee:d3:c4:07:69:78:32:f2:ab:7c:2c:86:
                    ef:e9:e3:62:cb:df:91:5c:7b:bd:c3:81:92:d5:02:
                    cf:a1:8c:4f:55:c6:b7:1e:55:f8:81:e1:f0:8e:46:
                    c0:1e:2a:e1:cb:fe:14:9a:ec:dc:42:f7:ec:86:aa:
                    2e:93:3a:4d:45:eb:ea:ed:dd:f2:97:3e:e1:c5:79:
                    7c:1a:32:5e:0e:92:86:57:21:81:74:a8:1a:c9:6b:
                    e4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:0C:DB:F9:D0:B2:5C:D1:DE:B2:96:1A:DB:F5:A4:7A:DC:68:C1:04
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS41732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:7310::-2a0f:9400:7314:ffff:ffff:ffff:ffff:ffff
                  2a0f:9400:7316::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:0d:93:49:8f:05:7e:58:54:94:c1:37:90:f6:df:f6:ad:9f:
         ac:b7:74:a2:24:4e:ae:7b:4a:f5:75:18:61:a4:b0:a7:e6:27:
         d1:66:2b:13:70:51:93:77:69:6e:09:25:a2:10:5f:60:6f:d3:
         3d:cb:e9:59:42:74:ea:49:3a:6e:b8:3f:0a:3e:9b:a0:79:47:
         fc:0d:85:ce:ae:25:56:d8:b0:9a:d9:78:e6:50:eb:33:6f:87:
         5f:8d:1a:9f:ee:e5:61:3b:55:68:95:da:60:b1:c9:db:81:92:
         87:f5:aa:f3:28:bf:76:55:e8:c4:36:8e:a7:f8:39:e0:8a:8c:
         51:8a:05:d1:45:de:08:16:60:74:93:84:1a:ee:db:91:b2:a1:
         0b:9a:b2:d3:f6:ee:f0:c3:e2:df:aa:d4:7c:a2:c2:b0:72:b5:
         05:0a:08:15:3c:6c:e7:d8:c8:dc:04:d3:82:4e:7b:2c:43:83:
         f0:8a:cf:d4:9d:03:62:65:58:77:1e:61:d6:71:e1:e5:1e:fa:
         76:4b:aa:07:e5:f9:41:d5:c5:fd:0c:13:a6:03:ce:48:5d:fc:
         6e:22:fd:4b:c5:53:55:42:0c:14:87:ba:5a:7d:b2:30:ce:87:
         b8:ea:25:98:0d:b2:0e:ef:ed:ed:07:f6:82:c2:78:63:3b:bd:
         9a:7a:90:ec
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUci0wP+dE7LS2DYwWNS1PLRYuuRwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yNDA3MTYwMjM3MjVaFw0yNTA3MTUwMjQyMjVaMDMxMTAvBgNV
BAMTKEYzMENEQkY5RDBCMjVDRDFERUIyOTYxQURCRjVBNDdBREM2OEMxMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1TduVqJenaPqGJWGtglqy5673
oeCxHE3n/HMUoT4i8Ipj4e5P+FP8rCWRRkZYBvxQ3AQltfH0DNmZ3bwB147gjYNy
sXdb6pGfDBwroFKJMLgxMHTxAGgLZ99UPDpcvIA2/4nHl0GJ+PzPU/D3MmE3bBco
B9e38caAWM/fjmUhZajkvw2lvXBUSCiUkFZsHH/e9egzkdUPvsXfy7dJ8wazcSDp
6oXLZu7TxAdpeDLyq3wshu/p42LL35Fce73DgZLVAs+hjE9VxrceVfiB4fCORsAe
KuHL/hSa7NxC9+yGqi6TOk1F6+rt3fKXPuHFeXwaMl4OkoZXIYF0qBrJa+SHAgMB
AAGjggHcMIIB2DAdBgNVHQ4EFgQU8wzb+dCyXNHespYa2/WketxowQQwHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBbBggrBgEFBQcBCwRPME0wSwYIKwYBBQUHMAuG
P3JzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzQxNzMyLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsG
AQUFBwEHAQH/BCcwJTAjBAIAAjAdMBIDBwQqD5QAcxADBwAqD5QAcxQDBwAqD5QA
cxYwDQYJKoZIhvcNAQELBQADggEBABkNk0mPBX5YVJTBN5D23/atn6y3dKIkTq57
SvV1GGGksKfmJ9FmKxNwUZN3aW4JJaIQX2Bv0z3L6VlCdOpJOm64Pwo+m6B5R/wN
hc6uJVbYsJrZeOZQ6zNvh1+NGp/u5WE7VWiV2mCxyduBkof1qvMov3ZV6MQ2jqf4
OeCKjFGKBdFF3ggWYHSThBru25GyoQuastP27vDD4t+q1HyiwrBytQUKCBU8bOfY
yNwE04JOeyxDg/CKz9SdA2JlWHceYdZx4eUe+nZLqgfl+UHVxf0ME6YDzkhd/G4i
/UvFU1VCDBSHulp9sjDOh7jqJZgNsg7v7e0H9oLCeGM7vZp6kOw=
-----END CERTIFICATE-----