Route Origin Authorization

$ rpki-client -vvf rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS44908.roa
File:                     AS44908.roa (raw, json)
Hash identifier:          Ed7dKb1Yvmnkdk16BXiOXM/x1hV1xo7JkrG1LzUJTco=
Subject key identifier:   47:DF:9B:DD:E2:A6:E8:3B:85:A6:63:3E:B0:BB:5E:E1:62:8A:F4:F1
Certificate issuer:       /CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
Certificate serial:       0B921FA3B3153FBF1EF494DA1EE991783CC93294
Authority key identifier: 7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
Subject info access:      rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS44908.roa
Signing time:             Tue 31 Oct 2023 14:08:06 +0000
ROA not before:           Tue 31 Oct 2023 14:03:06 +0000
ROA not after:            Tue 29 Oct 2024 14:08:06 +0000
asID:                     44908
IP address blocks:        2a0f:9400:6908::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl
                          rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:92:1f:a3:b3:15:3f:bf:1e:f4:94:da:1e:e9:91:78:3c:c9:32:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ea5316dbdac01cd05d0eaa05a89c04da3e7398f
        Validity
            Not Before: Oct 31 14:03:06 2023 GMT
            Not After : Oct 29 14:08:06 2024 GMT
        Subject: CN=47DF9BDDE2A6E83B85A6633EB0BB5EE1628AF4F1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bc:f8:b3:3f:53:93:c1:fc:8b:f0:e4:3f:50:
                    43:37:46:9b:58:f9:84:90:49:27:07:6d:f8:4f:39:
                    98:af:cb:20:b3:9f:b0:7e:60:cd:88:2b:a8:01:67:
                    a6:5a:7a:81:00:d1:41:78:49:f4:7d:65:82:5e:51:
                    c2:7e:92:f7:9b:07:14:8a:fd:12:4a:7e:e9:dc:67:
                    2d:7c:eb:60:01:46:ef:63:57:a1:76:f4:be:e0:df:
                    c9:e0:61:f2:d9:6f:5c:34:8d:cd:dd:9a:9d:18:61:
                    93:e3:f3:01:b0:67:e1:8a:95:fe:b7:ae:da:39:61:
                    06:84:6a:22:e2:a4:ad:6e:c0:57:b4:43:59:ed:60:
                    39:c8:f7:83:67:d5:e7:2d:a7:52:18:02:fe:95:07:
                    08:46:2d:9b:46:c1:8e:1c:ae:7f:d0:a5:2b:6f:5d:
                    e6:36:a7:a1:68:d2:46:d0:00:33:d0:12:cc:65:c1:
                    cf:eb:af:0c:0d:0a:55:7f:a5:10:85:be:f9:9d:e9:
                    2c:dd:88:4c:f6:60:de:30:2e:de:80:64:eb:85:30:
                    82:7c:61:f5:80:31:bc:56:f2:50:12:8c:f9:85:ae:
                    41:6d:7e:09:49:0d:55:33:5e:3f:98:ab:cf:85:ae:
                    fc:27:70:13:aa:5a:6d:4b:cf:b1:55:f1:a7:09:ae:
                    8a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:DF:9B:DD:E2:A6:E8:3B:85:A6:63:3E:B0:BB:5E:E1:62:8A:F4:F1
            X509v3 Authority Key Identifier:
                keyid:7E:A5:31:6D:BD:AC:01:CD:05:D0:EA:A0:5A:89:C0:4D:A3:E7:39:8F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/7EA5316DBDAC01CD05D0EAA05A89C04DA3E7398F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fqUxbb2sAc0F0OqgWonATaPnOY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.admin.freerangecloud.com/repo/FRC-CA/5/AS44908.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:9400:6908::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:99:5c:e5:ee:f3:53:e9:5a:59:71:ce:70:fe:c2:b9:d4:52:
         97:f7:f0:85:fc:f2:d5:58:cf:c6:3a:b1:fa:a0:2e:ef:b9:bc:
         cd:be:dc:98:f9:7b:1b:42:43:80:7f:29:73:d6:de:36:eb:bf:
         7e:8e:f3:59:0b:ef:41:bc:fe:86:be:02:b5:68:e7:18:28:c7:
         81:6e:65:0e:32:c7:61:62:22:84:af:ba:d1:d3:0f:a2:3c:a5:
         10:79:79:89:0a:2d:2e:df:ac:39:3e:40:3f:79:7c:d2:dc:76:
         fa:c2:17:fe:ee:78:f0:23:70:6f:5f:9a:ee:25:c9:cc:28:ef:
         51:f7:67:8b:b1:d5:8f:bd:b3:6b:13:2d:24:71:02:81:3f:8b:
         2a:6a:d1:57:69:43:3e:6f:25:41:61:e9:09:e4:80:eb:c8:65:
         f9:31:35:5d:2d:bb:08:e2:1b:64:67:b4:58:66:49:bf:3d:d6:
         52:eb:c9:12:6e:e1:87:1c:ab:24:5f:28:e9:1d:76:df:e5:37:
         c1:0d:dd:95:d1:39:92:82:2c:e1:24:b4:68:8d:7b:89:f8:23:
         42:85:21:3e:97:b3:45:4d:96:ef:11:4e:93:8d:29:33:8b:aa:
         94:ee:8b:9c:ce:4b:3b:7a:cd:c4:3e:0c:9b:37:39:46:37:e7:
         c0:c1:37:33
-----BEGIN CERTIFICATE-----
MIIEvjCCA6agAwIBAgIUC5Ifo7MVP78e9JTaHumReDzJMpQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoN2VhNTMxNmRiZGFjMDFjZDA1ZDBlYWEwNWE4OWMwNGRh
M2U3Mzk4ZjAeFw0yMzEwMzExNDAzMDZaFw0yNDEwMjkxNDA4MDZaMDMxMTAvBgNV
BAMTKDQ3REY5QkRERTJBNkU4M0I4NUE2NjMzRUIwQkI1RUUxNjI4QUY0RjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2vPizP1OTwfyL8OQ/UEM3RptY
+YSQSScHbfhPOZivyyCzn7B+YM2IK6gBZ6ZaeoEA0UF4SfR9ZYJeUcJ+kvebBxSK
/RJKfuncZy1862ABRu9jV6F29L7g38ngYfLZb1w0jc3dmp0YYZPj8wGwZ+GKlf63
rto5YQaEaiLipK1uwFe0Q1ntYDnI94Nn1ectp1IYAv6VBwhGLZtGwY4crn/QpStv
XeY2p6Fo0kbQADPQEsxlwc/rrwwNClV/pRCFvvmd6SzdiEz2YN4wLt6AZOuFMIJ8
YfWAMbxW8lASjPmFrkFtfglJDVUzXj+Yq8+FrvwncBOqWm1Lz7FV8acJroo9AgMB
AAGjggHIMIIBxDAdBgNVHQ4EFgQUR9+b3eKm6DuFpmM+sLte4WKK9PEwHwYDVR0j
BBgwFoAUfqUxbb2sAc0F0OqgWonATaPnOY8wDgYDVR0PAQH/BAQDAgeAMHEGA1Ud
HwRqMGgwZqBkoGKGYHJzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5j
b20vcmVwby9GUkMtQ0EvNS83RUE1MzE2REJEQUMwMUNEMDVEMEVBQTA1QTg5QzA0
REEzRTczOThGLmNybDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5j
Oi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZnFVeGJiMnNBYzBG
ME9xZ1dvbkFUYVBuT1k4LmNlcjBbBggrBgEFBQcBCwRPME0wSwYIKwYBBQUHMAuG
P3JzeW5jOi8vcnBraS5hZG1pbi5mcmVlcmFuZ2VjbG91ZC5jb20vcmVwby9GUkMt
Q0EvNS9BUzQ0OTA4LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsG
AQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+UAGkIMA0GCSqGSIb3DQEBCwUAA4IB
AQChmVzl7vNT6VpZcc5w/sK51FKX9/CF/PLVWM/GOrH6oC7vubzNvtyY+XsbQkOA
fylz1t42679+jvNZC+9BvP6GvgK1aOcYKMeBbmUOMsdhYiKEr7rR0w+iPKUQeXmJ
Ci0u36w5PkA/eXzS3Hb6whf+7njwI3BvX5ruJcnMKO9R92eLsdWPvbNrEy0kcQKB
P4sqatFXaUM+byVBYekJ5IDryGX5MTVdLbsI4htkZ7RYZkm/PdZS68kSbuGHHKsk
XyjpHXbf5TfBDd2V0TmSgizhJLRojXuJ+CNChSE+l7NFTZbvEU6TjSkzi6qU7ouc
zks7es3EPgybNzlGN+fAwTcz
-----END CERTIFICATE-----